Can Someone Steal Your Identity With Just Your Name and Address?
When Travis Palmer’s mail suddenly stopped arriving, he was confused. But when he failed to receive important medicine that he knew was shipped to him, he started to panic [*].
It turns out that Travis was the victim of a change-of-address scam. With just his name and address, scammers were able to reroute all of Travis’ mail to an address that they controlled — which included his medicine as well as letters potentially containing his Social Security number (SSN), credit card numbers, and bank account statements.
Travis’ case illustrates just how easy it is for scammers to steal your most sensitive personal info — even if all they have is your name and address.
According to the latest data from the Federal Trade Commission (FTC) [*]:
Americans lost nearly $9 billion to identity theft and fraud in 2022 alone.
If you’re worried that scammers have your contact information, you need to act quickly.
In this guide, we’ll explain what personally identifiable information (PII) scammers need to steal your identity, what they can do with just your name, address, and phone number, and how to protect yourself from identity theft.
What Information Do Scammers Need To Steal Your Identity?
Identity theft occurs when scammers use someone’s PII or financial information to commit fraud. Most forms of identity theft require access to sensitive information that isn’t available to the public – like your SSN, medical records, or financial account credentials.
But even your basic information can put you at risk of certain types of ID theft.
Here are some of the basic details about you that fraudsters can use to steal your identity:
- Full name. A simple Google search of your name can give scammers access to your social media accounts, email address, home address, and more. From here, they could target you with phishing messages or social engineering attacks that trick you into giving up more personal information.
- Home address. Someone who knows your address may be able to access your mail or even change your mailing address. This can yield a wide variety of personal information about you, including medical data and financial records.
- Phone number. Scammers can use your phone number to send you malicious phishing messages over SMS or target you with phone scams.
- Email address. Most online services rely on users’ emails for password resets and technical support. If scammers know your email address, they can spoof these messages and trick you into giving up data that they can use to take over your accounts.
- Workplace or professional role. Scammers who know where you work may trick you by impersonating your co-workers or superiors. This information can help them craft a convincing message that you won’t suspect is actually fake.
- Social Security number. If scammers know your SSN, they can open new accounts in your name and even apply for loans. Keeping your SSN private is one of the most important steps to preventing fraud and identity theft.
- Bank account number. Scammers can use your bank account number to create and use fraudulent checks, conduct tax fraud, and even withdraw money directly from your account. Most financial institutions require additional verification before executing withdrawals, but this may not be enough to protect you.
- Medical records. Medical records can contain extremely sensitive information. This is why your medical data is legally protected by regulations like HIPAA. Scammers can use Personal Health Information (PHI) to exploit victims in many different ways, including filling prescriptions in someone else’s name.
The bottom line: The more information scammers have about you, the easier it is for them to steal your identity. Keep your private information secure with Aura’s award-winning identity theft protection solution. Try Aura free for 14 days and see if it’s right for you.
Here’s What Scammers Can Do With Your Name and Address
- Obtain more sensitive information about you online
- Target you with phishing mail or fake offers
- Steal your sensitive mail
- Bypass security questions
- Steal your cell phone number using a SIM swap
- Spoof your identity
- Scan the Dark Web for more information to steal
- Impersonate you when interacting with law enforcement
Your name and address can be used as starting points for identity thieves to track and exploit you online. Here are some of the most common ways someone might target you using this information:
1. Obtain more sensitive information about you online or from data brokers
Scammers are persistent. If they know your name, address, and phone number, they can use this as a launching point to find out more about you online and on public databases. For example, they could research your social media profiles or see if you’re included in popular data broker lists.
Data brokers are businesses that collect and sell personal data to telemarketers and advertising companies. Unfortunately, there’s very little regulation that controls who can access data broker lists.
With just your name:
Fraudsters could potentially collect any information that data brokers have on you. This includes your address, phone number, job, marital status, and more.
You can request individual brokers to remove your data from their lists, but there are hundreds of these companies in the United States alone [*] — so it’s nearly impossible to protect yourself from all of them.
2. Target you with phishing mail or fake offers
Knowing only your name, they may also be able to find your email address and then target you with emails that contain links to phony websites or malware downloads.
With just your name and address:
Scammers can find enough information to target you with phishing emails or direct mail. They may even look through your social media profiles to discover more details about your career or hobbies that they can use to make their scams seem more credible.
