You may think that scammers must be great hackers to get their hands on your information. And while it’s true in some cases, most of the time, you unknowingly give that information away yourself. There are many ways to become a target of these fraudsters — but there are also easy steps you can take to protect yourself from their scammy grips. Let’s take a closer look into the hows, whats, and whys.
Table of contents
Common methods scammers use to steal your information
There are plenty of methods that scammers use to obtain your personal information. Some of them, like social engineering, exploit human psychology, while others include sleuthing on social media or downright hacking. Here are the most common ways your info can get stolen:
Phishing attacks
In phishing attacks, bad actors use fake but legitimate-looking emails, texts, websites, and even phone calls. By pretending to be a trusted entity, they trick you into revealing sensitive information, such as login credentials, credit card numbers, bank account information, etc.
Phishing is relatively easy and effective — you willingly give out your personal information to the criminal — and is the most popular scam method. According to the FBI’s Internet Crime Report of 2023, phishing was by far the most popular internet crime, with almost 300,000 complaints received by the IC3 (Internet Crime Complaint Center).
Social engineering
Social engineering encompasses a broad range of psychological manipulation tactics. They are used in malicious attempts to trick people into giving away private information, sensitive details, access (answers to security questions), money, or other valuable things.
Besides phishing scams, social engineering includes methods like pretexting, baiting, quid pro quo, impersonation, watering hole attacks, scareware, romance scams, and many more. What they all have in common is the psychological rather than technical nature of the scam, exploiting human emotions, trust, and behavior.
Data breaches and hacking
Another way scammers obtain large amounts of personal information is through hacking and data breaches — either breaking into various companies, financial institutions, or online services databases themselves or using the leaked information online.
During a data breach, scammers gain unauthorized access to sensitive information, such as names, addresses, passwords, SSNs (Social Security Numbers), and credit card numbers. They can then use the stolen data for identity theft, fraudulent purchases, or other criminal activities and even sell it on the dark web for further profit.
Public records and social media
In some countries, like the US, a lot of information is legally accessible to the public. Scammers can get your personal info — such as name, phone number, or address — by combing through public records (voter registrations, property records, business licenses, etc.).
If you’re active on social media, you may not realize and share lots of information yourself that scammers can use to their advantage — contact information, birthdays, family connections, and much more.
Scammers can then piece this information together, which helps them create elaborate, more convincing scams.
SIM swapping
SIM swapping is a type of scam in which bad actors convince phone companies to transfer someone’s phone number to the scammers’ SIM card. They do so by impersonating the victim and providing the personal information they obtained via social engineering or data breaches.
If they succeed and gain control of your phone number, scammers could intercept calls and text messages, including 2FA (Two-Factor Authentication) codes, allowing them to access your social media, email, and banking accounts.
How do scammers get specific information?
Scammers steal all kinds of information and use many different tactics to obtain specific information. Let’s see what you should look out for to avoid revealing personal info to fraudsters.
How do scammers get your email address?
There are several ways scammers can get their hands on your email address. For instance, one method is through fake contests. If you enter any online contests that require your email address, some of them may actually be fictitious and created only to get your info.
Scammers can also obtain your email address if it was leaked during a data breach of some services you use. They also sometimes use automated scraping tools to look through your social media accounts, which can be linked to your email address, especially if the profiles are public or have weak privacy settings.
How do scammers get your phone number?
Social engineering is probably the most common way scammers get your phone number — they may pretend to be someone legitimate and trick you or someone you know into giving away your phone number.
Scammers can also get phone numbers from public directories, online databases, and certain websites (some of which ask for your phone number for registration and sell this information to third parties).
Like email addresses, phone numbers can even be revealed in data breaches and shared among scammers.
How do scammers get your credit card number?
Scammers attach devices called skimmers to ATMs or point-of-sale terminals, which capture your credit card information during a legitimate transaction.
Another way for scammers to obtain credit card numbers is through breaches. Thousands of credit card numbers can be leaked during a large-scale breach of retail or payment processing companies, making it easy for scammers to obtain them.
