How do identity thieves get your information?

By Allstate Identity Protection

In the digital age, some identity thieves go way beyond dumpster diving to steal your personal information. From hijacking and piloting your phone from afar to crafting a false identity based on just a sliver of your real information, many tactics used by today’s fraudsters are highly sophisticated. 

When it comes to protecting yourself, understanding what you’re up against is a good first step. In today’s article, we take an in-depth look at some of the most common ways identity thieves get your information and what you can do to stop them. Plus, learn how our features — like credit alerts and dark web notifications — can provide an extra layer of protection.

SIM card swaps

Smartphones are like the nerve centers of our personal data. We use them to bank, shop, communicate, and more. While our phones can be super convenient, they also make us vulnerable. Just ask Twitter CEO Jack Dorsey, who made headlines when his own Twitter account was hijacked in a SIM swap scam.

Most smartphones use SIM cards, or subscriber identity modules, to identify the user and store important data. Your phone number can be transferred to a new SIM card for legitimate reasons, like when you’ve lost your phone or you’re upgrading to a new device. But in a SIM swap attack, thieves take advantage of this capability by calling a phone carrier, posing as you, and requesting to move your phone number to a device in their possession. Fraudsters have also been caught bribing phone-company employees to make the swaps on their behalf.

If the SIM swap is successful, the thieves can then use your phone number as a portal to the rest of your digital life. With access to your text messages, for example, a thief can side-step the extra security provided by two-factor authentication, making it easier to penetrate your financial accounts, personal emails, and cryptocurrency wallet. SIM swapping can also lead to a compromised account, which can cause reputational harm.

That’s what happened in Dorsey’s case.

The attackers — a group of hackers known as the Chuckling Squad — used an SMS service called CloudHopper to make posts to the Silicon Valley exec’s Twitter feed, sending out a string of offensive comments and racial slurs to his 4.2 million followers. Dorsey’s account was quickly recovered, but his experience helped shine a light on the dangers of SIM swapping.

Luckily, you can take steps to protect yourself. In our app, you can activate social reputation monitoring and we’ll alert you if we see evidence of fraud — such as violent, sexual, or profane content — within your social media posts.

Data breaches

In September 2019, food-delivery company DoorDash confirmed a large-scale security breach. The incident, which DoorDash attributed to a third-party service, left more than 4.9 million users, delivery drivers, and merchants with their information exposed. The leaked data was broad in scope and included names, addresses, encrypted passwords, drivers license numbers, and partial credit card and bank account numbers.

Some customers claim that the incident led to immediate theft in the form of fraudulent food deliveries — though the toll on victims’ privacy could be much greater. If you believe you may have been affected, you should immediately take steps to protect yourself.

A privacy incident of this magnitude should be shocking. Unfortunately, though, tales like these have become all too familiar. Data breaches and their fallout have affected millions of Americans. With incidents happening at such a rapid clip, it’s no wonder so many consumers suffer from “breach fatigue.”

So what’s causing these information leaks, and what can you do to safeguard your data?

You may be surprised to learn that most security incidents are actually accidents caused by human negligence or error. Research from the International Association of Privacy Professionals (IAPP) suggests that more than 92 percent of security incidents are unintentional in nature. Think of the 2017 Equifax breach, for example. The headline-grabbing incident, which left the information of more than 146 million Americans exposed, was eventually traced to the mistake of a single technology department employee who failed to follow security protocols.

Other breaches are the result of targeted attacks by cybercriminals. These attacks aren’t limited to behemoth corporations like Yahoo and Facebook: according to a report by the security firm Ponemon Institute, nearly 70 percent of surveyed small and medium-sized businesses experienced a cyberattack in 2018. 

Once your information is made public, it can sell for top dollar on the dark web to bad guys who may use your details to open a new line of credit in your name. Or perhaps your information will be blended with other victims’ information to create a brand-new false identity, a tactic known as synthetic identity theft.

With our product, you can get notified of potential exposure on the dark web. Visit our portal and enter the key details you want to protect, such as account numbers and log-in credentials. We’ll alert you if we find your information where it doesn’t belong –– and if cybercriminals compromise your identity, we’ll be here to help you fully recover.


