You walk into your local pub, not alone. As usual you order a beer. You sit chatting with your companion. After a while the barman wanders back.

"Never had you for a red wine drinker," he grins.

"Huh?" you reply.

"Last night. Surprised the heck out of me."

"I don't drink red wine," you say, confused. "You don't. It gives you a hangover and, so far as you can tell, always tastes of cardboard, or wood. 'And I wasn't even here."

The guy laughs. "Yeah, right. Never seen you that drunk before, either."

"I'm sorry," you say, by now uncomfortable, "But I have no idea what you're talking about."

There's an atmosphere. This barman prides himself on being good at his job, part of which is remembering customers. He goes off and comes back minutes later with a credit card receipt. It has your signature on it. It's for a bottle and three further glasses of red wine, plus a bowl of pistachios, which you don't like either. The receipt is dated the previous night.

He shrugs, walks off. Baffled and freaked out, you turn to your companion. This is your wife.

The expression on her face is not good.

"Working late, huh," she says, picking up her purse.

Life imitating art

This – or the virtual equivalent - happens on the Internet a thousand times a day. Just while I've been considering this blog, I've received a DM from an acquaintance on Twitter. This led to a site that looked like Twitter, asking me to re-login. Closer inspection revealed the URL started with "Tvvitter".

For the last 24 hours I've been getting hourly emails from alleged journalists via Vimeo, asking me to get in touch – the spoofed email link, naturally, leading to some sordid corner of the net populated by rats and thieves. Last week, I received an email from Google saying they'd blocked an attempt to use one of my email addresses to authenticate an app, and I should change my password.

The week before, I tried to use online banking and couldn't – and discovered the card had been canceled by my bank because it was one of a number that had potentially been compromised by hackers. Luckily, I spotted these breaches ahead of time, and they appear to be unconnected.

Curiously, a similar sequence of incidents happens to the main character of my novel, Killer Move, and in Bill Moore's case there are far darker things afoot. Killer Move is fiction. What happens to Bill is not just real, however, but takes place every day.

The rat-people

Your stuff has never been safe. Lazy, dishonest and feckless people have been stealing other people's gear since the dawn of time. People rob banks and lift iPhones out of handbags and rustle cattle and doubtless made off with some other stone age guy's stone tools.

iPhone theft

It's how we roll – some of us at least, the rat-people – and getting hold of banking passcodes is merely a new and groovy iteration of an ancient scumminess. People nicking your stuff doesn't speak to your identity, however. If someone burgles your house, your privacy has been invaded, but not your self.

It'll be annoying and inconvenient, but doesn't impact on who you are, or how other people perceive you. With social networking passwords, however, it actually does represent an attack on identity. Identity is now virtual, and boils down to how you're perceived. People messing with this is like a home invasion of the soul.

The flimsy corral

The most striking change in the Internet over the last years is how it sidestepped from being all about information to being all about shopping... and now to being all about you. Everything you do, from sites you visit to what you buy to what you Like or tweet or which cafes and bars you Check In, to the fact your LinkedIn password is "mybossisanarse" – all these little existential acts – are about you, and your identity, and they're flimsily corralled behind passwords that are alarmingly easy to get hold of.

With every day that passes it becomes easier and easier for someone to carve at the heart of you. That's what people are stealing now, and 99 per cent of the time it's not going to matter. But then one day a photo of some cruel, bad thing gets posted somewhere in your name, and it really, really does.

You can get money back. Privacy can be regained. Identity, on the other hand, is a one-way street. Ask anyone who's been slandered or falsely accused. There doesn't need to have been a fire. The smoke never completely fades.

It's not about the cost of the wine any more, bottom line. It's about the cost to your identity - and when it comes to who you are and how people perceive you, it's the little things that count. A couple of years ago my own Twitter account got hacked, and a few followers received a tweet claiming I could tell them the secret to making seventeen hundred thousand million dollars a day.

Some people simply gave me a polite heads up, but others were weirdly bad-tempered about it - despite it being something outside my control, a wrong that had been done to me, not them. When you present in ways that are unexpected, people's response will be unexpected too.

Invasive theft

I have no clue what the rat-people want, the ones who've always stolen and spoiled whatever's to hand. They think so differently to you and me that it's hard to get into their tiny, dark little minds. They may merely be making mischief. They could be trying to forge routes from trivial passwords to the more important ones - or may even be in league with the major credit cards, to help them sell us all Identity Theft insurance.

They could even be laying the groundwork for a new and insidious kind of war – let's call it Identity Terrorism - in which the lives of people both great and small are compromised through bad deeds apparently done in their name, in order to subtly unsettle our societies.

I don't know what their plan is.

But I know we'll find out.

You can find more about Michael and his books at michaelmarshallsmith.com