Plenty of people think that their identity – name, date of birth, address, passwords, etc. – isn’t valuable enough to become the target of a hack. They assume that, because they don’t have a certain level of assets or because their credit rating is only average, nobody would be interested in stealing their private information.
These days, more than ever, that’s a dangerous assumption. The truth is, your identity online (or parts of it) are valuable to shady operators in more ways than you might think. And if you let the wrong entities get a hold of your details, it could cause damage well in to the future.
Why hackers want to steal your identity
Social engineering is one of the ways someone can use your online identity against you. This type of attack is less about using your details to pretend to be you (credit card applications, etc). It’s more about getting enough details about you to trick you in to handing over your own money; for example, they could pretend to be a service provider or a business supplier with details like your full name, address, phone number, date of birth, utility account number and soon. Or, they might use small pieces of information to trick other people into giving out more information about you.
Take a look at this demonstration:
So what are they trying to do with your information, once they get it? Sometimes, individuals use identity theft directly for personal enrichment. When most people picture an ‘identity thief’, they picture something like this. In other words, someone hacking in to your computer, stealing your mail, creating fraudulent ID, and taking other measures to apply for financial products in your name. And of course, they’re not likely to pay the debts that they create, so you’re saddled with the bill, and possibly with a ruined credit rating.
Other times, your identity is just one of many, targeted by a sinister team.
Pennies on the dollar for your ID
There are underground markets, both online and ‘in real life’, where people buy and sell credit card information. But one credit card alone isn’t worth much to crims, because of credit limits and the fact that cards can be cancelled so quickly. So card details are traded in batches of hundreds, sometimes thousands at a time. This means that your private details could be the target of a larger coordinated attack on an organisation that’s got your details.
Credit card information can be stolen from a variety of sources. Some scammers use devices attached to (or built in to) EFTPOS machines in seemingly normal stores to skim details, which can be in the hands of crims and exploited minutes later. The same goes for ATMs; very convincing faux card slots and keypads can be installed over the top of the real thing.
Other information, such as contact details you’d normally keep private, can also be very valuable. Large databases of customer information are valuable for marketing and malware spammers. They can use this to send anything from annoying unsolicited marketing offers, to phishing attacks, to damaging malware such as ransomware. Lists of details – yours could be one of tens of thousands – are particularly valuable alongside information such as your age, gender or location, which allow those spam attacks to be much more targeted.
How to protect yourself
If this all sounds a bit scary, don’t stress: you need only be alert, not terrified. There are plenty of practical ways you can prevent your private details from getting in to the wrong hands. Here are a few pointers:
- Trust your instincts when you’re filling out forms or giving details over the phone. If you think it’s unusual that a company would need to have a certain piece of information in order to serve you effectively, ask why they need it.
- Look at your credit report regularly – remember, you get a free report once a year, and it only takes ten days to arrive. If you see any unusual activity or applications you haven’t made, contact the product/service provider named ASAP.
- Make sure that when you’re shopping online, your transaction is protected by strong encryption security. Look on the site for a ‘security badge’ like this before entering your details. And Google the security provider before proceeding to ensure it’s legit.