Identity theft is on the rise! How to not be the next victim?

What is meant by identity theft?

How identity theft occurs?

  • Shoulder surfing — Thieves discreetly gleans information when people fill out personal information on forms and peer over their shoulder when typing sensitive information like passwords on a keypad, credit card number on a phone or computer, and entering ATM PIN. They may also listen to the victim’s calls to steal their personal information. This usually occurs in crowded public places where observing others is comparatively easy.
  • Mail theft — Thieves directly sift through the victim’s mailbox to access junk mails containing credit card bills, bank statements with the account number, tax form with a security number, or other documents containing personal information. Digging through trash mails to find receipts containing personal information is a very early method used for identity theft since long before the advent of the internet. Bank statements and credit card information sent through post can also be vulnerable to theft. Information can even be stolen from computer based public records.
  • MalwareMalware or malicious software can be designed to steal essential data from the device on which it is installed or spy over the user’s online activities to steal their personal information. Malware like viruses, trojans, spyware, or keyloggers are commonly used for this, and they find open doors for the thieves to get their hands on the data residing on the system. Criminals sometimes hack devices in a network to access systems and databases to obtain personal information in bulk.
  • Phishing — Phishing is a process where scammers use deceptive emails to trick people and steal sensitive information. Different forms of malware come attached to phishing emails, and sometimes links to fraudulent or spoof websites will also be attached where users are prompted to type in their personal information. Sometimes the victim will be tricked to fill a data collection form wherein their important personal information is disclosed. Phishing emails typically look like a legitimate one from a reputed source so that people easily fall victim. Rarely, the fishy email may contain spelling or grammatical mistakes, seems coming from unofficial email id, and include an urgent request. So, it isn’t easy to find them out. Scammers also use SMS text messages, phone calls, or other forms of electronic communication other than stealing or diverting mails to impersonate trusted organizations.
  • Phone scams — Identity thieves directly make a call pretending that they are from a bank or other reputed firms and prompt users to share their bank account details and other personal information.
  • Dumpster diving — Thieves sometimes sifts through garbage cans to get useful information. Retrieving people’s discarded file documents from trash dumpsters is an easy method used for identity theft. Pre-approved credit cards are often thrown unopened to garbage without proper shredding, which opens up an opportunity for credit card theft. Discarded checks, health insurance cards, and tax-related documents are other vital data that are accessed by rummaging through the rubbish.
  • Wi-Fi hacking — Public Wi-Fi doesn’t properly encrypt the data flowing through it. So, having the Wi-Fi password with them, criminals can easily snoop on data traveling to and from other’s devices and intercept the personal information which people send through a public Wi-Fi network. Criminals sometimes create their own fake Wi-Fi hotspots in public places to attract people to use it and thereby easily get access to their devices. In other cases, attackers use different tools to hack other private Wi-Fi networks that are unencrypted and don’t have a VPN in use to stole data.
  • Skimming — Skimming devices are placed over an ATM or card readers at a point-of-sale. Here the actual card reader is replaced by a counterfeit device that captures the data contained in the magnetic strips of debit cards or credit cards and shares them with the fraudsters. Sometimes a small camera will be attached to capture ATM PINs and ZIP codes.
  • Card information cloning — The card readers copy the information contained in the magnetic strip of a debit or credit card and use a counterfeit card with the same details to make payments.
  • Direct stealing — Identity thieves grab and go valuable data typically by pickpocketing or housebreaking. For instance, they may steal misplaced cheques to obtain bank code and account number.
  • Insider theft — Insider job of identity theft in the workplace is a common challenge for organizations handling the personal information of their customers. Dishonest employees who have access to the database may intentionally steal customer data to hand it over to other fraudsters or sell it in the dark web marketplace.
  • Data breachData breach is a steadily growing crime, and a portion of the data breach victims have their identities stolen as well. When some unauthorized ones gain access to a corporate’s sensitive data, customer data is one of the valuable information that could be easily stolen.

Get to know the warning signs for identity theft

  • Unknowing withdrawals from bank accounts
  • Impacted credit score and inexplicable denial of credit in spite of having high credit rates
  • Not receiving bills or other important emails containing sensitive data
  • Receiving bills or payment reports for unknowing accounts
  • Fake accounts and false charges on the credit report
  • Rejection of health plans due to unknown reasons
  • Unusual IRS notifications that multiple tax returns are filed under a person’s name or income data from an unknown employer
  • A data breach on a company that stores the victim’s personal information
  • Getting bills for strange purchases or credit card statements for unknowing sign ups
  • Unauthorized bank transactions
  • Denial of electronic tax filing
  • Receiving authentication texts and emails from unknown accounts
  • Getting bills for unrecognized healthcare benefits
  • Getting unnecessary calls from debt collectors for overdue
  • Job opportunities unexpectedly fall through after the prospective employer runs a credit check

