Earlier we already told you what identity theft is, how and why they steal it, what measures to take to protect against leak of personal data. In this article I will tell you how to check whether your data have already flowed into the hands of intruders.
I want to note right away: I don’t know the guaranteed methods of verification that can give an exact answer about the presence or absence of your personal data from ill-wishers. All the proposed tools have limited capabilities, but it often happens that such a test can reveal a leak.
This is one of those chapters which I recommend to read through to all the readers of the course, regardless of the tasks that prompted them to explore this site. I suggest starting this chapter with a little test.
Checking accounts for leaks
One can check the availability of their accounts being leaked in publicly known bases to the network at this link. Data leakage is not always accompanied by identity theft, for example, access to e-mail may not be enough to identity theft if there is no information.
Even theft of a social network account, if there is no genuine information, should not be considered as an identity theft. However, your accounts can be used for unlawful purposes, which we described in this chapter, and this can lead to the worse consequences than identity theft.
Advice
Check your accounts for leaksLeak monitoring
Much personal data is in the hands of hackers, special services, and even generally freely available due to leaks from sites. You need to be aware of news about leaks, and if your personal data was on the compromised site, at least you would be aware that now this data might be in the hands of bad guys.
We explain in detail how to monitor leaks in a chapter on data leaks. Of course, this method does not guarantee anything, since the leak may not be recognized or the news will not appear on the proposed sites. Sometimes leaks become known too late, as in the case with Yahoo users who only found out a few years later that all email inboxes were compromised (except for compromising, it became known that the US special services had access to the mail and analyzed letters for the presence of beacon words).
Advice
Stay informed about data breaches news and hacking sites.Search by pictures
Check your photos that you posted publicly for use on third-party resources or in social networking accounts. We tell in detail how to do this in the chapter “What can be figured out from a photo”.
Advice
Check if your public photos are not used by third parties.Search by full name
This tip works only if you have a rare first and last name. Many services allow indexing of user accounts, and you will immediately find out if there is someone registered using your data, but again in the case of a rare combination of first and last names.
Advice
Search for identity theft by first and last name.Appeal to sellers of stolen data
In the Russian part of the Internet, they can be found through a search, for example, on the request “buy photocopies of a passport”, “buy photo of documents”, you can also find them in Darknet. From communication with such sellers, I realized that many documents are sorted, and they can make a fairly accurate selection up to the date of birth. This is what we use for verification.
You choose a certain amount of information about yourself, for example: “woman, 1987, registration in Rostov, birthday in July, traditional unremarkable full name”. Next, you write to the sellers that you will pay a lot for the copies of documents of the user with similar data. Offer a really good amount so that they have the motivation to search well.
If the seller reports the availability of a matching set or sets, ask for a proof before paying. For example, copies of documents in poor quality, with painted data over and other means of protection, as you will recognize a copy of your document anyway.
These are all methods known to us at the moment. In the next chapter, we will explain what to do in case of detection of theft of your identity.