Where Can an Identity Thief Access Your Personal Information
We all call it identity theft, but before they can steal your identity, criminals actually have to obtain some information that will help them impersonate you. As a criminal act, identity theft is becoming more popular and more lucrative which is why security experts spend quite a lot of time telling you how important it is to protect your data. You can't properly protect it if you don't know how the thieves steal it, though, and for some reason, this subject hasn't received the attention it deserves. Which is a shame because the average Tom, Dick, and Harriette rarely think about the different methods criminals use to get their data. Let's see if we can shed some light on the matter.
Table of Contents
Data theft in the real world
People often assume that identity theft has become so prolific because of the internet, and we can see why. It's much easier to impersonate someone when face-to-face communication isn't involved. With that said, thieves do sometimes steal data in the real world, and this leads to identity theft later on. Here are a few examples.
- Wallet or purse theft.
Having your wallet snatched away while you weren't looking is not a nice experience, but if the pickpockets make off with more than just a few banknotes and coins, things could be a lot worse than going through the rest of the day without coffee or a bubble gum.You have probably heard already that you mustn't carry your Social Security Card with you unless you really need it. You've also heard that having all your credit cards with you at all times is a bad idea. These are the obvious items that carry enough sensitive information to cause substantial damage. What you might not realize, however, is that even simple things like old receipts can contain data that thieves will be more than happy to take and abuse. - Dumpster diving
So, you've realized that those old receipts you keep in your wallet shouldn't be there, and you're probably considering throwing them in the trash. Before you do it, however, take the time to tear them into tiny pieces. The same goes for any other old paper-based documents that could contain sensitive information.Indeed, a thief must be determined and motivated to rummage through your trash, and you might think that only high-value targets will be attacked through this method. Identity theft is such a lucrative business, however, that, according to many, there's no such thing as low-value targets. And even if the garbage-raiding crooks aren't willing to put their heads on the line, there may be other, lazier criminals who will be happy to shell out some cash for your data. - Stealing important documents from an organization put in charge of your data
Yes, it is the twenty-first century, and we've invented quite a few efficient ways of moving information around. Yet, some institutions appear to be stuck in the 1950's. Names, addresses, social security numbers and other sensitive data is still printed (or written) on pieces of paper which are then put in cardboard boxes and moved between offices. Many complain that the Internet is not a secure environment, but the same can be said about an unlocked car whose driver has gone off to grab a hot dog. - Stealing your mail
How many of you can claim that your snail mail inbox is completely secure and nothing can come out of it? Now, think about how much sensitive information moves through there.That's another problem with putting valuable data on paper and moving it around. It can get lost or stolen both in transit, and when it arrives in the right inbox. The method is ineffective because it relies on old technology that's starting to show its age. Mind you, the modern alternative is not exactly perfect, either.
Data theft online
Remember the time when you could do little more than chat with strangers and play low-quality flash games on the Internet? Things have moved on a bit. You now use it to buy things, pay bills, manage finances, etc. All these new tasks require your personal data like names, addresses, phone numbers, and credit card details. No wonder, then, that the criminals have devised more than one way of stealing and abusing that data. Here are some of them.
- Social engineering
The truth is, social engineering attacks aren't limited to the Internet, but it was the World Wide Web that made them so popular. As you probably know, social engineering is the art of tricking people into doing something they shouldn't be doing. In our case, social engineering might mean convincing users to open email attachments that install malware on their PCs. It could also mean coaxing them into divulging their personal information on a phishing page.Social engineering is an extremely powerful tool, and some of today's cybercriminals have the skills to use it to its full potential. It's not for everyone, though. - Cracking your password
Shortly after we started keeping vast quantities of personal information on the Internet, online companies realized that they must implement an authentication mechanism that would keep the data safe. At the time, the humble password seemed like the perfect solution, but people soon started having problems.The number of accounts users had to keep track of grew immensely, and they were soon overwhelmed with all the passwords. As a result, they soon started using simple, short passwords, and when the pressure grew some more, they began reusing the same passwords across multiple accounts.We now have a solution – dedicated password management applications like Cyclonis Password Manager. Without a password manager, using truly strong, unique passwords is next to impossible, but despite this, the adoption rates are still nowhere near as high as they should be. This is particularly concerning as the hackers now have more powerful tools and resources at their disposal, and brute-forcing a password is easier than ever. Unlike mounting a successful social engineering attack, cracking a simple password requires next to no skills. - Data breaches
Finally, we've got the data breach. Even complete awareness of the criminals' tricks combined with an impeccable password management policy can't do anything about the factors that are outside your control. At the end of the day, by using a particular website or service, you trust the vendor that they will be able to protect your personal data. Sometimes, they do that perfectly well, but quite often, they don't, and in some cases, keeping the data secure isn't even possible.Indeed, there are two types of data breaches: the ones that happen because of extremely sophisticated adversaries, and the ones that occur because the vendors haven't done enough to secure the data. In both cases, however, the results are the same: your information is exposed which leads to some form of identity theft.
Is it really as scary as it sounds?
We did describe some worst-case scenarios, but the colossal number of identity theft victims shows that they are not as uncommon as you might think. As you can see, sometimes, you don't have a lot of ways to protect yourself, but quite often, you do, which is why, you must make sure that you are aware of the dangers.
