Identity theft is a disaster at best. After all, we are talking about someone who literally takes your place. It can be done simply as a gesture, committing identity fraud online without even removing your name (other than crossing it off a list). Or it could be someone walking into a bank pretending to be you. But how do these people get their identity? And what happens next?
How is your identity stolen?
Your identity is usually stolen in three ways. The first way is when your credit card is cloned or copied by an unscrupulous waiter, waitress, street vendor or the like. Very often this does not happen abroad or in a big city. It is less common when you are at home in places you visit regularly. Second, identity theft can occur if your contact details are part of a massive data breach. Take the 2015 Experian data breach as an example. The third method of identity theft comes from email, SMS messaging, and any other medium where phishing is prevalent. A technique used to trick you into entering your username, password, and personal information on a fake web page, phishing relies on appearance of recognition to trick you. Therefore, the message may appear as a password reset email or perhaps tell you that your account has been restricted. You click the link, log in, provide the requested information... and your electronic identity is stolen.
How does identity travel?
Stolen identities are often for sale, almost always added to large databases that criminals can access and use. In the case of credit cards, they are usually tested to see if they work: a small purchase can be made. Or the purchase can be larger, shipped to any address in an industrial area, and then resold. It is money laundering. So it's almost like a virtual journey: you stay at home, your digital identity is sent over the internet until a buyer is found.
![]()
(Image credit: TheDigitalArtist / Pixabay)
You are for sale on Dark Web
Mainly, accounts with money attached are the most desirable. So bank and credit card accounts, mortgages, online payments like PayPal, rental purchase contracts, smartphone contracts, anything that requires a large amount of personal data for approval. The more complete the data, the more likely it is to sell. Most people think that the internet and the web are the same thing. In truth, the Internet is just the infrastructure for routers, data centers, DNS servers, and cabling. The web, like email, FTP, and torrenting, is on the Internet. The same goes for the Dark Web, a hidden part of the online world accessible through the Tor browser. Think of it as a "wild west" internet that is hard to control. Standard web search tools can't crawl these sites, so you won't find any results on Google. Like the back alley of the Internet, the Dark Web is perfect for selling stolen data, weapons, drugs, and other questionable deals. Remember, identity thieves are criminals, with all kinds of illegal operations.
How much is your ID worth?
The Dark Web offers a marketplace for your identity to buy and sell. Every record sold on the Dark Web generates profit for whoever stole it. The more complete the data and the account balance, the higher the price. A Trend Micro study found that bank connections only cost between €200 and €500 per account. Individual credit cards typically sell for less than $100, with much less than $10. This price is reflected in the amount of unused credit available on the cards. Meanwhile, accounts with mobile carriers are available for a maximum of €14. That's a bit fried compared to the €300 price tag applied to your eBay and PayPal accounts. Remember when you applied for credit and provided a scan or photocopy of your passport? Maybe your marriage certificate? These sell for up to €40; after all, owning someone's passport details is an instant new identity. It is perplexing to know how your digital identity is exchanged. So here's a final price: medical data is worth around €1,000 per file. I expect your healthcare provider to use secure procedures to protect your data.
Where does your stolen identity go?
Criminals around the world have access to databases containing stolen credit card information and entire identities. The more complete the data collection, the better. Wealthier people are more desirable to thieves, but the super-rich are rarely found here. They are usually more specifically targeted. Thanks to the Internet, your stolen identity could end up anywhere in the world. Financially speaking, you could be in London to shop for pants and in Rio for breakfast at the same time. However, this type of activity usually makes credit card companies see that something is wrong. As such, your stolen identity probably doesn't go much beyond your usual movement pattern. In this way, identity criminals can take advantage of the longest possible use of your identity. A week would be a long time, but more than enough to rack up huge debts in your name.
![]()
(Image credit: Shutterstock / Zeeker2526)
Maintain your identity
The risk is simple: someone who possesses the key elements of your identity may pretend to be you. With this information and some basic research on your probable estate, identity fraud can be committed. Data breaches are impossible to prevent. So the answer is to protect yourself. As your personal data languishes in a database, ready to be used for automated phishing emails or more targeted targets, you can use security tools and credit monitoring services to reduce your exposure. Cybercriminals don't like hard work. It takes time and is not profitable. Instead, they aim for useful fruits, easy victories. Don't be an easy win – make identity theft more difficult and criminals will move on to the next victim.