Welcome!
If you have an account, please:
Log in
Yes, it's THAT book!

Drop your email here to stay informed of the status of my "tell most" book about the National Security Agency:

--OR--

Read a little about the book here:

Employees are allies, not the adversary

--OR--

Check out the Kickstarter here (click)
How can I help you?
Contact Jeremy
Recommendations

Here's something that


I, Jeremy Duffy, actually recommend and think is worth checking out.
No web-bugs, no bs, just a legit recommmendation that I have personally evaluated before allowing it to be listed here:

Think something's here that shouldn't be? contact me!

How to Steal Identities – Why It’s So Easy

How to be an ID thief

ID theft is fairly simple in theory. Get all the information you can find on someone so you can impersonate them and buy stuff. Then the victim gets the bill and you get all the stuff.

In practice, making this all work can be complicated, but that's ok, because businesses make it easy as I'll explain:

Part 1: Getting personal data

The small time: Dumpster diving

This method is time consuming, can be disgusting, but is very effective, and completely legal (to a point). Garbage in a can at the curb is considered abandoned property by lawmakers. Therefore, you can safely collect this garbage, take it home and search for treasure.

Note: when collecting garbage, make sure to do it in the wealthiest neighborhoods where the targets are likely to have identities that are more valuable.

Have you ever paid attention to what you throw away? What information about you is printed on that? Let's say that in your trash this month were some birthday cards, a few bills, a bank statement, and an unopened pre-approved credit card offer (you've stopped looking at them anymore and just toss them on sight).

There's a lot of sensitive information on those types of documents aren't there? I can get your birth date and mother's name from the birthday cards (what? Like your mother doesn't send you a card?). The bills give me account numbers, address, and telephone numbers for your home and possibly any businesses you run. That pre-approved card offer might have your social security number on it (paydirt!), but if not, I can still send it in with a change of address so the card comes to me.

The big haul: Hacking

The Internet is a wonderful thing. If I lived on a remote desert isle, but had Internet access, I can see the same information, make the same orders, and play the same games as anyone else in the world. I can also attack the security of any of any system that uses the Internet (such as the government, businesses, or individuals)

BAAAA! You're hacked.

As a hacker, I can break into systems, sneak past security, steal data, and make my getaway all without getting up from my armchair. What if you're not a hacker? No problem! There are many people (hackers or security activists) who will post simple pre-built hacking scripts on the Internet. All you have to do is type in the Internet address of the site you want to hack into and push the proverbial "GO" button (firesheep for example).

Once you have access, you can wander around the site with full privileges. This allow you to do creative things like adding code to their shopping cart that redirects all credit card transactions to a monitoring site under your control.

But wait! Rather than rewrite their code and wait for results, why not just dump their entire customer database to your hard drive? Now you have instant access to thousands or millions of records (just ask TJX).

What kind of information do they store in their databases? Just about anything and everything. Data mining is what happens when you combine giant storage capacities thanks to today's technology with companies who buy and sell information about you to other companies resulting in a large and detailed profile about you and everyone around you.

Everything there is to know about you is being pooled into a central profile for companies to use as they see fit.

The full sum of all data you post to the Internet voluntarily, anything you give to companies when ordering online, and all public records is being pooled into your profile without your knowledge, out of your control, and without any option to remove it. Laws are slow in coming and often make things worse due to Congressional ignorance of all things technological.

With this vast cornucopia of data, you couldn't possibly steal the identities of everyone. What to do!?

How about select the juiciest prospects for yourself and sell the rest to other thieves? Not only are you getting rich from victimizing your chosen lambs, but you can earn additional money for years to come by selling you second or third draft picks to other people little by little.

Know the victim

If the person you choose as a victim is someone you know personally (especially a friend or family member), you may already know most of their personal data. This becomes especially important in the next step.

Part 2: Filling in the blanks

Assuming that you didn't get all the data you needed from the above, you can fill in the rest with some simple social engineering tricks. For this exercise you can use one or more of the following targets.

  1. Businesses

    Have you ever called a bank or utility service? How much information did they ask from you before deciding that you were you? Couldn't you call them and easily convince them that you are your neighbor? Once they've granted you access, you can "confirm" that they have your correct birthdate or other personal information which gives you information you didn't have before.

  2. Friends and family

    If I call your mother/friend/neighbor and say that I'm with the FBI and believe that you are a victim of identity confusion and need their help to clear your name, what are they likely to do? That's right, spill their guts about any personal information they have on you to "help" clear you. This is an easy way to get birthdays, mother's maiden names, even social security numbers.

  3. From you

    By pretending to be your bank or any other institution, I may be able to convince you to "confirm" a large amount of sensitive information such as bank account numbers, access codes, or any other number of things.

