Identity theft
Identity theft means criminals misuse another person's personal data to make purchases, open accounts, or commit fraud in that person's name. Unlike a mere data breach, the stolen data is actively misused.
In identity theft, criminals use someone else’s data such as name, date of birth, credit-card or login details to pose as that person. A data breach often supplies the raw material, but the real damage begins when those details are used for orders, contracts, or account takeovers.
How do criminals get your data?
The data often comes from phishing messages or from data breaches at online services. Leaked credentials are traded on dark web marketplaces and tried automatically against other services through credential stuffing. When one combination works, the account is taken over and the identity is usable.
How can you recognize identity theft?
Typical signs are bills or payment reminders for goods you never ordered, payment confirmations you did not trigger, or accounts you can suddenly no longer log into. Unexpected text messages with confirmation codes also suggest that someone is trying to log in as you. Be careful, though: phishing attacks often exploit exactly these signals to push you into acting. Always check that an email is genuine, and when in doubt contact customer service or verify the information through your existing account access.
What can you do if you suspect identity theft?
- Secure your accounts: Immediately change the passwords of affected accounts and enable two-factor authentication where possible.
- Block payment methods: Have your bank block cards and e-banking access.
- File a report: Report the case to the police and keep all evidence.
- Report the incident: You can report cyber incidents to the BACS via its reporting form.
How can you prevent identity theft?
- Use a separate, strong password for every service, most easily with a password manager.
- Enable two-factor authentication so that a stolen password alone is not enough.
- Check regularly whether your email address appears in known data breaches, and be sparing with personal details on social media. A password manager with a built-in breach monitor can help here (e.g. Watchtower from 1Password).
Sources
- BSI: Identity theft