To steal your ID, cybercriminals need to catch you unawares. A momentary lapse of concentration and the necessary information could be handed over without protest, almost subconsciously.
Like all scams, ID theft works when you least expect it.
Several techniques are in use by cybercriminals that help them steal your ID and the contents of your current account. Here are five of the most common identity theft techniques.
Phishing emails and text messages (sent via SMS, Twitter, Skype, or any instant messenger you can think of) can be used to fool you into giving up your personal information. All it takes is an urgent, seemingly genuine message, and a few moments later, you’re handing over all your personal information without question.
Why would you do this? It’s thanks to how the message is crafted, the graphics that are included, and a cloned website. Scammers make copies of the websites of banks, credit card companies, PayPal, and even eBay. There are a few logos in the right place, a form for you to fill in, and moments later, you’re willingly sending your data.
In almost every case, a phishing email can be spotted early. Often, mail filtering software will catch it. But if not, take a moment to read it through. There will almost certainly be grammatical issues, spelling mistakes, and formatting errors. No financial institution would release emails that look unprofessional.
Beat phishing: don’t click on links in messages and emails purporting to be from your bank, PayPal, etc. Instead, open a browser window and log in to confirm or disprove the details of the message.
Rather than physically stealing your credit card, cybercriminals rely on technology to clone the details. This information can then be used to create a duplicate card or entered at the checkout of an online store.
How does this happen? Lightweight, palm-sized machines can be used to clone your card. They “skim” the data from the black strip, which is then used to make a copy. It’s a technique that has expanded to ATMs and fuel station forecourts.
Prevent skimming: always keep your card in your hand; use contactless payments where possible; check ATMs for false facias and skimmers.
Using social media gives you a presence on the internet that leaks certain information that is useful to cybercriminals. A key example is Facebook, where information about your hometown, family, job, and even your spending habits can be found.
With a public profile, public posts, and tags, there is a good chance that anyone can find out as much as they need about you to steal your identity. Places you’ve been, where you live, who you know, your date of birth – it’s all on there.
In recent years, Facebook has taken steps to improve user privacy. However, there is a strong chance that you’re not using these settings correctly. Check this by reviewing your last Facebook post. If there is a globe next to the date, it’s public.
Protect social media: secure your account, ensuring all information, photos, and updates can be seen only by friends. On Facebook, use Settings > Privacy to make these changes. You can also consider reducing your friend list or deleting your account.
4. Shoulder surfing
Rather than rely on technology to grab your credit card details, some scammers prefer a more traditional approach. They hang around ATMs and stores to observe what PINs people key in. This technique, which usually means getting quite close to the target (or “mark”), is called “shoulder surfing.” After all, they’re looking over your shoulder!
Shoulder surfing means the perpetrator must have eagle eyes to spot the digits used in your PIN. Of course, the number also needs to be memorized. But that’s not enough for ID theft, is it?
As you’ve probably guessed, shoulder surfing is often a precursor to skimming or even old-fashioned pickpocketing. As soon as a criminal has their hands on your card, accompanied by the PIN, they have the advantage.
Prevent shoulder surfing: ensure you cover the keypad when entering your PIN at an ATM or cashier desk.
5. Unsecure networks
Despite improvements in wireless security, unsecure networks still exist. For example, you might have an old router at home; when you should be connecting using a secure WPA2 connection, your router can’t offer anything more secure than WEP. Meanwhile, your local café might be persisting with an incorrectly configured Wi-Fi network. Or it could be the railway station, bus concourse, public library, shopping center, or even football ground. Anywhere could be serving you unsecured Wi-Fi.
Whatever the reason, the lack of a secure connection can be devastating for your online privacy.
Various risks threaten your online safety. Unsecured routers with publicly accessible backdoors, for example. Bad Wi-Fi security allows the data you send to the internet via the router to be “sniffed” and read. Or scammers who set up fake Wi-Fi networks to fool you into sending your data via their device.
Make networks secure: if it’s your network, upgrade the router; if you’re using a public Wi-Fi network, be sure to use a VPN.
Awareness is the key to combating identity theft
There’s a good chance you’ve heard of some of these identity theft techniques. You probably never thought you would be struck by them, though. After all, you hardly have anything in your bank account. So who would bother with that?
Sadly, the reality is that Joe Public is more straightforward to steal from than a Hollywood star, Premier League footballer, or industrialist. Therefore, awareness of phishing, skimming, shoulder surfing, and the risks of unsecured networks is vital. And the less you share on social media, the better.