Protecting yourself against online identity theft

by Leeds Building Society

With online identity theft the fastest-growing crime in the United Kingdom, protecting your data is more important than ever.

CIFAS, the United Kingdom’s fraud prevention service, has produced a video that highlights how easily potential fraudsters can access a wealth of personal information online. It encourages us all to think carefully about how much we share, and how it could be used against us.

Data to go: How private is your personal information?

But how do we actually go about protecting ourselves online? The reality is more difficult than you might think. To really stay safe, you need to know:

  • How criminals get hold of personal data
  • What kind of information criminals can use
  • How you can keep it safe from them

How do criminals steal your online identity?

One of the most common methods of identity theft is email phishing.

A phishing email tricks you into parting with personal information by pretending to be from a trustworthy source. Most phishing emails include a link to a website that looks and feels like a legitimate one. Once you follow the link, you might be prompted to fill in personal details, like passwords, personal information, and financial details. Other times, the link may be to a site infected with malware.

Malware is a broad term. It means “malicious software”, and it covers all kinds of damaging software that is installed without the user realising. Downloading malicious files, visiting untrustworthy websites or opening infected email attachments are all common methods of spreading malware.

Once your data has been harvested through phishing or malware, the identity thief can try to fill out the rest of your “online identity” using personal information gathered from social media sites, such as Facebook, Twitter and LinkedIn.

What kind of information can criminals use?

Criminals can use all kinds of personal data to commit identity theft. Most of us understand the need to protect our sensitive data – such as passwords, credit card details and other financial information – but we also need to look after “everyday” personal information, like name, date of birth and address. At times, these details can be just as useful to criminals.

Let’s say someone gets hold of your card details, and they want to use them to buy something online. To do that, they also need to know your name and address. If they want to take out money using your identity, they will need even more information, such as your date of birth and employment history.

In this example, it’s not just your most sensitive information that is being used against you. Think carefully about the personal information that can be accessed online through social media accounts.

How can you protect your online identity?

There are a number of things you can do to protect your online identity:

1. Keep your phone and computer up-to-date. Install software updates when prompted.

Many software updates improve online safety by fixing bugs and providing security patches.

2. Install security software and keep it up to date.

Security software includes firewalls, antivirus, anti-malware and anti-spyware. Having strong security coverage will make you safer, but it won’t make you immune. You still need to be careful about what you download and which websites you visit.

3. Use strong passwords. 

A good password should contain at least eight characters. It should have a mixture of upper and lower case (if the password is case sensitive), and it should include numbers, letters and other characters. Your password shouldn’t contain the personal information of you or anyone you know. Ideally, your password shouldn’t be a common word or phrase (for example, ILoveYou), even if you replace some of the letters with other characters (for example, replacing the letter "a" with @).

4. Use different passwords for different websites. 

That way, if one account is hacked, the hacker won’t be able to get hold of your accounts on other websites.

5. Change your passwords often. 

You should change your password at least once every six months. This is because hackers might steal the passwords of lots of people in one go, then come back to use the passwords later.

6. Be careful about which companies you buy from online. 

If you’ve never heard of them before, read reviews and research the organisation to make sure it’s a legitimate business.

You can also judge if a business is legitimate from its website. When you’re on the page which asks for your card details, look to the left of the website address bar. Is there a padlock or key symbol? Does the URL say “https”? If so, it means the website is using a Secure Sockets Layer (SSL) protocol. An SSL means that the website sends your card details in such a way that hackers can’t intercept it.

7. Learn to spot phishing emails. 

There’s no guaranteed way to identify a phishing email, but there are several things you can check if you suspect an email may not be trustworthy.

First, hover over the link (but don’t click it). Depending on which email client you use, the actual website the link leads to should be displayed in a bottom corner of your screen. If the actual website isn’t the same as the email claims it is, it could be a phishing email.

Other tell-tale signs include poor spelling and grammar, an unrealistically good offer, a request for lots of personal information, an insistence that you urgently click the link and a request for money. However, not all phishing emails will show these signs. A phishing email can have perfect spelling and grammar, for example.

8. Think carefully before sharing personal information on social media sites.

As noted before, personal information from social media profiles can be used to “fill out” a picture of your identity.

9. Check the privacy settings on your social media profiles. The more private, the safer you are.

The more private your profile, the safer you are. Hiding information from people you aren’t friends with is a good idea.

10. Monitor your bank statements regularly. 

If you see anything unusual or unexpected, get in touch with your bank or building society as soon as you can.