31

Top 16 Pieces of Your Information Identity Thieves Crave

in Money Basics

ID Theft

Unfortunately, identity theft has recently become the fastest growing crime in our increasingly digital world.  Potential thieves are becoming extremely adept at leveraging stolen data to empty existing accounts, max credit limits, apply for jobs, and even obtain mortgages.  Despite the specifics of the fraud, becoming a victim of identity theft can end up costing you a ton of time, stress, and money.

This is a countdown of the most valuable information identity thieves would just love to get their grubby little hands on.  While it’s not a comprehensive guide on how to prevent identity theft, the first step in prevention is knowing what is being targeted.

Enjoy!

#16 – Your Hobbies, Club Memberships, or Employer

This might seem like an unusual place to start this countdown, however many aspiring thieves begin their hunt here.  This information is insanely easy to obtain, as we rarely protect these details.  Once they’ve obtained this information, thieves will either leverage it to pretext (impersonate you) or in various phishing scams (impersonating the club, organization, or even employer).  The basic idea is people are much more likely to respond to e-mail and telephone scams when they appear to be from groups they belong to.

#15 – Where You Hold Financial Accounts

Again, the value here lies in the ability for thieves to leverage this information when pretexting or phishing.  Thieves will study how major banking and financial institutions contact their customers, in order to make their scams appear more genuine.  In general, be wary of ANY e-mail that asks you to provide additional information, even if it looks authentic.  Always play it on the safe side by visiting a branch or calling.  Some of the most popular phishing scams target Username/Passwords for online financial accounts by asking clients to “log-in” using an application within the e-mail.

#14 – Your Telephone Number

In general, most of us are weary about giving out our phone number based on fear from getting telemarketing or fundraising calls of some sort.  While it happens far less frequently, identity thieves aren’t afraid to tap into this medium, as well.  Many use automated callers (hoping to get punch in or record information), but some are brave enough to impersonate institutions and call themselves.  With only a few pieces of other information, you’d be shocked at how elaborate and effective these types of phishing scams can be.

#13 – Your E-mail Address

Like your telephone number, your e-mail address is most valuable as a medium for phishing scams.  E-mails are easier to automate, can be made to look ultra-authentic, and have a higher rate of success than phone or snail-mail.  E-mails addresses also carry a little extra weight, as various online accounts allow you to use them as a username (PayPal, anyone?).

#12 – Your Physical Address (including previous ones)

While used more rarely these days as a medium for phishing, the threat of receiving “bait” in the mail is still very real.  These attempts can range from phony bills, sweepstakes scams, or change-in-service notifications with bogus customer service telephone numbers. In addition to phishing, thieves can use your address to initiate a “change-of-address,” effectively rerouting all your mail (and the additional information within) for at least a couple days.  Lastly, identity thieves can literally visit your home to steal mail, trash, or even information out of your glove box.

#11 – The Expiration Date or Confirmation Code of Your Plastic

While obviously not as valuable as the actual account numbers themselves, these two items are the most common form of security when using your plastic.  These can either be picked up by more advance skimmers (a special device attached to common places where you swipe your card) or as the target of a phishing scam.  It should go without saying that if someone can piece together your account numbers with one or both of these items, you’re in for some major damage control.

#10 – Where You Were Born

This information is much more valuable than it may first appear.  It’s yet another piece of information that can be used when impersonating you and/or verifying “your” identity with various institutions.  In addition, thieves can use this to find public records, request birth certificates, and locate relatives.  Knowing just someones full name along with the city, county, state, or even nation of birth can open up a portal to the more valuable information later.

#9 – Your Mother’s Maiden Name

Ah, the default piece of information used to verify so many accounts.  Luckily, this has been so popular for so long that many organizations are shying away from even offering it as a verification option.  Despite this trend, a vast majority of them still DO accept it.  My suggestion?  With so many other options available for verification, why use this one?  If you have a choice, utilize a more random and difficult-to-guess verification question/method.

#8 – Your Banking PINs

Your Personal Identification Numbers or PINs act as mini-passwords (most 4-6 numbers in length) to your financial accounts.  Unfortunately, many people use anniversaries, birthdays, or other easily guess personal information.  Even worse, they store their PINs in their wallet!  It’s an all-you-can-eat buffet in the event it gets lost or stolen.  With your PIN thieves can withdraw cash directly, swipe debit without producing additional i.d., or gain full access to your online accounts.

#7 – Your Passport Number

A passport number in conjunction with an illegal database can result in a wealth of information for thieves.  Passport numbers can yield full names, date of birth, place of birth, and of course nationality.  If your physical passport is snatched, the consequences go downhill quickly.  With an altered picture, a thief could use your passport to open accounts internationally, resulting in some rather complex problems you’ll have to clean up.

#6 – Your Driver’s License Number

Your driver’s license number is much like your passport number, but because it is more common and contains more information it is actually much more valuable.  Amongst the information that can be illegally obtained through you DLN is your full name, date of birth, address, and basic personal appearance data (height, weight, eye & hair color).  If physically stolen they are easier to alter successfully than passports and will usually result in less scrutiny.

#5 – Your Online Passwords (including usernames)

With everything moving online these days, your online usernames and passwords are becoming more and more valuable.  It should be blatantly obvious that if a thief got his/her hands on your financial institutions log-in information, you’d be toast.  You can do a lot with online banking these days.  Let’s even assume that they only get your e-mail password or even just a social media account.  Unfortunately, I’d be scared to admit what other information would be attainable if my e-mail was compromised.  Bottom line…  be careful what information you send through e-mail and be sure to create kick-ass passwords.

#4 – Your Actual Account Numbers

In terms of stealing from your current accounts (opposed to using your info to open new accounts), your actual account numbers are the primary target of thieves.  The most common accounts are checking, savings, credit cards, and debit cards, but don’t rule out protecting your investment and retirement accounts.  A thief can do a lot with just the full account numbers, but if they’re able to match it with numbers 8, 11, or 15…  watch out.

#3 – Your Full Name (including aliases)

While this may seem too basic to include on the list (especially this low), it’s value is so immense that it can’t be neglected.  “Name as it appears on card” is one of the most common security checks for online credit purchases.  In addition, it’s clearly essential when generating/opening new fraudulent accounts.  While a name like Adam Baker isn’t going to cause any problems, names like Robert, Richard, and Elizabeth can result in many different aliases.  Finding your full birth name and common aliases is the base for everything else!

#2 – Your Date of Birth

Again, another bread-and-butter piece of personal information.  But, like your full name, it’s value lies in the fact that it’s used in the creation of nearly every account.  It’s also one of the most common and easily-used pieces of information to verify existing accounts.  Along with the one before it and after it, this comprised what I like to call the “Big 3″ of your identity (at least to the government/corporate worlds).

#1 – Your Social Security Number

Ah, the golden ticket.  So obvious, you probably guessed it from the get-go.  Unfortunately, this magical number is used by nearly every government and financial institution as the primary form of identity.  It out ranks even your name, which can vary from institution to institution depending on minor details.  While it may be a sad situation that your entire life can be summed up with a number… it can.  It’s our system and this is your only key.  Protect it!

Further Information:

Identity thieves utilize a wide variety of techniques to obtain your personal data.  While I’ve touched upon a couple above, much more in-depth information is available on the official site of the Federal Trade Commission.

You may also enjoy my previous list of 33 Ways To Thwart Identity Theft for more helpful tips on how to protect yourself.

What’s your opinion?  Do you have something to add to the list?  What do you think is most valuable to potential thieves?  What steps do you take to protect your personal data?  Join in on the discussion by leaving your comments below!

photo by vimages

{ 21 comments… read them below or add one }

Kosmo @ The Casual Observer August 13, 2009 at 9:02 AM

Until recently (~ 10 years ago) the state of Iowa used SSN as part of the driver’s license number (it was literally IA123-45-6789). Couple this with the fact that some stores want the DL number on checks – not a good combination.

I hate using my mother’s maiden name for verification. I have greatly difficulty remember the correct spelling. It’s not a common name, and there are a few possible variations.
.-= Kosmo @ The Casual Observer´s last blog ..NASCAR or Opera =-.

Reply

Baker August 13, 2009 at 9:29 AM

Yeah, I’ve heard of states using the SSN as the DLN. That’s crazy. I’m fairly sure most have converted now, but it would be interesting to know if any still us them!

Reply

Dave August 13, 2009 at 11:05 AM

Identity Theft has become one of the least worriesome things in my life. Why? Because anyone and everyone can access your info.

I worked for a financial firm and had every clients SSN, phone number, address and so forth. I never used these things to steal or anything at all, but such could have happened very easily.

I think, no-a-days, anybody could steal your info if they want to. Unfortunately, all that info is out there.

Still good post though….
Dave
LifeExcursion
.-= Dave´s last blog ..Getting Your Life in Order =-.

Reply

Baker August 13, 2009 at 12:16 PM

I completely agree… I try to do my part to “thwart” as much as I can, but at the end of the day… if someone wants it bad enough, they can get it.

Reply

Matt Jabs August 13, 2009 at 12:05 PM

This stuff would scare the life outta me if I didn’t just give it all over to the Lord! That said, I try not to make obvious and stupid mistakes… being a public blogger doesn’t “reduce” my risk I’m sure, but I have faith that the Lord will protect me! :-)

After reading your list… I need to change a blog policy referencing #15
.-= Matt Jabs´s last blog ..Monthly Debt Reduction & Savings Statement – July 2009 – Lending Club Edition =-.

Reply

Baker August 13, 2009 at 12:17 PM

You should create a new product… LordLock! :-)

Reply

Paul @ FiscalGeek August 13, 2009 at 12:11 PM

I’m with Matt I do my best to protect my stuff but my own credit union ended up giving away my check card info recently, at least they called to let me know and proactively changed my account numbers.
.-= Paul @ FiscalGeek´s last blog ..10 Reasons County Fairs are Better than Disneyland =-.

Reply

Baker August 13, 2009 at 12:17 PM

Doh! Yeah, a major bank probably wouldn’t have taken the time to change the account!

