Identity theft is very common in Britain today. Fraud accounts for 40% of crime in England and Wales, and 64% of those cases are identity fraud, according to official figures.
Research by the cybersecurity watchdog National Cyber Security Center (NCSC) found that 80% of fraud is now “cyber-enabled”, where criminals scour the internet for information on people before stealing identities and committing fraud.
In an age where people frequently share personal information online, what are the biggest mistakes they can make that lead to identity theft? Yahoo News spoke with some of the leading cybersecurity experts.
Share images that show who you are
Think carefully before sharing images like concert tickets or yourself at work on social media, advises Javvad Malik, chief security awareness advocate at KnowBe4.
“Social media users may be excited about going on vacation or going to a concert or event, but taking photos of boarding passes, concert tickets, or the like can reveal information such as names, date of birth, or addresses, not to mention lets criminals know you’re not home,” says Malik.
Sharing an image of your workplace can reveal large amounts of potentially identifiable information that could also expose you (or your employer) to cybercriminals.
Sign up for thousands of online services
Every time you sign up for an online service that requires your name, address, or phone number, the risk of these details being leaked in a cyber breach increases. You should avoid giving this information unless it’s really necessary, Malik warns.
You should also be wary of sites that ask for details such as full name, date of birth, address and mobile phone number as a condition of registration. It notes: “For non-essential accounts, users should not feel the need to reveal this information when it is not legally required.”
For “less important” online accounts, many of us still use very obvious passwords, like football team names or mascots.
The NCSC found that the password ‘Liverpool’ had been used 280,723 times and ‘Chelsea’ 216,677 times in just one set of passwords leaked from major cyber breaches.
Simon Newman, co-founder of Cyber London and member of the International Cyber Expo Advisory Board, says: “Many people still use the same password for multiple accounts. Setting up two-step verification (2SV) is one way to ” “double check” that you are really the person you say you are when you log in to online services, such as banking, email, or social media.
“Setup only takes a few seconds, but it makes it much more difficult for the cybercriminal to access your accounts.”
Completing seemingly innocent questionnaires online can give criminals enough information to create a false identity, warns Brian Higgins, security specialist at Comparitech.
Higgins says: “A famous example on Facebook a while ago was: ‘What’s your hobbit name?'”
“There are a lot of things going around on other platforms today asking for images (‘post your 90s self’, etc.) that are clearly designed to create more sophisticated deepfake content.”
Using public Wi-Fi hotspots
Unsecured public Wi-Fi hotspots can pose serious security risks, warns Chris Hauk, consumer privacy advocate at Pixel Privacy.
Hauk says, “Many people also use unsecured routers, whether at a Wi-Fi hotspot in a coffee shop or at home. Many Wi-Fi hotspots are not password protected for convenience of use.
“Unfortunately, this means that unless you are using a VPN, your online activities could be monitored or intercepted.”