Protecting Yourself Against Identity Theft & Fraud

A Guide For Millennials

Credit Cards
Credit Cards

We’re living in a technological age, where storing our data online has become the norm. But how safe is the information we’re putting on the internet? Theft and fraud are becoming a greater threat, as more people look to exploit technical loopholes to gain access to vital information.

But how do you prevent such attacks? This resource will provide you with advice on how to safeguard against potential invasions of your personal information. From understanding how you could be targeted, to strengthening your security measures, let’s find out everything you should be doing to protect yourself against attack.

Introduction to
identity theft

What is identity theft?

Identity theft is the term used when someone gets hold of your personal information and uses it to impersonate you. There are a number of reasons someone might want to get access to this information.

Credit Card

Opening a new credit card, loan or bank account in your name

Cash Machine

Using your existing bank account to withdraw funds

Mobile Phone

Ordering a new mobile phone


Using your details to prevent an arrest

Identity theft is often committed with the purpose of financial gain.

A fraudster is able to get away with initial purchases and transactions because a bank won’t immediately be able to tell it isn’t you using your card or account details.

That’s why it’s important to monitor all the money that’s coming in and going out of your account.

What is online fraud?

Online fraud is the name given to various means of deception which result in you accidentally giving out personal details about yourself over the internet.

It’s through online fraud – also known by the likes of consumer cybercrime, internet fraud and e-crime – that criminals are most easily able to access your private data.

The increased risk has largely developed as a result of how much time we spent on the internet in daily life. What’s more, most people don’t realise the very real threat which is waiting for them online.

Figures and statistics

This newfound reliance on the internet is perhaps no better exemplified than by the most recent statistics released by Cifas (one of the leading fraud prevention organisations in the UK).

They found as many as eight out of every 10 instances of fraud now occur online. With those numbers in mind, it’s perhaps no surprise that in just a year there was a 27% rise in the number of people being targeted in the 14-24 age range.

An 11% rise in the number of fake bank accounts

A 35% increase on the number of fraud victims aged 60 or older

Over 189,000 recorded cases of online fraud (an 8% rise on the amount being reported the year prior)

As many as 95% of the cases reportedly saw a fraudster directly pretend to be their victim (either over the phone or via messenger services)

The use of plastic cards was the most prevalent form of identity theft employed, with 82,608 reported cases in 2018 alone – that represented a 41% increase on the previous year

The stats show a clear trend – under-21s and over-60s are those most commonly targeted for online fraud.

This makes sense, with these demographics arguably being the most naive to the potential threats that lie hidden on the internet.

But while that middle age bracket are statistically safer, it’s wrong to take your online safety for granted.

The impact of online
theft and fraud

Identify theft doesn’t always just impact you in the short term. Sometimes it can have long-lasting repercussions which affect you later in life.

The long-lasting effects of identity theft

While it isn’t always the case, sometimes after the initial issues have been dealt with, there can be longer lasting problems which people have to deal with. These include:


Financial instability

While you can eventually work to recover the money you’ve lost, there will be a period where the funds you’ve lost won’t be in your account.

There’s also the potential impact it can have on your credit score. Thieves will often take out a new credit card in your name and fail to ever make payments.

In order to recover your score, you’ll need to:

  • Contact your bank and inform them what’s happened
  • Reach out to a credit reference agency like Totally Money
  • You might also want to reach out to the Royal Mail customer enquiry number if you think your identity was stolen via post
  • Banks have a duty to reimburse you with the money you lost, but only if you can prove you didn’t show negligence when your details were taken. This can also be a lengthy process, sometimes taking months.
Woman Illustration

Mental health

Perhaps unsurprisingly, the longer-lasting effects of identity theft are the emotional scars which are left behind.

Aside from the initial anger, stress and panic which goes hand-in-hand with any financial irregularity, you’ll also have a heightened sense of anxiety about your general safety.

