Plaintext with Rich
Cybersecurity is an everyone problem. So why does it always sound like it’s only for IT people?
Each week, Rich takes one topic, from phishing to ransomware to how your phone actually tracks you, and explains it in plain language in under ten minutes or less. No buzzwords. No condescension. Just the stuff you need to know to stay safer online, explained like you’re a smart person who never had anyone break it down properly. Because you are!
Plaintext with Rich
Identity Theft, Made Plain
Identity theft doesn’t start with a stolen wallet; it starts when systems decide an imitation of you is good enough. We dig into how small bits of personal data collected by countless forms, portals, and programs get copied, merged, and resold until they become convincing profiles that pass automated checks. That’s why the hit often lands months or years after a headline breach fades, and why the fallout feels less like a single loss and more like an administrative grind that drains time and attention.
We walk through the real mechanics: fragments that never age out, breaches that cascade, and verification processes that accept “just enough” to open accounts, reset access, or attach debt to your name. The hard truth is that most victims didn’t make a reckless mistake; they were downstream from overcollection, long retention, or weak protection. Rather than pointing blame, we focus on steps that measurably reduce risk and shrink the blast radius.
Then we get practical. First, fortify the “golden key” of your digital life email with strong, unique credentials and app-based or hardware MFA. Second, place a credit freeze to block new accounts by default and lift it only when you truly need credit. Third, turn visibility into a habit with alerts for sign-ins, changes, and financial activity so you catch misuse early. Fourth, assume exposure and prepare for recovery with a simple playbook and resilient authentication. Layered together, these controls make your identity harder to borrow and faster to reclaim the difference between disruption and disaster.
If this breakdown helped, share it with someone who’d benefit, and tell us what security topic you want in plain text next. Subscribe, leave a review, and drop your questions we read and respond to every message.
Is there a topic/term you want me to discuss next? Text me!!
Nobody needs to take anything from your pocket to steal your identity. They don't need your wallet. They don't need your phone. They don't need to be anywhere near you. They just need information that already exists. And most of it didn't come from you. It came from places that collected it, stored it, and lost control of it. Welcome to Plain Text with Rich. Today we're breaking down identity theft and why data breaches don't stay abstract for very long. Let's clear up a common misconception right away. Identity theft is not primarily about stealing money, it's about borrowing your identity without your permission. Someone uses your personal information to pass you to maybe open accounts, to request changes, to sign agreements. The fraud works because systems believe they're dealing with the right person, you. That's what makes identity theft so disruptive. You're not fixing a transaction, you're untangling a false version of yourself. So why is this happening more now than ever? Well, because we've created an economy that runs on personal data. Think about this: every sign-up, every portal, every loyalty program, every medical form, each one of those collects a small slice of who you are. And breaches don't happen in isolation, they cascade, right? A company loses data, that data gets copied, sold, and merged with other breaches. Over time, fragments turn into profiles. Your information doesn't age out. It honestly accumulates. And look, attackers don't need everything. They need just enough. A name, an email here, an address there, a phone number from somewhere else, a partial identifier from a different breach. That combination is often sufficient to convince systems you're legitimate. No hacking theatrics required at all, just reuse. Now, this is why identity theft often feels delayed. The breach might happen today. The misuse might happen months later, sometimes years. Your data sits quietly until it fits into the right opportunity. And when it does, heh, the damage rarely announces itself politely. Look, here's the uncomfortable truth. Most identity theft victims didn't make a reckless mistake. They didn't click something outrageous, they didn't hand over secrets carelessly. They were downstream from someone else's failure. A company potentially overcollected, maybe they stored data too long, or didn't even protect it well enough. You inherited the risk without consenting to it. When identity theft surfaces, the consequences stack up fast. Look, credit reports change, accounts appear that you never open, debt gets attached to your name, then comes the administrative grind, calls, disputes, documentation, repeating the same explanation to different organizations. The stress isn't dramatic. It's honestly purely relentless. And it pulls time and energy away from everything else. So, what are some things that can actually help? Again, not perfection, not paranoia. We'll call these practical control points. As always, if you do nothing else, start here. First, secure the account that everything else depends on. And if you're sitting there and you're thinking, are you talking about my email? You're spot on. Remember, email is how identities are recovered, reset, reestablished across the internet. They are the golden key for a lot of people. If someone controls that inbox, they don't need to break into anything else. All right. Protecting email reduces the blast radius of everything tied to you. Second, put a credit freeze in place. And this is one of the highest impact, lowest effort steps available. And I'm not going to say it's not without its own pains. But look, a credit freeze prevents new accounts from being opened in your name by default. You can lift it temporarily when you actually need credit. Until then, it blocks an entire category of identity abuse. Third, turn visibility into habit. And what do I mean by this? Enable alerts for account activity, financial changes, login attempts. The goal here isn't to watch constantly, it's to shorten the time between misuse and response. With most things, the earlier you catch something, the easier it is to undo. Fourth, assume exposure and plan accordingly. Again, this isn't being a pessimist, right? This is not pessimism going on. It's acknowledging how modern data works. We don't wait for confirmation of a breach to prepare for one. We accept that exposure is likely and focus on detection and recovery. That's how systems stay resilient. Here's the mindset shift that matters most for us now. Identity theft is not a moral failing. It's not a reflection of intelligence. It's not about being careless. It's the result of systems that rely on static identity in a world built for copying data. Blame doesn't improve the outcomes, preparedness does. So if we put all this into plaintext, identity theft happens when personal data is reused in places it no longer belongs. Again, you can't control every breach, but you can make your identity harder to misuse and faster to recover. Limit what can be opened, protect what unlocks everything, notice changes early, respond without panic. That's the difference between disruption and disaster. As always, if there's a security topic you want broken down in plain text, send it my way. Email me, DM me, drop it in my comments. However you choose to reach me, I will read it and I will respond. Now, if this episode helped, please share it with someone who'd actually benefit. This has been Plain Text with Rich. 10 minutes or less, one topic, no panic. I'll see you next time.