There are few things worse than finding out a complete stranger has stolen your identity and left you potentially facing huge bills and a bureaucratic nightmare.
Every week I’m contacted by readers who tell me that they’ve been the victims of identity theft. So I’ve teamed up with my fellow TV expert and technology expert, David McClelland, to help you understand and avoid identity theft scams.
What is identity theft and how does it occur?
Identity theft occurs when fraudsters manage to get enough information about you to impersonate you. This might be applying for a credit card in your name or hijacking your bank account. Sometimes though, the theft of your identity can be used to commit multiple frauds or high value, audacious schemes.
As David tells me, “The most frightening thing for many identity theft victims is that by the time they find out their identity has been successfully stolen or cloned it may feel like it’s too late to do very much about it. And worse, they are never certain if or when the nightmare might end”. But don’t worry – often there is a solution if you act when you discover the fraud.
One of the most common – and frustrating – ways ID theft occurs is due to data breaches. It’s pretty astounding, but almost every week businesses are hacked or have such lax security that they release our private information. It’s really hard to know which business leaked your info, but free websites like ‘Have I been pwned?’ can help you check things like your email or phone.
Of course, sometimes we overshare our data on things like social media too (lock your profile and remove things like birthdays). CIFAS estimates that two-thirds of all personal information comes from business leaks or social media.
Phishing – where scammers try to get us to click on links or trick us out of our passwords or bank details – is another major source for personal data for fraudsters. However, there are public records too. Let’s not list those!
What to do if you’re identity has been stolen
First things first, it’s easy to feel overwhelmed when your identity gets pinched. But businesses and official organisations are familiar with many patterns of fraud, so you might not have to fight as hard as you think you might have to when seeking help.
You aren’t always going to have all of this information, but see if you can work out if the fraudsters has three key forms of information. Contact information (phone numbers, your address, email). Financial information (bank or credit card details, online payment systems). Passwords, pin codes and ID requirement information, like your first school or mother’s maiden name.
Next up, have a think about what the scammer is doing with that information. For example, are they trying to get in to your bank or financial websites, using retail apps to go on a shopping spree, hijacking your email or social media/communications sites to ‘phish’ your friends or apply for new financial services like credit cards or phone contracts?
David has a great checklist to follow that tells you exactly what to do next:
- Firstly, tell your bank, card provider and other financial services of the problem. Go through your accounts and identify anything you have not authorised. They will explain the process and how they will prevent further fraudulent transactions.
- Change your passwords and enable ‘’two-factor authentication for any of the main online accounts you’ve identified that might have been compromised (email, banking, payment services, social media). You might want to use one of the online password manager services if you are worried about remembering this information. It’s much easier to use one of these than you think!
- Tell your friends, family and colleagues so they know your account may have been compromised and ignore any requests for help, money or links that might get sent.
- Notify Action Fraud and the police. Yes they are overworked but if we don’t do this the scale of fraud goes unreported. It also ‘proves’ to the businesses that you are not faking it and have been defrauded.
- Contact credit reference agencies. There’s only three – Experian, Equifax and Transunion – so it’s dead easy to do this. You do not have to pay – reporting fraud is free. They can ‘disassociate’ you and your address from any fraudulent activity.
Cifas offers a service called Protective Registration that can help limit the impact of identity theft – for a small fee (currently £25 for two years) it can help ensure that extra checks take place should a request to open an account or take out credit be made.
Credit reference may also record a ‘victim of impersonation’ marker against your name to ensure to ensure that applications for credit go through further verification.
Cifas has a useful resource/workflow for people who believe they have been the target of identity fraudsters.
Featured in Mirror – Martyn James