Part 3 – Using personal data

With enough data, you can create fake IDs, fake checks, or any other type of credential or document. Using these materials makes it easy to get utilities, credit, or services in your name which makes it far easier to commit crimes without getting caught.

If you don't want to (or can't) create fake documents, don't worry! Most places make it very easy to get credit online or through pre-approved offers. One experimenter was even able to send a ripped and re-taped offer with a change of address and cell-phone number to a company and still get credit.

Part 4 – The future

Though very inconvenient, no one is interested in hunting your average identity thief. The laws and punishments are weak if you get caught making it a waste of time for law enforcement to pursue most cases. Also, because it's such an easy crime that's a growing trend, there are far to many cases to handle.

Don't worry about the market drying up. Business and credit card companies use their ability to lean on insurance and tax write-offs to absorb the costs rather than implement any security which would inconvenience their lambs… I mean customers.

The one thing that could slow or stop most instances of identity theft is a Credit Freeze, which thankfully is available in EVERY state now.

identity theft Tutorial
prev: id-theft-insurance|INDEX|

Too Late!

If you've already become a victim, here is a list of things you should do.

Solving ID Theft

Lock your credit reports with a Credit Freeze to prevent credit-based ID theft (90% of ID theft risk).
Learn to protect your information to prevent not only ID theft, but many other kinds of problems (the rest of ID theft risk).

Save Time and Money

cancel credit-monitoring services.
Cancel id-theft-insurance

Who is Responsible?

Sometimes you just have to wonder why it's so easy to steal identities in the first place.

Share This

Have a Comment or Question?

4 Comments to “How to Steal Identities – Why It’s So Easy”

» Comments RSS Feed
Melvin Gunn says:

I am already a lifelock member. I haven’t decided yet whether or not that’s a good thing or bad thing. Is it safe or a good idea to provide lifelock with a list of my credit cards and numbers or is that a waste of time?

What if you have id and ss card but don’t want bills sent to your address

    I don’t think I understand your question. If you want bills sent somewhere other than your home address, couldn’t you just ask the company to do so?

I always wondered how people get away with having credit cards and shipments from; say, Amazon shipped to their homes once they have committed the act of credit fraud and have opened credit in someone else’s name? Wouldn’t that just lead authorities directly to your home??? How is this circumvented? Last year I went to file my taxes and they kept rejecting federal and state taxes. I kept trying over and over thinking maybe I put information in wrong but I was told a tax return was already filed in mine and my wife’s names. So of course I had to go through the lengthy process trying to restore some type of stability and getting government pin codes for submitting taxes, 37 year credit block and password protecting my credit profiles so no new credit to be opened in my name along with submitting police reports and the whole horrah. Fun stuff.

Cherri Saindon says:

Can someone steal my id by using my prescription bottle or pill card?

    The more information someone has, the more they can do. What is on your bottle and pill card? What they can do depends on what’s there.

I sent an amazon gift card by email to a friend. Can any information from that transaction be stolen or identity theft happen?

    Gift card information is stored somewhere in a database. If someone gets that (or looks at the card and redeems it first), then yes, they can get the fund. I wouldn’t call it ID theft though…

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

passwords Tutorial
|INDEX|next: Password Tips and Tricks

Making Good Passwords

To understand what makes a good password, let's talk about what makes a bad one first.
Making good passwords can be complex, but here are some tips and tricks that will make it easier.

Password Protection

Once you've taken the trouble to make a good password, the next step is to keep it safe!
Now that you've done all this work, you have to learn the most important rule of all: DON'T GIVE THEM AWAY!

... or check out any of my other guides and tutorials by clicking here!

The Identity Theft Victim's Mini-Guide to Recovery

If you've already experienced ID theft, here are some tips of what to do next.

[Click for full description]

Credit Freeze

Setting a credit report freeze is the fastest and most effective way to actually block and reduce your risk of ID Theft. And it's free.

[Click for full description]

Out and About Defense

The best defense against non-credit ID Theft and a variety of other risks is to adopt a mindset of protection: Data Defense. Learn how to protect your information with simple and sometimes free countermeasures all based on a simple philosophy that the less people who have your information, the safer you are.

[Click for full description]

Bad Passwords

To understand what makes good passwords, first check out some of the worst passwords out there and what makes them so bad.

[Click for full description]

Password Tips and Tricks

It's impossible to expect someone to make good passwords by just giving them some rules. There are tricks that make your passwords secure and easy for you all at the same time.

[Click for full description]

Password Protection

It's really a skill to come up with secure passwords that you can remember. Once you've learned how, remember that it doesn't matter how good you are if you don't protect your password properly.

[Click for full description]

Password Mugging

A disturbing new practice among websites and services is where they ask you for your user name and password to other sites. I call this "Password Mugging"

[Click for full description]