Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

How Dumb Can You Be? Here Are 10 of the Dumbest Ways of Making Your ID “Easy Pickin’s” for Cybercriminals.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Because reading our blogs is a clear indication of your high intelligence, this piece is not for you. However, you might want to pass it along to somebody you know who may not quite “measure up,” but who could definitely use this information. In any case, please don’t tell them why you decided to send it.

Personal finance editor and writer Kathryn Tuggle checked with a number of experts to discover ways people put themselves at risk of having their identities stolen. In her story on, she identifies the top ten dumbest ways. (The following has been edited to fit our format.)

1. Using the same password for everything

If you’re using the same password for everything, you’re setting yourself up for disaster, says Bill Carey, vice president of marketing for Siber Systems, creators of password management tool RoboForm. “You have to use a unique password for every website you log into. If you think about all the stuff that has gone on lately with hacking attacks at major companies, it seems inevitable that one of the companies you do business with is eventually going to get hacked,” he explains. Unfortunately, if you use the same password for every site, once hackers get one of your passwords, they’ve got them all.

2. Giving out personal information over the phone

“A lot of people have this thing where when someone calls them on the phone and represents to them that they are an official with the government or a credit card company or a broker’s firm, they believe it’s real,” says Adam Levin, chairman and co-founder of The truth is, the IRS, your bank or any other official organization is never going to call you and ask for your Social Security number, Levin says. Your bank might call to alert you to suspicious activity on your credit card, but they will never ask you to confirm such sensitive personal information.

“If you get a call like this, hang up the phone and find the official number of the organization. Then you make the call to them,” Levin says.

3. Not using a password on your smartphone

“Your smartphone isn’t just a phone anymore. It’s a personal computer, and if it’s not password protected people can gain access to your email, your bank account, everything,” Carey says.

If you lose your device and you’re still logged in to apps such as PayPal or eBay, you could be in for a world of trouble.

“The more people know about you, the more likely they can hack in and steal your identity on other sites,” he says.

4. Logging into financial accounts from an Internet cafe or unsecured connection

Internet cafes are great for browsing the Web and may be fine for doing less sensitive things such as printing tickets or boarding passes, but they’re not secure enough for managing your stock portfolio or savings account, Carey says.

“You can check email, Facebook or sports scores, but you don’t want to leave yourself open to someone picking off your banking passwords,” Carey says. “Internet cafes are super convenient, but you don’t want to be doing any sensitive financial transacting.”

5. Not having a private profile on social media

“It still surprises me the number of people who don’t keep their profiles private,” says Stacey Vogler, managing director of, a company that insures smartphones, laptops and other communication devices. When you have your birth date, your phone number or your address on your profile, it’s an invitation for hackers to come in and use it in a malicious way, she says.

“It’s an entry into your life and who you are,” she says. “It would be easy to figure things out after following a few posts from you on a non-private profile.”

6. Following a phishing email — even if you’re “just curious”

If you get an email letting you know you’ve won $1 million for a contest you never entered, you shouldn’t follow the link or provide any information. Many people know emails like this are a scam, but they still follow along for a bit. This is a huge mistake. “Some people are curious, so they start a correspondence with the person to see if there’s something there or to see what kind of a scam it is,” Vogler says. “Unfortunately, any entry into who you are or where you live opens the door. It suddenly becomes really easy for them to hack into your life.”

7. Failing to monitor your bank statements and credit card statements

It’s surprising the amount of people who don’t monitor their credit card statements or banking statements to check for fraudulent activity, Vogler says. If you keep an eye on your statements, you can catch fraud early on.

“Check all your transactions to make sure they’re ones you have made. The dates and times, the merchants should all be ones you’re familiar with,” she says. “Look for anything that doesn’t seem typical to your normal behavior and notify your bank or credit card company immediately if something doesn’t check out.”

8. Carrying your Social Security card or Medicare card in your purse or wallet

“You don’t need to do it. It’s unnecessary,” Levin says. “You’re totally exposed.”

The elderly are already prime targets for identity thieves, and since your Medicare ID is your Social Security number, you’re leaving yourself at risk by carrying either.

“You never want to have something in your purse or wallet that has your Social Security number on it,” he says. “If you need to present it to a doctor or other agency one day, then carry it to the appointment and go straight home. Don’t leave it in your wallet for weeks or months on end.”

9. Putting too much information on social media

“Don’t take a selfie with your address in the background,” Levin says.

It may sound ridiculous, but some people will take a picture of their first drivers’ license that displays their full name and address. Others might take a photo of their final credit card statement announcing that they’ve just paid off their bills — unintentionally displaying their account number and other personal details.

“You don’t take a picture saying, ‘Look at my incredibly valuable new car in my front yard,’ and show everyone your address,” Levin says. “Your Facebook friends are not all looking out for you. Identity theft and property theft occurs even with family and friends. Why open yourself up to pain?”

10. Storing confidential info on your smartphone

Don’t keep passwords, PINs or your Social Security number stored on your smartphone — even in your email account. In other words, don’t save an email called “Passwords” or “Social.” This applies to your personal information as well as the personal information of your children or family members. “There are people out there with all good intentions who are helping their children or parents deal with a financial issue, so they store all this personal information on their phone so they’ll have it handy,” Levin says. “Your phone is a communication device — not a storage device.”

By ThreatMetrix Posted