Think Like an Identity Thief

Identity theft seems like a modern term, but today’s hackers did not invent the idea.  Historians can date what we refer to as identity theft all the way back to 3,500 B.C.E. in ancient Mesopotamia.  Thieves would steal cylinder seals used to show ownership of property and identification, then use them as their own1.  So, it is no surprise that this activity continues to this day, made easier by modern technology.


The internet has become a blessing and a curse because thieves can lie in their pajamas at home, 5,000 miles away, from their victims and go on a shopping spree with someone else’s money.  Identity threats lurk everywhere, and you are vulnerable in more ways than you think.


Let’s take a look at a normal day in the life of John Knowit who considers himself a self-conscious gentleman and is always careful not to release too much information.  Let’s see how many identity risks he takes.


It is a beautiful morning.  The sun is shining, the weather is wonderful, and John wakes up in a great mood.  He gets ready for work and feels confident in his attire – his hair is looking good, so he snaps a selfie and posts it to social media with the caption, “looking good on my way to the office!”


Before getting to work, John stops at his favorite spot to get a cup of coffee, and checks in on their app.  The barista at the register greets him warmly, “Hi, Mr. Knowit, how is that big project at the bank going?” and he chats with her about his upcoming day while paying with his newly-received chip enabled debit card.  “John!” is called from the pick-up station and he grabs his coffee as he heads to the office.


John had a productive meeting, and decides to take his lunch break around noon.  Leaving the building, John heads to his favorite restaurant, Jenny’s Burgers, orders his food, and logs into their public network to check his social media.  Lots of comments and likes on his earlier photo, so he decides to post a picture from his high school reunion last weekend.  “That’s us, 25 years later!” he quips, tagging his friends in the picture.  On a roll, he decides to also post a picture of his dog, “Lucky loves her new sweater”.


John Knowit hasn’t even eaten his lunch yet, and he’s already committed several “identity theft sins”.  How many did you see?


  1. John’s selfie got a lot of responses, but it also provided thieves with a lot of information. Not only do they have a general idea of when he leaves for work in the morning, but he never updated his security settings to turn off location services, and now they can find his address easily.
  2. John checked in at his favorite coffee shop, so there is an easy to follow trail of his morning habits.
  3. The barista at the shop obviously knows Mr. Knowit well, she calls him by name and asks him about work. Those in the coffee shop now know John’s first and last name and business.
  4. Debit cards should be used less frequently than credit cards because debit cards are tied directly to your bank account, and in case of fraud the money will be gone immediately and could take a lot of time before any of it is returned to you.
  5. When chatting with the barista, John probably did not shield his pin from prying eyes while entering it on the transaction keypad. There is a term coined for people looking over your shoulder in checkout lines to see your PIN, “shoulder surfing”.  If they steal your wallet or debit card, they now know your pin and have complete access to your account.
  6. At lunch, John logged into a public Wi-Fi account and accessed his social media accounts. Public networks have little to no security, and his password can now be copied.  If he uses the same password on multiple accounts, information can be gathered to create a portfolio on him with personal data and his passwords.  These portfolios are very valuable on the dark web where thieves exchange information and bid on the identities of their victims.
  7. When he posted the picture from his reunion, John said, “… 25 years later,” making it easy to get a good estimate of his age. A quick scan of his Facebook page will show his friends wishing him a happy birthday on a certain date, giving thieves the exact month, day, and year of his birth.
  8. He also posted the name of his dog, Lucky, which is probably the answer to at least one of his security questions he uses on important websites.


Did you notice all of these “identity theft sins”?  How many are you guilty of on a regular basis?  It may seem scary and as if it is a question of “when will my identity be stolen?” rather than “if my identity will be stolen?”.  But, there are measures everyone can take on a daily basis to protect their identity, even in a world like ours where snippets of our personal data are scattered all over.


Diligence always helps – take small steps to avoid putting more information out there than you intend, but the most effective tool is to purchase an identity theft protection plan.  Legal Resources offers Identity Theft Protection to employers as a benefit, so check with your HR Team or Benefits Administrator to see if your employer offers our plans.


If you are interested in learning more about these new add-on plans for your employees, please contact us today!




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s