Protecting Yourself from Identity Theft

Identity fraud vs identity theft fingerprint image.

Identity theft can create a mountain of issues and heartache for the victim. Learn ways to avoid becoming a statistic.

By Tom Kennedy, CFP®:

It’s frightening to think that on the dark web, a child’s social security number is worth more than an adult’s number because it offers criminals a clean slate without any history. Parents do not regularly think about protecting that number because it’s usually locked away tight until the child comes of age. Losing an identity to theft, however, can seriously disrupt a victim’s life and throw them into reactive mode. We provide you with some background information on the topic and offer suggestions about what to do if you become a victim of identity theft.

What Contributes to Identity theft?

This type of crime takes place when a criminal steals your financial identity and takes over that identity to commit a wide range of crimes. This usually involves accessing an individual’s social security number, date of birth, address, and name.

Unfortunately, data privacy in the US is relatively wide open. What’s worse is that we are guilty of putting too much information out there in the public realm. If you pay for an online background check on yourself, you might be alarmed to see how much information is available about you to anyone who simply pays the fee. These companies have scraped the internet and social media for things like:

  • Where you have lived and how much you paid for your house
  • Who lived in the house before you and who lives next to you
  • How much money you make
  • What education you have achieved
  • Whether you have a criminal history
  • Medical history
  • And more

This information enables criminals to find answers about your identity and, coupled with the personal information that many of us share on social media, it is not difficult to see how a criminal can piece together your financial life. To help you reduce the amount of personal information that is on the internet about you, we put together a comprehensive list of 20 ways to reduce your digital footprint.

How is identity theft different than identity fraud?

This type of criminal activity takes place when stolen information like a credit or bank card is used to commit a crime. There are several ways criminals can get your credit card details. A few examples include:

  • Lists of credit card numbers and details may be purchased on the dark web
  • Sometimes someone you did business with may steal or sell your card details
  • A credit or bank card may be skimmed through a device that captures your card details and the PIN you entered

Banks try to be proactive about controlling identity fraud because it costs them money. When a credit card is used fraudulently, most banks will refund the customer what was stolen, and then seek to prosecute the criminal—that is if they can locate them. To combat their associated losses, some banks troll the dark web, searching for your bank card numbers. This is why you may sometimes be issued a new card without requesting one. It is often because the bank discovered your card details on the dark web.

What is inside the dark web? 

The dark web is the part of the World Wide Web that is undiscoverable through basic search engines like Google or Bing. Usually only accessed through anonymous browsers and operating systems, the dark web masks the identity of thieves and those willing to purchase stolen information, putting these crooks completely off the radar of legal authorities. These underground markets are awash in counterfeit documents, stolen credit card data, hacker software, financial account information, and almost anything else a criminal could dream of. 

Spoofing. Spoofers often forge the header information of the emails they send (i.e., the to, from, and subject lines, as well as the time stamp and path that the emails took to arrive in your inbox). They do this in an attempt to make it appear as if their messages came from someone or somewhere you know (e.g., a friend or familiar organization like your bank). The goal is to get you to respond to their spam or to click on the malware-laden links or attachments in their phony messages. When an email address has been spoofed, the spammer doesn’t gain access to your email account.

Tax identity theft. To fraudulently file taxes, a thief needs your name, social security number (SSN), and date of birth. From there, he or she can easily falsify “your” W-2 information in the hopes of claiming a refund. You—the taxpayer—won’t find out about the fraud until you receive notification from the IRS that your real tax return has been rejected. By then, the damage has already been done.

What happens after a data breach?

On their own, stolen pieces of credit card information command relatively low prices. That’s because thieves can’t do much damage with numbers alone; they also need to have names or billing addresses associated with those numbers. So it’s no wonder that hackers look to make big scores by breaching the websites of major corporations from which they can steal thousands of pieces of information and turn a large profit by selling bundles of credit card numbers and associated data.