A study from the Identity Theft Resource Center found that:

  • 60% of people reported feeling extreme levels of anxiety after identify fraud
  • 42% feared for the safety of their family members
  • 8% even went as far as to say they felt suicidal after their identity was taken
  • Losing large amounts of money can be devastating. Even if you know you’re getting it back eventually, there’s still a huge emotional burden placed on you.

Losing large amounts of money can be tough. But don’t worry, you will be able to get it back eventually. While short-term stress can be a factor before your money is returned, there are a series of coping techniques which help you manage the situation.

Doctor Illustration

Physical problems

This is something which is less immediately obvious. But, shockingly, the same survey showed people were experiencing physical ailments as a direct result of the stress caused by theft.

Their stats showed:

  • 39% of victims lacked the inability to focus after identity theft
  • 29% reported stress-related conditions such as body pain, sweating and heart pain
  • 41% experienced heightened trouble trying to fall asleep
  • 10% of those surveyed went as far as to say they had to take time off work because of these physical conditions

While most of these problems will pass as stress levels lower, they can have a greater impact on your life. The survey also found that as many as 44% of people lost out on an employment opportunity as a result of a stress-related physical impairment.

What can a thief do with stolen personal information?

Credit Card

Opening credit cards, bank accounts and loans

With even the most basic of information, such as address and date of birth, a thief can open up a bank account or take out a loan on your behalf.

Using this, they could be able to spend excessive amounts of money through a hidden identity – yours.

Richard McCarthy was the victim of such an event. He lost more than £3,000 when someone opened a current account in his name.


Hijacking an existing account

If a criminal gets access to your pin and credit or debit card, they might be able to make payments using a bank account you already have set up.

In an age where contactless payments can be made on most purchases under £30, it’s easier than ever for this type of attack to take place.

Couple the knowledge of a pin with a card itself and a fraudster could get practically unlimited access to your funds.


Utility accounts

In extreme cases, a fraudster can even open up a utility account in your name. They’ll use this to avoid paying for water, gas and electric.

This is a risky move on their part as it’ll tie them down to one location if they are caught.

Ways that thieves
can target you

Thieves have devised many ways to trick people out of their hard-earned cash. Let’s look at some of the most common.


Traditional methods

Fraud did exist long before the use of the internet became so prevalent.

Most commonly, this would consist of intercepting mail, going through someone’s rubbish or even physically stealing from the person being targeted.

It would be wrong to suggest these styles of identity theft are a thing of the past. But, as the Cifas study showed, they now account for just 20% of all recorded cases of fraud.



It’s not always about tricking you into making a mistake online. Sometimes a social media or bank account could be hacked without you knowing.

There are a number of ways hackers can use online tools to gain control of your accounts. From tools which generate millions of potential passwords in seconds, to programs which search for unprotected pathways that allow easy access.

Once they have control over your computer system, it’s easy to find private information which can be used to manufacture a false identity.


Contest Scams

Great News, You’ve A Contest With A Top Prize Of £10,000. The Only Downside? You Never Entered This Fictional Competition In The First Place.

Scammers Will Contact You Letting You Know You’re Eligible For A Huge Cash Sum. In Reality, They’re Just Trying To Coax You Into Providing Your Credit Card And Other Person Details In Order To Access Your Personal Information.


Skimming debit or credit card numbers

Skimmers are small devices which are secretly added to card machines. They work by accessing data which is stored in the magnetic stripe of your card.

This holds information like the card number, the card’s expiration date and the name and address of the holder. These are most commonly used at ATMs. Sometimes, a criminal will also place a small hidden camera in the same location to capture someone entering their pin.


Phishing emails and fake websites

Phishing is the name given to any email which is sent with the intent of tricking someone into handing over personal details through the guise of a respected establishment.

A common theme with emails like this would be a fake HMRC account trying to convince you you’re eligible for a large tax rebate. You might also receive a fake email from a bank claiming there’s an irregularity with your account.

