Identity Theft Overview

What is Identity Theft?

Identity theft is among the most prevalent crimes in the 21st century. It is a criminal activity involving theft of personal information by getting access to a victim’s credit card, bank statements, and personal computer, among others. The stolen personal data is used by criminals to their own advantage, which can include making financial transactions from the credit card; taking a loan from the bank; and accessing official data on a victim’s laptop.

Unlike traditional thefts and robberies, identity theft often has more severe ramifications for the victim because they are mostly unaware of the mishap. It is not uncommon for a victim to learn about the theft once they get their credit card statements at the end of the month. Likewise, there are numerous incidents where individuals get informed once they get a call from the loan officer to pay the balance on loans that were apparently never taken by the victim. The impact of identity theft can have serious repercussions. For instance, the victim is often denied a loan or there may be an overnight reduction in their credit score.

There have been cases where people have seen their good name disappear, overnight. Sometimes, it’s too late when they realize that they are stripped of their financial resources. In addition, the victim also starts seeing credit that they did not apply for. The snowball continues as payrolls, tax credits, and healthcare insurance are also affected.

Identity Theft Methods

According to the Federal Trade Commission, it is very easy for identity thieves to steal your personal information. Following is a brief outline of the most common techniques:

  1. Waste collection: Thieves rummage through the dumpster to find financial statements that they can use to their advantage.
  2. Duplication: The method is used to duplicate the actual credit card using an electronic device attached to ATM and credit card processors.
  3. Impersonation: Thieves trick victims by impersonating as an agent of a company. The objective is to get personal information from you.
  4. Change of address: By filling out a change of address form, the impostor compels the financial institution to send your statement to the wrong address.
  5. Robbery: Thieves snatch handbags and purses, which can contain important mail, bank cards, and credit card statements.

According to recent research statistics, every one out of fifteen individuals is a victim of identity theft. In the United States alone, more than 16 Million people were affected by the crime. Accordingly, it makes sense to learn about the methods and techniques used by criminals in greater detail.

Traditional Identity Theft Methods


A criminal uses this method to obtain information through social interaction, manipulation, and deception. It usually occurs during a direct conversation between the offender and the victim. The offender acts on the premise that, in the chain of information security, the human being is the weakest link because the victim gives important information without knowing its negative consequences.

Telephone Extortion

It is a type of social engineering where the attacker makes a phone call to the victim posing as an agent of a particular company. The impostor can pretend to be a support technician or an official from the tax office. The objective of the phone call is to obtain personal data about the victim.


Observation is a very old technique that focuses on paying attention to the actions that the victim performs and that are of interest to the attacker. Unlike direct communication, the attacker tries not to be discovered. A variety of tools are used for the purpose, which can include binoculars and remote listening devices. The objective of this technique is to obtain preliminary information about the person before taking further action.

Shoulder Surfing or Espionage

This is also a common method used by people who know a victim personally. Sometimes, it’s called over-the-shoulder technique because the person tries to get important personal data by watching the victim as they type their critical information. This method is commonly used to obtain passwords, PIN numbers, security codes and similar data.


This method is typically used in a busy environment where a lot of critical information is passed through private conversations. For example, eavesdropping may occur when a system administrator tells an executive the key to a critical application. The identity thief carefully remembers the information before writing it down. Computer and IT departments of corporations are breeding ground for eavesdropping activities.

Dumpster Diving

The method focuses on finding valuable information in the trash. Throwing official documents without destroying it is a practice that can be risky because important data contained in discarded documents can be used by an identity thief. In the United States, there have been multiple incidents where data thieves have bribed sanitation workers to offer a critical piece of information retrieved from the dumpster.

Mailbox Theft

Mailbox theft is one of the most common and easiest methods to steal personal information. There are thousands of unprotected mailboxes that are easily accessed by thieves. Access to mailboxes in rural and remote areas is extremely easy as identity thieves are known to open mailbox using master keys.

Electronic Identity Theft Methods


This technique involves making a copy of a credit card without the consent of the owner. Scammers use different types of electronic devices to clone the data contained in the magnetic strip of the electronic card containing vital information such as card number, expiration date, verification value code, bank, and the name of the cardholder.

At a later stage, the card is reproduced or cloned with a different plastic cover. This method can only be used at the moment the victim makes a transaction with his card because the device is usually attached to the top of the ATM factory-installed card reader.


It is a fraudulent criminal practice carried out by telephone, in which, through social engineering, private information is sought. The term “Vishing” is a combination of the words voice (voice) and phishing (spoofing method). In an attempt to vish, the scammer calls the victim pretending to be an employee of a particular corporation. They lie to the victim that suspicious activity is reported in the account of a victim. Based on the lie, the so-called agent tries to verify personal information forcing the victim to disclose critical data.


It consists of a fraudulent variant of phishing, where through selective social engineering techniques, selective SMS messages are sent to mobile phone users in order to visit a fraudulent website. SMiShing often involves appealing claims with urgent alerts, interesting offers or succulent prizes. It may contain news about lottery wins, which persuades the user to visit a certain website to claim the price. As a result, the victim unknowingly downloads a Trojan horse, malware, or a virus causing vital information to leak.

