How to protect yourself from online identity theft
How does online identity theft work and how can you protect yourself? We have the answers…
What is online identity theft?
Online identity theft – also known as identity fraud – is when someone obtains personal information about you over the internet and uses that information for their own personal gain. They commonly access your personal details via unsecured websites without your permission and pretend to be you so that they can commit fraud and remain undetected.
Once a cybercriminal has gotten hold of your details they might use it for any or all of the following:
• Take out contract phones or open other lines of credit, such as a credit card, in your name
• Purchase items or start a subscription on your debit or credit card without your knowledge
• Use your name and home address to get out of paying fines, to pass a background check or as proof of address.
How can someone steal your identity?
Many of us think we’re savvy enough not to become victims of identity fraud but the truth is it can happen to any one of us at any time. The reason for this is that fraudsters and scammers have gotten a little more sophisticated in their approach to commit crime – and sometimes their communication or approach seems legitimate. Let’s take a look at some identity theft examples to see how scammers attempt to steal your information:
Scammers and cybercriminals might use fake emails or text messages to “phish” for your private information and personal data. They tend to add a web link in an email or text that appears normal but is quite harmful. For example, they could craft a normal looking email or text posing as a delivery company or your phone’s network provider requesting you update your information or check whether your details are correct. When you click on the link and enter your bank details or personal information, such as your full name, address, date of birth, passport details and more, the scammers will see it and steal it for their own financial gain, leaving you out of pocket.
Debit or credit card skimming is where criminals put a device inside an ATM or at an electronic point of sale system, also known as a card reader. These devices appear to be normal and you might not spot the skimming equipment as it’s intentionally small. When this device is in place it can capture data from the magnetic strip on the back of your debit or credit card and then your data is passed through the skimmer to the criminals. Sometimes the criminals will also place a small camera in the corner of the ATM so that they can capture your PIN as you enter it. They’ll then capture your debit or credit card number, as well as your PIN. With this information they can clone your card and use it to make fraudulent purchases or withdraw money from your account.
Similar to phishing, scammers and cybercriminals use baiting, also known as scam-baiting, to lure the victim to click on a link and/or download harmful files onto their computer. A common example of baiting is where a scammer sends an email ‘congratulating’ you for winning a prize of money, or free music or films that you can download. The email will often ask you to register or log in to a site before you can get the download or money. Once you’ve entered your personal details, such as your name, address and sometimes your bank account information, they will have your details and use it as they see fit. It’s important to note that baiting can be digital as well as physical. Criminals can put harmful viruses on external drives, such as a USB drive, to infect another person’s device.
When an online fraudster uses malware, also known as malicious software, they are essentials using viruses, worms, trojans and other harmful computer hacking programs to gain access to sensitive information. Malware is particularly harmful because it’s software designed to damage a computer, server or a computer network you might find in a corporate office. They are often placed on an external device, such as a USB drive, but they can also infect a computer via an email link. Let’s look at the different types of malware you might find and how they infect computers:
• Worms tend to be a piece of malicious software that reproduces itself and spreads throughout your computer, or a computer network.
• Viruses are computer codes that imbed themselves in the code of a particular program on your computer, and once opened, they’ll spread the virus and slow or destroy the way your computer operates.
• Trojans are programs that pretend to be something a user needs but once it’s downloaded or activated, it damages the computer and spreads itself.
If a data breach occurs at a company or business, your private information – as well as that of others – could be at a higher risk of being sold on the dark web. Or, perhaps some criminals might use your information for their own selfish gain.
With WiFi hacking, cybercriminals are able to spy on some of the things you do if you’re connected to an unencrypted WiFi signal. All they would need to do is inject malware onto your device, which would allow them to access your personal data. Alternatively, they could create a fake WiFi hotspot that seems to be a normal, functioning WiFi signal. If you connect to the hotspot on your mobile, tablet, laptop or computer, the cybercriminals will be able to view and steal any personal or financial information you enter whilst you’re connected. So if you’re checking your bank account online or making a purchase, they’ll be able to see everything you type in, including your log in details and your 16-digit debit or credit card number.
