How Does Identity Theft Happen?

Recently, a story appeared in the news about a thief who had withdrawn $7,500 from the account of one Erick Lee at a grocery store branch of Wells Fargo in Lubbock, California. The thief might have gotten away clean had he not returned the next day with a falsified Social Security card to empty the remaining $25,000 in the account. It was his return that tipped off bank employees.

When police officers arrived at the bank, they found that the thief's age was inconsistent with the birthdate on his driver's license and arrested him. Fortunately, he was convicted and sentenced to spend two years in federal prison in addition to paying Wells Fargo $27,800 in restitution.

This is the kind of story that makes us clutch our wallets or purses and pray that it never happens to us, but this story at least had a happy ending. The identity thief was apprehended and amends will be made. Unfortunately, hundreds of identity theft cases don't end on such a happy note.

According to Cyber-Dome.com, 11 million Americans fell victim to identity thieves in 2009 alone and each lost an average of $5,000 in repayment, legal help, and paperwork.

All of this is enough to make any sane person wonder: how could this happen? Inevitably comes the second, even more chilling, question: could this happen to me?

Not to mince words, yes, identity theft can happen to you. It can happen to anyone. But understanding how it occurs is the first step to improving your odds of fighting off an identity attack. They all have one thing in common: they all involve thieves trying to grab your personal information to pretend to be you for their monetary benefit.

Here are the eight most common ways identity thieves catch you while your guard is down and seize your personal information..

1. Stealing wallets and purses that contain ID cards, credit cards, or bank information.
2. Stealing your mail including credit and bank statements, phone or utility bills, new checks, and tax information.
3. Completing a "change of address form" to redirect the destination of your mail.
4. Rummaging through your trash for discarded personal data in a practice known as "dumpster diving."
5. Taking personal information that you share or post on the Internet.
6. Breaking into your records through hacking, paying others to give access, etc.
7. Impersonating a credit authority.
8. Taking personal information through other means.

This is quite a list, so we'll start at the top and explain each one.

1. Stealing wallets and purses containing ID cards, credit cards, or bank information.

Wallets and purses are hugely convenient. They make one tidy place where you carry your personal ID, credit cards, and other important items. But they also make a nice tidy package for thieves, containing your:

• Driver's license
• Debit and credit cards
• Insurance cards
• Social Security card

Unlike with filing cabinets or computer files, we tend to leave wallets in our pockets, sitting on tables and countertops, forgotten in your passenger seat. We take them everywhere, and all it takes is one forgetful moment for your purse to fall into the wrong hands. With one quick grab at a mall or restaurant, identity thieves can snatch all of your most important important information and do untold damage to your name and your finances.

Just how much identity theft is due to stolen wallets and purses? According to a 2009 survey by Javelin Research, a whopping 43 percent of identity theft starts with a stolen wallet. That's nearly half!

Keep in mind, these numbers include instances where wallets and purses are snatched off someone's person and also instances where wallets and purses are left in public and then picked up.

2. Breaking into your mailbox for credit and bank statements, phone or utility bills, new checks, and tax information.

Yes, your mail says a lot about you. Most likely, it's more than you want to share with identity thieves. Although the mail has been a mainstay of communication for decades, it now poses a huge risk. Identity thieves can literally walk right up to your mailbox and take what they want.

Surprisingly, many organization continue to send the most sensitive of documents through the mail, including:

• Banks
• Credit card companies
• The Department of Motor Vehicles
• The Social Security Administration
• The Internal Revenue Service

Taking a glance at the types of documents you receive through mail from these organizations, it's not hard to imagine the havoc they could wreak on your life. Driver's licenses, debit cards, Social Security cards, birth certificates, personal checks-they're all up for grabs in your mailbox.

3. Using a "change of address form" to redirect the destination of your mail.

But why break into people's mailboxes to get other's personal information when you can just have it sent to your own mailbox? Unfortunately, the change of address form, which was made to help movers reroute their mail to their new location, can also be used by identity thieves to grab your personal information before it even gets to your house.

In this case, however, victims aren't even aware that their mail has been tampered with until a few months later when it dawns on them that they haven't been receiving any communications from the bank or their mortgage company. And that's a long time for identity thieves to have access to your finances.

4. "Dumpster diving" for your discarded personal data.

You know how they say one man's trash is another man's treasure. Well, that is literally true for identity thieves. Not content with raiding people's mailboxes or pilfering wallets, identity thieves aren't above digging through trash cans and dumpsters in search of your personal information.

