Having your online identity stolen is simultaneously more complex and easier than you might believe. There are a hundred ways your credentials can be stolen that don’t involve the classic email phishing scheme.
For example, the most popular web browser, Google Chrome, literally stores all of your passwords and saved-form information in easily accessible database files on your computer. The path to this file is typically:
C:\Users\\AppData\Local\Google\Chrome\User Data\\Login Data
If you were to open this file in a program like DB Browser for SQLite, it would list all your usernames and passwords (in encrypted format) that have been stored in Google Chrome.
But just because the passwords are encrypted doesn’t mean they can’t be decrypted. In fact, it’s quite easy. There are numerous tutorials online for decrypting exactly the file we’re talking about.
Imagine you’ve downloaded pirated software from a Russian torrent website. It may be the real software, as a fully “unlocked” copy of Photoshop CC 2018. Unknown to you, it also installs a trojan virus onto your computer. This can either be keyloggers, or trojans that upload your password database table to the recipient. They’ll then simply decrypt your password table, and know the password for pretty much every website you’ve stored in Google Chrome.
That is just one small example of a hundred different ways your online credentials can be stolen. It’s also a good example of why you should never allow browsers to store your passwords, or download “warez” (pirated software). To know more about identity theft methods and protection check out BetterDefend, a blog that helps get to the bottom of these important questions.
How To Know If Your Online Identity Has Been Stolen
Now that you know how remarkably easy it is for your passwords to be stolen (am I scaring you? I hope so), how can you find out if your credentials are being used without your knowledge?
Strange Bank Activity Or Complete Lack Of Banking Alerts
The most obvious would be is if the “hacker” immediately started using your bank cards, and didn’t cover their tracks. Your bank might even do you the favor of personally calling you and asking you to explain why you ordered $5,000 worth of audio equipment delivered to an address in Russia.
However, a “smart” criminal will erase their tracks. Since they’ll probably also have your email password, they’ll have emails from your bank redirected to another address, or blocked entirely. They’ll change the contact information in your online bank account to a new phone number. They’ll basically make it so that your bank’s attempts at notifying you of suspicious activity don’t reach you. You may need to actually call your bank and request your latest transaction history to figure out anything is happening.
Strange Emails In Sent And Spam Folders
You should thoroughly check your email account’s Sent and Spam folders for any correspondences you don’t remember being involved in. Most people rarely check their Spam folder. Thus, a criminal could be submitting credit card applications or carrying on conversations using your identity, and having the messages delivered to your Spam folder, where you would never notice.
Has Your Social Media Profile Been Cloned?
“Cloning” your social media accounts is also another tactic used by identity thieves. If you search for yourself on Facebook and see a profile using your name and photo that you didn’t register, that is a red flag.
Many websites, including e-commerce websites such as Amazon, allow you to either connect your social media accounts or sign-up using only your Facebook account. An identity thief may create a clone of your Facebook page and use it to register for e-commerce websites, as a way of appearing more authentic.
Strange Logins To Your Social Media Account
Facebook allows you to check what devices are currently logged into your profile. It is found under Settings > Security and Login.
If you see strange devices or locations here, it means someone else has logged into your account. There’s a button to immediately log out of all devices currently using your account, but if the hacker already has your password, it isn’t enough.
What Should I Do If My Identity Has Been Stolen?
Changing your passwords is simply not enough. If you have trojan viruses or keyloggers on your computer, the identity thief could have your new passwords the moment you change them.
For bank credentials, you should go through your bank’s channels for victims of identity theft. For online accounts, you need to change your passwords from a different computer that is not infected. You need to work very quickly, and change your passwords in this order:
Email > Online shopping > Social media
Your email needs to be the first password changed, because if you change all your other passwords while someone still has access to your email, they can block your attempts at changing your passwords.
For further prevention methods, this article “8 vital tips for protecting yourself from identity theft” is beneficial.