To steal your ID, cybercriminals simply need to catch you unawares. A momentary lapse of concentration and the information they need could be handed over without protest, almost subconsciously.
Like all scams, ID theft works when you least expect it.
Several techniques are in use by cybercriminals that help them steal your ID and the contents of your current account. Here are five of the most common identity theft techniques.
Phishing emails and text messages (sent via SMS, Twitter, Skype, any instant messenger you can think of) can be used to fool you into giving up your personal information. All it takes is an urgent, seemingly genuine message and a few moments later you’re handing over all your personal information, without question.
Why would you do this? It’s thanks to the way in which the message is crafted, the graphics that are included, and a cloned website. Scammers make copies of the websites of banks, credit card companies, PayPal, even eBay. A few logos in the right place, a form for you to fill in, and moments later you’re willingly sending your personal data.
In almost every case, a phishing email can be spotted early. Often, mail filtering software will catch it. But if not, simply take a moment to read it through. There will almost certainly be grammatical issues, spelling mistakes, formatting errors. No financial institution would be release emails that look unprofessional.
Beat phishing: don’t click on links in messages and emails purporting to be from your bank, PayPal, etc. Instead, open a browser window and login to confirm or disprove the details of the message.
Rather than physically stealing your credit card, cybercriminals rely on technology to clone the details. This information can then be used to create a duplicate card, or simply entered at the checkout of an online store.
How does this happen? Lightweight, palm-sized machines can be used to clone your card. They “skim” the data from the black strip which is then used to make a copy. It’s a technique that has expanded in use to ATMs and fuel station forecourts.
Prevent skimming: always keep your card in your hand; use contactless payments where possible; check ATMs for false facias and skimmers.
Using social media gives you a presence on the internet that leaks certain information that is useful to cybercriminals. A key example is Facebook, where information about your hometown, family, job, and even your spending habits can be found.
With a public profile, public posts, and tags, there is a good chance that anyone can find out as much as they need about you to steal your identity. Places you’ve been, where you live, who you know, your data of birth – it’s all on there.
In recent years, Facebook has taken steps to improve user privacy. However, there is a strong chance that you’re not using these settings correctly. Check this by reviewing your last Facebook post. If there is a globe next to the date, it’s public.
Protect social media: secure your account, ensuring all information, photos, updates can be seen only by friends. In Facebook, use Settings > Privacy to make these changes. You can also consider reducing your friends list, or just delete your account.
4. Shoulder surfing
Rather than rely on technology to grab your credit card details, some scammers prefer a more traditional approach. They hang around ATMs and frequent stores to observe what PIN numbers people key in. This technique, which usually means getting quite close to the target (or “mark”) is called “shoulder surfing”. After all, they’re literally looking over your shoulder!
Shoulder surfing means the perpetrator needs to have eagle eyes to spot the digits used in your PIN. The number also needs to be memorised. But that’s not enough for ID theft, is it?
As you’ve probably guessed, shoulder surfing is often a precursor to skimming or even old-fashioned pickpocketing. As soon as a criminal has his or her hands on your card, accompanied by the PIN number, they have the advantage.
Prevent shoulder surfing: ensure you cover the keypad when entering your PIN at an ATM or cashier desk.
5. Unsecure networks
Despite improvements in wireless security, unsecure networks still exist. You might have a really old router at home; when you should be connecting using a secure WPA2 connection, your router can’t offer anything more secure than WEP. Meanwhile, your local café might be persisting with an incorrectly configured Wi-Fi network. Or it could be the railway station, bus concourse, public library, shopping centre, or even football ground. Anywhere could be serving you unsecured Wi-Fi.
Whatever the reason, the lack of a secure connection can be devastating for your online privacy.
Various risks threaten your online safety. Unsecured routers with publicly accessible backdoors, for example. Bad Wi-Fi security that allows the data you send to the internet via the router to be “sniffed” and read. Scammers setting up fake Wi-Fi networks to fool you into sending your data via their device.
Make networks secure: if it’s your own network, upgrade the router; if you’re using a public Wi-Fi network, be sure to use a VPN.
Awareness is the key to combating identity theft
There’s a good chance you’ve heard of some of these identity theft techniques. You probably never thought you would be struck by them, though. After all, you hardly have anything in your back account. Who would bother with that?
Sadly, the reality is that Joe Public is easier to steal from than a Hollywood star, Premier League footballer, or an industrialist. Therefore, being aware of phishing, skimming, shoulder surfing, and the risks of unsecure networks is vital. And the less you share on social media, the better.