Identity theft: What is it and how to avoid it

Identity theft occurs when someone uses your personal identifying information and pretends to be you in order to commit fraud or to gain other financial benefits.

Your personal identifying information could include your full name, home address, email address, online login and passwords, driver’s license number, passport number, or bank number. Once thieves access this information, they may use it to commit identity theft or sell it on the dark web.

What is identity theft?

Whether an identity thief overhears you reading out your credit card number on the phone, buys your information on the dark web after it has been exposed in a data breach, or steals your information some other way, there are a lot of ways to access your personal details. Using that information is the next phase in the identity-theft process.

Here are some examples of what identity thieves might do with your sensitive personal information.

• Make unauthorised purchases using your existing credit and debit cards. 
• Get access to your bank account
• Subscribe to paid services like streaming pages or premium dating portals under your name and with your payment information
• Open up a mobile phone contract with your information

How does Identity Theft work?

Data gathered by Finanso.se, revealed that 56% of Europeans have experienced at least one type of fraud in the last two years. One third of them were victims of identity theft, which is quite a lot. But how exactly does ID theft work?

Identity thieves may access your personal information in different ways. Here are some examples.

Phishing

Cybercriminals send fraudulent emails or texts that may look legitimate. The links in these emails or texts may be used to download malicious software — malware, for short. The software may be able to mine your computer for personal information and send it to a remote computer. Cybercriminals use this information to commit identity theft or sell it on the dark web. It’s a good idea to avoid opening suspicious-looking mails, click on unexpected links or download material.

Skimming

Credit card or ATM card skimming happens when criminals replace card readers with a counterfeit device at cash counters or other point-of-sale systems, such as those at grocery stores, coffee shops, petrol stations, or ATMs. This device captures data in the magnetic strip of each credit and debit card and passes it to the skimmer. Sometimes, a small camera is set up to capture ATM PIN entries. 

With information like credit card or debit card numbers, names, or ATM PINs, criminals may be able to make fraudulent purchases or withdraw cash in the account holder’s name.

Wi-Fi hacking

Some public Wi-Fi connections are unencrypted. This could give criminals a chance to snoop on data traveling to and from your device. If your device has software vulnerabilities, cybercriminals may be able to inject malware to help them gain access to your data.

Cybercriminals sometimes create fake Wi-Fi hotspots with names that sound like a legitimate network. Identity thieves may be able to view and exploit the information passing through the rogue network. Always check the spelling of the network name before connecting. And take the added precaution of using a VPN to connect to public Wi-Fi, especially if you’re accessing your bank account, making an online purchase, or sending sensitive information, such as a tax return. 

Phone scams

Fraudsters may call you on the phone, claiming to be from a bank. If you receive this kind of call, don’t provide any information over the phone. Instead, hang up immediately. Banks usually communicate through the post or through their own system. If you are not sure about a phone call, refuse to share information and instead call the bank directly.

Data breaches

After a data breach, your personal information could be at risk of being sold on the dark web. Sometimes a data breach puts at risk the personal information of millions of people. For instance, the Equifax data breach exposed the personal information of as many as 147 million people.

Malware

Criminals use different techniques to install malware on another person's device. Malware could allow the criminal to access the device and information stored on it. Malware types include viruses, spyware, trojans, keyloggers.

What happens to my information after identity theft?

Identity thieves can profit from your personal information in a variety of ways. 

Steal your money or benefits

How identity thieves use your information often depends on what information they have. For example, if they have your credit card number, name, and address, a criminal may be able to make unauthorised charges to your credit card.

Sell it on the dark web

After a data breach, the exposed information sometimes ends up on the dark web — a part of the internet that isn't indexed by search engines. A credit card number may have a value of up to 177 Pound and various European Union passports have been shown to sell for up to 2954 Pound, according to Privacy Affairs.

Impersonate you

An identity thief could also create fake social media accounts pretending to be you, to lure in more victims.

Possible signs of identity theft

It pays to monitor your banking and credit card statements frequently. Here are some signs of identity theft you can look for. 

1. Your financial statements have discrepancies, or your bank statement shows purchases or withdrawals you didn’t make.
2. You get calls from credit and debt collectors about charges you didn’t make.
3. There are unfamiliar charges on your credit card statement. Sometimes thieves start with small charges around 5 Pound to test that the card will work before making larger purchases.
4. You are refused financial services, credit cards or a loan, despite having a good credit rating.
5. You receive letters from debt collectors for debts that aren’t yours.

How to help protect yourself against identity theft

Here are some easy ways you can protect yourself against identity theft:

• Create unique, complex passwords, for each account and device. A strong password includes a dozen letters, numbers, and symbols. Or you can create a long passphrase, which would be hard for a criminal to guess, but easier for you to remember. Change your password if you suspect the account has been compromised.
• Enable two-factor authentication on all accounts that offer it. 
• Never give out your personal information — especially on phone calls you didn't initiate.
• Shred documents before throwing them away. This might include mail, receipts, bills, and any other paperwork that contains sensitive information. 
• Leave your debit and credit cards in a safe place at home. Only carry what you absolutely need in your
  wallet.
• Use websites that are secure. The URL will start with an "https" (the "s" stands for "secure").
• Check your financial accounts often and keep tabs on your credit report to look for changes you didn't
  make.
• Don't click links, open attachments, or respond to emails from unfamiliar or untrusted sources. These may contain malware.
• Set up alerts on your banking and credit card accounts. For example, your bank may notify you each time there's a withdrawal from your checking account. 
• Use a service like Norton Identity Advisor Plus which helps consumers to resolve their identity theft issues

Reporting identity theft

Reporting identity theft can help bring criminals to justice and help keep your information safe. You should also make sure, that you act quickly in order to ensure that you are not liable for any financial losses.        

• Make sure to report all of your stolen documents, like passports or credit cards.
• Contact your bank and credit card company to inform them of any unusual transactions on your statement.
• Report the theft of personal documents and suspicious credit applications to the police and ask for a crime reference number.

On top of the above you might also want to contact Action Fraud. Action Fraud is the UK national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experience cybercrime in England, Wales or Northern Ireland.