3. Steal your sensitive mail with a change-of-address scam
A change-of-address scam is a type of mail fraud in which scam artists divert your mail to an address controlled by them. They do this by making an unauthorized request to change your address currently on file with the postal service. This is the same type of request that you might use when moving or temporarily staying in another city.
The United States Postal Service (USPS) has a secure change-of-address system online. However, you can also submit change-of-address requests by mail. This method comes with far fewer protections, making it a valuable and useful tool for scammers.
With your name and address:
Scammers can submit a change-of-address form to the USPS in your name. Once processed, your mail will be diverted to the new address. This allows fraudsters to access your bank statements, tax documents, and ID renewals, along with any other items sent to you in the mail.
4. Bypass security questions to access your accounts and services
Some digital accounts use security questions as an additional authentication step (such as when you log in to your email account). Common questions include: “What was the name of the street you grew up on?” or “What was your first pet’s name?” For a scam artist who knows your name, address, and phone number, these are surprisingly easy questions to answer.
Whenever possible, enable two-factor authentication (2FA) on your accounts to protect them against hacking.
With your name, address, and phone number:
Public records search engines may provide data about your past addresses, workplaces, and other data. If answers to your security questions are not easily available on social media, resources like these may give scammers the hints they need to break into your accounts.
5. Steal your cell phone number using a SIM swap
SIM swapping is a common scam tactic that allows attackers to take over your phone number. This gives them the ability to bypass two-factor authentication by text message and break into your digital accounts. Once they’ve stolen your phone number, they will receive the 2FA codes needed to log in to your accounts and pose as you.
Telecom service providers are supposed to prove customers’ identities before assigning new SIM cards for them. However, many scammers know how to manipulate Telecom employees into changing cards without fully verifying the customer’s ID first.
With just your name and phone number:
Fraudsters could impersonate you and convince your service provider to assign them a new SIM card in your name. Once they put the new SIM card into their phone, they can start using your phone number instantly. Your name will show up on the caller ID when they make outgoing calls.
6. Spoof your identity to scam friends, family, and strangers
Scammers may not have to steal your identity to scam people in your social circle. They may simply spoof it and use the knowledge they have to convince people they’re you.
For example, someone could use your name and address to create a new profile on a social media platform that you don’t use. To your friends and family members, receiving a connection request from this new account would seem perfectly normal. They might not think twice about getting an urgent request for money from this imposter account.
With just your name:
Anyone can find out what social media platforms you use and create fake profiles using your name and stolen photos. From there, it’s easy to manufacture an emergency and reach out to others for help — in your name.
7. Scan the Dark Web for more information to steal
If your name or address have ever been leaked in a data breach, more information about you may be available on the Dark Web.
Identity thieves can scan entire databases of stolen personal information looking for ways to target you. If your email credentials or other passwords have been leaked, scammers may be able to compromise your digital accounts.
Some Dark Web marketplaces offer forged documents for sale, too. According to the Dark Web Price index, a forged U.S. driver’s license costs around $22 on the Dark Web [*]. This gives scammers the ability to take on your identity without having to learn your Social Security number or other information.
8. Impersonate you when interacting with law enforcement
Criminal identity theft occurs when someone commits a crime while pretending to be you. Scammers who know your name and address can create a fake driver’s license containing this information. If the police stop them for a traffic violation, they can avoid fines by passing them on to you.
But criminal identity theft isn’t limited to traffic violations. Virtually any crime can be attributed to you by a scammer with a fake ID. Police may not always scan the ID to check its authenticity. They may simply file their report using the name and address that they’re given.
If this happens, you may not know about it until you receive fines, court summonses, or other unexpected legal documents in the mail. However, if you’re subscribed to an identity theft protection service, you can receive an early warning when your name appears in public court records.
⛳️ Related: How To Find Out If Your Information Is on the Dark Web →
How To Tell If Someone Has Stolen Your Identity
Many people only learn about identity theft when it’s too late. It’s hard to tell when fraudsters are gathering information about you, but it becomes obvious when they use that information to scam you or break into your accounts.
However, if you’re prepared to address the threat of identity theft, you may notice suspicious activities before any real damage is done. Here are some of the most important warning signs to look out for:
- You lost your ID. If you lose your passport or driver’s license, you should consider these IDs — and any information contained on them — compromised.
- You can’t sign in to certain accounts. If someone changed your password to an online account, you may be at risk of identity theft. It doesn’t have to be an important account, either – scammers may start small and collect data from more vulnerable accounts.
