Common Identity Theft Tactics Used by Hackers

By Zachary Amos •  Updated: 05/23/22 •  6 min read

Cybercriminals aren’t as creative as you think. While a select few might be the tech-savvy hackers we see in the movies, a vast majority of them possess average skills and knowledge and use basic methods to steal personal data. Here are some common identity theft tactics used by hackers and how you can spot them before they do damage.

  1. Phishing, Smishing, and Vishing

Hackers often use one of three “-ishing” methods in their first attempts at identity theft. You’re probably most familiar with phishing, a tactic in which hackers send misleading emails trying to coerce you to click on a malicious link or provide personal information. Smishing and vishing are similar, but they take place on different platforms.

Smishing occurs when a scammer impersonates someone via text message, which might be more effective than email because most people are more likely to trust a text. Vishing takes place over a phone call and often includes a falsified caller ID of a local number or reputable organization.

No matter what platform the hacker uses, the end goal is the same: entice you to hand over sensitive information. If you receive an email, text, or phone call from a suspicious sender, play on the safe side and ignore the message. Block the email address or phone number so you don’t run into the same bad character again.

  1. Dumpster Diving

This term means exactly what you think it means. Hackers will sift through dumpsters and trash cans for people’s personal information. They resort to this tactic hoping that a household or business threw away intact sensitive documents, like bank or credit card statements. It’s not the most clever or graceful method, but they’re willing to get dirty to find what they want.

Protect yourself by destroying all of your documents with fire or a shredder. Even seemingly harmless documents like schoolwork shouldn’t get into the wrong hands. Once a piece of paper has fulfilled its purpose, make sure you’re the last person to use it.

  1. Pretexting

Some hackers are willing to go the extra mile to steal your information through pretexting. With this method, they do background research on the victim to identify vulnerabilities and find a potential avenue for identity theft.

For example, they might find out you have a sick relative in the hospital and gain your trust by impersonating a hospital official.

A thief with inside information is difficult to spot, but as a general rule, you shouldn’t reveal anything unless you’re 100% sure of the recipient’s identity. If someone with unclear credentials starts asking intrusive questions, they’re most likely a scammer.

  1. Skimming

Skimming occurs when a hacker tampers with a payment machine to steal information as a credit or debit card gets swiped. They might place a small recording device to read the card number or bribe a cashier to record the information for them.

Some experienced hackers also make fake card readers and attach them to machines, easily stealing the information of anyone who uses the machine.

Before using any payment machine, take a closer look at the keypad and card slot. Here are some telltale signs of a counterfeit card reader:

Wiggle the card slot and keypad to identify these signs. If you suspect the reader is fake, notify the bank or business immediately and check your transaction history to make sure you dodged the attack. It only takes a split second for a device to pick up your card numbers.

  1. Public Wi-Fi and USB Stations

Public Wi-Fi networks often don’t have passwords or encryption, making them easy hunting grounds for hackers. They can eavesdrop on your browsing and find all kinds of information, including your usernames, passwords, private numbers, and other personal data.

Similarly, they might hack a USB charging station in a public area and access the device of anyone who uses the station.

It’s best to avoid using public Wi-Fi and charging stations when you can, especially if you’re in an unfamiliar place. You’re probably safe at your school’s library, but an airport or busy restaurant could be crawling with hackers. Bring a personal hotspot and charge your devices before you leave the safety of your home.

  1. Confidence Fraud

Confidence fraud is perhaps the most underhanded identity theft tactic on this list and thus the most difficult to spot. A hacker gains your trust by acting like a friend or family member, but the most popular method is establishing a romantic interest. They then convince the victim to hand over sensitive information, buy things, or even launder money for them.

Unlike other impersonation methods, confidence fraud scammers attempt to establish a strong personal connection with the victim before they strike. As a result, even the most shrewd individuals can let their guards down and willingly give up their data. You can’t let your personal biases cloud your judgment. Don’t give your information to anyone if they don’t need it.

  1. Social Engineering

Social engineering is a convoluted version of confidence fraud that usually involves multiple hackers working together to scam one victim. The first hacker builds trust and rapport with the victim, then directs the victim to the next hacker at the appropriate time. The hackers vouch for each other and prop up the victim, making them think they have the situation under control.

If a person or organization “directs” you to someone else or uses a strange reference for no apparent reason, you’re probably in the early stages of a social engineering attempt. Leave the conversation as soon as possible and block the person from contacting you again.

Protect Your Identity From Common Threats

Identity theft can occur through many avenues, including emails, texts, phone calls, public Wi-Fi, charging stations, and fake card readers, just to name the big ones. Sometimes a hacker is also willing to put in the extra effort to sift through a dumpster or impersonate a trusted individual to find private information.

You need to take all possible precautions online and in real life to secure your identity. Follow our advice and you’ll learn to confidently spot and avoid threats as they emerge.

Zachary Amos

Zachary is a tech writer and the features editor of ReHack Magazine where he covers cybersecurity and all things technology.