If an identity thief is hunting for your information, the last thing you want to do is hand it over willingly. Unfortunately, though, that can be an unforeseen consequence of sharing on social media.

Take that first-day-of-school pic you snapped of your kiddos on the front porch. Is your house number clearly visible in the background? If so, the safest bet is not to share.

Similarly, it’s not advisable to post from your vacation — or even from a restaurant — in real time. When you share your location, you’re also sharing the fact that you’re not at home.

What’s more, everything you share on social accumulates over time as part of your digital footprint. The more information that’s available about you online, the more vulnerable you’ll be to identity thieves.

Consider adjusting your privacy settings to control who can see your posts, and think twice before accepting friend requests from people you don’t know.

You may also want to sync your social accounts within our portal. We’ll ping you if we notice anything suspicious that might point to an account takeover.

Skimming and shimming

Skimming devices can be attached to the credit-card processor at legitimate businesses. When you swipe your card, the skimmer reads the magnetic strip and stores your card number. The fraudster who planted the device can then use your credit card or sell the information to a third party.

If your card has a chip, beware of “shimming,” the practice of inserting a tiny microchip into an ATM or card reader with the aim of stealing and storing your information.

When you scan your card, be vigilant: if you notice anything unusual attached to the credit-card processor, consider shopping elsewhere.

If you don’t spot the skimming device, a privacy monitoring service like ours can help alert you after the fact. Visit the portal to refresh your credit score and opt for additional financial monitoring.

Compromised credit reports

Your credit report is a trove of sensitive information, such as your name, birth date, and social security number.

Identity thieves can request a copy of your report by posing as your landlord or potential employer. One way to prevent this is to contact each credit bureau to request a security freeze on your account. 

Phishing and pharming

When you’re online, phishing has nothing to do with a rod and reel. Rather, phishing happens when criminals try to hook you with phony emails. Their goal? Capturing your personal data—for their profit. Pharming, or the practice of redirecting users to fake sites without their knowledge, is another widespread type of online scam.

Phishers and pharmers may try to lure you by promising freebies or posing as a friend or business. From there, you could be tricked into entering sensitive details. Or you might be prompted to download malware, unwanted software that could corrupt your device.

Be wary of urgent requests to “act now!,” frequent typos or blurry images, and multiple pop-up windows.

With a little vigilance, you’ll be ready for the hook when it comes. But if you’ve accidentally clicked on something sketchy, an identity protection service like ours can offer additional piece of mind.

Identity theft in the physical world

While some identity thieves have adopted sophisticated tactics for mining data digitally, others still steal information the old-fashioned way: offscreen, in the physical world.

Criminals are known to search for sensitive information by digging through the trash, a tactic known as “dumpster diving.” So, it’s smart to shred any sensitive documents before recycling them.

Mail theft is another tried-and-true tactic that’s still used by identity thieves today. To deter any would-be snoops, consider purchasing a mailbox with a lock, and ask the USPS to hold your mail whenever you’re out of town.

Also beware of “shoulder surfing,” the practice of maliciously observing and memorizing a victim’s information at the ATM or in the check-out line.

You have a partner in identity protection

In today’s digital era, data is our most valuable resource. That’s why we’re deeply committed to safeguarding your details every step of the way.

Looking to scale back your digital footprint or up your privacy game? Take a few minutes to visit the portal and explore our powerful technology, including digital exposure reports that reveal where your personal information is publicly available on the Internet. While you’re logged in, you can also opt in for key product features, like credit-monitoring alerts and financial transaction monitoring.

Best-in-class customer care is another core part of our mission. Should fraud or identity theft happen to you, our highly trained and certified specialists will be on hand 24/7 to help restore compromised identities.

The landscape of identity theft may be shifting and changing, but there’s one thing you can count on. With us as your partner, you’ll never have to fight identity theft alone.

Let's connect

If you're considering one of our services, want more information, or need assistance, please reach out. We’re here to help.