Phishing, being the most prominent scam, can also be used to trick you into revealing your credit card information — for instance, on a fake website that looks exactly like the real one.
How do scammers get into your bank account?
In a phishing attack, scammers may text, call, or email you pretending to be your bank, tricking you into revealing your bank account login credentials.
Also, if some of your passwords were breached elsewhere, but you use the same ones for multiple accounts (including banking), scammers may attempt something called credential stuffing and gain access to your bank account with the leaked credentials.
Another way scammers can access your bank account is by injecting your devices with malware that records keystrokes or takes screenshots, allowing them to secretly steal your banking information.
What do scammers do with your information?
Scammers can use your stolen information in many malicious ways that could affect your life’s personal and financial aspects. Here are some of them:
Identity theft
One of the most damaging ways scammers can use your stolen information is identity theft by opening accounts, applying for credit, or even filing taxes in your name. This could seriously damage your credit, cause legal problems, and complicate your personal and financial lives.
Financial fraud
Another harmful way scammers use stolen information is financial fraud. They can use your personal information to commit financial crimes such as applying for loans, withdrawing money, and making unauthorized purchases. This could leave you with drained bank accounts, overwhelming debt, and other financial difficulties.
Account takeovers
By using stolen credentials, scammers can take control of your online accounts, including social media, email, and bank accounts. Often locking the owner out of these accounts, fraudsters can steal money, make unauthorized transactions, and use the accounts to commit other scams.
Creating synthetic identities
Scammers can invent new identities by combining real and falsified information, such as a stolen SSN with a made-up name. These fake personas are used to create credit profiles, get loans, and commit long-term, sometimes unnoticeable fraud.
How to protect your information from scammers
Falling victim to online scammers can be terrifying. The good news is you can protect your online presence in many easy ways. To keep your information safe, you should:
Avoid engaging in suspicious communications
You should always be mindful of what and who you interact with online. It is crucial that you don’t respond to spam emails, messages, or calls. You should also avoid downloading attachments and apps from unknown sources and clicking on suspicious links, as these could infect your devices with malware or lead to phishing scams.
Use secure email services
Use email services that have strong spam filters and provide end-to-end encryption. Look for advanced authentication procedures and other security features, like suspicious login alerts. Using a security-focused email can protect your inbox from unauthorized access, as well as detect and notify you about phishing attempts.
Utilize email aliases
An email alias can help you keep your main email safe. Having a separate email address for various online activities (shopping, entering contests, registering for services, etc.) reduces the risk of your primary email ending up in a data breach or being targeted by scammers.
To further protect your personal information, you can take this alias concept up a notch and create a complete alternative persona. For instance, with Surfshark’s Alternative ID, you get a fictitious name, surname, birth date, home address, and email address, allowing you to keep your identity protected from scammers and other online threats.
Adopt strong passwords and enable 2FA
Using strong and unique passwords is essential for your accounts’ security. Strong passwords can protect you from brute force attacks, whereas having a unique password for each account is essential in case of a data breach. Worried that you might forget all your passwords? Use a password manager — it will help you keep track of all your passwords safely.
To add an extra layer of protection to your online accounts, enable 2FA. A second verification via a text message or authenticator app will make it much harder for cybercriminals to access your accounts.
Install antivirus software
Having up-to-date antivirus software on your devices is vital for detecting and stopping malware, which fraudsters frequently use to steal sensitive data. Look for a top-quality service that performs regular scans and offers real-time protection features — like Surfshark Antivirus — to keep you protected from countless internet threats.
Keep your software and devices updated
Regularly updating your operating systems and applications ensures that any security flaws are fixed, keeping your devices safe from new threats. These updates usually include bug fixes as well as significant security improvements that eliminate vulnerabilities scammers and other threat actors could exploit.
Perform regular data backups
Backing up your data on a regular basis protects important files and reduces the risk of data loss. If you regularly back up your data using secure cloud services or encrypted drives, you can easily recover it in the event malware or ransomware compromises your information.
Use a reliable VPN
A trustworthy VPN service can significantly improve your online security by encrypting your internet traffic and masking your IP address. Scammers may exploit public networks’ vulnerabilities, so using a VPN is especially important if you want to stay protected from the dangers of public Wi-Fi.
