10 Ways Hackers Can Steal Your Personal Identity and How to Prevent It

Consumers are often asked to share valuable personal data in order to receive goods and services, and these exchanges increasingly occur online. This puts them at increased risk for online identity theft—a threat that is only growing across global economies. But even classic, “offline” versions of identity theft remain a prevalent issue.

According to the US government, “Identity (ID) theft happens when someone steals your personal information to commit fraud.” ID fraud itself can take several forms—use of credit card information to acquire products and services, for example, or even to receive medical treatment. These opportunities make anyone’s identity valuable to criminals; Stealing someone’s identity becomes a “free ticket” for any number of fraudulent activities.

Fraudsters can use multiple types of personal identification for nefarious purposes. Passports, driver’s licenses, passwords, and of course credit cards or bank account information can all be exploited for criminal behavior, putting individual consumers at risk. No matter who you are, your personal information has value to criminals.

ID theft and fraud are growing at frightening rates as well. A June 2020 analysis found an 18% increase in instances of identity fraud in the UK in 2019 when compared to the previous year.

It’s up to each of us to learn what are the most common types of identity fraud, for we as individuals are most often the last line of defense. In fact, several forms of ID theft depend on voluntary behaviors on the part of the victim. Here we take a closer look at what methods criminals use to hack into people’s data in order to steal their IDs.

The Israeli company Natural Intelligence, which created detailed “best of” and “top 10” lists built a detailed list of the 10 most common methods hackers and crooks use to steal identities, and what you can do to prevent it from happening to you:

Just as the ways we use our personal information to acquire goods and services have evolved, so have criminals’ methods for exploiting them. Here we review ten of the most common types of ID theft, starting with four types of ‘”phishing” schemes: pharming, vishing, search engine phishing, and SMiShing.


Hackers method: Pharming is a method of ID theft that uses falsified websites to capture personal information. Hackers will lead you to believe that websites serve a recognizable and legitimate capacity—a website made to look like an official government website, for example—to trick you into sharing their personal information.

Hack to avoid it: You should check the legitimacy of any website before sharing consumer information. A simple Google search will often tell you if a website is fake. Certain “giveaways” like misspellings, incorrect logos, strange URLs, and suspicious requests on the website can suggest something is wrong as well.


Hackers method: Vishing, or “voice fishing,” is conducted via phone calls. Thieves often automate phone calls that trick consumers into thinking there is an urgent need for them to share personal information over the phone. The crooks may impersonate government agencies or financial institutions, for example, then request personal information like social security numbers or bank account information.

Hack to avoid it: Avoid providing personal information over the phone in any context. Only do so if the phone call has been facilitated by legitimate means. This most often means you instigated the call yourself with a trustworthy entity.


Hackers method: This name is based on the abbreviation “SMS” for “Short Message Service,” the common functionality behind everyday text messages. SMiShing is when criminals send text messages encouraging consumers to share personal information. Bad actors often pose as legitimate institutions, and can be difficult to trace.

Hack to avoid it: You should never under any circumstances share personal information via SMS. Most legitimate companies will rarely ask for personal information using SMS—More often they provide information this way upon consumer requests, such as confirmation codes when logging into a legitimate account. 

Search Engine Phishing

Hackers method: Search Engine Phishing resembles pharming since it involves the fraudulent use of websites. In this case, the websites do not impersonate legitimate ones; they are designed to make offers consumers “can’t refuse,” such as unrealistically affordable goods or services.

Hack to avoid it: If you encounter a deal that seems “too good to be true” and don’t recognize the retailer, it is likely a phishing attempt. Running a Google search like “Is [website] legitimate?” and reading several of the results is a good rule of thumb to identify these websites for what they are.

Man-in-the-Middle Attack

Hackers method: Man-in-the-middle attacks also involve fraudulent websites, but they are even more nefarious. These attacks actually reroute consumers looking to visit legitimate websites to identical, illegitimate ones.

Hack to avoid it: The simplest solution to this problem is checking the URL in your browser. Bad actors will create websites with similar URLs to mislead you. For example, if your bank is at www.mybank.com, the criminal may use mybank.co as the URL. Your browser’s functions, such as its history or auto-populating functions, should give you some indication as to whether or not you are on the correct website as well.

Dumpster Diving and Theft of Personal Objects

Hackers method: Theft of personal objects like driver’s licenses, social security cards, and even garbage with personal information are still common risks. 

Hack to avoid it: Avoid these crude forms of identity theft by securing valuable documents and shredding those you wish to throw away. You can cut up credit cards with scissors before discarding, for example, and keep social security cards in a secure location at home.

Credit or Debit Card Theft

Hackers method: Although credit and debit cards are also “personal objects,” their information is often stolen online or via photography, as well as in person. Many of the methods described above are means for capturing credit or debit card information, but thieves can steal physical cards or photograph their numbers in public places as well.

Hack to avoid it: Fortunately, in addition to keeping this information secure, you can count on modern banks to take action and even return funds lost to credit or debit card theft. They can quickly change your account information rendering the stolen data useless as well. Be cautious, though, as thieves may steal personal information in addition to credit or debit card information when theft occurs.


Hackers method: Skimming is another means of capturing credit card information, though with greater technological sophistication. Skimming takes place when a card-reading machine transmits credit card information via nefarious means. Thieves may manipulate card-reading machines of otherwise legitimate merchants to do this.

Hack to avoid it: One easy way to protect against skimming is to ensure the merchants you visit in person are trustworthy. But you can also protect yourself by simply reviewing your transaction history and credit reports. Your bank will often flag suspicious activity which occurs when this information is stolen as well.


Hackers method: Pretexting is a more involved form of ID theft, where criminals do research on individuals ahead of time to identify vulnerabilities. If you have a sick relative in the hospital, for example, a thief might claim to be a hospital representative calling on behalf of that family member and ask for personal information.

Hack to avoid it: Pretexting can throw you off because of the thieves’ apparent “inside knowledge,” but these thieves will most often use one of the methods above to make their attempt. Avoid sharing personal information over the phone, via the mail, via SMS, and online unless you are certain about the recipients.

Social Engineering 

Hackers method: Social engineering, also known as “a con,” is a much more involved identity theft method often requiring several layers of deception to steal personal information. Social engineering often involves pretexting and one of methods for identity theft; they often involve more than one bad actor as well.

Hack to avoid it: It can be especially difficult to identify a con. Simply keep in mind the context in which you shouldn’t provide personal information—unwarranted phone calls, individuals approaching you whom you do not know, or websites you cannot confirm are legitimate are examples. Cons require a lot of work and often require a big “payoff” as a result. If you have anything of particularly high value that comes into focus, you might be a victim.

Top10.com offers hundreds of Top10 shortlists to help consumers make informed decisions and easily compare their purchasing options online. Trusted by millions, the team shortlists are enriched with editorial reviews and deep-dive, informational articles—all with the goal of turning online purchasing decision into a breeze.