AVG Signal Blog Security Threats Identity Theft: What It Is & How It Works

Written by Ivan Belcic
Published on August 26, 2020

What is identity theft?

The definition of identity theft is the nonconsensual acquisition of someone’s sensitive personal information. Simply put, it’s when someone steals your personal details — your social security or other ID number, your credit card info, your birthday, and so on. Usually, identity thieves will use that information to buy things, obtain credit, or take other unwanted actions in your name.

This article contains :

    According to the US-based Center for Victim Research, “approximately 7–10% of people in the US experience identity fraud each year” — that’s millions of victims in the US alone. Over 20% of the people in this group experience multiple instances of identity theft resulting in fraud within the same year. So it’s crucial to arm yourself with as much useful information on identity theft as you can. That way, you can avoid identity theft before it happens to you.

    So what does identity theft mean in practice? Let’s find out.

    Identity theft vs. identity fraud: what's the difference?

    Identity theft and identity fraud are two closely related and often-confused concepts, but they’re not exactly the same. Identity theft refers to the act of acquiring someone’s sensitive personal data without their consent. To define identity fraud, we need to look at what people can then do with that information.

    Identity theft becomes identity fraud when the thief uses your personal data to conduct undesired actions on your behalf. These days, identity fraud has become a widespread form of cybercrime. Here are just a few things an identity thief can do when they commit fraud with your personal data:

    • Empty your bank account

    • Open new lines of credit

    • Make purchases with your credit cards

    • Obtain legal documents in your name

    • Open bank accounts and apply for loans

    • Use your health insurance to receive treatment

    • File tax returns and claim your tax refunds

    • Take over your social media accounts

    Once someone manages to steal your identity, it can take years to sort out the mess among various government agencies, banks, credit card companies, and other organizations affected by the fraud.

    An identity thief can commit all kinds of fraud with your identity.An identity thief can commit all kinds of fraud with your personal data.

    But rather than dealing with all that, why not take control over your online privacy and ensure that your personal data doesn’t fall into the wrong hands? AVG BreachGuard can prevent data brokers from selling your identity, and it’ll also help you to change all your passwords immediately if any of them get leaked on the dark web. You’ll also get alerts about privacy threats and easy-to-follow instructions on how to address them for identity theft protection.

    How is identity theft committed online?

    When it comes to snatching up personal details, cybercriminals have an assortment of tools at their disposal. Here, we’ll look at how cybercriminals commit identity theft and examine just what counts as identity theft in today’s online world.

    icon_01Unsecured browsing

    Unsecured browsing happens when you’re using your web browser in a way that allows someone else to intercept your traffic. If you’re conducting sensitive personal business — logging into your bank account, filing your taxes, using your credit card — on an unsecured browser, cybercriminals can acquire the information they need to steal your identity. Here’s a few ways in which this can happen:

    • Using unsecured public Wi-Fi: On an unsecured Wi-Fi network, a cybercriminal can easily “eavesdrop” on any of the network’s other users with a few simple tricks and tools. You can protect yourself while connected to such a network by using a VPN, which encrypts all traffic coming to and from your device — and keeps identity thieves out.

    • Using public computers: Think twice before logging into your bank account on that computer in the library. A hacker might have rigged it with malware that can capture your personal details. If you do use public computers to access your personal accounts, always log out and clear the browser history when you’re done.

    • Visiting an unsecured website: Ever notice a little padlock icon up in your browser’s address bar? If you see one, it means that the website you’re using is protecting you with HTTPS encryption. You’ll see one if you take a look right now, because AVG’s always got your security in mind. Websites that still use plain old HTTP — not HTTPS, with an s for Secure — don’t offer the same level of protection. Your data is exposed whenever you visit such unsecured sites, so be careful about entering any personal details there.

    You can protect yourself against unsecured browsing by using a web browser built with security as a top priority — such as AVG Secure Browser. Designed by security experts, AVG Secure Browser ensures that your data remains private — from the very moment you first launch it.

    icon_02Data leaks

    Data breaches happen when hackers break into a company’s servers and acquire sensitive user data, and they happen all the time. The 2017 Equifax data breach, one of the most notorious breaches in recent history, exposed the personal data of approximately 147 million people. Data stolen in a breach can include personal identification numbers, credit card information, passwords, birthdays, and addresses… in other words, everything an identity thief needs to commit identity fraud.

    And it’s important to note that data thieves frequently sell stolen data on the dark web — more on that next.

    icon_03Personal data landing on the dark web

    Many data thieves turn to the dark web to profit off of the data they’ve stolen. The dark web represents a portion of the internet that’s off-limits unless you’re using specialized software, like Tor Browser, to reach it. The dark web has developed a rather unsavory reputation over the years as an unregulated marketplace for all sorts of shadiness, and while that’s not completely untrue, that idea certainly errs on the side of hyperbole.

    While not everything on the dark web is bad, people do use it for the covert sale of stolen data — maybe even yours. Cybercriminals can buy this data and use it to commit identity fraud. Thankfully, AVG BreachGuard constantly and thoroughly scans the dark web for breaches to alert you if any of your data has leaked online.

    icon_04Malicious software

    Identity thieves can use certain types of malware (malicious software) to obtain your personal details. Consider spyware, a type of malware that covertly harvests information about you and your devices. Just like a real spy, spyware is excellent at remaining undetected while it gathers up all your sensitive personal information.

    That is, unless you remove the spyware with a specialized spyware removal tool, like AVG AntiVirus FREE. It’ll scan your device for malware, including spyware, then detect and remove it automatically.

    icon_05Phishing and pharming attacks

    Phishing and pharming are two large-scale techniques that allow identity thieves to harvest personal information in bulk. Phishing involves a thief hooking victims with a lure — typically a fraudulent email — that fools victims into disclosing their data. These emails are often designed to imitate those sent by a trusted source, such as a bank or an employer. But when the victim responds, they’re actually sending their information to a cybercriminal.

    Pharming does away with the bait entirely and relies instead on cyber-tricks to ensnare victims. Pharmers frequently use spoofed websites — fake sites that mimic legitimate ones — and intercept their victims’ internet traffic to bring them there. You might think that you’re visiting your bank’s website when you’ve actually been redirected to a fake version without realizing it. Once there, victims will attempt to log in or enter other personal details, at which point the data falls into the hands of the identity thieves.

    Phishing and pharming both use clever deception techniques and social engineering tactics to manipulate victims into handing over their data. Avoid becoming a victim by practicing smart email and website security habits.

    icon_06Wi-Fi hacking

    A vulnerable Wi-Fi router is an attractive attack vector for a would-be identity thief. If a hacker successfully cracks the password on a router, they can help themselves to all the data flowing through it. That’s why it’s so important to change your router’s password as soon as you buy it. Otherwise, all a hacker needs to do is log in with the default user credentials that came with your router.

    Unencrypted Wi-Fi hotspots, such as those in cafes, airports, or other public places, are prime targets for Wi-Fi hacking. The hacker doesn’t even need to crack the password, because there isn’t one. Always be careful when connecting to an unsecured Wi-Fi network, and whenever you do, protect your data with a VPN.

    After gaining access to a router, hackers have a couple of options for stealing your data:

    • Install a sniffer. A sniffer is a software tool (though hardware versions also exist) that monitors and collects traffic over a network. If your data isn’t encrypted by a VPN, or by other means, a hacker can gobble it right up.

    • Perform a man-in-the-middle (MITM) attack. Here, a hacker intercepts communications between two parties. They may simply eavesdrop on the conversation, or they may send false messages to the participants. Both parties in the conversation will be unaware that they’re falling victim to a MITM attack.

    icon_07Email hacking

    Email hacking happens when a cybercriminal successfully gains access to your email account. They can then dig through your emails to learn all about you, and even send emails on your behalf to potentially gain other information they need. Identity thieves can use many techniques to hack your email account, including phishing, malware, and cracking your password.

    Protect your email account with smart email security habitschange your password regularly, use strong password-creation techniques, look out for phishing attacks, and always remember to log out when checking your email on a shared computer. When you prioritize email security, hackers will likely ignore you in favor of easier targets.

    Who is most at risk from identity theft?

    While anyone can become a victim of identity theft, some groups are at higher risk than others. Identity thieves tend to prefer targets who aren’t as likely to regularly check their finances or follow other strong internet-safety practices.

    • Children: Sad as it may sound, identity thieves frequently target children, who may not be as aware as adults of the dangers lurking on the internet. Children are also much more likely than adults to have clean credit histories. Foster children are particularly at risk due to their records passing through more hands on a regular basis.

    • Seniors: Many scammers prey on the elderly, and identity thieves are no exception. Both children and the elderly can be targeted for identity theft by their caregivers — the very people entrusted with their safety and well-being.

    • Service members: Military personnel on active deployment are vulnerable to identity theft because they aren’t as readily able to monitor their finances and credit activity. People in this situation may find themselves targeted by friends or family who are aware of their deployment status.

    • College students and recent graduates: Young adults entering the financial world on their own can easily slip up and disclose their personal information to someone posing as an employer or rental agent. Young adults may also be more willing to share personal information on social media, which can then be exploited in phishing attacks.

    • Incarcerated people: Much like actively deployed military personnel, incarcerated people may not be able to monitor their finances and credit easily. This places them at higher risk for identity theft.

    • High-income individuals and business owners: People with higher-education degrees and substantial income or net worth face greater risk of identity theft than those with lower income. Identity thieves may also target these individuals in the hopes of gaining access to sensitive corporate information, such as employee payroll data or executive email accounts.

    • The deceased: Targeting the deceased for identity theft and fraud is known as “ghosting.” Many family members don’t realize for years that someone has been using the identity of their deceased loved one.

