What is identity theft? Everything you need to know

Identity theft is a term that strikes fear into many people, with stories of credit card fraudsters, Tinder swindlers, celebrity impersonators and assassination plots making head­lines around the world. And while these may be extreme cases, for those looking to steal identities, the opportunities have never been greater.

Today we spend more time online than ever before — eight hours a day, according to F‑Secure’s Living Secure report — sharing personal information across multiple accounts. But with so much of our information being shared digitally, the risk of it being exposed in a data breach also increases, which is often the first step when falling victim to identify theft.

Personal information, billing data, health records, or data of a sensitive nature has high value in the dark market, explained Patricia Dacuno, Senior Threat Researcher at F‑Secure. Attackers can use such data for taking over accounts, stealing money from bank accounts, and identity theft. And attackers can create fake profiles and commit more crimes such as scams and phishing.

What is identity theft?

According to Experian, the world’s leading credit reporting company — which aggregates the financial information of over a billion people around the world — identity theft occurs when someone steals your personal information or possessions so they can use your identity.

However, an important point to remember is that, in most countries, identity theft only becomes a crime when it leads to financial loss or other offenses.

The use of another person’s identification details (or the use of false identification details), often referred to as identity theft, is not in itself an offence in law, according to the UK’s National Fraud Intelligence Bureau. It is the action that is undertaken, using those identification details, that needs to be considered in respect of whether an offence has occurred.

This is also the case in Finland, where Victim Support Finland explains that identity theft is not punishable, as referred to in the country’s Criminal Code, if it does not cause financial damages or any harm to the victim.

Sadly, this has become a contentious issue in many countries, as victims of identity theft can often struggle within the legal framework’s definition of what constitutes a crime. This has resulted in prevention becoming one of the most important factors, where identify theft, and the potential for criminal activity are concerned.

How common is identity theft?

According to the Federal Trade Commission, cases of identity fraud — when identity theft results in a crime — increased from 270,000 to 1.4 million in the U.S. between 2012 and 2022, which is a rise of 518%.

And once you consider the fact that most identity theft crimes never get reported — whether as a result of embarrassment, lack of evidence, or victims simply not being aware that an offense has taken place — some organizations believe that the number of identity fraud cases could be ten times higher than official statistics show, affecting one-in-20 people (around 15 million U.S. consumers).

How to protect your­self from identity theft

Before you can become a victim of identity theft, criminals first need to steal your personal information, such as your name, phone number, date of birth, social security number, address, and credit card number. The main way they do this is by accessing online accounts with poor security, which makes locking down your accounts more important than ever. By following the simple steps below, you can protect your personal information, and greatly reduce the risk of identity theft:

• add your email address to 24/7 breach monitoring in your security app;
• use unique pass­words (created with a strong pass­word generator) and two-factor authentication;
• use anti­virus soft­ware that monitors banking and shopping;
• be careful when opening links and attachments;
• and use a VPN on public Wi‑Fi networks.

(Read F-Secure’s full guide on ways to avoid identity theft.)

10 signs of identity theft

While protecting your online accounts is the most effective way to avoid identity theft, you should also be aware of the key warning signs. They will help you know what to look out for, and enable you to respond quickly, ensuring that any damage is minimized. Key factors to be aware of include:

• your personal details being exposed in a data breach;
• applying for state benefits and being told you are already claiming them;
• new accounts appearing in your credit report;
• finding malware installed on one of your devices;
• spotting outgoing payments for goods and services that you didn’t make;
• getting unexpected calls or visits from debt collectors;
• seeing a sudden drop in your credit score;
• being denied credit with no previous issues;
• noticing that financial documentation stops arriving at your home;
• getting a call from your bank notifying you of suspicious payments.

Spotting a breach and financial irregularities

Following a data breach, compromised user credentials often circulate on the dark web among scammers, who collect or pay for them in order to monetize your details in some way. Monitoring these data breaches is one of the main ways that you can determine if you are a victim of identity theft. You can use a manual tool such as the F‑Secure identity theft checker to pinpoint breached data, utilizing F‑Secure’s dark web scanning and threat intelligence.

However, while an online checker is a great way to perform manual scans, a more proactive approach is to consider automated 24/7 identity monitoring, such as that available in F‑Secure Total, which will automatically look for breaches and notify you of any that include your details.

As well as monitoring breach data, you should also review your bank statements on a regular basis, looking out for any irregular payments or activity. In most countries you can also request information on your credit rating, without it having any impact on your overall credit score (UK guide / US guide / Finnish guide).

What to do if you suspect identity theft

If the worst does happen, and you suspect that your identity has been stolen, don’t panic, and don’t blame your­self. Data breaches happen all the time. And, unfortunately, no matter how effective your personal online security is, some­times you can’t prevent attackers from stealing your private information.

The following checklist provides some basic steps that you should take following a data breach:

1. Change that pass­word — and any similar pass­word.
2. Delete any stored bank or credit card details on other services.
3. Call your bank and cancel any affected cards.
4. Consider temporary credit cards (US only).
5. Use a pass­word manager.

(For a more in-depth overview of what to do following a data breach read the following post: 5 ways to minimize your risk after a data breach alert.)

The most important thing to keep in mind is that you shouldn’t feel singled out if your details are included in a breach, because just about every­one who uses the internet will eventually end up in the same circumstances. But, if you follow the steps in this guide, you should hopefully be prepared for every eventuality.