Identity Fraud in Focus quarterly report
8 min
Identity thieves may take advantage of data breaches or use targeted attacks to steal personal and financial details. It's common for fraudsters to swipe information in the physical world too, by dumpster diving, shoulder surfing, or planting skimming devices. Here's the good news: if you know what identity thieves are up to, you’ll have a leg up.
In this digital age, some identity thieves go to extraordinary lengths to steal personal information.
Many of the tactics they use are highly sophisticated, from hijacking phones from afar to creating false identities with just a few pieces of real information. Other methods for stealing personal details — such as mail theft — are less high-tech but no less concerning.
When it comes to protecting your identity, understanding what you’re up against is a good first step. So, let’s take an in-depth look at what identity thieves look for when trying to steal your data.
Plus, learn how our features — like credit monitoring alerts and dark web monitoring — can help you act quickly to minimize the damage if your details fall into the wrong hands.
Unfortunately, data breaches and their fallout have become all too common. With incidents happening at such a rapid pace, it’s no wonder so many consumers suffer from “breach fatigue.”
So what’s causing these information leaks, and what can you do to safeguard your data?
You may be surprised to learn that most security incidents are actually accidents caused by human negligence or error. According to Verizon's 2022 Data Breaches Investigations Report, 82% of data breaches analyzed over the past year included a human element.
Other breaches are the result of targeted attacks by cybercriminals. These attacks aren’t limited to big corporations; small businesses can also have data stores that are attractive to criminals. That’s one reason why it’s important to keep tabs on all of the places where your data is stored, including what businesses or services you have an account with.
If your personal or financial information is made public in a breach, cybercriminals might be interested in putting it up for sale on the dark web. From there, your details could be used to commit fraud or identity theft. Or, your information could be blended with other victims’ information to create a brand-new false identity, a type of fraud known as synthetic identity theft.
That's one reason why we created our dark web monitoring tool. Once it's enabled, you can enter your details for monitoring, and we'll alert you if we find your information somewhere it doesn’t belong — such as the dark web or closed hacker forums.
When you’re online, phishing has nothing to do with a rod and reel. Rather, phishing happens when criminals hook you with phony emails, texts, or phone calls.
A related scam is pharming, in which users are directed to fake websites without their knowledge. For example, when a pharmer hacks into your browser and redirects you to a fake website.
What types of information might you be prompted for in a phishing or pharming attack? Any sensitive details that can be used for profit, like your Social Security number or the credentials to your bank account.
Phishers and pharmers may try to lure you by promising freebies or even by posing as your business, but with a little vigilance, you’ll be ready to spot the scam.
Any time you open an email or visit a website, be wary of urgent requests, frequent typos or blurry images, and multiple pop-up windows. If something doesn’t seem right, delete the email or close the browser window and move on.
Unfortunately, oversharing on social media can reveal more than you intended.
Take that first-day-of-school pic you snapped of your kiddos on the front porch. Is your house number visible in the background? If so, the safest bet is not to share, as your street address is considered personally identifiable information (PII).
Similarly, it’s not advisable to post from your vacation — or even from a restaurant — in real time. When you share your location, you’re also sharing the fact that you’re not at home, which can make you a target for theft.
There’s something else to consider. Everything you share online accumulates over time as part of your digital footprint. As your footprint grows, identity thieves may have more opportunities to get your information.
To combat this, consider adjusting your privacy settings to control who can see your information on social media. Think twice before accepting friend requests from people you don’t know. And consider enabling a social media monitoring feature like the one we offer, which can ping you if we notice signs that might point to account takeover.
Many smartphones use SIM cards, or subscriber identity modules, to identify the user and store important data. Your phone number can be transferred to a new SIM card for legitimate reasons, like when you’ve lost your phone or you’re upgrading to a new device.
But with SIM swap scams, thieves take advantage of this capability by calling a phone carrier, posing as you, and requesting to move your phone number to a device in their possession. Fraudsters have also been caught bribing phone-company employees to make the swaps on their behalf.
If the SIM swap is successful, the thieves can then use the compromised phone number as a portal to the rest of your digital life. With access to text messages, for example, a thief can side-step the extra security provided by two-factor authentication, making it easier to penetrate financial accounts, personal emails, and cryptocurrency wallets.
SIM swapping can also lead to a compromised social media account, which can cause reputational harm.
Credit reports are treasure troves of personally identifiable information (PII), such as your full name, birth date, and Social Security number.
Identity thieves can request a copy of a credit report by posing as a landlord or potential employer. If you suspect that someone has stolen your identity or if you've been told that your PII has been compromised, you may be able to prevent further damage by requesting a security freeze with the three major credit bureaus.
While some identity thieves have adopted sophisticated tactics for mining data digitally, others steal information the old-fashioned way: in the physical world.
Here are a few examples:
Dumpster diving: Criminals are known to dig through trash in search of sensitive information. So be careful about what you throw in the recycling bin — and shred sensitive documents if they're no longer needed.
Mail theft: Stealing physical mail is a tried-and-true tactic that’s still used by identity thieves today. To deter any would-be snoops, consider purchasing a mailbox with a lock and ask your postal service to hold your mail whenever you’re out of town.
Shoulder surfing: A fraudster might spy over your shoulder any time you're in a public place, so be aware of your surroundings and never let your guard down — especially when you’re at an ATM or in a checkout line, for example.
Skimming: This pervasive and often hard-to-detect technique happens when fraudsters leave skimming devices attached to the credit-card processor at legitimate businesses. When you swipe your card, the skimmer reads the magnetic strip and stores your card number. Then, whoever planted the device can then use your credit card or sell the information to a third party.
Shimming: Similar to skimming, this is when criminals insert a tiny microchip into an ATM or card reader with the aim of stealing and storing your information.
Data is a valuable resource. That’s why we’re deeply committed to safeguarding our members’ information, and to helping them take quick action if it’s been compromised.
Even if fraud occurs, with Allstate Identity Protection, you’ll never have to fight identity theft alone.
Not a member? Consider checking out more of our resources to learn how identity theft works and steps you can take to stay safe.
If you're considering one of our services, want more information, or need assistance, please reach out. We’re here to help.