Here’s how to beat the identity thieves
◆ The online scammers may have gained access to your details, but don’t panic, writes expert Martyn James
e are nearing the season of shopping and my postbag is filled with questions about scams and staying safe online. Many readers getting in touch are particularly worried about fraudsters seizing their identity.
Fortunately, as I’m currently deep into filming the latest season of Rip Off Britain for BBC One, I’ve been able to commandeer fellow TV expert and technology specialist David Mcclelland for his tips and advice on identity scams and how to protect yourself.
What is identity theft?
Identity theft occurs when fraudsters get enough information about you to create a fake you. This might involve applying for a credit card in your name or hijacking your bank account. David tells me: “The most frightening thing for many identity theft victims is that by the time they find out their identity has been stolen or cloned it may feel like it’s too late to do very much about it. But don’t feel helpless, there’s a lot you can do.”
ID theft often occurs because of data breaches by big businesses. Frankly, it’s outrageous how many major brands have allowed our private information to get hacked as a result of their poor security. Leaving that aside, websites like ‘Have I been pwned?’ can help you check if your email or phone data has been compromised, but there’s no definitive register for hacking victims to consult.
Another big source of data theft is phishing. This is where scammers try to get us to click on links sent by text or email (never do this) or trick us out of our passwords or bank details.
Watch out for oversharing on social media, though. That app that tells you what kind of Harry Potter wizard you are may be designed to steal your personal data. Take obvious precautions, like removing your birthday from your profile and locking down your accounts.
What can I do if my identity has been stolen
Here’s some positive news. Businesses are generally familiar with patterns that indicate fraud, so getting help shouldn’t be as challenging as you might think. You’ll need to make a complaint, so gather up some proof.
Note down if the fraudster has gained control of certain types of personal data. These are; contact information (phone numbers, your address, email), financial information (bank or credit card details, online bank systems) and passwords, PIN codes and ID confirmation information (such as your mother’s maiden name).
Spell out what the scammer is doing with your personal information. Are they trying to get into your bank or financial websites, use online retailers to go on a shopping spree, hijacking your email and social media sites to “phish” your friends or applying for new financial services like credit cards or phone contracts?
Tell your bank, card provider and other financial services about them urgently. Go through all your accounts and identify any payments you haven’t authorised. The business will explain what happens next and how they will prevent further fraudulent transactions.
Change your passwords and enable “two-factor authentication” for any of the main online accounts that have been compromised (email, banking, payment services, social media). You might want to use an online password manager service if you’re worried about remembering this information. It’s much easier to use one of these than you think!
Tell your friends, family and colleagues so they know your accounts may have been compromised and can ignore any questionable requests for help, money or “innocent” links they might get sent.
Notify Action Fraud and the police. Yes, they’re overworked but if we don’t do this the scale of fraud goes unreported. It also proves to the businesses you genuinely have been defrauded.
Contact credit reference agencies. There are only three – Experian, Equifax and Transunion – so it’s simple to do this. You don’t have to pay – reporting fraud is free. They can “disassociate” you and your address from any fraudulent activity.
Change passwords and enable ‘two-factor authentication’ for compromised accounts