Identity thieves may take advantage of data breaches or use targeted attacks, such as phishing campaigns, to steal personal and financial details. It's common for fraudsters to swipe information in the physical world, too, by dumpster diving, shoulder surfing, or planting skimming devices. Here's the good news: if you know what identity thieves are up to, you’ll have a leg up — so read on to learn more.

In the digital age, some identity thieves go to extraordinary lengths to steal personal information. From hijacking and piloting your phone from afar to crafting a false identity based on just a sliver of your real information, many tactics used by today’s fraudsters are highly sophisticated. Other methods for stealing personal details, such as mail theft, are less high-tech, but no less concerning.

When it comes to protecting your identity, understanding what you’re up against is a good first step. In today’s article, we take an in-depth look at some of the most common ways identity thieves get your information and what you can do to stop them. Plus, learn how our features — like credit alerts and dark web notifications — can provide an extra layer of protection.

Data breaches

Unfortunately, data breaches and their fallout have become all too common. With incidents happening at such a rapid clip, it’s no wonder so many consumers suffer from “breach fatigue.”

So what’s causing these information leaks, and what can you do to safeguard your data?

You may be surprised to learn that most security incidents are actually accidents caused by human negligence or error. Research from the International Association of Privacy Professionals (IAPP) suggests that more than 92 percent of security incidents are unintentional in nature. Think of the 2017 Equifax breach, for example. The headline-grabbing incident, which left the information of more than 146 million Americans exposed, was eventually traced to the mistake of a single technology department employee who failed to follow security protocols.

Other breaches are the result of targeted attacks by cybercriminals. These attacks aren’t limited to behemoth corporations like Yahoo and Facebook: according to a report by the security firm Ponemon Institute, nearly 70 percent of surveyed small and medium-sized businesses experienced a cyberattack in 2018. 

Once your information is made public, it can sell for top dollar on the dark web. From there, your details could be used to commit fraud or identity theft. Or, your information could be blended with other victims’ information to create a brand-new false identity, a tactic known as synthetic identity theft.

With our product, you can enter your information for dark web monitoring. Log in to your account, click the Dark Web Monitoring tab, and enter the key details you want to protect, such as account numbers and log-in credentials. We’ll alert you if we find your information where it doesn’t belong — and if cybercriminals ever do compromise your identity, we’ll be here to help you fully recover.

Phishing and pharming 

When you’re online, phishing has nothing to do with a rod and reel. Rather, phishing happens when criminals try to hook you with phony emails. Their goal? Capturing your personal data — for their profit. Pharming, or the practice of redirecting users to fake sites without their knowledge, is another widespread type of online scam.

Phishers and pharmers may try to lure you by promising freebies or posing as a friend or business. From there, you could be tricked into entering sensitive details. Or you might be prompted to download malware, unwanted software that could corrupt your device.

Be wary of urgent requests to “act now!” frequent typos or blurry images, and multiple pop-up windows.

With a little vigilance, you’ll be ready for the hook when it comes. But if you’ve accidentally clicked on something sketchy, an identity protection service like ours can offer additional peace of mind.


If an identity thief is hunting for your information, the last thing you want to do is hand it over willingly. Unfortunately, though, that can be an unforeseen consequence of sharing on social media.

Take that first-day-of-school pic you snapped of your kiddos on the front porch. Is your house number clearly visible in the background? If so, the safest bet is not to share.

Similarly, it’s not advisable to post from your vacation — or even from a restaurant — in real time. When you share your location, you’re also sharing the fact that you’re not at home.

What’s more, everything you share on social sites accumulates over time as part of your digital footprint. The more information that’s available about you online, the more vulnerable you may be to identity theft.

Consider adjusting your privacy settings to control who can see your posts, and think twice before accepting friend requests from people you don’t know.

If you’re an Allstate Identity Protection member, you can sign up for social media monitoring. Log in to the portal, click the Social Monitoring tab, and sync your accounts. From there, we’ll ping you if we notice anything suspicious that might point to an account takeover.

Skimming and shimming

Skimming devices can be attached to the credit-card processor at legitimate businesses. When you swipe your card, the skimmer reads the magnetic strip and stores your card number. The fraudster who planted the device can then use your credit card or sell the information to a third party.

If your card has a chip, beware of “shimming,” the practice of inserting a tiny microchip into an ATM or card reader with the aim of stealing and storing your information.

When you scan your card, be vigilant: if you notice anything unusual attached to the credit-card processor, consider shopping elsewhere.

If you don’t spot the skimming device, a privacy monitoring service like ours can help alert you after the fact. Visit the portal to refresh your credit score and opt for additional financial monitoring.

Compromised credit reports

Your credit report is a trove of sensitive information, such as your name, birth date, and social security number.

Identity thieves can request a copy of your report by posing as your landlord or potential employer. One way to prevent this is to contact each credit bureau to request a security freeze on your account. 

SIM card swaps

Smartphones are like the nerve centers of our personal data. We use them to bank, shop, communicate, and more. While our phones can be super convenient, they also make us vulnerable.

Most smartphones use SIM cards, or subscriber identity modules, to identify the user and store important data. Your phone number can be transferred to a new SIM card for legitimate reasons, like when you’ve lost your phone or you’re upgrading to a new device.

But in a SIM swap attack, thieves take advantage of this capability by calling a phone carrier, posing as you, and requesting to move your phone number to a device in their possession. Fraudsters have also been caught bribing phone-company employees to make the swaps on their behalf.

If the SIM swap is successful, the thieves can then use your phone number as a portal to the rest of your digital life. With access to your text messages, for example, a thief can side-step the extra security provided by two-factor authentication, making it easier to penetrate your financial accounts, personal emails, and cryptocurrency wallet. SIM swapping can also lead to a compromised account, which can cause reputational harm.

Identity theft in the physical world

While some identity thieves have adopted sophisticated tactics for mining data digitally, others still steal information the old-fashioned way: offscreen, in the physical world.

Criminals are known to search for sensitive information by digging through the trash, a tactic known as dumpster diving. So, it’s smart to shred any sensitive documents before recycling them.

Mail theft is another tried-and-true tactic that’s still used by identity thieves today. To deter any would-be snoops, consider purchasing a mailbox with a lock, and ask the USPS to hold your mail whenever you’re out of town.

Also beware of shoulder surfing, the practice of maliciously observing and memorizing a victim’s information at the ATM or in the check-out line.

You have a partner in identity protection

In today’s digital era, data is one of our most valuable resources. That’s why we’re deeply committed to safeguarding your details every step of the way.

Looking to up your privacy game? Take a few minutes to log in to your account and explore our powerful technology, including the Allstate Digital Footprint, which helps you see which companies have your personal information — and how you can better protect yourself. While you’re logged in, you can also activate key product features, like credit-monitoring alerts and financial transaction monitoring.

Best-in-class customer care is another core part of our mission. Should fraud or identity theft happen to you, our highly trained and certified specialists will be on hand 24/7 to help restore compromised identities.

The landscape of identity theft may be shifting and changing, but there’s one thing you can count on. With us as your partner, you’ll never have to fight identity theft alone.