All that stuff that comes in the mail, as well as any other documents you keep around the house, often ends up in your garbage. After all, you can't hold onto it forever. But this means that your bank statements, credit card statements, and other sensitive documents are sitting in your trash receptacle choice, waiting to be harvested by identity thieves.

5. Tricking you into handing out your personal information on the Internet.

The Internet is largely anonymous. This is great for leaving comments or making online purchases. Sometimes you just want to be left alone as you browse. But identity thieves also take advantage of the anonymity of the Internet, pretending to be credible or friendly long enough to get you to hand over your personal information.

Online identity theft has been around almost as long as the Internet itself. Some of the greatest hits include the "Nigerian Prince" email. In this scam, email users received messages from a fictional prince in Nigeria (or some other African nation) asking for the user's help in wiring millions of dollars to their bank account in exchange for a sizeable commission. When the user handed over their bank account information, the identity thieves who'd sent the fake email could suck all the money out of the user's bank account.

Another greatest hit was the "work from home" scam, which promised to get users set up to make a six-figure income from home... for a small fee. Users entered their credit card information to pay for the setup package, only to find themselves waiting and waiting for something that didn't exist. The "work from home" promoters were actually identity thieves, who had set up the whole scam just to grab users' credit card information.

Now there are a host of online identity theft threats out there, the most prevalent of which is phishing. Yet another weird word, phishing is defined by Computerworld like this:

"Phishing (sometimes called carding or brand spoofing) uses e-mail messages that purport to come from legitimate businesses that one might have dealings with."

Their description of which companies these emails can come from is honestly scary. They include eBay, PayPal, Citigroup, Yahoo!, Best Buy, even insurance agencies. In short, they can come almost any company you've had contact with and they can look completely legitimate.

So if phishing emails look like the real thing, how will you know them when you see them? They usually go something like this:

1. You receive an email message with the logo and branding of a company you know telling you that your account has been compromised and is being restricted.
2. To unrestrict your account, you are directed to click on a link. The link takes you to a page that looks just like the company's real homepage.
3. In order to unrestrict your account, the pages says, you might have to type in your credit card information, PIN number, or other personal information.
4. Thinking your account is truly in danger, you enter the requested information. And just like that, identity thieves have your personal information.

Of course, phishing, email scams, and job scams are just a smattering of the dangers that await on the Internet. When dealing with the anonymity of the Web, you have to treat everyone like a potential threat to your identity.

6. Impersonating a credit authority.

Pretending to be a credible company isn't a tool of online identity thieves only. Identity thieves will use this same tactic over the phone or even in person, pretending to be from your credit card company or another institution. As with phishing, they might request your account number or other pieces of sensitive information to protect your account or offer you fake opportunities in exchange.

Ironically, these impersonators often use consumers' fear of identity theft to trick consumers into giving away their personal information.

7. Breaking into your records through hacking, paying others to give access, etc.

Instead of tricking you into handing out your personal information, some identity will just break in and take it by force. It's unnerving to think of, but even inside a government building, your personal information can be at risk. Computer-savvy identity thieves will often break into government or company databases and siphon out individuals' data.
Examples of such attacks would be the data breaches that have occurred within the Federal Government over the last couple years, during which identity thieves penetrated the government's system defenses and filched the personal information for over a 100,000 employees, contractors, and family members. This included almost 2,000 bank accounts, according to Reuters.

Sadly, these types of attacks have been carried out on non-government sites as well, like Microsoft, eBay, and Google.

We should also mention here that not all of these attacks are executed from without. Often, identity thieves will simply pay off employees to access and grab the information for them.

8. Taking personal information through other means.

Because there are so many ways that identity thieves can get your personal information, this last category is really just a catch-all. One of the sneakiest ways we found that identity thieves can grab your banking information is by attaching a small electronic device to ATMs, which then records PIN numbers, account numbers, and everything else thieves need to access the account later. This practice is known as skimming.

And then there are the more subtle ways that identity theft can be carried out not by rings of scheming criminal masterminds, but by everyday individuals with ill intent. One striking example of this kind of identity theft was a recent news story where a disgruntled Alabama waitress simply added on extra tips and charges on her customers' receipts after they'd left the restaurant. The customers found out later when their credit card statement came in the mail. In her own way, the waitress was using customers' credit cards fraudulently for her own gain.

The bottom line of all this is clear: identity thieves have an arsenal of tools at their disposal to get at your personal information. And it's not a matter of if they attack you, but when. When those attacks occur, whether your personal information is protected or not depends on your preparation.