(Credit: Zain bin Awais; Yaroslav Olieinikov/via Getty Images)
When you're busy working, paying the bills, and generally taking care of the tangibles of everyday life, it can be hard to take identity theft as a serious worry. But identity theft is a very real threat we all must contend with.
Imagine this: Returning from a trip abroad, you present your passport at customs only to be told, “We have a warrant under your name. Please step aside.” Admittedly, this dramatic scenario is uncommon, but the typical consequences of identity theft can range from annoying to life-shattering. Replacing all the credit cards from your wallet is irksome. Having to prove you’re not the person who used your identity to commit crimes is devastating.
With that in mind, let's look at some of the many ways identity theft can upend your life. Hopefully, these very real possibilities will spring you into preventative action now, starting with identity theft protection software.
1. You Have to Replace Your Credit Cards
You can buy just about anything using a credit card these days, but you take a risk with every purchase. When you tap or insert your card at the grocery checkout, it’s under your control, but not when a restaurant server takes your card to the back to run it. You can't know if they copied down the number or made an online purchase while running your check. When you buy online, a shady merchant could note your card number and the CVV code and sell them on the black market for a quick $30. Yes, that miscreant merchant or wily waiter will probably get caught eventually, but that doesn’t help your immediate situation.
Credit card fraud would be a bigger problem, except banks don’t hold you responsible for false charges. A percentage of your bank fees go to cover those losses. In return, the bank gets your loyalty and confidence. It’s still incredibly annoying when you’re forced to replace a compromised card, especially if it’s one you use to pay for online subscriptions or automatic bill payments.
Remember, too, that those protections don’t apply to debit cards, and they apply only to individual credit cards. Corporate and small business accounts don't enjoy this same safety net. If a thief compromises your business credit card, you or your business could be responsible for the fraudulent charges.
2. A Hacker Owns Your Email Account
If your email account password is weak or easily guessed, or if someone gets hold of your unlocked phone, you might have your account taken over. And an email account takeover is more serious than just having some rando reading your personal messages.
Control of your email account opens the door for a hacker to own your most important accounts, including financial ones. If you lazily use the same password for your email and bank accounts, a thief gets immediate access to all those sites. Hackers know that many people promiscuously use the same password for multiple sites, so when they obtain the password for one account, they try using it on others.
Even if you're diligent and use a password manager and password generator to create a unique, strong password for every site, your accounts aren’t safe from a malefactor who controls your email account. Every secure site must deal with the fact that real people forget their passwords. Typically, the forgetful user can request a password reset link. And where do they typically receive that link? That's right; in the email inbox. A thief who controls your email can use that link to reset the password. Now you, the proper owner, are locked out.
Many password reset systems require answering one or more security questions before providing the reset link. The problem is, typical security answers are things anybody could find out about you, like your mother’s maiden name. For more obscure answers like your first car, your high school mascot, or the street you grew up on, well, that’s what those social media “let’s have fun and learn about each other” quizzes are for.
Remember, you’re not obligated to provide a true or relevant answer to security questions during an account setup. You can totally lie as long as you remember the lie. Is your mother's maiden name Targaryen? Of course, it is!
In addition to using your email account for entrée into your other accounts, a thief could also spew spam from the account, perhaps running a spam-as-a-service business. Chances are good the spam activity will raise red flags and get the account banned. That’s no problem for the thief, who just steals another one. But you’re left with the problem of cleaning up a tainted account.
Enabling multi-factor authentication (MFA) is one way to make it harder for anyone but you to access your email account. Even if they get your password, they don’t have the security token or phone app that lets you, and only you, unlock the account. You absolutely should enable multi-factor on every site that offers it.
3. Hacked Social Media Accounts Will Embarrass You
Just as with your email account, you must use a strong password to protect your Facebook, BlueSky, TikTok, and other social media accounts. If you don’t, or if a hacker uses a hacked email account to get control of your social media, you can be in for big trouble or at least big embarrassment. All your private messages, photos, and posts become an open book. Nude selfies, anyone?
It's not just your privacy that's lost when a thief takes over your social media account. More and more websites let you authenticate with Google, Facebook, X (formerly Twitter), or some other social media account rather than creating a username and password. That may seem convenient, but doing so makes your social media account a highly valuable prize to identity thieves.
4. A Stolen Social Security Number Can Put Your Life on Hold
When it comes to identifying individuals, your Social Security Number (SSN) is used more than any other piece of information. Originally, it even carried some personal information about you, as the first three digits were assigned based on your location, with low numbers in the east and high ones in the west. It wasn’t until 2011 that the Social Security Administration switched to random numbers with no geolocation embedded. And just how is this all-important SSN protected? Well, it isn’t.
You must supply your SSN on all manner of government and business documents, from IRS tax filings to home mortgages. Sometimes, you need only enter the last four digits for verification, but often enough you give your whole SSN to the controlling agency. If any of those businesses or government entities experience a data breach, your SSN can be exposed, sold, and traded on the dark web, with alarming consequences.
Picture this: You've lived in your home for years and are finally ready to move up (or downsize). But when you go to sell the house, you can’t because there's a lien on the property. How did that happen? Most likely, some malefactor used your SSN in a shady deal and then failed to pay up. Unbeknownst to you, the victim attempted to recoup losses by placing a lien on your home.
The worst thing about this kind of abuse of your personal data is that you may not learn about it until years later. It may even take some digging to verify that the theft happened. A friend of a colleague of mine had to work hard to find out why she couldn’t get a mortgage. It turns out that someone else had established a mortgage using her SSN, and that mortgage was foreclosed.
5. Scraped Personal Details Can Empower Scammers
Did you think that person poking around your recycling bin was scrounging for bottles and cans to redeem for small change at the recycling center? It’s possible, but they also may have been looking for bank statements, bills, and other papers with personally identifiable information (PII).
With your date of birth, SSN, address, and related personal data, an identity thief can open new credit accounts in your name. Admittedly, the first bill you get for the new account will blow the scheme’s secrecy, but a cagey thief might have those bills sent to a false address. That way, you won’t know about the identity theft until the collection agency calls.
A collection agency might be the least of your worries. That knock on the door could be the police or the FBI with a warrant for your arrest. An identity thief who commits a crime while posing as you can land you in jail for as long as it takes you to establish that you’re not the perpetrator. At a less dire level, identity theft can prevent you from legitimately claiming unemployment.
Your Identity Is Worth Protecting
Now that you’ve seen what can happen if your identity is stolen, review our tips on how to be more secure online and how to protect your identity. Consider subscribing to an identity theft protection service that will provide an early warning system and help you with any necessary recovery. Enabling multi-factor authentication wherever it is available is one way to make it harder for someone to access your accounts, even if they get your password. And if you think you’ve already been hacked, we have you covered, too.