When criminals have access to your personal identifying information, they can pretty much do whatever they want, including:

  • Falsify applications for loans or credit
  • Transfer or withdraw money from your bank accounts, PayPal, or other financial institutions
  • File tax returns and steal your refund
  • File unemployment claims
  • Gain access to more private information with fraudulent online accounts
  • Purchase prepaid cards and gift cards
  • Use health insurance credentials and stolen medical identification by ordering expensive services under the real customer’s name, spending beyond benefit limits so the real patient must pay out of pocket for any services needed

They look to make still more money by selling the information. There are several ways criminals can get your personal identifying information:

  • Dumpster diving – they may dig through the trash to gain access to discarded financial documents
  • Hacking into the computers of healthcare and medical facilities because they are a treasure trove of personal information
  • Infiltrate businesses that store personal information such as financial institutions that offer credit and loans or manage your financial portfolio
  • They may capture the data sent over the internet
  • Criminals can purchase the information through the dark web
  • While inconceivable, sometimes parents use their child’s identity to commit fraud

How can you protect yourself from a data breach?

Although anyone can become a victim of a major data breach—which makes it difficult for you to stop your information from getting out there—following some cybersecurity best practices can help keep your information secure even if it is stolen:

  • Enable multifactor authentication (MFA) on your online accounts. With MFA, you’re prompted to enter an additional piece of identifying information—typically a passcode sent to your smartphone—after you submit your username and password. That way, if your password is compromised, a hacker still won’t be able to access your account without your phone and the code. (Password managers come in handy here, helping you keep all your passwords organized, so you won’t have to worry about remembering them.)
  • Enroll in identity protection services and keep close tabs on your credit reports. With credit monitoring, you’ll be able to keep tabs on your credit report. Credit monitoring services will alert you when a new line of credit is attempted, but they will also monitor existing accounts and notify you of any changes. Many also offer recovery assistance services, monetary and legal assistance, and insurance that covers expert consulting regarding identity theft.
  • Audit your medical and insurance statements regularly. By doing so, you at least can keep tabs of any changes. If something isn’t right, you can contact your health insurer and perhaps at least minimize any misuse of your information. 

What should you do if you are a victim of identity theft?

Once your SSN has been compromised, it cannot be canceled or changed. But what you can do? Take the following steps to protect yourself from the fraudulent use of your SSN going forward:

  • Contact the police to file a report
  • Notify the Federal Trade Commission (FTC), Social Security Administration (SSA), and IRS. The faster you take action, the better! In addition to filing a complaint with the FTC and notifying the SSA, be sure to call the IRS Identity Protection Specialized Unit at 800.908.4490 to report the theft. 
  • Submit IRS Form 14039. If you haven’t already done so, submit IRS Form 14039 (i.e., the Identify Theft Affidavit), so that the IRS is aware that your future returns may be at risk.
  •  Apply for an Identity Protection PIN. Once you’ve been identified by the IRS as an identity theft victim, you can apply for an Identity Protection PIN. This six-digit PIN, provided by the IRS, must be used for your future tax returns in order for them to be accepted. 
  • Report the fraud to a major credit bureau. Report the fraud to one of the three major credit bureaus (Experian, TransUnion, or Equifax), and place an alert on your credit report. When you file a report with one bureau, it is legally required to alert the other two. A fraud alert on your credit report will require potential creditors or lenders to contact you directly and obtain permission before opening a new line of credit. 
  • Consider adding a credit freeze or credit lock to the three main credit bureaus. It is imperative that you freeze or lock your credit so no further damage can be done.
  • Contact the companies where you know fraud has occurred. You will want to keep detailed records of who you talk to and when

While identity fraud and theft can be a hassle, there are some proactive steps you can take to keep your personal information safe and lower your chances of becoming a victim. Your trusted financial advisor can help answer your questions about protecting your personal and financial data.


Tom Kennedy is a financial advisor located at Global Wealth Advisors 520 Post Oak., Suite 450, Houston, TX 77027. He offers securities and advisory services as an Investment Adviser Representative of Commonwealth Financial network®, Member FINRA  / SIPC, a Registered Investment Adviser. Financial planning services offered through Global Wealth Advisors are separate and unrelated to Commonwealth. He can be reached at (832) 649-8111 or at

Look for additional articles on cybersecurity. 

If you’re concerned about your aging loved ones, learn more about the warning signs of elder fraud. 

© 2023 Global Wealth Advisors

Back To Blog