Although awareness and prevention are very important, it’s best take the attitude that we are all in a post-prevention world. Simply assume all your information is already out there on the internet in some form.
How a criminal could steal your identity:
- An identity thief builds out a wide profile of you. A criminal may start with a basic profile that includes name, address, Social Security number and date of birth, which he bought on the dark web. From there, he would go to one of the many background-check websites on the surface web and find out as much as he can about the person.
- For a small fee, submitting just your name will produce a report containing all of your current and previous addresses, phone numbers, social media sites and email addresses. The report can also provide descriptions of your family members and neighbors and details about property past and present that you have owned — including mortgage documents and amounts. It’s all legal; the information is pulled from public documents.
- Armed with all this data and personal history, the assault starts. Criminals can infiltrate your credit bureau files; change your contact phone numbers and emails; take over your financial or investment accounts; create new credit card accounts; and even take out personal loans. It can months later, when the damage is done, that you find out and the criminal is gone.
Why do scammers need so much personal information about us to commit fraud? The primary defense employed by the credit bureaus and others to protect our credit files is something called “knowledge-based authentication” (KBA) questions. These are questions that supposedly only you know, like your mother’s maiden name or the name of your high school. While KBAs create a roadblock for many scammers, many criminals who successfully mine the data-rich environment on the surface and dark web can often come up with the answers.