You walk into your local pub, not alone. As usual you order a beer. You sit chatting with your companion. After a while the barman wanders back.

"Never had you for a red wine drinker," he grins.

"Huh?" you reply.

"Last night. Surprised the heck out of me."

"I don't drink red wine," you say, confused. "You don't. It gives you a hangover and, so far as you can tell, always tastes of cardboard, or wood. 'And I wasn't even here."

The guy laughs. "Yeah, right. Never seen you that drunk before, either."

"I'm sorry," you say, by now uncomfortable, "But I have no idea what you're talking about."

There's an atmosphere. This barman prides himself on being good at his job, part of which is remembering customers. He goes off and comes back minutes later with a credit card receipt. It has your signature on it. It's for a bottle and three further glasses of red wine, plus a bowl of pistachios, which you don't like either. The receipt is dated the previous night.

He shrugs, walks off. Baffled and freaked out, you turn to your companion. This is your wife.

The expression on her face is not good.

"Working late, huh," she says, picking up her purse.

Life imitating art

This – or the virtual equivalent - happens on the Internet a thousand times a day. Just while I've been considering this blog, I've received a DM from an acquaintance on Twitter. This led to a site that looked like Twitter, asking me to re-login. Closer inspection revealed the URL started with "Tvvitter".

For the last 24 hours I've been getting hourly emails from alleged journalists via Vimeo, asking me to get in touch – the spoofed email link, naturally, leading to some sordid corner of the net populated by rats and thieves. Last week, I received an email from Google saying they'd blocked an attempt to use one of my email addresses to authenticate an app, and I should change my password.

The week before, I tried to use online banking and couldn't – and discovered the card had been canceled by my bank because it was one of a number that had potentially been compromised by hackers. Luckily, I spotted these breaches ahead of time, and they appear to be unconnected.

Curiously, a similar sequence of incidents happens to the main character of my novel, Killer Move, and in Bill Moore's case there are far darker things afoot. Killer Move is fiction. What happens to Bill is not just real, however, but takes place every day.

The rat-people

Your stuff has never been safe. Lazy, dishonest and feckless people have been stealing other people's gear since the dawn of time. People rob banks and lift iPhones out of handbags and rustle cattle and doubtless made off with some other stone age guy's stone tools.

iPhone theft

It's how we roll – some of us at least, the rat-people – and getting hold of banking passcodes is merely a new and groovy iteration of an ancient scumminess. People nicking your stuff doesn't speak to your identity, however. If someone burgles your house, your privacy has been invaded, but not your self.

It'll be annoying and inconvenient, but doesn't impact on who you are, or how other people perceive you. With social networking passwords, however, it actually does represent an attack on identity. Identity is now virtual, and boils down to how you're perceived. People messing with this is like a home invasion of the soul.

The flimsy corral

The most striking change in the Internet over the last years is how it sidestepped from being all about information to being all about shopping... and now to being all about you. Everything you do, from sites you visit to what you buy to what you Like or tweet or which cafes and bars you Check In, to the fact your LinkedIn password is "mybossisanarse" – all these little existential acts – are about you, and your identity, and they're flimsily corralled behind passwords that are alarmingly easy to get hold of.