When you visit a website, information about your actions while visiting that website is saved. For example, if you visit an electronics store's website and view three flat-screen televisions, the information may be stored regarding the specific televisions you viewed. The information is stored in temporary computer memory called a session cookie. The purpose of a session cookie is two-fold: one, to make it easier for you to return to the same televisions if you want to order one, and two, to help the store's website suggest specific items for you to consider purchasing based on what you have already viewed. Once you close the browser, the cookie is deleted.

There are other types of cookies called persistent cookies. These are not deleted and can be stored on your computer for months or even years. Generally, these cookies are designed to improve your experience each subsequent time you visit a website. Some cookies, however, are designed for malicious purposes. They may capture information about you with the sole purpose of sending it to a server anywhere in the world without your knowledge or permission. The information captured can include the websites you frequent, your user IDs and associated passwords, and even credit card information you provided to purchase items (http://www.wisegeek.com/what-does-an-adware-tracking-cookie-do.htm, http://www.reputation.com/reputationwatch/articles/how-companies-collect-manage-and-use-your-private-information-when-you-browse-online).

One stolen credit card number can cause you harm, but that can be undone with a call to the credit card issuer. However, a digital file of your actions and multiple credit card numbers built over the course of months or years can be used to develop a profile about you and your very sensitive personal information.

The information captured can be enough for a stranger to duplicate your identity and use your credit or even live as you without your knowledge. The profile built about you can be used to fool people who know you into thinking they are interacting with you via digital means. Some people may even be convinced to drop their guard and provide their own sensitive personal information to your digital twin, who then uses it to start building profiles on your friends. How long will you maintain friendships when the information provided to "you" is used to steal your friends' identities?

The previous paragraph may sound like the start of a movie plot, but it is very real. And it is only one way strangers steal your information. Look at David Crouse's story, documented by The Wall Street Journal. In 2009, David went from a happy man with a solid retirement account and a 780 credit score to a worn out man with drained bank and retirement accounts and a ruined credit score. The entire loss happened in less than six months. What caused this? While visiting a website, malicious software (called malware) was secretly downloaded to his computer, which captured every key stroke he made, including credit card numbers and bank account login credentials. His information was then sold to individuals who used it to access his debit card to gamble, make long-distance calls, and buy electronic toys. The charges totaled over $900,000 (http://articles.marketwatch.com/2010-02-10/finance/30765048_1_new-bank-debit-identity).

David Crouse was a victim of identity fraud due to the theft of personal information entered into websites through his personal computer. Identity fraud is defined by the U.S. Department of Justice as "all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain" (http://www.justice.gov/criminal/fraud/websites/idtheft.html). Javelin Strategy & Research, an oft-referenced research firm, reported that approximately seven percent of all smartphone owners were victims of identity fraud in 2011 (http://spectrum.ieee.org/riskfactor/telecom/wireless/smartphones-becoming-gateways-to-identity-theft). One main difference between David's computer and most smartphones is the level of care people take with the devices and the access to those devices. Personal computers, whether desktop or laptop, tend to be handled carefully when transported and often have antivirus software installed to protect against malware. Smartphones and tablets tend to be tucked into bags or pockets, or left on a nearby table or desk, and frequently contain no antivirus software (40 percent as of May 2012, according to Kaspersky Lab (http://www.kaspersky.com/about/news/press/2012/number-of-the-week-40-percent-of-modern-smartphones-owners-do-not-use-antivirus-software). In addition, according to Javelin Research, 62 percent of mobile device users do not use passwords to protect the contents of their devices. Compared to personal computers, the casual handling and lack of antivirus software make mobile devices more prone to theft, data exposure, and malware.

There is no financial safety net for people like David. He estimated it would take five years to eliminate the debt caused by the identity thieves and save a small amount of his original retirement account. His target age for reaching that goal was 61 years old, leaving him little time to rebuild the funds for the retirement he had planned.

The people stealing and selling David's personal information gained a small amount for their efforts while David suffered a significant loss, which impacted his life for years. Just how much was David's personal information worth? According to MSN Money, the electronic version of a person's credit card information (the type of information captured by malware) is worth between $2 and $90, depending on how many details are available. Physical credit cards using that same information can be purchased for an additional $180. Credentials for logging into a person's bank account can be purchased for $3,500 (http://money.msn.com/identity-theft/what-you-are-worth-on-black-market-credit-cards.aspx). The cost to create and distribute malware is minimal. A thief has only to write the software or obtain prewritten malware from the Internet, and distribute it through e-mails or mobile device software (apps). The thief may even profit from selling the app containing the malware, benefitting twice. One app or e-mail with widespread distribution can install malware on thousands or even hundreds of thousands of devices. And there is an always-ready black market for personal information.

Let's return to Troy's story and the information, which could have been captured during his first waking hours. Malware exists, which will allow a person to take over someone's mobile device, making it possible to record calls and read and send text messages and e-mails (http://spectrum.ieee.org/riskfactor/telecom/wireless/smartphones-becoming-gateways-to-identity-theft).

A stranger using such malware to infect Troy's phone, we'll call him Mr. X, would know that Troy had a significant other, that he had parked illegally in a certain city and incurred a fine for that behavior. Mr. X would also know that Troy had a flight on a particular airline, had a conference call scheduled, that Troy had checked into his flight, and what bank Troy used. Depending on the malware used to steal Troy's data, Mr. X also may have the access credentials to Troy's bank account. What started out as a busy but good day for Troy, has gone decidedly bad.