    Checking for identity theft

    Vigilance is the key to detecting identity theft early on and mitigating the potential damage. People who regularly monitor their financial accounts and statements are much more likely to spot identity theft than those who don’t.

    With AVG BreachGuard, which scrupulously scans the dark web for breaches, you’ll know immediately if any of your personal information has leaked online. That way, you can take immediate action to keep hackers out of your accounts.

    icon_08Warning signs to look out for

    You may be a victim of identity theft or identity fraud if you notice:

    • Unexpected charges on your bank or credit card statements. This can mean that someone’s gotten access to your financial accounts. If you spot any suspicious activity, contact your financial institutions immediately.

    • Login alerts for websites and services you use. Some websites send emails or other alerts when a new device logs in. This can mean that an identity thief has acquired your login credentials and may be exploring a bit before engaging in more serious fraud. Change your passwords immediately if you’re alerted to any suspicious logins.

    • Sudden changes to your credit score. Whether your credit score is skyrocketing or plummeting down, it’s a red flag if you’re not expecting these results. An increasing credit score may stem from someone attempting to extend your credit, while a decreasing score can signal recent fraud.

    • Collection agencies contacting you. Are you being hounded about debts you don’t remember accruing? Someone else may have racked up those debts in your name.

    • A loan or credit application denial. This can indicate that your credit history is in worse shape than you thought — possibly because an identity thief is abusing it for their own gain.

    • Unrecognized loans or other credit accounts on your credit report. If an identity thief successfully applies for a loan in your name, you’ll see that loan on your credit statement.

    • Your tax return or refund is denied. If you’re told that your tax documents have already been filed, and you’re positive that you didn’t file them yourself, someone may be attempting to claim your tax refund via identity fraud.

    • Discrepancies on your medical records. When an identity thief receives healthcare treatment using your insurance, this care will appear on your medical records. Look out for any unexplained healthcare treatments, procedures, or other expenses on your records. Your insurance provider may also contact you about payments they’re making on your behalf — if you’re not receiving the corresponding benefits, someone else is.

    What to do if you're a victim

    If you suspect that you’ve become a victim of online identity theft, don’t panic. It’s never too late to regain control over your finances. Many people may also feel embarrassed or self-conscious about reporting the fraud — if you feel that way, remember that identity theft affects millions of people every year. You’re not alone, and it’s not your fault.

    First, report the identity theft to the affected organizations: your credit card company, your bank, your insurance provider, or any other creditor. They’ll be able to take appropriate actions to follow up on your report. The sooner you report the theft, the safer (and less liable) you'll be.

    Next, check your credit reports and freeze your credit, then report the cybercrime — identity theft and fraud are very serious cybercrimes — to the relevant government agencies in your country as well as to your local police. In the meantime, update all your passwords to prevent additional hackers from getting into your accounts.

    Finally, replace or update any legal documents that were compromised by the theft.

    Vital protection against identity theft

    Identity thieves prey on vulnerable targets who lack the means, ability, or knowledge to keep themselves safe. You can prevent identity theft by following a few basic security practices.

    • Don’t reuse passwords. Use a unique password for every account you have. That way, if someone obtains one of your passwords, they can’t access anything else.

    • Don’t overshare. Limit your sharing on social media. Identity thieves use personal details to tailor their phishing attacks and guess the answers to your security questions to access your account.

    • Use multi-factor authentication. If a website or service offers two-factor or multi-factor authentication, use it. That makes it harder for someone to hack your account.

    • Freeze your credit. You can unfreeze it when you need it, and it’ll be safe in the meantime.

    • Lock your mobile device. Use a password, PIN, or other means to keep others out of your mobile device.

    • Get a VPN. A VPN protects your data from anyone on the outside looking in — it’s vital whenever you’re using public Wi-Fi. Encrypt all your internet traffic with AVG Secure VPN.

    • Check your financial and credit statements regularly. Scrutinize your financial reports — that’s how you’ll catch an identity thief before they can do too much harm.

    • Don’t trust strangers. This bit of childhood wisdom counts double online. A healthy dose of suspicion will help insulate you against phishing and pharming attacks, as well as the infected links and email attachments that hackers use to spread malware.

    Stop identity thieves with AVG BreachGuard

    With AVG BreachGuard, you’ll be protected against identity theft on two fronts. First, BreachGuard can prevent known data brokers — companies who compile and sell your personal data to other parties — from storing and selling your data. That limits the possibility that your personal data will end up on the dark web, where it can be sold to an identity thief.

    Second, in the event that any of your online accounts are included in a data breach, BreachGuard notifies you immediately. You’ll be able to change your login credentials ASAP and lock hackers out before they have a chance to access your accounts.

    By limiting the sale of your data and alerting you whenever your personal information is leaked, you’ll stay two very large steps ahead of anyone looking to exploit your identity.

    Protect your Android against threats with AVG AntiVirus

    Free install

    Protect your iPhone against threats with AVG Mobile Security

    Free install
    Ivan Belcic