- Online accounts look different when you log in. If scammers successfully log in to your accounts, they may leave a trail. It could be something as obvious as a completely new dashboard, or something small like search history entries that you don’t recognize.
- Suspicious login attempts or 2FA codes on social media or other accounts. Most online services warn users when hackers try to compromise their accounts. You may see attempted logins from unusual places, or on devices you don’t own.
- You receive emails alerting you about a data breach. If your personal data was released in a data breach, you can expect cybercriminals to try accessing your accounts. You should change all of your passwords immediately, and pay close attention to any unusual activities.
- Unfamiliar letters and packages arriving at your home. Identity thieves don’t have to change your address to steal your identity. They may apply for new accounts, take out loans, or conduct crimes in your name — and let the authorities send the evidence directly to you to deal with the consequences.
- You stop receiving mail at your address. This may indicate that someone changed your address without your knowledge. Scammers can do this without stealing your identity, but it’s only a matter of time before they gain access to more of your personal data.
- Hard inquiries on your credit report. A hard inquiry is made when a business – often a bank or lender – thoroughly verifies your credit worthiness. If your credit report includes hard inquiries that you don’t recognize, this could mean someone is applying for loans under your name.
- A sudden drop in your credit score. If someone opens accounts, applies for loans, or spends credit in your name, it may impact your credit score. If your score suddenly drops, this may indicate someone is trying to conduct these kinds of transactions in your name.
How To Protect Your Private Information From Scammers
Preventing identity theft means protecting your personal information both online and offline. The easier it is for scam artists to learn personal details about your life, the higher your risk. Here are some of the ways you can prevent fraudsters from gaining access to your private data:
- Protect your accounts with strong, unique passwords. Hackers use automated tools to break weak passwords. They also know that most people reuse their passwords. Make sure your passwords are complex and unique for every account that you have.
- Enable two or multi-factor authentication (MFA) whenever possible. A strong password is just the first step toward securing your digital accounts. Safeguard your login credentials with 2FA on every account that offers this important added layer of protection.
- Keep personal information off of social media. Your social media accounts can tell scammers a lot about your social circle and the places you visit. Review your public-facing profiles and remove sensitive information that may interest scammers.
- Remove unnecessary personal data from the internet. Run a quick Google search for your name to see what information is publicly available about you. You can remove your personal information from Google’s search engine and ask individual websites to take your data down.
- Opt out of public data broker services. There are hundreds of data brokerage services in the United States, and their opt-out processes can be complicated. Consider signing up for a digital security provider that automatically removes your information from data broker lists.
- Learn to recognize phishing scams and phone calls. Phishing is one of the tactics scammers use to trick people into giving up sensitive information. Understand what phishing emails and SMS messages look like so that you can safely ignore them.
- Monitor the Dark Web to find out if your information is available. If your information has been leaked in a data breach, hackers may put it up for sale on the Dark Web. Consider subscribing to a Dark Web monitoring service to find out when your personal data is at risk.
- Use Safe Browsing technologies to connect to the internet. Aura’s all-in-one digital security solution includes powerful cybersecurity tools, such as a virtual private network (VPN) to protect you over unsecured or public Wi-Fi networks, antivirus software, a robust password manager, and more to protect you against hackers and malware attacks.
- Avoid carrying more IDs than are strictly necessary. You may need to keep your driver’s license with you whenever you’re outside of the house, but not your Social Security card. The same is true of military IDs, insurance company cards, and professional IDs – if you don’t need them, keep them at home.
- Protect your physical mailbox. Scammers don’t have to change your address to intercept your mail. They might steal sensitive documents right out of your mailbox. Consider upgrading to a postal box with a lock to prevent scammers from accessing your mail.
Even Seemingly Insignificant Information Can Put You at Risk
Identity theft doesn’t always happen overnight. Scammers often start with small leaks that open the door to future exploits. Preventing these leaks is one of the best ways to safeguard yourself against identity theft.
With Aura, you get 24/7 award-winning identity theft protection and credit monitoring that includes the industry’s fastest and most reliable fraud alerts, as well as a one-click Experian credit lock. Aura also protects your devices, network, and data with easy-to-use digital security tools including antivirus software, a VPN, password manager, parental controls, and more.
And if the worst should happen, every adult member on your Aura plan is covered by $1,000,000 in insurance for eligible losses due to identity theft.