For Sale To The Highest Bidder: Your Identity

by Ron Haynes

Your identity is one of your most valuable personal assets. It defines who you are. It can save you big money when applying for loans (if you protect it), or it can cost you big bucks when an unauthorized person uses it. I ran across an article from the New York Times on identity thieves buying complete identities… names, Social Security numbers, addresses, dates of birth, functioning credit card numbers and more for as little as two dollars. Two bucks and your life could be thrown into turmoil. The information is being sold through online auctions and the bounty is credit card numbers, bank account numbers and other personal information. According to the article, the number of these auctions have increased exponentially in the past two years. This increase in identity auctions has allowed identity thieves to buy personal information in bulk, almost like buying cereal at Sam’s or Costco, except your identity is cheaper than a box of cereal.

The worst part is that most people don’t even know these types of online auctions exist. I know I didn’t. But by understanding how these auctions work and how your personal information could be obtained, you can take steps to protect against identity thieves getting credit in your name. What costs a thief two dollars for your identity could cost you thousands of dollars to get corrected, not to mention sleepless nights and constant worry.

According to the FBI and the National White Collar Crime Center, 2007 saw Americans report losses of $239 million as a result of online fraud, with average losses running around $2,530. As identity thieves learn new tactics, some have even recruited computer hackers to defraud consumers of personal information, such as credit or debit cards, Social Security numbers, etc. The stolen data is then sold through instant-message groups or online forums that last only hours or days, to avoid being tracked by authorities.

These evolving identity theft techniques mean that your identity could be vulnerable at any time, not just if you forget to shred your credit card statement or f you’ve had your wallet stolen. Be sure to take necessary precautions when shopping or banking online to make sure that sites requiring personal information are legitimate and secure.

1. Don’t fall for a phishing e-mail.

Phishing occurs when an identity thief uses e-mail or phone calls to pose as a trustworthy organization to coax sensitive information from victims. According to information from The Better Business Bureau, 3.6 million U.S. adults lost money in phishing attacks in the 12 months ending in August 2007, as compared with the 2.3 million who did so the year before. How much in total? Try $3.2 billion…yes with a “B.”

Phishing e-mails can look like the real thing with the official logos of banks, government agencies, or credit card companies. The e-mails usually include links that direct you to a Web site designed to install viruses and malware or trick you into entering your bank account or Social Security numbers.

If you get an email asking you to submit some sensitive information, first call the organization to confirm whether or not the e-mail is legitimate. Banks, brokerage firms,the IRS and other government agencies generally do not use e-mail to contact consumers about any issues or problems that require action on the part of the recipient, so e-mails appearing to be from these sources should be verified and then deleted immediately.

2. Create strong passwords and protect them.

If you regularly change your passwords, you become a moving target for identity thieves. They don’t like moving targets, they’re too hard to hit, so they will move on to an easier mark. Get in the habit of regularly changing your passwords to make it much more difficult for ID thieves to steal your personal information. Bear in mind, however, that some passwords are stronger than others. A good, secure password will have a unique combination of numbers, capitalized letters and even symbols (kT9b4#A2 for example). Never, ever use sensitive information for a password such as your Social Security number, mother’s maiden name or birthday. That can be just too easy.

3. Be safe and secure when on the go.

If you’re using someone elses computer, or a public computer of any kind, avoid entering any of your personal information. Internet cafes, airport kiosks, public computers, or those at the library could have been hacked to store and transmit your sensitive information. Thieves will install “keystroke loggers” that remember every key your press, including the website your visit as well as your screen names and passwords.

Also, beware of Wi-Fi networks since these present even more opportunities for ID thieves. The easiest way to protect a Wi-Fi network at home is to not broadcast the signal without requiring a password. A safe rule of thumb is to avoid exchanging sensitive information through the Internet when using a public Wi-Fi connection and to simply wait until a trusted network can be used.

4. Guard personal computers with anti-virus, anti-spyware, and firewall protection.

Opinions vary, but in as little as 4 minutes, a virus or malware can infect an unprotected personal computer so always have good anti-virus software, as well as anti-spyware and firewall protection. Consumers can purchase protective software, but there are also a number of reputable, free programs available for download online. Many operating systems already provide firewall protection so users should always make sure this protection is enabled.

After getting your security software, keep the programs updated! Operating systems may require patches and other additional updates that computer users need to install in order to maintain good security.

5. Only transfer information over a secure server.

Never give out any personal sensitive information unless it’s on a secure server. On a secure server, the information is encrypted as it is being transmitted to prevent other parties from being able to read it if they manage to intercept it.

