How Does Identity Theft Happen?

two young women cover their face in worry while looking at laptop screen

Identity thieves use many methods to steal your personal information, so it's important to stay alert and proactive about how you handle it.

To help you know where to start, we've compiled a list of some of the primary ways fraudsters can get access to your data and how you can prevent it.

Protecting yourself from identity theft can be a daunting task, but compared with the process of recovering from it, it's worth the effort. Here's how identity thieves are targeting you.

Lost or Stolen Wallet or Purse

People carry a lot of sensitive information in their wallet or purse. In addition to your credit and debit cards, you may also carry your driver's license or state ID, Social Security card, passwords and other important documents.

To limit the amount of information an identity thief rakes in with a lost or stolen wallet or purse, carry only what's necessary. For instance, commit your Social Security number and passwords to memory and keep the papers at home in a safe place. Alternatively, you can use an online password manager like LastPass and 1Password.

Also, keep only the credit and debit cards in your wallet or purse that you use regularly. The others you can leave at home safely stored until you need them.

Lost or Unsecured Digital Device

Your computer, phone or tablet is your gateway to the web, and you can do just about anything online. Most people have access to their online banking, credit card accounts and other financial information. So if you lose your device or a fraudster hacks it via malware, you could provide them with a wealth of information.

Start by setting a password to access your device that only you know. That way, someone who finds or steals your device won't be able to access your files.

Second, install malware protection software on your computer; most options are affordable. Also, avoid visiting unknown and obscure websites, and don't open an attachment or click a link on an email that sounds suspicious. It's highly unlikely that you'll get a virus or other malware by visiting trustworthy sites, so stick with what you know.


Keeping your sensitive information stored at home is always better than carrying it around with you. But if someone burglarizes your home, you could still be in danger of having your identity stolen.

One way to keep your information safe is to store it in a lock box or safe, with the key stored in a separate safe place.

Another way to avoid the threat altogether is to store your most sensitive information in a safe deposit box at your local bank branch.

Mail Theft

While many identity thieves have moved on to more sophisticated methods of accessing your information, some are content to stick with old school mail theft. If you get bank and credit card statements or send checks through the mail, you could be vulnerable.

To limit your exposure to mail theft, opt for e-statements with your bank and credit card companies. You'll get notifications in your email when they're ready and can view them in your online accounts. Also, if you have to send a check or letter with sensitive information, take it to your local post office or hand it directly to the mail carrier.

Finally, consider getting a mailbox with a lock. With several other mailboxes in the area, a thief will likely move on to the next one rather than trying to break into yours.

Trash Theft

Once you throw something in the trash, it's out of sight and out of mind. But to identity thieves, trash containers and dumpsters can be a gold mine.

To avoid giving fraudsters access to your personal information through the trash, use a shredder for statements and other sensitive documents. Specifically, pick a cross-cut or micro-cut one to make your documents practically unreadable.

Email and Text Messages

Phishing scams aren't new, but they're getting harder and harder to spot. These scams come in the form of an email or text and attempt to get you to share personal information.

These messages often:

  • Don't address you by name
  • Require immediate action
  • Threaten you with a frozen account or other negative consequence
  • Have a suspicious sender address
  • Include spelling and grammar errors
  • Include attachments
  • Request information the institution they're posing as already has

Email platforms such as Gmail try to send these messages to your spam folder automatically. But some can still slip through the cracks. Keep an eye out for these red flags every time you receive an email. And if you're not sure about something, call the institution directly to confirm that it's not a scam.

An Unsecured Home Network

Your home Wi-Fi network may be a target if it's open or has a simple password. If it's unsecured or not secured well enough, anyone within 500 feet can join the network and access your sensitive information.

To prevent this type of identity theft, start by securing your network with WEP or WPA security. Doing this will make it harder for fraudsters to access your private files.

Also, set a complex password and change it every six to 12 months. Doing this can make it harder for a thief to guess your password based on what they might know about you.

Unsecured Websites

If you regularly shop online, it's important to be diligent about where you spend your money. There are plenty of websites that offer deals on various items, but don't let that make you complacent.

Some websites aren't secure, which means that anyone can eavesdrop as you enter your payment and other personal information.

The best way to avoid unsecure websites is to stick with sites that you know. Also, check the URL at the top of your browser to make sure it starts with "https." If it starts with "http" instead, the site isn't secure, and you should avoid entering your personal information.

That said, even secure websites can be a front for fraudsters. So if you're not familiar with a site, check the URL to make sure there aren't any misspellings and do a quick internet search to see if it's legitimate.

Compromised Card Readers

Whether you're at the fuel pump or withdrawing cash from an ATM, your credit or debit card could be at risk. Identity thieves place a device over the card reader called a skimmer or shimmer that can read your credit or debit card information, either from the magnetic strip on the back of your card or the chip on the front.

With this information, they can create a fake credit or debit card and use it in situations where the merchant won't ask for a CVV code, expiration date or PIN.

To avoid these illegal card readers, check the gas pump or ATM terminal to see if anything looks off. The skimmer or shimmer will likely be made of a different material or be a different color, making it easy to spot. Also, the owner of the machine may add a tamper-free seal that you can check.

If you're not sure, go inside the gas station to pay or get your cash at the teller counter of your local bank branch.

Data Breaches

You likely have countless online accounts with different banks, merchants and other companies. And while those companies do their best to protect your data, hackers sometimes still manage to get access to customer information in what's called a data breach.

Since the companies are the target, you may feel like there's not much you can do. But one thing you can do is to be selective about what information you share. Avoid opening an online account unless it's necessary, and only do business with companies that value security and clearly spell out their security practices on their website.

Synthetic Theft

Synthetic identity theft is the act of merging real and fake personal information to create a new identity. For example, a fraudster could use your Social Security number and blend it with a different person's name and address.

In addition to the other preventive measures we've discussed, one way to prevent synthetic identity theft is by using a service that offers dark web monitoring. Services like Experian IdentityWorksSM regularly check the dark web for your Social Security number, phone number and email address to make sure they're not being misused.

What to Do if Your Information Has Been Compromised

There's no surefire way to prevent identity theft entirely. So when it happens, it's important to know what to do to stop it before it gets worse.

If your credit or debit card has been lost or stolen, the first thing you should do is contact the issuer and report it. It will cancel the card and send you a new one in a few days.

If you think your Social Security number has been compromised, consider adding an initial fraud alert to your credit reports to prevent the thief from opening an account in your name.

If someone has already opened an account in your name, contact the creditor and file a police report, then request an extended fraud alert or credit freeze.

The sooner you react to potential or legitimate fraud, the easier it will be to clean up the mess. If you don't check your credit scores and online statements regularly, though, you could be a victim for months before you realize what's happening. The more attentive and intentional you are about protecting your information, the easier it will be to prevent fraud and address it quickly when it happens.