In all instances like this, be sure to get directly in contact with the organisation who’re contacting you. They’ll be able to let you know if it’s real or a scam if you’re still unclear.

Make sure to find a contact number independent of the email itself, as this could also be linked to the scammer’s account.



This is the most common method of scammers who reach out to you over the phone. Pretexting is the name used when someone lies to obtain personal information through the guise of trying to help you.

Most often, this will see someone trying to gain access to the types of questions which most banks use as your last line of defence (such as your mother’s maiden name or town of birth).

As with any personal information, it’s highly advised you never give any out over the phone. You can’t see who you’re talking to, so don’t take the risk.

Signs you’ve
been targeted

The best bet for limiting the damage done by identity theft is to catch it as early as possible. This can be hard, as criminals are experts at hiding their behaviour from both you and the authorities.

Initial red flags

Some signs of an attack are more subtle than others. If you notice any of these kinds of activities, there’s a chance you’ve fallen victim to identity theft.


You lose service on your utilities

If you’ve ever upgraded an account on your utilities, or even your phone, you’ll know your old contract will be cancelled as soon as the new one starts.

Despite that, the new contract will often be covered by the same payment method. If any of your services suddenly stop working, it could be that a thief has upgraded your account and is now reaping the rewards of that free of charge.

Receipts for things like tax returns

It’s always reassuring to get a receipt when you make a purchase or file your tax return. Sadly, the opposite is also true when an erroneous confirmation comes through.

If you notice any receipts which you don’t immediately recognise, make sure to do some research into them. Don’t just brush it off as a spam email. It could be a real purchase, just one which wasn’t made by yourself.

Unexplainable amount of spam

Have you noticed an excessive amount of spam in your inbox? While it isn’t a guaranteed sign that you’ve been hacked, it could indicate someone has used your account to sign up to a number of things you’re probably not interested in.

Even if a message doesn’t look like spam, but is unfamiliar to you, do some research in to why it’s appearing in your inbox.

Strange activity on social accounts

At the latest count, there were as many as 2.38 billion active Facebook users in the world. The rise in social users has directly contributed to heightened threat levels on all platforms.

With so much personal information being sent across private messages (it’s not uncommon to send a friend your account details, for example), it’s hardly a shock people are targeting social accounts for easy access to personal data.

Unknown statuses

If you notice any weird statuses or posts being made through your account, you may have been hacked. This includes in private messages to friends.

You’ll be able to check your Facebook login times and locations easily. If anything doesn’t add up, you can take further action.

Changed passwords

You should also be notified when any attempted password changes have occurred on your account. This will happen either by receiving an email or notification from a social media channel itself, or by being unable to log in with what you know is your correct password.

In instances where you can’t regain access to your account, you should be able to contact Facebook, Twitter, Instagram or whatever other channel it is to recover your details. You’ll need to be able to prove your legitimacy.

Mobile Phone

Financial irregularities

There’s a good chance a fraudster will use your details to benefit themselves in some way financially. There are clear signs that you’ve fallen victim to an attack.


Unfamiliar bills and payments

Are there funds which have come out of your account which you don’t recognise? Perhaps the price of a regular payments has risen without warning?

These are both potential signs that someone has been making changes to an existing account without your permission. Always be sure to check with your bank and the vendor in question to see what’s going on. Checks bouncing might also be a sign of untoward behaviour.

Less money in your account

It might sound obvious, but if you’ve noticed you have less money in your account than you’d expect at a certain point, it’s worth doing some investigating.

No two months are ever going to be the same. But if you’ve noticed a significant difference, without any real explanation as to why, it could be an indicator of foul play.

Debt collectors

This is arguably the scariest sign to experience. Getting a call, or even a visit, from a debt collector is likely to cause stress. It’s hard to explain to them why the debt they’re after isn’t yours. After all, this might be the first time hearing about it yourself.

That said, this probably won’t be the first time they’ve dealt with something like this. Just be calm and friendly. And remember, it’s not their fault someone has put both you and them in this position.

