Identity Theft Risks while Working Online and How to Stay Safe

Last Update: July 7, 2021 • Fraud • Identity Theft • Scams •

So you take to the Web for a job. It isn’t easy to find the right one. Chances are you will stumble upon many ways to make money — paid surveys, mystery shopping, scam money-making systems, writing gigs, and so much more. It can really be confusing, and even worse, it can be dangerous if you aren’t aware of what’s going on.

Here’s the problem …

The primary place identity theft takes place is on the Web.

If you’re working online, think about all the personal info you are giving up. It doesn’t just get into the hands of these sites — you are also processing many emails that reveal your credentials. And it’s even common and expected for some small business owners and others to get various pieces of sensitive information about you.

All it takes is for one of your accounts to be compromised — or for the database of a business, you dealt with before to get breached. Then your identifiable information is up in the air, and an attacker can use it however they wish.

You can prevent this. Don’t avoid working online over identity theft risks!

And thankfully, keeping your identity safe online isn’t all that hard.

But it will require a bit of discipline …

The Best Ways to Protect Your Identity Online

If you plan to work from home, you will want to put a few protocols in place. They might be a pain, but this difference is huge. So take this seriously and give yourself an hour or so to prepare yourself for a safer working experience.

Consider the following …

Which websites have you given your credentials to already?
What different types of information have been released, and to whom?
Where have you linked your bank account and/or credit card details?

These are the three key data pieces that help break down your identity theft exposure. If you answer each of these questions, it will become clear what type of position you are in now. And from there, you can safely add to it.

Think of this as an ‘Activity Log,’ and we’ll make a legit example for you guys.

At ElitePersonalFinance, we have an “Activity Log” plugin that allows us to see everything any of our writers and editors do on our site. This makes it possible to keep track of all their actions. If something backfires, we can trace it back to any of the possible culprits. You can also make an activity log!

Create Your Own Identity Safety Activity Log

It should look something like this …

Company:	Details:	Date:	Notes:
PayPal	Full name, date of birth, email, mailing address, credit card numbers, bank account information.	01/25/2016	Information provided to open an account.
Upwork	Full name, date of birth, email, mailing address, PayPal email address.	01/25/2016	Information provided to open an account.
Target	Full name, email, mailing address, credit card numbers.	02/12/2016	Information provided to purchase gifts.
Upwork	Bank account information.	02/24/2016	Information provided to get paid by ACH bank transfer.
eBay	Full name, date of birth, email, mailing address, credit card numbers, bank account information.	03/03/2016	Information provided to open an account.
eBay	Full name, mailing address, credit card numbers.	03/05/2016	Information provided to purchase off a private seller. Warning: This means the seller has my full name and mailing address. EBay themselves process the credit card information.

What does this all mean?

It means you can identify the cause of any identity attack.

From the table above, imagine if you made your purchase at Target at the time of their massive data breach, and you didn’t realize it. This would make it abundantly clear why your identity is being defrauded now.

Target notified their past and present customers, but many small sites don’t do the same. Many online companies do not even know who has access to their sensitive stored data and what type of footprints can be left while protecting such data.

So it’s all about the timing. If your identity was defrauded without you noticing for a year, then clearly, the information about you was found more than a year ago. At that point, you could track back into your log to see what could be to blame. It’s possible your identity is being attacked because of an account or purchase from many years ago, but usually, it’s a more recent thing.

So if you do become an identity theft victim …

Go through your ‘Activity Log’ and narrow the list of information releases to only before the oldest attack date.
Check if any of the businesses and/or websites you interacted with before then have become compromised or had their databases breached.
If not, consider whether any of the previous purchases you made were from relatively insecure websites.
Look at how you were attacked and figure out the exact pieces of information the attacker must have had to perform the attack.
Check with the log for any data that coincide between what you’ve released to what’s needed for the attack. For example, it might not be a purchase — if you signed up for a job, just giving your resume would reveal your identifying information too.

That leads to a critical point …

You have to be extra careful handling your resume out online!

Think about it — what does your resume contain?

Typically, your resume will reveal a lot of information that could be harmful in the hands of a fraudster. This includes your full name and mailing address, of course. But what most don’t realize is that it also includes your current and/or past employment, which is invaluable to an identity fraudster!

So that means you have to include entries on your Activity Log that are limited to job applications as well. These are sometimes looked at differently — we aren’t just talking about employee profiles on sites like Monster and Indeed. If you apply to any job listing, you’re still sending the resume as an email attachment, even locally.

So now you have a twofold problem — one, the data is transmitted through an email that might never get deleted, and, two, if you never get a response, you might never think of that business again.

If you find yourself applying to jobs regularly, make a separate log just for that. Either way, keep track of your job applications also.

Know No Strategy is Bulletproof

The truth is you cannot safeguard someone on the Web. There are too many unknown variables — in fact, we’ve covered guides on staying safe from SMSishing, Phishing, Vishing, and many, many other online fraud techniques.

But at the end of the day, it’s all the same game. You need to keep your data safe and secure, and you also need to know who you are trusting with it. There are no guarantees the information will stay safe — but at least you’ll have a better idea on who’s to blame, or at least who’s not to blame.

More Fast Tips

No one tip is enough, so here are a bunch more that might help you out …

Get identity theft protection anyway

Still invest in identity theft protection. It really can save the day, especially if an attacker got your information offline instead. You will be able to catch any identity crime in the moment and put a stop to it. The identity theft protection company you subscribe with will even accept financial liability if you get victimized. It’s the perfect scenario, and while it doesn’t guarantee protection, it severely increases your safety.

Be careful using your resume online

Sending your resume to legitimate companies is always fine. Take the time to vet any employer before trusting them, especially if it’s a random online business. And most importantly, only send out your resume directly in private and secured ways. You should not be posting it publicly on the Web because it permanently leaves fraudsters to find and abuse.

Be careful building web presence

If you work online, you might need to build an online profile with some real Web presence. This is fine, but be careful about the amount of information you leak along the way. It is all a paper trail to fraudsters. For example, your LinkedIn page is secretly a resume — you don’t know it. If you pair the information found there with your mailing address and full name, they can quickly defraud you.

Consider a security freeze

Consider placing a security freeze on your credit file if you are not an active borrower. This is only an inconvenient thing to do when you plan to apply for new credit every few weeks or months. Having a security freeze on your credit file is incredibly beneficial in most scenarios. It prevents a fraudster from using your information criminally, and from there, you can investigate the attack.

Play it smart – apply this advice!

What we have just explained is something no one wants to hear. We know all about it, and we are aware that going through these tedious tasks is just boring. But it will make all the difference if you become the victim of identity theft. You can put up the same barrier with a quality identity theft protection plan.

Consider these preventative actions and keep your identity safe while working online!