Do you enjoy doing jigsaw puzzles? Many people do, and the more pieces, the better. The objective is to take pieces of a puzzle, often small and unidentifiable, and put them together to complete an image. While it may be difficult, depending on the image and the number of pieces of the puzzle involved, it’s quite satisfying once you’ve successfully created a complete image.
Cybercriminals who steal your personally identifiable information are in effect trying to solve a puzzle as well – only instead of creating an image, they’re trying to put together your identity so that they can commit identity theft. Individual pieces might mean nothing by themselves, like your name, your birth date, where you were born, or even your IP address. But cybercrooks take those individual pieces from a variety of sources, along with other data, and put them together to create a complete image of their intended victim.
Adding Pieces to the Puzzle
In keeping with the jigsaw puzzle analogy, what missing pieces do the cybercrooks need in order to complete an intended victim’s identity? If they have a person’s name, birth date, and gender, they don’t have much. But add on the person’s place of employment, their mother’s maiden name, and some sensitive medical information, they’re on the way to having a complete identity picture.
Now it gets serious because if the cybercrook can steal some highly sensitive information like a Social Security number, a driver’s license number along with a bank account number and password, the identity of the victim is completed, the “puzzle” is solved, and identity theft will shortly follow.
Sometimes, all it takes is one piece of information – like the person’s Social Security number, because that will unlock all the other information a cyber crook needs to commit identity theft. And they’re having a lot of success doing this – to the tune of $56 billion in damage each year – and unfortunately, those numbers are growing.
The Damage can be Catastrophic
What do cybercrooks do with the identity they’ve stolen? If they don’t want to sell pieces of it on the dark web, they will open credit accounts in the victim’s name, commit bank fraud, access the victim’s bank accounts to steal money outright, gain access to medical information to submit phony claims, steal tax refunds and so much more.
It may take time for any of these damages to be discovered, and it can end up costing the victim a lot of time, money, aggravation, and lawyer’s fees to untangle the mess the cybercrook created. Damages can run into thousands of dollars, and can often ruin a victim’s credit history as well.
How Cybercrooks Steal your Information
So how do the cybercriminals get their “pieces” of the puzzle to ultimately commit identity theft? One of the main places they go to is people-search sites, where volumes of unauthorized personal information is available. Your first step in protecting your identity is to remove all of that data from those sites, including US Search, Intelius, and Whitepages, among others. However, be aware that there are more than 100 people-search sites, and each one has its own quirks and methods for removing your data and opting out. Plan on spending time – lots of it, removing that data.
Another way cyber crooks steal your personal information is hacking into public WiFi services – the kind you use every time you visit a coffee shop or airport lounge where “free WiFi” is available. It may be free – but it’s costly if you get hacked! So instead of using public Wi-Fi, use one of the top virtual private network services (VPN) like ExpressVPN, TunnelBear or SurfShark, among others.
Another entry point for hackers is your email inbox. You’ll receive phishing emails that have links in them, and if you end up clicking on one thinking it’s legitimate, your computer will be exposed to malware, and that can lead to hacking. Cyberthieves can also get you with a phone scam because they’re able to disguise the phone’s caller ID through “spoofing”, so it actually looks like you’re receiving a phone call from a financial institution or a government agency. Be careful – they’re just scammers out to get your personal information.
Protecting Your Identity
So how do you protect your identity from those relentless cyberthieves? In addition to removing your data from people-search sites and using a VPN, make sure you have a strong password – and a unique one, for every online account you access. That means a 10-character password with numbers, symbols, and letters. To make it easy on yourself, get a password manager like LastPass, Bitwarden, or KeePass, among others.
Whenever it’s available, use two-step verification (also called “authentication”) before logging on to one of your accounts. It’s becoming more and more available because it offers users additional peace of mind. If you’re going to use sites to purchase items, make sure the site is secure. They always start with “https” – if that doesn’t show in your address bar before the name of the site you want to visit, log out.
Here’s something else to protect your PII – if you’re going to use a third-party payment service, like PayPal, always type in the URL address instead of clicking on a link on a web page or in an email. The reason: cybercrooks can spoof a web page to make it look real, and while you think you’re entering your account information and credit cards into a PayPal site, for example, you’re actually handing the cybercrook the pieces of the puzzle needed to steal your identity.
Follow these suggestions and use your common sense when responding to emails and you’ll help keep your personally identifiable information secure.