A VPN connection prevents malicious actors from intercepting and gaining access to your personal information, so make sure you use a reliable service like Surfshark VPN — our top-tier VPN service and cybersecurity suite.
Be cautious with personal information sharing
One of the most effective security measures you can take is limiting the information you share online. Don’t share your personal information on social media, and be very cautious when filling out surveys or forms that ask for sensitive information.
Remember that every bit of information you share online can be used against you in phishing scams or for identity theft, so try to maintain your privacy as much as possible.
Secure physical documents
Scammers can also obtain your personal information in physical form. So, make sure to store important documents securely, for example, in a locked drawer or a safe, and lock your mailbox, if possible, to prevent unauthorized access. If your mailbox doesn’t lock up, consider getting one that does.
Use alternative telephone numbers
Just like an email alias, an alternative phone number can help you maintain your privacy and avoid scams, as you can frequently change it. If you’re a Surfshark user, you can get our Alternative Number add-on and receive a virtual phone number. You can then use it for surveys, promos, and online services to protect your primary phone number from scammers.
Set up data leak alert services
Data leak monitoring tools like Surfshark Alert allow you to react immediately if your information ends up online after a data leak incident. These services promptly notify you when your data is leaked so that you can take appropriate action, like changing your passwords, and minimize the damage.
What to do if a scammer has your information
If you suspect that a scammer got hold of your personal information, it’s essential to take immediate action and prevent further harm.
Immediate actions to take
- Freeze your credit. Contact major credit bureaus to freeze your credit, as this will prevent scammers from opening new accounts under your name;
- Contact authorities. Report the crime to your local police and Federal Trade Commission (FTC), and inform your bank or credit card issuer to stop any unauthorized transactions;
- Change passwords. Update the passwords on all compromised accounts, giving priority to the ones linked to financial information, and enable 2FA;
- Check for unauthorized activity. Analyze credit card and bank statements, phone bills, and online accounts to see if there are any unauthorized activities.
Long-term strategies
- Monitor accounts regularly. Make checking your credit reports and other financial accounts for unusual activity a habit and, If available, turn on transaction notifications;
- Secure personal information. Have strong, unique passwords for all of your accounts and update them regularly. Use a password manager and enable 2FA where possible;
- Review privacy settings. Modify privacy settings and limit the visibility of your personal details on social media accounts and other online platforms;
- Stay informed. Keep updated on best security practices and scam trends. Follow security advice from reliable sources such as cybersec experts and gov websites;
- Use cybersecurity tools. Install security software on your devices and make use of the tools to protect your data from further attacks.
Bottom line: keep your personal details private
There are many ways scammers can get your information, but there are also plenty of ways you can prevent that from happening. First of all, be very mindful of what information you willingly share online, and then use cybersecurity tools, such as a VPN, Antivirus, Alternative ID, and data leak monitor — all of which you can get with a Surfshark One subscription.
FAQ
How much information does a scammer need to steal your identity?
Scammers don’t need much information to steal your identity. Usually, a full name, date of birth, and SSN (Social Security Number) are enough to apply for loans, open new accounts, or access existing ones.
Should I be worried if a scammer has my phone number?
Yes, you should be concerned if a scammer has your phone number, as they can use it for phishing attacks, bombard you with spam calls or messages, ask you to send money, and even use it to hack into your accounts.
How do scammers get your contact information?
More often than not, you share that information yourself by falling victim to social engineering attacks. Scammers may also exploit public records or get your contact info from data brokers. Sometimes, your contact information gets leaked during data breaches, which then can be shared among fraudsters on the dark web.
What can scammers do with your SSN?
Scammers can use your Social Security number in identity frauds, such as opening credit accounts, requesting loans, filing false tax returns, accessing government benefits, or creating synthetic identities.
What information does a scammer need to access my bank account?
To access your bank account, a scammer usually needs your bank account number and credentials (username and password). They might also need your SSN or date of birth to bypass security questions or 2FA.
