ID theft – what happens when someone steals your identity

Features
By
published

Learn how to fight back against ID fraudsters

An illustration of a hooded hacker with an obscured face holding a large fingerprint against a red background.
(Image credit: rob dobi/via Getty Images)

Imagine waking up with a message from a loan company you've never heard before about a missing payment. Or, heading to your banking app only to find your account empty. You might even discover someone is accessing your social media account, messaging your friends, and sharing your intimate pictures with people you know. The worst part – you have no idea how all this happened, or who's behind it.

This is the nightmare millions of people who lose their online identities experience every year. In the UK alone, ID theft crimes accounted for 64% of all fraud cases reported to the Cifas National Fraud Database (NFD) in 2023 – a rise of 13% from the previous year. In the US, the Federal Trade Commission (FTC) received over 1.4 million reports of identity theft in 2022 alone, recording over $10 billion in fraud losses the year after.

While the rates of cybercrime and ID theft incidents keep soaring and going mainstream – think at the famous Tinder Swindler Netflix documentary, for instance – we most seem to think this would never happen to us.

I spoke with ID theft experts to understand how these crimes occur, their impact on victims, and the steps to restore a stolen online identity.

The best cheap VPN: Surfshark

The best cheap VPN: Surfshark
The first rule of regaining control over your data is minimizing the information you share online. Surfshark is one of the best VPN tools on the market that can help you do that. For as little as the equivalent of $2.19 a month, you'll get premium privacy across unlimited devices. Take Surfshark for a test drive, and it offers a 30-day money-back guarantee.

▶ Read more in our full Surfshark review

PREFERRED PARTNERView Deal

How criminals steal your identity

While fraudsters and scammers have always existed, today's digital landscape is making things easier for criminals who want to profit at the expense of their victims.

"As we've all moved online, clearly identity fraud has changed, moving from stealing [physical documents] to stealing online data," James Farrell, former detective Inspector in the London Metropolitan Police and Associate at cybersecurity law consulting firm CyXcel, told me.

Below are the main ways criminals steal your identity nowadays:

  • Data breach. Year in and year out, these incidents have grown in size and frequency, increasingly targeting consumers' data. Think about all the 500 million users' data compromised in May last year when Ticketmaster was breached. Once the data is stolen, it ends up on the dark web where it's traded among other criminals. "The next thing you know you've got bank loans taken out in your name," said Farrell.
  • Phishing messages. This refers to malicious texts or emails that seek to trick you into tapping on a dangerous link. Phishing is still one of the most popular ways to inject malware on a device, including those aiming to steal all your information – whether this is your bank details, credit cards, pictures of your documents, private photos, or account log-ins.

Phishing

(Image credit: Vektor Illustration/Shutterstock)
  • Impersonation phone scams. In many instances, criminals may call victims pretending to be their bank, the police, or even a legitimate employer looking for staff to trick people into revealing their personal details on the phone. Worse still, AI voice-clone scams are on the rise, too. Here criminals use a large language model to imitate the voices of loved ones asking for money.
  • Malware bot log. According to research by NordVPN, at least five million people have had their online identities stolen and sold on bot markets for $6 on average. This growing threat has already affected 125K Americans, with hackers selling webcam snaps, screenshots, up-to-date logins, web cookies, and digital fingerprints.
  • Mobile phone snatch. While the web gives criminals a lot of ways to steal people's online identities, some may still turn to more old-school methods. In big and busy cities like London, criminals often use bikes and mopeds to snatch mobile phones from their hands. And just like that, they have access to all the victim's valuable information, like personal messages, emails, card details, pictures, and more.

Not only a financial loss

ID theft cases have a big toll on victims, spanning from credit losses to emotional distress and reputational damage. The most obvious impact is, however, on people's finances. As Abu Kibla, Managing Director at Stuart Miller Solicitors, puts it: "There has to be some sort of financial benefit for those who commit the offenses, otherwise why would they do it?"

Criminals may achieve this by emptying victims' bank accounts, opening up loans to their name, or blackmailing them to share their most private photos or other secrets.

The legal journey to get compensated for your losses is anything but easy, as fraud investigations may last months or years. Worse still, Kibla explains, oftentimes criminals operate from outside the jurisdiction. This makes it almost impossible for local police to investigate and catch the perpetrators of this crime.

Impunity is, perhaps, one of the biggest strengths behind ID theft schemes. "Unfortunately, if you don't have some sort of insurance, or the person hasn't been caught right away, then the chances are you're never gonna get your money back," said Kibla.

Woman shocked by online scam, holding her credit card outside

(Image credit: Shutterstock / EugeneEdge)

While for criminals this is just business, for victims losing the money often amounts to only half of their problems. Even when they manage to get compensation for their losses, they can continue feeling vulnerable for months to come not knowing why it happened and when it will be done for good.

"The victim is always going to be out of pocket really," Farrell from CyXel told TechRadar. "It's the fear that's going to continue. Criminals are inside their laptops, inside their phones, they've got everything. It may not be that day, that week, or month when they decide to take advantage of the information they've got."

What to do to restore your stolen ID

If you have reason to believe your identity has been stolen, you must act quickly. "The longer you wait, the less chance you have of stopping it," said Kibla.

For starters, you need to check your bank statements and contact your bank straightway to make them aware of the situation.

You then need to change all your passwords and PINs across all your accounts and devices to prevent unauthorized access. If you cannot access any of your accounts – criminals may change credentials when they manage to compromise them – you have to contact the company offering the online service.

You also need to report the crime to the police as soon as possible so that the criminal investigation can begin.

Getting your money back may be very difficult. This is why cybersecurity software providers are increasingly offering ID theft protection alongside their VPN or antivirus software.

TechRadar's top VPN pick, NordVPN, launched last November its NordProtect bundle to help users recover and restore lost identity assets. This includes coverage of up to $1 million to cover identity theft recovery costs and up to $100,000 in cyber extortion protection, alongside 24/7 ID scans to minimize these incidents from happening in the first place.

While the service is available for the US only at the time of writing, Tomas Sinicki, managing director of NordProtect, told TechRadar the company plans to expand it to other highly impacted countries, including the UK.

The longer you wait, the less chance you have of stopping it"

Abu Kibla, Managing Director at Stuart Miller Solicitors

Prevention is, however, crucial to reducing the chances of falling victim to ID theft in the first place. ID scans and credit monitoring tools are an easy way to stay informed of any malicious activities as they occur.

Securing your accounts is also crucial to prevent criminals from compromising your credentials, I strongly recommend turning on two-factor authentication whenever possible.

The more data you share online, the more chances you have for your identity to be stolen. This is why you should avoid as much as possible to put your information and device at risk.

Using a virtual private network (VPN) is recommended every time you connect to a public Wi-Fi because these hotspots can be used by hackers to infect your device. Tools like Surfshak Alternative ID are also advantageous as they enable you to sign up for new services with a fictitious identity and email address.

Abu Kibla, Managing Director at Stuart Miller, also recommends never saving your card details on any sites. That's because criminals can access these card details and sell them.

He said: "Whether you're using Amazon, Tu, or any similar online shopping platforms, just enter your card details every time you want to make a purchase rather than having them saved there."

Chiara Castro
Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com