Reply

Kevin M August 13, 2009 at 12:18 PM

I’m with Dave, I try to be careful, but there’s only so much you can do. I’ve received 2 letters in the past year about possible ID theft from breaches outside of my control – my alma mater and a former employer’s 401(k) plan administrator both had computers lost or stolen that “might have” contained my info. I got free credit monitoring for a couple years, which is nice.

I’m a CPA and have access to hundreds of SSN, birthdates, full names, etc. We protect it as if it was our own, but I’m sure there are less scrupulous folks out there with the same access.

Reply

thisisbeth August 13, 2009 at 1:04 PM

My first name is quite common (Beth–not Elizabeth or Bethany or anything like that). My middle is within the top five most common middle names, and my last name ranks #6 (I think). I always joke that no one would try to steal my name because it looks like a fake name to begin with.

MN Driver’s License numbers used to be coded for names (Four three digit numbers: last name, first name, middle name, and then an individual number because often there’s more than one person with the same name). They changed it a few years ago–not exactly sure when, but sometime within the last 15 years.

Reply

J.N.Urbanski August 13, 2009 at 3:00 PM

I have to agree with other posters. If thieves want something badly enough, they’ll find a way to get it. It just seems to be the luck of the draw. You need to invest in a good shredder; set up a good filing system. Also, try using a secure email address for your banking and finance and a completely separate email address for logins, newssites and online stores like amazon. This will limit the exposure your email address gets out there in the world.
.-= J.N.Urbanski´s last blog ..Chicks & Ammo =-.

Reply

Kyle August 13, 2009 at 10:47 PM

We can’t, as a society, start to fear identity theft so much that we become a bunch of nameless, faceless, zombies. The key is to recognize the types of things they are looking for, as this post so cleverly has done, and be smart enough to not take every phone call, text message, and e-mail at face value.

I have received numerous phishing e-mails and at least two of the phone call type “attacks.” While not painfully obvious I am pretty sure that my bank isn’t going to call me at 8pm and ask me to input my atm card number and pin # into the phone… pay attention and be smart and you will be ok.
.-= Kyle´s last blog ..Managing a Checking Account =-.

Reply

Edward Stream August 14, 2009 at 3:39 AM

yeah…well you need to be extra careful. install an av solution and you will be ok
.-= Edward Stream´s last blog ..Create your own planet ! =-.

Reply

Ken Kurosawa | Wasabi Burger August 14, 2009 at 8:28 PM

It’s going to be interesting to see how our personal identities will be thought of in the future. MySpace, Facebook and now with Twitter, anyone with access to Internet can see what you’re doing at any time, what you like, who your friends are, the foods you like, your birthday and myriad of other what used to be ‘personal’ information.
Thanks for the post,

Ken Kurosawa
.-= Ken Kurosawa | Wasabi Burger´s last blog ..Learn to Schedule your Day Like Benjamin Franklin =-.

Reply

JNUrbanski August 15, 2009 at 11:51 AM

That’s a great point Ken. I have younger siblings who insist on putting their personal information all over Facebook with impunity. But that’s in England where our national insurance number is never used as an identifying feature. It’s totally private and one number that you don’t even know off the top of your head. Plus it’s a mix of letters and numbers. They also have “chip and pin” service which protects their credit cards.
.-= JNUrbanski´s last blog ..Camping =-.

Reply

Phileas August 17, 2009 at 9:06 AM

It’s something we all fear. Thanks for this post.

Reply

Rachel February 24, 2011 at 4:16 PM

Wow. I never would have thought twice about most of these things, but this is great advice. One of our bloggers did an article about protecting yourself from identity theft back in October (http://credit.equifax.com/2010/10/avoid-identity-theft-get-in-habit-of.html) that may also be helpful to your readers.
Best,
Rachel

Reply

Taz W. May 8, 2012 at 9:56 PM

When asked for a mother’s maiden name (depending on the context and type of site that asks for the info), I just use a fictional or nonsense maiden name, which I note as part of my personal records in case I have to retrieve a password or such. They have no way of knowing (again, depending on the context… Banks may have a way they can know the ‘real’ middle name) what the actual middle name is, and I can track different kinds of sites with various ‘aliases’ of middle names or other information that can point me back to how some of my info may have leaked out into the world. Works quite nicely!

Reply

Steven J Fromm April 20, 2013 at 12:59 PM

I was recently the victim of identity theft and what a mess. The tough part is that I was fairly careful about my stuff and they still got my information. To this day, I do not know how they got my information, but they did.

Reply

Harris September 23, 2013 at 2:45 AM

This is a very nice article, but unfortunately, there is no real way to protect yourself. If someone wants it–they will get that info.

Many of people work at home, too, so they have to enter this info. on various websites which they work for: social, ID, etc.

Reply

Maggie@SquarePennies October 1, 2013 at 12:15 AM

My pet peeve is how often people list their date of birth on facebook. Everyone loves to be wished happy birthday! And if they also list their home town where they grew up, it’s enough for some baddies to figure out their social security number. Never say when it’s your birthday online and never tell where you were born or grew up. We are just too trusting.

Reply

Leave a Comment

{ 10 trackbacks }