Identity theft is a term that strikes fear into many people, with stories of credit card fraudsters, Tinder swindlers, celebrity impersonators and assassination plots making headlines around the world. And while these may be extreme cases, for those looking to steal identities, the opportunities have never been greater.
Today we spend more time online than ever before — eight hours a day, according to F‑Secure’s Living Secure report — sharing personal information across multiple accounts. But with so much of our information being shared digitally, the risk of it being exposed in a data breach also increases, which is often the first step when falling victim to identify theft.
Personal information, billing data, health records, or data of a sensitive nature has high value in the dark market, explained Patricia Dacuno, Senior Threat Researcher at F‑Secure.
Attackers can use such data for taking over accounts, stealing money from bank accounts, and identity theft. And attackers can create fake profiles and commit more crimes such as scams and phishing.
According to Experian, the world’s leading credit reporting company — which aggregates the financial information of over a billion people around the world — identity theft occurs
when someone steals your personal information or possessions so they can use your identity.
However, an important point to remember is that, in most countries, identity theft only becomes a crime when it leads to financial loss or other offenses.
The use of another person’s identification details (or the use of false identification details), often referred to as according to the UK’s National Fraud Intelligence Bureau.
identity theft, is not in itself an offence in law,
It is the action that is undertaken, using those identification details, that needs to be considered in respect of whether an offence has occurred.
This is also the case in Finland, where Victim Support Finland explains that identity theft is not punishable, as referred to in the country’s Criminal Code, if it
does not cause financial damages or any harm to the victim.
Sadly, this has become a contentious issue in many countries, as victims of identity theft can often struggle within the legal framework’s definition of what constitutes a crime. This has resulted in prevention becoming one of the most important factors, where identify theft, and the potential for criminal activity are concerned.
According to the Federal Trade Commission, cases of identity fraud — when identity theft results in a crime — increased from 270,000 to 1.4 million in the U.S. between 2012 and 2022, which is a rise of 518%.
And once you consider the fact that most identity theft crimes never get reported — whether as a result of embarrassment, lack of evidence, or victims simply not being aware that an offense has taken place — some organizations believe that the number of identity fraud cases could be ten times higher than official statistics show, affecting one-in-20 people (around 15 million U.S. consumers).
Before you can become a victim of identity theft, criminals first need to steal your personal information, such as your name, phone number, date of birth, social security number, address, and credit card number. The main way they do this is by accessing online accounts with poor security, which makes locking down your accounts more important than ever. By following the simple steps below, you can protect your personal information, and greatly reduce the risk of identity theft:
While protecting your online accounts is the most effective way to avoid identity theft, you should also be aware of the key warning signs. They will help you know what to look out for, and enable you to respond quickly, ensuring that any damage is minimized. Key factors to be aware of include:
Following a data breach, compromised user credentials often circulate on the dark web among scammers, who collect or pay for them in order to monetize your details in some way. Monitoring these data breaches is one of the main ways that you can determine if you are a victim of identity theft. You can use a manual tool such as the F‑Secure identity theft checker to pinpoint breached data, utilizing F‑Secure’s dark web scanning and threat intelligence.
However, while an online checker is a great way to perform manual scans, a more proactive approach is to consider automated 24/7 identity monitoring, such as that available in F-Secure Total, which will automatically look for breaches and notify you of any that include your details.
As well as monitoring breach data, you should also review your bank statements on a regular basis, looking out for any irregular payments or activity. In most countries you can also request information on your credit rating, without it having any impact on your overall credit score (UK guide / US guide / Finnish guide).
If the worst does happen, and you suspect that your identity has been stolen, don’t panic, and don’t blame yourself. Data breaches happen all the time. And, unfortunately, no matter how effective your personal online security is, sometimes you can’t prevent attackers from stealing your private information.
The following checklist provides some basic steps that you should take following a data breach:
(For a more in-depth overview of what to do following a data breach read the following post: 5 ways to minimize your risk after a data breach alert.)
The most important thing to keep in mind is that you shouldn’t feel singled out if your details are included in a breach, because just about everyone who uses the internet will eventually end up in the same circumstances. But, if you follow the steps in this guide, you should hopefully be prepared for every eventuality.
All you need to do is add your email address to the free F‑Secure Identity Theft Checker tool and we’ll let you know if your details have appeared in any known data breaches.
It’s totally secure. And no data is stored. Try it now.