ID thieves hacking into websites

ID Thieves: 9 Ways They Steal Your Information

Identity (ID) theft is the fastest growing crime in the U.S. and over 10 million people become victim to this crime every year.  It is important that you remain vigilante.  This is a four part lesson on ID theft.  In our first lesson which was posted last week, we learn the basics of ID theft.  We focused specfically on what ID theft is, the benefits ID thieves derive from stealing your personal data, the types of personal data ID thieves look for and the effects of ID theft.

In this second lesson, we will look at the many ways ID thieves can access your personal information.

1. Personal Items Are Lost or Stolen

If you lose your purse or wallet which contains credit/debit cards, driver’s license and other personal information, you have given ID thieves a way to steal your identity.  To minimize your exposure, you should not carry:

  • multiple credit/debit cards on you, one credit card should be enough
  • social security card, medical benefit card, citizenship documents
  • list of user names, passwords, bank/credit and/or debit card account info

You should carry these items only when you need to show them for a legitimate purpose. Thereafter, these items should always be stored in a fire and water proof security safe in your home.

2. Mail 

ID thieves can steal your identity through your mail in two ways.  One way is by going to your mailbox and taking your mail.  This is especially true for those who have mailboxes at the end of their driveway.  It is important that you do not let your mail pile up in your mailbox.  Pick up your mail every day. ID thieves can also go to the local Post Office and submit a change of address form to divert your mail to another address.

If you suspect your mail is being tampered with, contact your local Post Office and alert them.  You can also rent a PO box for a nominal annual fee and have all your mail sent there.

3. Dumpster Diving

ID thieves will go through the dumpsters/trash of businesses or public trash to look for personal information that was not properly disposed. Businesses are required by law to dispose customers’ sensitive data in a way to prevent ID theft.  Many businesses have been sued and fined for being negligent of this law.  This includes retail, medical and financial organizations.

4. Bystander 

ID thieves can capture your information just by standing over your should while entering your Pin number at the ATM or at checkout in a store. This is called “shoulder surfing”. They can even be listening to your phone calls.  Try to keep sensitive phone calls to a minimum in public.  Be alert and aware of your surroundings especially when disclosing your personal information, this includes at school and the workplace.

5. Hacking 

Hacking is where ID thieves use a computing device to access unauthorized data.  ID thieves constantly hack into retailers, financial institutions, medical offices, etc. to gain access to unsecured data. Hackers have even broken into government data files.

According to ID Shield, a service of Kroll, Inc., an investigation and risk consulting firm, during the month of  July 2018, the following organizations had their data breached or hacked:

victims of of ID thieves handy work

Source: ID Shield, Investigators Tips- August 2018,

6. Accessing Personnel Files

ID thieves can obtain names, account numbers, medical data, social security numbers and other data of co-workers and customer files.  This type of theft is easy because they are often commited by individuals who are authorized to have access to sensitive data at the workplace.

7. ID Thieves Posing as a Legitimate Officer

ID thieves sometimes pose as landlords, employers, medical personnel, law enforcement, etc. to obtain your personal information.  For example, should you receive a phone call asking for personal information, do not release anything.  Hang up and call the company directly from its published number to confirm.

8. Email  

You may receive fake emails that appear like they came from a legitimate website like your bank/credit union. These fake emails are called “phishing” emails.  Never respond to an offer or inquiry through unsolicited email or link.

Phishing emails usually ask you to confirm account numbers, date of birth and other personal information. Once you do, the ID thieves have access to your account and can create havoc.  If you are unsure if the email is legitimate, err on the side of caution and go the the company’s website by opening a new browser and type the web address there.  Do not click on any of the links in the email. Just delete it.

9. Internet

Pay close attention to the information you share on the websites you access.  ID thieves will comb through personal web pages on social media sites like Facebook and Twitter for personal data you may have shared. They will also find personal data via public records sites and fee based information sites.  ID thieves can be cunning by befriending you on social media sites, especially dating sites to gain information about you.

Never divulge personal information like your date of birth, mother’s maiden name, street address, even that you will be going on vacation on social media, gambling and dating sites.  You are asking for trouble if you do. Less is safer!

If you believe you are on a legitimate site that requires you to enter personal data, make sure the site is secured.  Look for the security lock usually located on the top left or bottom right of a company’s website. See the example below.

example of secured website ID thieves will find difficult to hack

If you do not see that lock, it means that the site is not secured and is vulnerable to malicious attacks.  Do not enter your credit card information and other personal data on unsecured sites.

Better yet, consider signing up with PayPal to make purchases on the web and have payments process through them. This prevents you having to enter your credit card information on multiple sites.  Typically, I do not shop on websites that do not offer the option to pay through PayPal. Stripe is an alternate option.

Ok, that’s it for lesson two. Let me know if you have questions.

In our third lesson, you will learn how to minimize your risk to ID theft.

Stay tune.

Dr. Linda