How can you tell if your identity is at risk online?
Once stolen, criminals will use your data in all sorts of devious ways. Here’s some of the usual indicators that your identity may have been compromised:
• Have you lost any important documents recently? Was there anything suspicious about their disappearance? Have you taken the relevant precaution to make sure you are protected?
• Not receiving bills. Perhaps a criminal has given a different address to the one you actually reside in.
• Receiving credit cards you didn’t apply for? Or having credit denied despite being up to date with any payments you might have? Someone could be using your information.
• Being contacted by debt collection agencies. Do they want info about goods you haven’t even purchased? Then something’s definitely up.
• Abnormal transactions on your bank statements. If you didn’t make them, who did?
• Are you having trouble logging into websites? Then a criminal might be posing as you and has changed your password.
How can you keep your identity safe online?
When it comes to protecting yourself from identity theft, there are a few simple and constructive things you can do:
If someone requests personal information, such as your home address, via email – it’s very rare that legitimate companies would – check they are authentic. Verify the email address. Check any bad spelling on the email. Anything feel out of place or dubious? If you have any concerns at all DO NOT REPLY, you might be communicating with a phishing site.
Check your privacy settings on all social media and don’t post personal information publicly, including photos of car registration plates and clues as to where you live. And when you want to dispose of old letters, bank statements or anything with your address on it, shred it rather than putting them straight into the bin.
Never give out your mobile or home phone number to people you don’t know. This includes not posting your number on any website, social media or responding to an email that asks you for your number. Be wary of any phone call from your bank that asks you to confirm, check or authorise a payment. Your bank will never call you for something like this, neither will they ask you for your 16-digit PIN or any password for your online bank account. If any of these things happen, hang up the phone immediately.
Check your online bank statements regularly, whether you log in via your building society or bank’s online banking or mobile banking app. You should look to make sure you recognise all of the payments on there. Some mobile banking apps let you see if there are any pending payments. If there are some that you don’t recognise, call your bank immediately so that they can investigate and stop it if it appears to be debit or credit card fraud. Make sure that when you're logging into your online banking area, the website includes HTTPS (Hypertext Transfer Protocol Secure) at the beginning rather than HTTP. You shouldn't need to type this in as your building society or bank's website will automatically redirect you, and your web browser will check the website's security certificate. Put simply, the redirect will allow you to log into the secure site where your account information is safe from scammers and identity thieves.
Another form of identity theft protect is to make sure you always use the most up-to-date antivirus software on your devices and change any passwords regularly on your router, devices and websites. You should also use strong passwords too, and not a variation of the same password you’ve used for other devices or online sites.
When it comes to any physical documents with your name, address or financial details on them, you should store them in a safe place, ideally away from any doors or windows. If you need to discard them, shred the items or cut up an old passport or your credit or debit card. When, or if, you move properties, update your creditors with your new address or ask Royal Mail to redirect your post so that they don't get into the wrong hands.
You could also sign up to third-party credit bureaus that monitor your online and home address activity. Providers such as Experian or Equifax allow you to subscribe on a monthly basis giving you unlimited online access to your credit report, and any properties linked to your name. With this account you'll be able to monitor your credit rating from time to time too, so you'll always know what's going on with your accounts.
What to do if you think you’re a victim of identity theft
If you’re the victim of identity fraud you should take action immediately by getting in touch with the relevant provider or organisation.
If your purse or wallet has been lost or stolen, call your bank so that they can stop your debit and/or credit cards - don't wait until you see fraudulent activity on your account. And if you lose your cheque book, or fear it’s been stolen, your bank can also stop all the cheques too.
You can cancel a lost or stolen passport on gov.uk as soon as possible. It will then be cancelled immediately. For Driver’s Licences, you can call DVLA or complete an online form on gov.uk to report it as lost, stolen, damaged or destroyed, and they’ll arrange a replacement, which you will need to pay for.