What is identity theft?
Identity theft refers to a crime committed in order to obtain personal information such as passwords, ID numbers, credit card numbers or national insurance numbers. Identity theft criminals then misuse this personal or sensitive information and act fraudulently in the victim’s name, commonly to apply for a loans, make an online purchase or to access the victim’s medical and financial data.
What about identity fraud?
The term identity fraud is sometimes used as a synonym for identity theft, although the concept of identity fraud also encompasses the use of false or modified identity, as opposed to identity theft where criminals misuse someone else's real identity.
What are the different types of identity theft and identity fraud?
There are a number of different ways your stolen identity could be used to commit fraud or theft. While some types of identity theft focus on real-world physical theft, many take place online. These common types of online identity theft include:
Account fraud
Account fraud is one of the primary ways your stolen identity can be used. Criminals will take control of your account using details they’ve taken from you and use this new access to make payments or transfer money.
Debit and credit card fraud
Whether your card is stolen or your details are taken from a database, this type of fraud focuses on using your details without permission. Not only could you lose money, but it could affect your credit score in the long term.
Licence and ID fraud
This may not feel like a form of online identity theft, but driving licences and other personal IDs can be taken in data breaches and used to open accounts in your name, without your knowledge.
Mail and email identity theft
If someone can gain access to your physical mail or your email account, they could find a whole host of personal information. This includes details like account numbers, login credentials, family contact information or addresses. It’s a gold mine for someone looking to commit identity theft.
eCommerce and online shopping fraud
This refers to the situation whereby someone breaks into one of your shopping accounts and uses it to place orders with saved card information. This could either be through data breaches, dodgy redirects, phishing or malware.
National Insurance fraud
A national insurance number can be used to set up all kinds of things in your name, including bank accounts and credit agreements. Always check your credit report to see whether anything suspicious is happening in your name. There’s always a chance of a data breach or hack putting your National Insurance number (NIN) into the public domain.
Senior identity theft
This form of identity theft deliberately targets seniors who may be more vulnerable to phishing or scams, which have been created to take personal data or access bank accounts.
Child identity theft
This is often one of the more insidious forms of identity theft; it’s usually someone known to the family who takes and uses a child’s details to create accounts, or enter into credit agreements fraudulently.
Tax identity theft
A form of fraud in which someone files a tax return in your name, so they can receive a refund.
Biometric theft
With the increase in Face ID and fingerprint scanners in smart technology, this fraud type focuses on stealing biometric identity so cybercriminals can access your sensitive data and bank accounts.
Mortgage or home title fraud
There’s a range of different things criminals may do with your mortgage or home information. You could find mortgages being signed over to other people, houses being sold without your knowledge or else take out equity or another mortgage. These can be very damaging.
How does identity theft work?
Identity theft is closely linked to phishing and other social engineering techniques that are often used to pry sensitive information from the victim. Public profiles on social networks or other popular online services can also be used as the source of data, helping criminals to impersonate their targets.
When identity thieves have collected such information, they can use it to order goods, take over the victims’ online accounts or take legal action in their name. In the short term, affected individuals can suffer financial loss due to unauthorised withdrawals and purchases made in their names.
Identity Theft Protection: our tips for protecting your identity online
- Secure your connection: When using personal information online, always ensure your connection is secure – preferably via home or corporate network or cellular data. If possible, avoid public Wi-Fi with no password protection. Should you have no other choice, use a virtual private network (VPN) that will encrypt all your communication, protecting you from eavesdropping criminals.
- Keep your devices secure: Protect your laptop, smartphone and tablet from malicious software and attackers by using a reliable and up-to-date security solution.
Further tips for protecting your online identity
- Stay away from suspicious messages and sites: Visit our pages about spam and phishing to learn how to spot social engineering attacks that are after your sensitive data.
- Maintain good password hygiene: Create strong passwords that are long, hard to guess, and unique, ESET’s Password Generator can help you with this. You can also use passphrases as they are easier to remember, or keep all your passwords in a password manager, to store them more securely. To add another layer of protection to your passwords, use two-factor authentication wherever and whenever possible. One important note: never reuse any password for multiple accounts or services. This way, even if attackers are able to obtain this one password, the damage they can cause is limited only to the compromised account (or service).
- Monitor your bank and credit accounts: Check your online banking account and credit scores regularly for suspicious activity. This might help you uncover an attack before it causes extensive damage to your finances or reputation. Also, be sure to set limits for your transactions to prevent any misuse of your money.
- Be careful with sensitive data: If you want to throw away any physical documents that contain personal information, you make sure to discard them in a safe manner – by making them unrecoverable or by shredding them. A similar logic applies to your electronic devices: when selling or disposing of old smartphones, tablets or laptops, make sure you have wiped all the sensitive data they once stored.
- Don’t overshare: In an era where most users have multiple social media accounts, oversharing can be a serious problem. Even more so when the posts, photos or videos contain sensitive information that might be misused to impersonate you – such as your ID, purchase orders, flight tickets or any similar documents. Avoid posting any of these, as well as too many details about your personal life and history, which could be misused by the crooks to act in your name.
- Use credit monitoring and freezes: US users can ask for a credit freeze that will restrict access to their credit reports, making it more difficult for the identity thieves to misuse the stolen information. Another way to go is to select one of the credit monitoring services that watch for signs that someone is misusing your personal data. Users outside the US can check online whether there are similar services available in their region (UK users can read more here).
What are the first signs of identity theft?
There are a number of possible signs that could help you spot identity theft before it goes too far. Be vigilant and keep an eye out for:
- Unusual activity on bank statements or credit reports: This could be one of the simplest ways to spot a problem. Criminals could be spending money or setting up accounts in your name.
- Notifications of more than one tax return being filed in your name: If your tax data has been compromised they could have filed a fraudulent report.
- Maxed out credit card or unusual charges: Your credit card details have been leaked and money spent.
- Credit issues: For example, if you are turned down for a credit agreement when you previously had good credit
- Unexpected account or billing changes: This could be receiving bills or account confirmations for things you’ve not set up yourself; criminals may be using your data to set up a number of new accounts. You could also suddenly stop receiving bills or statements by mail or email, which may mean identity thieves have re-routed your bills or statements to themselves using your details.
ESET offers you an award-winning antivirus
ESET HOME Security Premium
Powerful, multilayered protection to encrypt sensitive data, manage passwords easily, secure online transactions and more. A user-friendly solution for enhanced privacy online. Secures Windows, macOS, Android, and iOS devices.