How do you know you’re on a secure server? An unsecured URL will look like this: A secure server will have an “S” either in front of or following the “http”, and it will look like this: or s

Identity theft is a pain in the neck. Believe me, I know about it firsthand. But I have learned some powerful lessons and have taken additional steps to prevent it in the future.

Get Equifax Credit Watch

You can recover, but it’s an arduous process and it wears you out. I now have my credit monitored on a regular basis by Equifax. There’s nothing like the peace of mind that comes from knowing someone is watching out for you.

What others are saying:

6 digitally traceable tracks we unconsciously leave behind @ Marc and Angel Hack Life
Living it up. Young Philly couple charged with identity theft @ Consumerism Commentary
How to detect and avoid IRS tax scams and identity theft @ Cash Money Life
What if someone you know steals your identity? @ Get Rich Slowly
Protecting yourself against identity theft @ Moolanomy
Fraud, crime, and other things gone awry @ The Digerati Life

[tags]identity, personal, secure, thieves, credit, numbers, online, security, auctions, computer, email, passwords, protect, protection, server, theft[/tags]

About the author

Ron Haynes has written 1000 articles on The Wisdom Journal.

The founder and editor of The Wisdom Journal in 2007, Ron has worked in banking, distribution, retail, and upper management for companies ranging in size from small startups to multi-billion dollar corporations. He graduated Suma Cum Laude from a top MBA program and currently is a Human Resources and Management consultant, helping companies know how employees will behave in varying situations and what motivates them to action, assisting firms in identifying top talent, and coaching managers and employees on how to better communicate and make the workplace MUCH more enjoyable. If you'd like help in these areas, contact Ron using the contact form at the top of this page or at 870-761-7881.

If you enjoyed what you just read and would like to get FREE email updates with the freshest articles from The Wisdom Journal delivered right to your inbox, subscribe today! It's ridiculously easy and you can unsubscribe at any time. Since your email address is never sold or abused, you can subscribe with confidence, PLUS you'll get free reports/guides/eBooks, subscriber only benefits, and other perks.


Marc and Angel Hack Life

Identity theft is insane. My cousin left his wallet in a hotel room in D.C. last year while he worked out in the hotel gym. Two weeks later he had people new opening new lines of credit in his name. More people need to protect themselves. These days our identities are being used and tracked with every move we make. I actually wrote a bit more about this here:


#Marc and Angel Hack Life→

Hey, thanks for mentioning that link. I included it in the post!

Jeff@My Super-Charged Life

Identity theft is scary! I had no idea it was so cheap and easy to buy another person’s identity.

One thing to check is whether your home owner’s insurance includes any personal identity theft coverage. I know mine does. It is usually inexpensive to add. Of course, this mostly helps after the fact, but if you’ve taken all the preventative measures you suggest and still get hijacked, then it might help ease the pain.


#Jeff@My Super-Charged Life→
I need to check into that. I have my credit monitored and pay $10/month for it. It does include my credit report any time I want it as well as some ID theft insurance, but it might be a good idea to check on my homeowners policy.


One thing to consider when using public computers is Disposable Logins (aka One Time Passwords) so as to avoid keyloggers.

I write for Passpack which is an online password manager and here is a blogpost on Disposable Logins:

Hope it helps!



Hmm. Very interesting. I’m going to check into this as well. Thanks for dropping by and cluing me in!

Richard @ StudentScrooge

All excellent tips with regards to protecting yourself on the internet. Its been a fear of mine for a while now that my mother, who is not that computer literate, would fall for one of these phising emails, and so I’ve been doing my best to educate her over the past several years. It can be a difficult thing to explain, and even more difficult to protect against, but luckily the software has gotten better.

While it is very important to protect yourself against internet phising scams, but don’t forget to be on the look-out for more old-fashion means. Ironically, I actually posted on my blog yesterday about my experience with a phone scam:

Online Security

Thanks for the great tips! Your Authority for Online Security for the Next 5 Years and Beyond.

Julie Wok

I downloaded ICONIX a year ago and it has let me know which emails is “real” and “fake”. Some companies have “hidden” logos which are turned on via ICONIX so once you see the logo, you know it came from that company. Paypal and Ebay have these logos with them.

This has been a lifesaver!


No problem. Hope it helps!

Candace C. Davenport

I am so glad that more and more people are posting about identity theft. I just finished a little book about identity theft which is being published right now. While our information is already out there so there is really no way to totally prevent IDT, but at least with education, there are ways to protect ourselves as much as possible.

Previous post:

Next post: