How Online Identity Theft Works

July 29, 2019
Typing on keyboard.

Today, everything from your smartphone to your refrigerator has the potential for an internet connection. That connection can be a good thing, allowing us to access virtually any information we can think of in a few seconds with the help of a search engine. But the increased connectivity of today’s wired world comes with a downside: increased susceptibility to online identity theft.

Most of us know that. Terms like “phishing” and “ransomware” are becoming part of our daily lexicon. A few years ago, the average person might not have seen the point in securing their information, but with massive corporate data breaches happening more frequently, people are taking the privacy of their data more seriously than ever.

Identity theft is when someone steals your data and uses it to act as you in order to commit fraud. In order to get that data, hackers engage in a variety of schemes to get inside your system and take it without your knowledge, or trick you into giving it to them yourself.

Knowing how to lock down your data starts with understanding the ways a hacker can attack your system. New methods pop up all the time, but there are a few methods still commonly used by hackers looking to commit online identity theft.

How Online Identity Theft Happens

In 2018, the Federal Trade Commission (FTC) received three million identity theft and fraud reports. Since 2012, billions of dollars have been stolen through identity theft. In 2017 alone, $16.8 billion was stolen, according to Javelin. The most common types of identity theft, as of 2018, were:

  1. Employment/tax fraud
  2. Credit card fraud
  3. Phone/utilities fraud
  4. Bank fraud
  5. Loan/lease fraud
  6. Government documents/benefits fraud

Identity theft has been around since long before the internet, but technology has made the shady practice easier for those with the know-how to hack into people’s systems. Some of the most common methods to facilitate online identity theft include:


One of the most frequently used forms of hacking, phishing occurs when hackers send out fake emails claiming to be from your bank or another trusted institution. These fake emails usually outline some kind of dire problem designed to get the intended victim to panic, then provide a link to click on where they can provide the information to fix it. Ignore these requests, especially if you didn’t ask for them.


This is when hackers take control of your browser without your knowledge, redirecting you to a website designed to harvest your personal information, recording everything you enter and sending it to the hacker. Victims of pharming can type a legitimate web address into their browser, but be directed to a fake page designed to look as close to the real thing as possible.

Malicious Software

Malware. Spyware. Ransomware. These are all forms of malicious software designed to attack your system, and their functions range from recording keystrokes to crashing entire networks. Malware can be packaged in the form of legitimate-looking software updates or links that install the bad software unbeknownst to the user, where it runs in the background.

Unsecured Websites

Today many websites use security measures like secure sockets layer (SLL) and transport layer security (TLS) encryption to make their pages less susceptible to hackers. You can usually see whether a website is using this protocol by an “https” at the beginning of the URL, or a lock beside the web address, or both. If a website does not have this, it’s most likely using deprecated code vulnerable to being hacked. Entering any kind of personal or financial information on unsecured sites can be risky and should be avoided.

Cracking Weak Passwords

Short, unoriginal or easily guessable passwords are a very common cause of identity theft. Many people still use the same password for multiple accounts, and once your password from one site is cracked, they can use that password to get into any other sites associated with it. It’s called credential stuffing, and it’s one of the first things a hacker does once they get your password.

Harvesting Data from Old Devices

Old devices that are sold, stolen or donated without being wiped free of your personal information can yield your data to hackers if they fall into the wrong hands.

Kids Online

Kids using the internet unsupervised are especially vulnerable to hacking schemes and can fall prey to them if left unsupervised. They may not realize they shouldn’t give out their information or yours to a stranger who asks them for it.

How to Prevent Identity Theft Online

As a general rule, the less information you leave lying around for people to potentially pick up online, the better. It’s also not a great idea to trust anything unsecured if you’re going to be dealing with especially sensitive material like banking transactions. A few good tips to follow for being safe online include:

  • Shred sensitive documents: Invest in a small home shredder for disposing of sensitive information after it’s no longer needed.
  • Secure what you can’t shred: A sturdy home safe is a good option for those documents containing personal information that must be kept, like birth certificates or tax returns.
  • Make your passwords stronger: Don’t use the same password for every account. Try longer passwords, passwords with special characters or spaces, random capitalization and special characters. Also, use two-factor authentication whenever possible. Using a password manager program can help keep track of multiple passwords, or you can store them in an analog notebook.
  • Limit what’s out there: Restrict the amount of personal info you share online, and don’t trust anyone asking for it right away, especially if you didn’t contact them first.
  • Lock or encrypt your phone: Pretty much all smartphones today come with the option to lock the screen with a code, wipe pattern, facial recognition or fingerprint. Take advantage of this. You can also encrypt the data on your phone, which will decrypt it every time you unlock. This makes it harder to use any data stolen from your device even if hackers manage to get past the lock.

You can also check out more extensive online resources for protecting your information, like the U.S. Department of Homeland Security’s cyber safety toolkits they’ve put together as part of their “Stop. Think. Connect” campaign.

Keeping people’s data secure against hacking attacks is a real need in today’s world. The cybersecurity field is growing, and companies are hiring at a fast rate. According to the Bureau of Labor Statistics, employment of computer and information technology occupations is projected to grow 13% by 2026. That accounts for more than 557,000 new jobs. A convenient, flexible way to enter the field is by earning a Bachelor of Science in Cyber Security degree online. In this program, you’ll learn key topics in computer systems, cyberlaw, policy creation and compliance that combine industry best practices with real-world application.

At Bethel University, you can be a part of the solution to identity theft and other cyberattacks. Graduates of our program enter the workforce with the skill set to help the biggest players on the world stage, like educational institutions, financial institutions, corporations, and government agencies. Our accredited program is taught by instructors who have experience in the field. And because our program is fully online, you can earn your degree at your pace, around your schedule.


Take the Next Step

Request Information

Request information and get immediate access to our knowledgeable enrollment counselors.
Get Started