How to Get Hacked and Become a Victim of Identity Theft

Yes, online security can be a drag, but if you’re tempted to click on that fun Facebook quiz or skip your phone update just this one time, here’s what could happen.

A woman bites her lip in regret.
(Image credit: Getty Images)

Hardly a day goes by without a story of a major data breach on a business, government agency or individual. And, like seeing reruns of the same old television series over and over again, I think that most of us grow tired of being lectured for not paying enough attention to computer security.

“Lana” felt that way, writing, “I ignored the advice about computer and mobile device security, feeling scolded every time I heard a recommendation. And then I got hacked, became an identity theft victim, and it took me two years to clean up the mess.

“Dennis, with your sense of humor, why not write an article telling people how to be hacked? I’ll bet that will get their attention.”

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of Kiplinger’s expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of Kiplinger’s expert advice - straight to your e-mail.

Sign up

With that request in mind, I asked Paige Hanson, Chief of Cyber Safety Education at NortonLifeLock, to explore the ways of getting hacked and becoming a victim of identity theft.

We Leave Digital Trails That Tell All About Us

“We are producing more data about ourselves than ever in the past, which leaves a digital trail that is vulnerable to being compromised,” Hanson points out. If you’re not careful to clean up after yourself, those digital breadcrumbs we leave behind could lead thieves right to your door. To help avoid that, Hanson highlighted some common ways we make it easier for fraudsters to take control of our digital world:

1. Take all those surveys of your likes and dislikes.

Consequences: Fun quizzes often ask a series of personal questions to help you find out which Disney Princess you are or ask you to share your yearbook graduation photo (along with what high school you attended and the year). Fraudsters find creative ways to use these quizzes to get you to answer the same types of questions used by banks and other institutions when setting up accounts — your first-grade teacher, your first car, your first pet. You are giving out the answers to your security questions without realizing it. Hackers then can build a profile on you. If the quiz requires you to provide your email to participate or get the results, the fraudster now has your email address. He can send a request to reset your password that looks like it came from your bank or credit card company, and when prompted to “Answer these security questions,” he just may have all the information he needs to take over your account.

2. Keep your social media privacy settings set to public.

Consequences: This will make sure everyone knows what you are doing, every photo you post, who your friends are, all of the personal details you share and possibly where you live. A hacker will have complete access to the personal details, making you an easier target for identity theft.

3. Don’t update your phone’s operating system, home computer or your apps. Absolutely do not keep your virus software current!

Consequences: One of the most common ways cybercriminals gain access to your systems, aside from enticing you into clicking on malicious links, is through out-of-date software. As software companies discover flaws in their systems, updates are issued. By not installing them, you are open to being hacked. Out-of-date software invites malware infections and other cyber issues, such as ransomware.

4. Do not password protect your smartphone or mobile devices.

Consequences: You get coffee at a restaurant, leaving your device on a table. With no password, anyone who steals it will have instant access to all your personal information.

5. Have the same username and password for all the sites you visit.

Consequences: If fraudsters acquire that information, they will use it on popular sites in an effort to gain access to your online accounts. The solution is to use different passwords for each account, and most people don’t do this. A password manager solves the problem.

6. Transact everything over public Wi-Fi to make sure the owner of the Wi-Fi site can see your online activity, what websites and links you’ve been on.

Consequences: They send you a link concerning something that you were interested in and you click. It is called spear phishing, and they’ve now obtained access to your digital life.

7. Store on your mobile device and physical wallet as much personal information about yourself and family as possible, including Social Security numbers for the family, driver’s license, home address and so on.

Consequences: That way, if stolen, it will so much easier for the entire family to be hacked!

8. When working from home, let your children download games and programs on your work device.

Consequences: They might not be compatible with your employer’s approved downloads and could leave your company vulnerable to being hacked. You could lose your job!

Bonus: How to Make Things Worse After You’ve Been Hacked

One you have been hacked or data stolen, here’s how to deepen your trouble:

1. Do nothing. Especially do not contact your lender, credit card company, bank or law enforcement. Remain connected to the internet.

Consequences: While reporting a hacked or stolen debit card, credit card or credit card number and security codes before they have been used by a fraudster results in no liability, if you know your card has been lost or stolen and do nothing at all, you could take a hit. For credit cards, losses are limited to $50 under the Fair Credit Billing Act (opens in new tab). But rules for ATM cards aren’t as forgiving. There are different time periods that apply as to when the card has been used that limit personal liability, but you must act quickly: If you wait more than 60 days after your statement is sent to you to report the loss, you could lose all the money taken from your account! Banks and credit card issuers will provide you with new cards and security codes, but do not enter these numbers online as your activities could be followed. Change all your passwords from another computer.

2. Do not back up your files with an external hard-drive, thumb-drive or into the cloud.

Consequences: In the event of a ransomware attack, you could be paying the scammers a great deal of money!

Concluding our chat, Hanson offers this warning:

“Anyone can become a target.”

This article was written by and presents the views of our contributing adviser, not the Kiplinger editorial staff. You can check adviser records with the SEC or with FINRA.

H. Dennis Beaver, Esq.
Attorney at Law, Author of "You and the Law"

After attending Loyola University School of Law, H. Dennis Beaver joined California's Kern County District Attorney's Office, where he established a Consumer Fraud section. He is in the general practice of law and writes a syndicated newspaper column, "You and the Law (opens in new tab)." Through his column he offers readers in need of down-to-earth advice his help free of charge. "I know it sounds corny, but I just love to be able to use my education and experience to help, simply to help. When a reader contacts me, it is a gift."