Some recent statistics

Federal Trade Commission Fraud Reports — Identity theft

Different types of identity theft

  • True-name identity theft — Fraudsters steal other person’s data and open new accounts or services in their name. They may establish a new cellular phone service, start a new credit card account, or open a new banking account to get blank checks.
  • Account takeover identity theft — Fraudsters gain access to the victim’s existing account by means of the stolen identities. Once they get access to the victim’s account, they change the email address associated with it and make all transactions before the victim realizes the threat.
  • Criminal identity theft — Fraudsters commit crimes and provide stolen identities to the police when they get arrested for disguising themselves as another individual. Criminals either submit government issued identity documents or a fake ID to prove themselves as the other individual. So, in police records, the identity theft victim will be charged, letting the actual culprit off the hook. Criminal identity theft can sometimes have a long-lasting effect that even when the victim can somehow manage to prove his innocence before the police and judiciary, they may encounter problems due to bad background in the future as some data aggregators may still have false criminal records in the victim’s name.
  • Medical identity theft — Fraudsters steal medical information like health insurance information for receiving medical services or prescription drugs or to get access to the medical records of other people. All the fake details will be added to the victim’s account and the health insurance provider of the victim may receive unknown bills.
  • Tax identity theft — Fraudsters files a tax return in someone else’s identity and nabs the refund, which is directly deposited to a bank account controlled by the thief. It is done by using the person’s name, address, and social security number. The victim may not know until they try to file a tax return.
  • Social identity theft — Fraudsters use social media platforms for identity theft. They may befriend people in social media platforms and tricks them into sharing their personal information. Sometimes, the thieves go to the next level by creating a phony account in the name of other people and committing all the fraudulent activities from that account so that the victim will be blamed for any consequences.
  • Child identity theft — Child identity theft is a form of identity theft that often remains unnoticed for a long time. Imposters steal minor’s identity, including social security numbers, when they do not have any data associated with them. Children’s information is misused to apply for bank accounts, establish a line of credit, receive government benefits, and obtain driver’s licenses.
  • Senior identity theft — Senior identity theft is a form of identity theft that targets people over the age of 60. Senior may be unaware of the evolving techniques used by criminals and hence easily fall victim to such kind of attacks. To add, seniors are more likely to be in contact with medical care and health insurance units who stores a large amount of personal and financial information which makes them an attractive target for identity theft.
  • Synthetic identity theft — In synthetic identity theft, fraudsters fabricate a new fake identity sometimes by combining the personally identifiable information of multiple identities which makes it the most difficult form of identity theft to track. This type of identity theft is more common in recent days, and the method may involve partial or complete fabrication.
  • Financial identity theft — Any form of identity theft involves financial gains, and financial identity theft can be said a part of any other identity theft attempts. Financial theft is when the stolen identity is solely used for monetary gains like payment fraud, credit card fraud, new bank account openings, taking loans, and getting good and services claiming to be someone else.

Impacts of identity theft

  • Criminals use stolen employee identification numbers to submit false income and withholding documents to get refunds.
  • In the first place, victims probably get little to no assistance from the authority which has issued the identity document.
  • There are so many identity fraud cases reporting that it is less likely to get immediate investigation assistance from law enforcement.
  • In order to prove their innocence to the authorities, victims may often have to show the police report.
  • Flagging the credit report for fraud may not always stop fraudsters from obtaining more credit.
  • Victims must deal with abusive collection agencies.
  • Businesses have to spend a significant amount of time cleaning up the mess from identity theft.
  • Individuals, as well as organizations, suffer huge financial losses.
  • Sometimes the thief may commit a crime in the victim’s name and the entire burden of those crimes falls on the shoulders of the victim.
  • Attackers purchase items, spend money from the victim’s account and even steal the superannuation of employees.
  • Thieves may change the victim’s password and contact information for accounts, making the victims unable to recover their account.
  • Stolen information sometimes ends up on the dark web, which makes the situation even worse.
  • Attackers access the victim’s social media accounts to target their family and friends for the next session.
  • Identity thieves take out the victim’s phone plans and other contracts.

Identity theft protection

  1. Businesses should use an identity and access management solution
    Whether you are a big, small, or medium-sized organization, adopting an IAM (Identity and Access Management) solution is vital than any other well-known security practices to prevent the identified vulnerabilities and exposure. Identity and access management offers tools and policies to manage identities and control user access within an organization. This ensures that only authorized users within the organization are accessing sensitive data.
    Most IAM solutions offer role-based access control with additional authentication options like single-sign-on and multi-factor or two-factor authentication. IAM also involves basic security etiquettes like enforcement of password and maintaining proper password hygiene, mandating the use of VPN, data encryption, compliance checks, virtual containerization of work data, and remote monitoring.
    With the use of IAM, organizations can eliminate the instances of identity theft by preventing the spread of compromised login credentials and avoiding malicious entry to the organization network. The best option is to go with a UEM (Unified Endpoint Management) solution that offers a harmonized set of security services apart from the identity and access management, which altogether can employ a multi-layer threat defense.
  2. Monitor credit activity and financial statements
    Many banks offer continuous credit card monitoring for its customers. Customers should take advantage of this and bank statements should be scanned for purchases that seem unusual.
  3. Nurture and practice good cybersecurity hygiene
    Think before responding to emails from unfamiliar sources and be on alert while opening email attachments. Never share personal information to unauthorized websites. Use only secure websites.
  4. Shred important documents
    Dumped hard copies of documents are the most underrated attack vector used by identity thieves. Be sure to shred all the important identity documents once you discard them after use.
  5. Be cautious on social media
    Always set social media account to private. Be extremely careful when making new friends on social media platforms and be wary of the personal data you share there.
  6. Avoid carrying Social Security Card around
  7. Avoid the use of public Wi-Fi, especially while making online transactions. Avoid sharing sensitive information online if possible.
  8. Wipe all personal information or make the hard drive unreadable before dispensing old computer and mobile devices.
  9. Check state and national criminal databases to confirm you don’t have any unknown criminal cases reported in your name.
  10. Keep photocopies of credit cards, debit cards, and all other personal information so that even if they are stolen, you’ll have all the data readily available.
  11. Organizations should provide awareness to employees to easily identify threat patterns and practices.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.