In the digital age, some identity thieves go way beyond dumpster diving to steal your customer's personal information. From hijacking and piloting phones from afar to crafting a false identity based on just a sliver of real information, many tactics used by today’s fraudsters are highly sophisticated. 

When it comes to protecting your customers, understanding what you’re up against is a good first step. In today’s article, we take an in-depth look at some of the most common ways identity thieves obtain information — and what you can do to stop them. 

SIM card swaps 

Smartphones are like the nerve centers of our personal data. We use them to bank, shop, communicate, and more. While our phones can be super convenient, they also make us vulnerable. Just ask Twitter CEO Jack Dorsey, who made headlines in August when his own Twitter account was hijacked in a SIM swap scam. 

Most smartphones use SIM cards, or subscriber identity modules, to identify the user and store important data. Your phone number can be transferred to a new SIM card for legitimate reasons, like when you’ve lost your phone or you’re upgrading to a new device. But in a SIM swap attack, thieves take advantage of this capability by calling a phone carrier, posing as you, and requesting to move your phone number to a device in their possession. Fraudsters have also been caught bribing phone-company employees to make the swaps on their behalf

If the SIM swap is successful, the thieves can then use the compromised phone number as a portal to the rest of the victim's digital life. With access to text messages, for example, a thief can side-step the extra security provided by two-factor authentication, making it easier to penetrate financial accounts, personal emails, and cryptocurrency wallets. SIM swapping can also lead to a compromised account, which can cause reputational harm. 

That’s what happened in Dorsey’s case. 

The attackers — a group of hackers known as the Chuckling Squad — used an SMS service called CloudHopper to make posts to the Silicon Valley exec’s Twitter feed, sending out a string of offensive comments and racial slurs to his 4.2 million followers. Dorsey’s account was quickly recovered, but his experience helped shine a light on the dangers of SIM swapping. 

Luckily, your customers can take steps to protect themselves from SIM fraud and social media hijacking. If they're Allstate Identity Protection members, activate Social Media Monitoring for an additional layer of protection. If someone posts violent, sexual, or profane content using your account, we’ll send you an alert. 

Data breaches 

Data breaches is another leading way identity thieves can steal your customers' personal information, and some industries are being hit harder than others especially the healthcare industry. In the first two months of 2020, more than one million patients were involved in a healthcare-related data breach. 

Privacy incidents of this magnitude should be shocking. Unfortunately, though, tales like this have become all too familiar. Data breaches and their fallout have affected many millions of Americans. With incidents happening at such a rapid clip, it’s no wonder so many consumers suffer from “breach fatigue.” 

So what’s causing these information leaks, and what can you do to safeguard your data?

You may be surprised to learn that most security incidents are actually accidents caused by human negligence or error. Research from the International Association of Privacy Professionals (IAPP) suggests that more than 92 percent of security incidents are unintentional in nature. Think of the 2017 Equifax breach, for example. The headline-grabbing incident, which left the information of more than 146 million Americans exposed, was eventually traced to the mistake of a single technology department employee who failed to follow security protocols

Other breaches are the result of targeted attacks by cybercriminals. These attacks aren’t limited to behemoth corporations like Yahoo and Facebook: according to a report by the security firm Ponemon Institute, nearly 70 percent of surveyed small and medium-sized businesses experienced a cyberattack in 2018.  

Once your customers' information is made public, it can sell for top dollar on the dark web to bad guys who may use the details to open a new line of credit in the victim's name. Or perhaps their data will be blended with other victims’ information to create a brand-new false identity, a tactic known as synthetic identity theft

But with tools like Dark Web Monitoring, Allstate Identity Protection members can rest easy. We’ll alert users if we find their information where it doesn’t belong –– and if cybercriminals compromise their identities, we’ll be here to help them fully recover.    


There are some unforeseen consequences of sharing on social media, and identity theft is one of them. Take that first-day-of-school pic you snapped of your kiddos on the front porch. Is your house number clearly visible in the background? If so, the safest bet is not to share. 

Similarly, it’s not advisable to post from your vacation — or even from a restaurant — in real time. When you share your location, you’re also sharing the fact that you’re not at home. 

What’s more, everything you share on social accumulates over time as part of your digital footprint. The more information that’s available about you online, the more vulnerable you’ll be to identity thieves. 

Consider adjusting your privacy settings to control who can see your posts, and think twice before accepting friend requests from people you don’t know.

Most Allstate Identity Protection members can sync their social accounts with our app. We’ll ping thing if we notice anything suspicious that might point to an account takeover.

Skimming and shimming 

Skimming devices can be attached to the credit-card processor at legitimate businesses. When customers swipe their card, the skimmer reads the magnetic strip and stores their card number. The fraudster who planted the device can then use your customer's credit card or sell the information to a third party. 

There is also “shimming,” the practice of inserting a tiny microchip into an ATM or card reader with the aim of stealing and storing your information. 

Phishing and pharming 

When you’re online, phishing has nothing to do with a rod and reel. Rather, phishing happens when criminals try to hook you with phony emails. Their goal? Capturing your personal data—for their profit. Pharming, or the practice of redirecting users to fake sites without their knowledge, is another widespread type of online scam. 

Phishers and pharmers may try to lure your customers by promising freebies or even by posing as your business. From there, your customers could be tricked into entering sensitive details. Or they might be prompted to download malware, unwanted software that could corrupt their device. 

With a little vigilance, your members will be ready for the hook when it comes. But if they’ve accidentally clicked on something sketchy, a service like Allstate Identity Protection can offer additional peace of mind. 

Identity theft in the physical world

While some identity thieves have adopted sophisticated tactics for mining data digitally, others steal information the old-fashioned way: offscreen, in the physical world. 

  •  Criminals are known to search for sensitive information by digging through the trash, a tactic known as “dumpster diving.” So, it’s smart to shred any sensitive documents before recycling them. 

  •  Mail theft is another tried-and-true tactic that’s still used by identity thieves today. To deter any would-be snoops, consider purchasing a mailbox with a lock, and ask the USPS to hold your mail whenever you’re out of town

  •  Also beware of “shoulder surfing,” the practice of maliciously observing and memorizing a victim’s information at the ATM or in the check-out line. 

A partner you can count on 

In today’s digital era, data is our most valuable resource. Here at Allstate Identity Protection, we are deeply committed to safeguarding your customers' details every step of the way. 

Best-in-class customer care is another core part of our mission. Should fraud or identity theft happen to your covered members, our highly trained and certified remediation experts will be on hand 24/7 to help restore compromised identities. 

The landscape of identity theft may be shifting and changing, but there’s one thing you can count on. With Allstate Identity Protection as your partner, you’ll never have to fight identity theft alone — and neither will your customers.