Mobile devices carry an unfortunate distinction. In many consumers’ minds, they’re simply the latest innovation to come out of cellular phones. But at the same time, they’re not just cell phones, but rather fully-functional handheld computers. As such, they’re vulnerable to viruses, malware, hacking, and more.

There are a lot of ways that scammers can steal your personal identifiable information through your mobile device, and then use it to steal your identity:

  1. Lost or stolen device – The most basic way a criminal can use your smartphone against you is if he manages to get a hold of the actual device. If you don’t have a passcode enabled on your phone or tablet, he can easily get into your apps and look around for information. And if you’re like most people who leave their email app logged in, then the real trouble begins.

Once a thief is able to use your email app on your unprotected phone, his first step is to change your email password. From there, you’re locked out of it (unless you remembered to add a back-up email or phone number to your account), and he can do a lot of damage.

How? By using your email address to change your passwords on all of your other accounts. All he has to do is go to your Facebook app, your Amazon account, your mobile payment app, your online banking app, and any other sensitive site, then click “forgot my password.” The link to reset the password will come to your email—which he now controls—and he can change the password on every account you own.

2. Sending a link – If you ever receive a text message from an unknown number, be careful. It could easily be a spam email sent out in the hopes of phishing, or getting you to click a link. It might tell you about a great free offer, or it might say, “You’ll never believe these crazy pictures I found of you!” Whatever the tactic is, the only purpose is to get you to click the link. Once you do, it will install malicious software on your device (it’s a computer, remember?) and then root around in your information for data.

It’s important to keep in mind that the text might come from someone you know. If the sender’s own phone has been infected with a different virus, it can then propagate by sending itself to everyone in that person’s contact list.

Remember that links you receive in text messages, emails, social media messages, or through other means could be infected. Verify it with the sender (or ignore it if it’s from a stranger) before you click.

  1. In-store fraud – In a now famous case, a woman’s phone was hacked when a thief went into a cellular provider with a fake copy of her ID, then upgraded the phones on her account. The thief walked out with two brand-new iPhones, after updating her account to have her phone number installed on them. She only discovered the issue when her own phone suddenly stopped working and she contacted her provider for assistance.

Unfortunately, cellular providers have been a hot target for identity theft. The information contained in your account provides your complete profile, since most plan-based providers require your Social Security number upon opening your account.

Another issue that makes cell phone providers a sought-after route to your identity is the popularity of two-step authentication. This extra privacy measure means you have to provide a PIN number that is texted to you whenever you log into an account with your username and password. It’s a great way to ensure additional protection for something like your email or your online banking app, but it also means your mobile device is an even more valuable commodity since hackers would need it to break into your account.

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.