There are plenty of companies that will sell your name, email addresses, phone numbers, street addresses, marital status, and relative’s names. They obtain the information from publicly sold databases. I had access to one that had all that, plus the registration info for the car I drive, my estimated income, my military record, my driving record, my political party preference, and pictures of my home that had been on the realtor’s website.

The scary one was when a phone center employee in the Philippines stole my wife’s debit card number and then did two big Western Union MoneyGram transfers to a couple of Filipino men. That means bad actors have access to the credit companies’ databases from which Western Union draws their proof of identity questions, like who holds your mortgage, where you lived when you were 10, and the make/model of your first vehicle.

If you’re well-off enough to be a financial fraud target, paying a company for identity theft protection is probably well worth it. Put fraud alerts in with all the major credit bureaus too. That usually stops identity thieves from accessing your credit. If you use 2FA with your phone, make sure your telecom provider will not transfer your number to a new device without in-person authorization and authentication.