How Do Identity Thieves Steal Your Personal Information?

© 2014, Brandon Cornett | This page contains copyrighted material. Please see our sharing guide.

Did you know identity theft can ruin your chances of getting a mortgage loan, a car loan, or even a credit card? It's true. It can result in damaged credit, which makes it harder to obtain financing from creditors. That is why we offer so many ID theft-protection tips here at

In this tutorial, we will talk about the different ways criminals can steal personal information, such as Social Security numbers and credit card data.

How Do Identity Thieves Steal Your Information?

If you want to protect yourself from personal data theft, you have to understand the tricks and techniques used by the "enemy." So, how do identity thieves steal your information? They do it in a number of ways, actually. Here are five of the most common techniques used by thieves:

1. Fake Phone Calls

ID thieves sometimes make phone calls to consumers, masquerading as a bank, creditor, or government official to obtain sensitive information. For instance, they might call you and claim to be from the IRS, saying that you owe back taxes and need to pay by wire transfer. Or they might ask you to "verify some personal information," which will likely include your SSN.

It might sound like a transparent scam. Who would be so foolish to give sensitive information to a random caller, right? In reality, this is one of the most commonly used, and most successful, methods identity thieves use to steal information from consumers.

2. Phishing (Fake Emails and Websites)

If you have an email account, you have probably received a "phishing" email in the past -- and you might not have realized it at the time. Phishing is when an ID thief sends you an official-looking email message in an attempt to steal personal information, such as a credit card or bank account number.

Phishing has become one of the most widely used techniques among identity thieves, and for two reasons: (1) it doesn't cost much, and (2) it gives them a way to reach a large audience with a single stroke. So the cost-versus-gain ratio is definitely in their favor.

Here is an example of a classic phishing email. While the details may change, the overall formula is usually the same.

The most common phishing strategy goes like this: The email ostensibly comes from a bank or other financial institution. It mentions some kind of unauthorized or unknown activity with your bank account, in an attempt to worry you. It provides a link that will supposedly take you to the bank's website, where you can verify or confirm your personal information before proceeding. And just like that, the identity thieves have stolen your information.

Some phishing emails come from banks you actually do business with, which makes them even more effective. Other times, they come from banks you've never used or even heard of before. Either way, the end goal is the same. The thief is trying to trick you with (A) an official-looking email and (B) the threat of fraudulent bank activity.

One of the ways you can spot this kind of identity theft attempt is by hovering your computer mouse's cursor over the hyperlink provided within the body of the email. The hyperlink might say "," but when you hover over it you'll see that it actually points to some unknown website. This is known as link manipulation.

Here is another version of link manipulation that is even sneakier:

In the following example website address,, it seems as though the link will take you to the example section of the yourbank website. Actually, the link points to the "yourbank" (i.e. phishing) section of the website. The "yourbank" part is merely a subdomain or extension of the third-party "" website.

3. Fake Text Messages

As new technologies come onto the scene, identity thieves are right there waiting to exploit them. Text messaging is a good example. According to the Better Business Bureau, fake text messages (also known as "smishing" or SMS phishing) were one of the top-ten scams of 2013.

Here is how it usually works: The identity thieves send you a text alert that appears to be from your bank or credit union. It asks you to confirm information or "reactivate your debit card" by clicking a link on your smart phone. Sound familiar? It should. It's basically the next-generation version of email fraud, which we discussed earlier.

4. Mailbox Theft

We've seen how identity thieves can steal your personal information online and over the phone. But there are also plenty of "low-tech" ways they can get their hands on your sensitive data. Unlocked mailboxes are a prime example.

ID thieves can steal mail from an unguarded mailbox and thereby gain access to all kinds of financial info. (Think of all the revealing information your bank sends you on a regular basis.)

There are two ways to protect against mailbox theft: (1) lock the box, and/or (2) reduce the amount of financial mail you receive. These days, many banks, credit unions and other financial institutions allow customers to "opt out" of receiving paper statements and correspondence. After all, you can view your statements online, through the bank's secure website. You could also replace your unsecured "flap style" mailbox with one that locks.

5. Dumpster Diving

Perhaps you've heard of "street people" diving in dumpsters to look for food. Well, identity thieves often do the same thing, but with a very different purposes. They do it to steal personal information from consumers and companies alike.

Sometimes they search dumpsters and trash bins outside of businesses that process financial information, hoping to capitalize on a lazy employee who failed to properly destroy documents. Sometimes they do it outside of residences like yours, looking for anything with an SSN or credit card number on it.

It is a crude but effective way for identity thieves to steal personal information. It's also a good reason to invest in a document shredder, especially if you receive a lot of financial mail.

Common Sense and Skepticism Go a Long Way

Common sense and skepticism are the best protection against identity theft. In a perfect world, we would not have to be on our guard all the time. People wouldn't be "out to get us" (or, rather, out to get our sensitive financial information).

But we do not live in a perfect world. We live in a world with a criminal element, and that will never change.

You've learned how identity thieves steal your information. A few of their techniques, anyway. There is a common thread that connects many of these techniques, particularly the fraudulent emails, phone calls, text messages, and websites. In short, they are preying on unsuspecting consumers. They are targeting people who naturally assume everyone and everything is legit. Want to guard yourself from ID thieves? Be more suspicious. Anytime somebody asks you for sensitive information, it should raise a silent alarm in your consciousness. 

Here's an example. Let's consider the fake phone call strategy, wherein the identity thief claims to be from your bank and wants you to "verify" account information. Here's what you should be thinking:

"Why would my bank call me at home and ask me to verify my account information. Don't they already have that information? And how do I know it's really my bank? After all, I didn't call the official customer support number on the back of my card -- they called me. It could be anyone on the other end of the line? Anyone with a phone!"

This is a healthy level of skepticism, and an entirely appropriate response. This kind of mindset will help you shield yourself from scams and fraud.

Where to Learn More

This article explains how identity thieves steal information from consumers. While these are some of the most common techniques, they are certainly the only techniques. Entire books have been written on this subject. (Check out 50 Ways to Protect Your Identity in a Digital Age, by Steve Weisman, for a more comprehensive lesson in ID theft protection.)

I also recommend visiting the FTC's website to learn more about how ID thieves steal personal information, and how you can prevent it from happening to you. They offer a wide variety of tutorials and resources, including quite a few videos. Here is the relevant section of their website: