What Can Identity Thieves Do With Your Personal Info and How Can You Protect Yourself?

Quick Answer

Identity thieves can sell your personal information and use it for various types of identity fraud, such as taking over your accounts or applying for credit in your name. Protecting your info is important, but you may also want monitoring in place that quickly alerts you if your information is leaked or someone tries to use it.

Identity Thieves Stealing and Selling Dark Web

Identity thieves and fraudsters can use your personal information to take over your accounts, use your accounts, open new accounts, file tax returns or even get medical procedures in your name. However, there are some steps you can take to protect yourself from identity theft and tools that quickly alert you when something is amiss.

How Does Identity Theft Happen?

Identity theft is when someone steals personal information that they can use to imitate another person. Sometimes, people distinguish between identity theft―the act of stealing information―and identity fraud—using someone else's identity to commit a crime. But the terms are also commonly used interchangeably.

There are many ways that identity theft can happen:

  • Data breaches: A data breach could expose your personal information, which the attackers might use or sell on the dark web.
  • Lost or stolen possessions: Thieves could steal or opportunistically pick up your wallet, phone, mail and other documents or possessions that have your personal information.
  • Malware: If malware, or malicious software, infects one of your devices, someone might be able to take control of the device to imitate you or snoop on anything you enter or send from the device.
  • Unsecured browsing: If you use an unsecured Wi-Fi network or enter information into an unsecured or scam website, attackers could snoop on your activity or try to install malware onto your device.
  • Phishing: Some criminals send phishing (email), smishing (text) and vishing (voice) messages to try to lure you into sharing your personal information. They might do this directly, by asking you to "confirm" your personal information, or as the first part of a multistep attack that includes a link that will download malware onto your device or send you to an unsecured website.
  • Card skimming: Skimming devices can be attached to card readers to steal information from your debit and credit cards and make copies of your card.

Identify theft can also happen when a family member, friend or roommate steals or uses your personal information without your consent.

What Is Personally Identifiable Information?

Personally identifying information (PII) is information that can distinguish one person from someone else. Some PII, such as your Social Security number or biometric data, like a fingerprint or retina scan, can identify you directly. Other PII can help distinguish you, but it's only one piece of the puzzle. For example, you might share the same birthplace with many people, but it's unlikely that you share the same birthplace, name and date of birth with someone else.

Common Types of Personally Identifiable Information
Full name Home address
Birth date Email address(es)
Birthplace Phone number
Social Security number (SSN) Mother's maiden name
Biometric data Medical records
Passport number Military credentials
Vehicle identification numbers (VINs) Driver's license number
Educational records or information Credit or debit card numbers
Employment information Insurance information

The more pieces of PII an identity thief can obtain, the more likely they'll be able to imitate you and commit different types of identity fraud.

What Can Identity Thieves Do With Your PII?

Identity thieves can profit off your personal information in different ways, and some criminals specialize in one type of crime or attack. Some of the ways thieves can use your PII include:

  • Sell your PII. Rather than using your information, identity thieves might list it for sale on the dark web or social media.
  • Take over accounts. Criminals can try to take over your accounts, including bank, credit card, phone, ecommerce and loyalty program accounts. They can then try to steal anything of value, from directly transferring funds to using your gift cards or points. They could also try to change your password, email, username, phone number or PIN to make it difficult for you to quickly or respond to the compromise.
  • Use your account without your permission. Even if they don't take over your account, the fraudster might be able to convince your card issuer to add them as an authorized user or your bank to mail them a checkbook. They can then use the card or checks to commit fraud.
  • Apply for new accounts. Someone could apply for a new credit card, bank account or loan in your name. They might steal the new credit card out of your mailbox, or have the card or account information mailed to an address they control.
  • Get medical procedures. Medical identity theftcan happen if someone steals or buys your identity and medical PII. The person might be able to use your health insurance to get medications or procedures, which can be dangerous if these fraudulent activities are added to your medical records.
  • File a tax return. Tax fraud is when someone uses your PII to file a fraudulent tax return. They might make up numbers or information to guarantee they get a large refund.
  • Apply for government benefits. Criminals also might be able to use your information to apply for government benefits, such as unemployment.

Although these are common ways that identity thieves and fraudsters use PII, it's not an exhaustive list—and some less common attacks can be just as scary.

For example, someone might take over your social media accounts and blackmail you by threatening to share personal or embarrassing information or pictures with your contacts. And there are cases of identity thieves fraudulently transferring home titles and then taking out mortgages against the victim's home.

It's also important to be cautious whenever something feels amiss or too good to be true because fraudsters continually create new scams and schemes.

How to Protect Your Personally Identifiable Information

Protecting your PII can be ongoing and difficult, but there are several steps you can take to help you stay safe.

Protecting Your PII Online

  • Create unique and strong passwords for all your accounts, especially those with PII. A password manager can make this easier.
  • Enable multifactor authentication (MFA) to help keep your account secure even if some of your PII is compromised.
  • Install the latest updates for your computer and mobile devices.
  • Don't log in to your accounts while using public Wi-Fi networks or someone else's device.
  • Learn how to spot and avoid phishing emails.

Protecting Your PII Offline

  • Never carry your Social Security card in your wallet or write your SSN on a form without double checking that it's required.
  • Add passwords to all your devices.
  • Try to get the mail out of your mailbox right away.
  • Shred documents that have PII before throwing them away.
  • Don't respond to text messages or phone calls that ask you to share PII. Even if it looks like the message is coming from a legitimate company or government agency, criminals can spoof their information to hide their identity.
  • Request a free Identity Protection PIN from the IRS.

What to Do if Your PII Is Compromised

Unfortunately, even if you follow every best practice for keeping your information safe, mistakes can happen or a data breach could leak your PII. However, there are a few things you can do to help protect yourself and quickly detect signs of identity fraud:

  • Regularly check your account statements.
  • Look for unexpected statements, bills or application rejection letters in the mail.
  • Add transaction or balance notifications to your credit card and bank accounts.
  • Sign up for free credit monitoring.
  • Freeze your credit or place a fraud alert. You have the right to add a security freeze or fraud alert to your credit reports.

If you suspect or know someone used your identity, the next steps will depend on the specific situation. In general, you'll want to notify the Federal Trade Commission using IdentityTheft.org, possibly your local police department and the organization where the fraudsters used your identity.

See if Your PII Is Already on the Dark Web

Data breaches have compromised many people's PII, and there's a good chance that your PII could wind up in a criminal's hands. You can check to see if your SSN, email or phone number are already on the dark web with a free dark web scan. You can also use Experian's personal privacy scan to see what PII people can find on the public web. And if you want to continually monitor various databases for your information, a program like Experian IdentityWorksSM can quickly alert you if your PII is found online.