How Criminals Make Money

Dollars for Data: How Criminals Make Money with Your Identity

​In previous articles, we’ve explored who commits identity theft, how your data gets stolen, and the definitions of different types of identity theft. Now we’ll look at how your personal data is turned into a tool for crime and profit.

​Imagine that a data breach has occurred. You don’t have to work hard to imagine that these days, so think about a big one like the Equifax breach, or maybe someone hacked your personal information at your doctor’s office, school or workplace. Many breaches aren’t discovered until the affected victims start reporting identity theft and it’s traced back to an originating event. So, the reality is that you may not know about a breach yet, but your information could be in the wrong hands. What happens next? How is that information used by identity thieves?

​Identity theft is a multi-step process. First, your information is harvested from one or more sources. Hackers may infiltrate a company to steal personal data that they can sell on the Dark Web. There, other criminals buy large sets of stolen information and figure out how to make money from them. Often, they will start with a partial set of information—for example, your address and phone number from a source such as the recent Alteryx breach. Then they can search public records for more information on you or use tactics such as phishing to trick you out of passwords and account numbers that will allow them to begin misusing your identity.

​Once they have enough information, these thieves can take over your existing accounts and credit cards, open new accounts in your name, commit tax fraud, or create fake driver’s licenses or medical cards to use or sell. Thieves have even used stolen identities to commit crimes, damaging the lives of innocent people. In one extreme case, a Texas man had his identity stolen by an illegal immigrant who committed a series of crimes over a 20 year period. The victim lost his job and his marriage before his identity was finally recovered and his name was cleared.

​Criminals may wait months or years before beginning to misuse stolen information, especially after a major data breach when they know consumers and law enforcement will be on alert. But once they begin, they can do major damage in a short time. In an experiment run by the FTC in 2017, 100 fake identities were created and launched to different websites used by hackers to distribute stolen information. Within minutes, criminals made 1,200 attempts to access and use the identities.

Bottom line: never assume your identity is safe. Whether you know it or not, your personal information has probably been exposed, and sooner or later, it will be misused. To protect yourself, you have to be ready to spot identity theft early and recover your identity fast.