How Does Identity Theft Work?

Michael Gargiulo - CEO,

By: Michael Gargiulo, CEO at

Updated: 3:36 PM ET Wed, September 15th 2021


It’s everyone’s worst fear: you wake up one day, make your morning coffee, and sit down to check your finances online. To your shock and surprise, instead of seeing a number tagged onto the end of a dollar sign that you expect, instead all that’s floating on your screen is a big, fat zero.

“But I just got paid!” you exclaim in a panic. “Where did it all go?!”.

If this has happened to you, welcome to the club of millions of others who had their identity – and often all of their money – stolen in 2019. But what exactly is identity theft, and how do the worst denizens of the web go about pulling it off?

Read on in’s guide to find out everything you need to know about identity theft, as well as the most effective methods you can use to protect yourself against it happening to you.

Identity Theft By The Numbers

According to statistics recorded by the Federal Trade Commission, in 2016 nearly 15.4 million individuals in the United States reported some form of identity theft had occurred on their accounts, up from 13.1 million only one year before. This staggering number of attacks resulted in nearly $16 billion in lost funds. This represents a 50% increase in identity attacks in just ten years.

These funds can be extracted from a victim’s account in a number of inventive ways, whether it’s directly pulling cash out of the ATM or filing to have a tax return check shipped to a fraudulent address. As the protection and insurance agencies have begun honing in on the methods that cybercriminals are using to get themselves paid with stolen identities, those actors have begun employing a whole new range of tactics which make it next to impossible to track where the money goes after it’s been stolen.

How Do Hackers Get A Hold Of Your Identity?

There are a number of different techniques that a cybercriminal can use to get a hold of someone’s identity. One of the most common in 2016 was by rifling through the contents of major data breaches, like those discovered at the IRS and the now-infamous Equifax breach.

The problem there however is that for as many hackers that are out there trolling the pages of social security numbers lost in a big breach, there are just as many who prefer to work on the individual level. This means scouting out popular WiFi hotspots for potential victims using tools that allow them to pluck your personal data straight out of the air while it’s in transit.

The first tool works through a process known as “packet sniffing”. Hackers use packet sniffers to intercept communications between a user’s laptop, phone, or tablet and the router they think they’re connecting to unimpeded. Packet sniffers literally pull the data out of the air as it’s in travel, and the best ones in the business can rapidly decrypt the data stream to snag credit card numbers, social security numbers, or sensitive identifying information about their target.

The next technique works through phishing links sent to a potential victim’s email account. These links appear to be from legitimate financial institutions or even websites like PayPal, and will ask the target to enter sensitive details on a fake site which is secretly sending all those vital numbers back to the hacker in question.

Finally, there’s good old fashioned keylogger viruses. These trojans are downloaded through any number of different methods (fake files on download sites, phishing links, etc), and will simply sit on a user’s device and wait to strike until the moment is just right. Once a user enters in their social security number or an identifying bit of data, the keylogger will ping the hacker with that data. After the hacker has this, it’s free reign and they can go about the process of opening accounts in your name, draining the accounts that already exist, or even seeking medical care under your name and sticking you with the resulting bill.

What’s The Best Way To Protect Yourself From Identity Theft?

With a VPN, of course! Many of the top VPNs we’ve recommended on this site will come with a series of protection methods that can prevent exactly these types of attacks from happening in the first place.

See, when you connect to the internet through a VPN, you protect all your communications behind a wall of 256-bit AES encryption. This encryption effectively stops packet sniffers in their tracks, because once your data is travelling through a tunnel it can no longer be simply decrypted by those programs.

Furthermore, the best VPNs these days also come with a number of detection techniques which can spot phishing links before you even have the chance to open them. Not only that, but if a hacker depends on an unencrypted channel between their machine and yours when they’ve deployed a keylogger, as long as you connect to the VPN before you type in any information, the new route will prevent their system from being able to pick it up!

If you want to find the best VPN which offers the most features designed to protect the identities of you or any family members in the house, go ahead and check out the table above for a full list of the VPN providers that offer these features and more!

en_USEnglish Protection Status