Jellyfish are remarkable creatures. The blob-like main body isn’t especially large in most cases, but their fine, filament-like tentacles can cover a crazy-huge area. In the case of the lion’s mane jellyfish, for example, those tentacles can stretch to as much as 120 feet from the body.
So what has that got to do with you? Not much — unless you swim in the open ocean where that jellyfish lives — but it provides a useful illustration of how your real-world existence and your online identity relate to each other. Your physical body occupies one specific point, but your online identity is made up of thousands of threads that extend all around the world, wherever there’s internet service. Scammers are adept at leveraging that online information to steal your identity and do you harm.
Your Online and Offline Lives Are Connected
It’s a fact of human nature that most of us behave differently when we know we’re being observed. You wouldn’t blurt out the most personal details of your life in the middle of a group of strangers, or leave your checks, your keys or your medical records lying around in random public places.
Yet many of us do similar things online, because it’s easy to forget that when you use a digital device you’re always being monitored in one way or another. Every article you read, every site you visit and every online search leaves a trail of data for others to see, and that doesn’t even take into account some of the data you generate — from the sensors in your phone or smartwatch, for example, or from smart connected devices in your home — all of which can be utilized in surprising ways by unscrupulous advertisers or outright criminals.
“Anything You Say Can Be Used Against You”
It’s important to recognize that scammers and identity thieves are adept at getting the most possible mileage out of any piece of information they can find, steal or buy. A great many sites and apps use one or the other as your username or primary identity.
Attackers who find either of those can attempt to log into multiple sites through a technique called “credential stuffing,” which simply churns through a database of known, compromised passwords until it finds one that works with your account. Most people reuse their passwords (a really bad habit), so getting that first match means the criminals can gain access to any other site where you’ve used the same one.
At that point you’re in serious trouble, because identity theft is like assembling a jigsaw puzzle: The more pieces they’ve got, the easier it is for criminals to see the whole picture.
The Impact of Your Online Identity
Your online identity, then, can be used by scammers as a lever to pry open the lid to your entire life. Depending on which information they harvest and which accounts they gain access to, they might:
- Drain your savings and max out your credit
- Apply for new credit in your name
- Claim costly treatments on your medical insurance
- File a tax return in your name and take your refund
- Create fake ID using your name and information
- Give your name to the police when they’re arrested for a crime (this one can be really troublesome)
- Request a “replacement” Social Security card
- Lock you out of your own accounts, and use them in turn to defraud (or harass) your friends and family while pretending to be you
So what can you do, as a private individual, to minimize your vulnerability to identity thieves?
Identifying the Scale of the Problem
Looking to see how much information you’ve scattered around the internet is a good starting point. To do that, use Spokeo’s people search tools and enter in your own name, current and previous addresses, phone numbers and every email address you can remember using. This will show you how much information is available through legitimate, mainstream public sources (by all means Google yourself as well, though you’ll get lower-quality information spread out over a lot of search results). That information provides a useful benchmark for gauging how exposed your online identity actually is. You may even want to print it out, or take screenshots, for reference purposes.
If you’ve been online for a few years, you might be unpleasantly surprised to realize how many sites have some portion of your personal information, or your youthful rants and embarrassing party pics.
You should also take a serious look at your social-media profiles. Facebook, for example, lets you see how your profile appears to friends, friends of friends, and complete strangers (“everyone”). Start at the everyone level and work your way up to friends, asking yourself at each step whether you’re comfortable with the level of information you’re putting out there.
Taking Control of Your Online Identity
You can’t go online, or use any digital device, and expect to remain completely safe or anonymous. The same is true of life in general, so don’t panic: Identity thieves (and scammers of all kinds) are usually looking for low-hanging fruit, so taking even the most basic precautions to protect your online identity will sharply reduce the likelihood of running into trouble.
- Closing out as many old, unused accounts as you can find
- Unsubscribing from unwanted mailing lists
- Using the app settings in Android and iOS to limit the information that apps can collect
- Using antivirus and anti-malware apps
- Tightening the privacy settings on your social-media accounts
- Auditing your followers periodically and removing any of the ones you don’t really know or interact with (unless you’re an influencer, of course)
- Checking your email addresses, phone numbers and passwords on a site like Have I Been Pwned to see if they’ve been compromised in known breaches
- Setting newer, better passwords and not reusing them between sites (passwords managers make this a lot easier)
- Using other forms of authentication whenever possible, like your phone’s fingerprint reader or face recognition, instead of a texted code or challenge questions like your mom’s maiden name
- Clicking those cookie-policy pop-ups and declining as many cookies as you can
- Using disposable email addresses when you sign up at random sites
- Knowing the telltale signs of identity theft, and being alert for them
No one of these steps in itself is a silver bullet that will keep your information and identity from being stolen, but their cumulative effect is substantial. It’s the proverbial “ounce of prevention.”
Using Identity Protection (and More)
If you have a suspicion your identity may have been compromised, or if you’re simply aware of the havoc identity theft can cause and want no part of it, you can take your online safety to a higher level with a few additional, proactive steps.
Taking advantage of Spokeo’s Identity Protection service, Spokeo Protect is one of them. Your personal information — like any other illicit commodity — is bought and sold by criminals in the shady corners of the internet’s so-called Dark Web. Spokeo actively monitors those criminal marketplaces, and if your information should be offered up for sale, we’ll let you know. That gives you the heads-up you’ll need to (hopefully) protect yourself before criminals can actively exploit it.
With or without that heads-up (but definitely if you know your information has been compromised), you can take other steps to make life more difficult for identity thieves. For example, you can place a credit freeze or credit lock on your accounts at the big credit-reporting agencies. Potential creditors won’t be able to pull a file under your name, and therefore usually won’t open a new account. If you’re especially cautious you can place a fraud alert, which means new credit won’t be issued without contacting you for verification.
Live Life Your Way
Ultimately the online part of your life isn’t that much different from the real-world part: It has some risks, but they’re manageable. You take the precautions you need to take, and then you get on with actually living it. Helping you do that is a central part of Spokeo’s mission.
- Smithsonian Institute: Extreme Jellyfish
- Open Web Application Security Project (OWASP): Credential Stuffing
- Tech Crunch: Researchers Spotlight the Lie of Anonymous Data
- Ars Technica: Catholic Priest Quits After “Anonymized” Data Revealed Alleged Use of Grindr
- Vice/Motherboard: Inside the Industry That Unmasks People at Scale
- Have I Been Pwned?: Email/Phone Search
- Google Play Help: Control Your App Permissions on Android 6.0 and Up
- Apple Support: Control Access to Information in Apps on iPhone
- US Federal Trade Commission: What to Know About Credit Freezes and Fraud Alerts