Internet / Online Identity Theft Techniques


Spam is an email message sent to several recipients who did not request such a message. Also called junk email, this type of message is usually sent in bulk. Most spam messages have deceptive content that is mostly of an advertising nature.

Once the user accesses the deceptive content provided by the spam, they are directed to a web page controlled by the attacker where, by filling out forms, the victim provides personal information. The information is used by the spammer to commit fraud. In another scenario, the user downloads the content attached to the spam, which allows a virus to invade the computer. As a result, the virus steals important information from the computer that can include personal data, credit card info, and vital communication.


It is a specific case of spam through which instant messages are sent whose content may include spyware, keyloggers, viruses, and links to phishing sites. Also called message spam, applications such as Whatsapp, Skype, Internet messenger, and Snapchat are potential sources of attacks. As these services are linked to the social account of users, the attacker can not only access information of the account holder but also send unsolicited messages.


Phishing is the most widely known online scam that revolves around creating fake websites, emails, and instant messages to lure users into providing personal information. The term originates from the word fishing (fishing), which depicts a scenario where the attacker throws bait (multiple emails), luring potential victims, (the fish).

Phishers often use alarmist tactics or urgent requests to entice recipients to respond. The user is directed to Identity theft websites that look like legitimate sites because they tend to use the copyright images of legitimate sites. However, these websites do not include the secure hypertext transfer protocol, which is recognized in the electronic addresses as “https: //”.

How to Prevent Identity Theft?

  • Keep your personal documents safe at home.

    All personal documents, with personal information or electronic files, as well as the PIN, password, and dynamic passwords must be kept in a safe place. It is the first step in preventing strangers from accessing them. Use a mailbox with a key, and try to collect your mail as soon as possible. Once you move, immediately notify relevant mail delivery service and companies of your change of address.
  • Destroy your personal documents when they are no longer needed.

    When you no longer need official documents that contain your personal or financial information, destroy them completely. Before throwing contents in the garbage, always verify that the waste doesn’t contain documents of personal nature. Besides, it is also important to destroy hard disk from your computer because data from the hard disk can be retrieved even if you’ve deleted it permanently.
  • Think before posting or sharing personal information.

    Use of social media has made it easier for thieves to access name, age, date of birth, photograph, information of family, school, work type, and other basic information. It is often a good idea to use different passwords and usernames for a different website.

    Configure the privacy of your social networks and do not accept any friend request from strangers. While social media has become an intrinsic part of our lives, it’s important not to share or publish more than what is necessary.
  • Protect your computer, your smartphone, and your tablet.

    Always install antivirus software on your computer. When opening an account on a website, use secure passwords that are not related to personal data such as birth dates, telephone numbers and family names. Similarly, use strong passwords that are a combination of uppercase letters, lowercase letters, and numbers.

    If possible, do not allow remote access to your computer because intranet security is often weaker than private internet used at homes and offices. Similarly, it does not make sense to connect to wireless networks that don’t have passwords.

    For online security, you should only download applications from official stores and reliable developers. To prevent your data from being intercepted if the device is lost, avoid storing excessive amounts of unencrypted personal data on a mobile device, such as user names, keywords, credit or personal identification information.
  • Use a paper-saving service offered by financial institutions.

    To reduce the risk of fraud, subscribe to the paper savings service offered by financial institutions. Such services reduce the paper delivery of your account statements by sending electronic statements to your email. Doing so not only reduces the circulation of your information personal but also contributes to the ethical practice of reducing the carbon footprint.
  • Keep an eye on an unusual banking transaction.

    You should constantly review your account statements in order to make sure that the charges correspond effectively to those you have made. If you detect an error, ask for clarification as soon as possible. Check your account statements occasionally to ensure that there are no transactions that you haven’t made. Sometimes, scammers only deduct a very minute amount from the bank account on a monthly basis; therefore, smaller transactions can go unnoticed for months.
  • Keep your credit or debit card in sight.

    When paying by card, do not allow anyone to use it out of sight. As a responsible individual, always request that your transactions are made in front of you. Similarly, pay attention to your immediate environment whenever you are using a PIN or an ATM card.
  • Make secure transactions.

    For online transactions, make sure that the site you visit for purchases on the Internet is completely safe and reliable. The provider must provide information on their identity, legal name, sales policies, and privacy, as well as information on their physical location. Do not be tempted by low prices if you cannot verify the legal information of the company that owns the website.

The growth of the Internet and technology has also increased the potential chances of identity theft. Still, it is important to realize that awareness of scamming methods can prevent us from becoming the next victim. By understating the nature of the scam; hopefully, you can prepare yourself to keep criminals at bay.

Ready for the next step?

In just minutes, we’ll show you how to improve your customer authentication experience, stop fraud and save money.

Fraud Prevention

Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.

Stop Online Fraud

Ready for the next step?

In just minutes, we’ll show you how to improve your customer authentication experience, stop fraud and save money.