What is Online Identity Theft?

Online identity theft is a crime in which an attacker uses fraud or deception to obtain personal or sensitive information from a victim and misuses it to act in the victim’s name. Usually, perpetrators of such crimes are motivated by their own economic gain.

This guide details what identity theft is, spotting the signs of identity theft, and tips on identity theft protection online.

TRY ESET ON A FREE 30 DAY TRIAL

What is identity theft?

Identity theft refers to a crime committed in order to obtain personal information such as passwords, ID numbers, credit card numbers or national insurance numbers. Cyber identity theft criminals then misuse this personal or sensitive information and act fraudulently in the victim’s name, commonly to apply for loans, make an online purchase, or access the victim’s medical and financial data.

What about identity fraud?

The term identity fraud is sometimes used as a synonym for identity theft, although the concept of identity fraud also encompasses the use of false or modified identity, as opposed to identity theft where criminals misuse someone else's real identity.

What are the different types of identity theft and identity fraud?

There are a number of different ways that malicious sources stealing your identity could be used to commit fraud or theft. While some types of identity theft focus on real-world physical theft, many take place online. These common types of online identity theft include:

Account fraud

Account fraud is one of the primary ways your stolen identity can be used. Criminals will take control of your account using details they’ve taken from you and use this new access to make payments or transfer money.

Debit and credit card fraud

Whether your card is stolen or your details are taken from a database, this type of fraud focuses on using your details without permission. Not only could you lose money, but it could affect your credit score in the long term.

Licence and ID fraud

This may not feel like a form of online identity theft, but driving licences and other personal IDs can be taken in data breaches and used to open accounts in your name, without your knowledge.

Mail and email identity theft

If someone can gain access to your physical mail or your email account, they could find a whole host of personal information. This includes details like account numbers, login credentials, family contact information or addresses. It’s a gold mine for someone looking to commit identity theft.

eCommerce and online shopping fraud

This refers to the situation whereby someone breaks into one of your shopping accounts and uses it to place orders with saved card information. This could either be through data breaches, dodgy redirects, phishing or malware.

National Insurance fraud

A national insurance number can be used to set up all kinds of things in your name, including bank accounts and credit agreements. Always check your credit report to see whether anything suspicious is happening in your name. There’s always a chance of a data breach or hack putting your National Insurance number (NIN) into the public domain.

Senior identity theft

This form of identity theft deliberately targets seniors who may be more vulnerable to phishing or scams, which have been created to take personal data or access bank accounts.

Child identity theft

This is often one of the more insidious forms of identity theft; it’s usually someone known to the family who takes and uses a child’s details to create accounts, or enter into credit agreements fraudulently.

Tax identity theft

A form of fraud in which someone files a tax return in your name, so they can receive a refund.

Biometric theft

With the increase in Face ID and fingerprint scanners in smart technology, this fraud type focuses on stealing biometric identity so cybercriminals can access your sensitive data and bank accounts.

Mortgage or home title fraud

There’s a range of different things criminals may do with your mortgage or home information. You could find mortgages being signed over to other people, houses being sold without your knowledge or else take out equity or another mortgage. These can be very damaging.

How does identity theft work?

Cyber identity theft is closely linked to phishing and other social engineering techniques that are often used to pry sensitive information from the victim. Public profiles on social networks or other popular online services can also be used as a source of personal information, helping criminals to steal identities and impersonate their targets.

When identity thieves have collected such information, they can use it to order goods, take over the victims’ online accounts, or take legal action in their name. In the short term, affected individuals can suffer financial loss due to unauthorised withdrawals and purchases made in their names.

In the mid-term, victims might be held responsible for the perpetrators' actions and be investigated by law enforcement agencies, as well as facing consequences such as legal charges, changes in their credit status, and reputational damage.

According to UK fraud prevention organisation, Cifas, almost 238,000 cases of identity fraud were seen in the UK in 2023 alone, with most victims aged 61 years and over. AARP reported that this caused a financial loss of $43 billion - and that’s just in the US.

Protect yourself from identity theft image

Identity Theft Protection: our tips for protecting your identity online

Secure your connection: When using personal information online, always ensure your connection is secure – preferably via home, corporate network or cellular data. If possible, avoid public Wi-Fi with no password protection. Should you have no other choice, use a virtual private network (VPN) that will encrypt all your communication, protecting you from eavesdropping criminals.
Keep your devices secure: Protect your laptop, smartphone and tablet from malicious software and attackers by using a reliable and up-to-date security solution.

Avoid engaging with untrustworthy messages and websites. Visit our pages about spam and phishing to learn how to spot social engineering attacks that are after your sensitive data.
Use secure password practices: Choose strong passwords that are complex, completely unique and difficult for third parties to guess. ESET’s Password Generator can help you with this. You can also use passphrases as they are easier to remember, or keep all your passwords in a password manager, to store them more securely. If available, two factor authentication is a great way of adding another layer of protection to your passwords. One important note: use a unique password for each account or service you subscribe to. This way, even if attackers are able to obtain this one password, the damage they can cause is limited only to the compromised account (or service).
Monitor your bank and credit accounts: Check your online banking account and credit scores regularly for suspicious activity. This might help you uncover an attack before it causes extensive damage to your finances or reputation. Also, be sure to set limits for your transactions to prevent any misuse of your money.
Be cautious whenever sensitive data is involved: If you want to throw away any physical documents that contain personal information, make sure to discard them safely – by making them unrecoverable or by shredding them. A similar logic applies to your electronic devices: when selling or disposing of old smartphones, tablets or laptops, make sure you have wiped all the sensitive data they once stored.
Ensure you aren’t oversharing: In an era where most users have multiple social media accounts, oversharing can be a serious problem. Even more so when the posts, photos or videos contain sensitive information that might be misused to impersonate you – such as your ID, purchase orders, flight tickets or any similar documents. Avoid posting any of these, as well as too many details about your personal life and history, which could be misused by the crooks to act in your name.
Use credit monitoring and freezes: US users can ask for a credit freeze that will restrict access to their credit reports, making it more difficult for identity thieves to misuse the stolen information. For those outside the US another way to go is to select one of the credit monitoring services that watch for signs that someone is misusing your personal data.

What are the first signs of identity theft?

There are a number of possible signs that could help you spot online identity theft before it goes too far. Be vigilant and keep an eye out for:

Unusual activity on bank statements or credit reports: This could be one of the simplest ways to spot a problem. Criminals could be spending money or setting up accounts in your name.
Notifications of more than one tax return being filed in your name: If your tax data has been compromised they could have filed a fraudulent report.
Maxed out credit card or unusual charges: Your credit card details have been leaked and money spent.
Credit issues: For example, if you are turned down for a credit agreement when you previously had good credit.
Unexpected account or billing changes: This could be receiving bills or account confirmations for things you’ve not set up yourself; criminals may be using your data to set up new accounts. You could also suddenly stop receiving bills or statements by mail or email, which may mean identity thieves have re-routed your bills or statements to themselves using your details.

ESET offers you an award-winning antivirus

ESET HOME Security Premium

Powerful, multilayered protection to encrypt sensitive data, manage passwords easily, secure online transactions and more. A user-friendly solution for enhanced privacy online. Secures Windows, macOS, Android, and iOS devices.

Buy now

Try For Free