/ Money, Shopping, Technology

Is it too easy for fraudsters to steal our identities online?

Fraud in light bulb

ID fraud isn’t a new problem. We all know we should shred our financial statements, lest a fraudster raids our bin. But with our lives moving online, there are lots of new opportunities for criminals to get our personal details.

And fraudsters can often access our details without needing to get their hands dirty.

Online ID theft on the increase

According to fraud prevention organisation Cifas over 80% of all identity fraud was perpetrated online in the first quarter of this year.

Security experts say you should make sure you keep every piece of software on your computer up to date, not just anti-virus software. Criminals can hack into your computer by exploiting weaknesses and loopholes. And once they’ve done that it’s possible for them to see all of your documents and/or monitor your online activity.

So next time a software update pops up on your screen, rather than feeling irritated and ignoring it (I definitely speak from personal experience here!) make sure you do it. And for anyone who uses apps on their smartphone the same thing is true.

This is not to mention the whole host of vishing and phishing scams that we’re all often exposed to where fraudsters try to trick you into revealing your details over the phone or via email.

And the old fashioned ways are still happening too, so advice about shredding documents and making sure you update your address when you move house remains true.

Protect your details – online and offline

Although you can usually recover any financial losses, and get corrections made to your credit record once you report an incident of fraud, this process can be time consuming and distressing. So it pays to be vigilant with your personal details whether online or offline.

I’m interested in hearing from people who’ve been a victim of identity fraud. What happened and did you ever find out how the fraudsters had managed to get hold of your details? And if you haven’t been a victim of ID fraud, do you have any tips or advice for others?

Useful links

How to get your money back after a scam


The only incident of fraud to affect us was when Everest were fitting new windows in our house and we were due to pay them by card. Halfway through the fitting the bank’s security people contacted us to ask had we ordered £1200’s worth of vitamin tablets. When we told them we weren’t that keen on glossy coats and shining eyes they told us they would cancel the card immediately, but allowed us to pay for the windows prior to cancellation.

This was not, however, from any sort of virus (we use Macs only and there still hasn’t been an active virus for Macs used) but it seems that someone involved in an online trading incident had appropriated our details and was using them . Shortly afterwards, the banks introduced the ‘Verified by Visa’ system and we’ve not had another incident.

But it makes a lot of sense to check bank statements regularly, always log out of your online bank account (never simply close the window), only use banks with discrete keycard security features, use a dedicated browser for all banking transactions and never, ever log onto your bank on anyone else’s computer, especially and specifically a public one. I also avoid public Wi-Fi, for the same reasons.


In respect of Identity fraud generally, we physically burn all our details on letters, parcels, etc., but the online world means – as you point out – it’s so much easier for them to get at your information. Phishing scams, once the preserve of the semi-literate Nigerian-based gangs, are now becoming extremely sophisticated, and we have to change the way we deal with all types of communications from ‘official’ bodies. As I’ve said elsewhere, one very large warning sign has to be if you are ever asked to do anything urgently. In our family, the only person who has that right is a member of our immediate family. Anyone else who contacts us for anything that might possibly involve us agreeing to doing anything at all has to wait. It’s a very simple strategy, yet we know these criminals are adept at exploiting the natural human tendency to want to help immediately.

The other thing that we need to do is specifically in regards to email. Emails can arrive with very ‘official’ looking addresses, but for the criminal or even the opportunist advertisers, concealing the real email address is a doddle. So our rules for dealing with emails are as follows:

1. If any email arrives asking you to do something quickly, don’t. Wait and discuss the email with other people.
2. If an email doesn’t address you by your name, be very, very cautious, even if it appears to come from a company you know well.
3. Use disposable email addresses when initially contacting companies. There are several companies that will provide email addresses, which you can then adapt. For instance, you can open a Gmail account called ‘fred_bloggscleaningservices.@.gmail . com.” That way you’ll know exactly who has that email address so when spam arrives using that address you’ll know who’s to blame.
4. Use your Email client to reveal the address. If an email arrives you weren’t expecting asking you to do something, then either by passing your mouse cursor across the address or by using your browser preferences to reveal the address you can see who it’s really from.
5. Finally, we’re always, always wary of strangers offering free lunches. Income tax refunds, errors meaning we’re due rebates, anything – in short – saying someone want to pay us money. Rule 1 then applies.


Finally, it’s a really good idea to tackle anyone you might know through a club or society who sends emails out to everyone, with all the members’ address on the “CC” line. Ask them if they could put everyone’s addresses on the “BCC” line instead. They don’t need to put anything at all on the “TO” line, or the “CC” line.

The reason for this is that it only takes a single member whose computer has been compromised to open everyone’s email address to Spam. Many of the most common viruses simply use your computer to send all the information in your address and email files to some hidden destination.


This is great advice Ian – thanks for sharing!


It’s a little lonely in here…


@carneades I’ve tweaked the title to see if we can get a few more people here. 🙂


Excellent. I’m Ian, BTW, Patrick. Carneades is my alter ego (tights, cape – you know…)


True, but to alert you with a mention in your profile, we have to use your original username. Now back on topic 🙂