Preventing an attack

We’ve looked at the signs of a potential breach of data, but what can you do to stop that from ever happening? Let’s take a closer look at what you can do to heighten your security presence on a number of different platforms.

Steps to strengthen the security of your personal banking

Your banking details control your finances, so letting them fall into the wrong hands could see you losing a great deal of money, even if it is only temporary.

In order to strengthen your banking security, consider:


Using two-factor authentication

Rather than the traditional username and password, think about adding a secondary method (like a code sent to your phone or personal question) to add another layer of protection to your account. As you can imagine, this makes it twice as had to get access to your details.

Change your password or code regularly

And on that note, be sure to change these regularly. Having a new password might be tough to remember, but it makes sure it doesn’t become stale and easy to guess. Also, using different passwords on different accounts means you don’t have to worry about a widespread attack on your personal data should you experience one breach.

Avoiding using public wi-fi

There’s no easy way to see who has visible access to your data when you’re using a public wi-fi system. As a way around this, consider using your mobile provider’s (encrypted) data plan instead of a more public system.

Discuss with your bank how they keep your details safe.

If all else fails, have a chat with your bank about what they do to protect your data. If you’re unsatisfied with the measures they’re taking, there’s always the option of changing who you bank with.

Preventing attack from phishing emails and pretexting

It’s harder to outright prevent an attack from phishing emails. After all, there’s a limited amount you can do to stop someone sending you an unwanted message.

That said, there’s always actions you can take both before and after an email has been sent to limit the potential damage.

Avoid entering data on HTTP websites

Handing your personal data over to HTTP web pages means you’re placing your personal information on a site which has no encryption or password protection. Instead, look for sites which start with https://. These are guaranteed to protect data.

Improve the security on your computer

It sounds like common sense, but people often forget or don’t know when their antivirus software needs to be updated. Make sure yours is always up-to-date. The same goes for your computer as a whole.

Never click on an unrecognised link

If you see a link in an email which you don’t recognise (or understand why you’ve been sent it), never click it. If you’re unsure, try typing the URL into your search bar instead.

Learn to spot the signs

It’s hard to know without question that an email is fake. But there are some signs you can watch out for. Generally speaking, most phishing emails will contain a copy of a real company’s logo, but have odd formatting across the message as a whole.

Lady on Computer

Protecting social media accounts

We’ve already discussed how social media accounts are one of the most common ways a fraudster or hacker will try to target you. As such, it’s important you take all the steps you can to protect yourself.

Mobile Phone

Don’t accept random invites

You’ve probably been told to avoid strangers on the internet since you were a child. There’s loads of good reasons for that, and one of them is that an account could be being used to try and gain quick access to data you share publicly with friends.

Limit third-party app usage

Apps like Tinder, Instagram and even Pokemon Go often ask you to sign up via your Facebook account. Even if you trust the app itself, try to cut down on the amount of personal information you share through them.

Don’t include personal information

People are more willing to give out personal information about themselves on channels where they think they’re only sharing with friends. In reality, once it’s on the internet anyone could theoretically get access to it.

Heighten your privacy settings

Make sure your privacy settings are the strongest they possibly can be. Regularly check these, as social media are constantly changing their privacy terms.

Keep yourself protected on all your social and financial channels by employing these tactics.

What to do if you’re a
victim of online theft

But what do you do once the worst has happened and you notice a breach of your data? While it might be scary, it’s important not to panic. There are steps you can take to recover everything.

Steps to take if you think your identity has been stolen

The first steps you take immediately after you’re aware something isn’t right are some of the most important. The quicker you act, the higher the likelihood of getting your money back.


Contact your lenders and the authorities

Make sure to immediately get in touch with any of the accounts where you’ve spotted fraudulent activity. They should be quick to cancel and send you a new card. It’s also worth contacting the authorities as soon as you can.


Report suspicions

You can report any fraudulent activity to Action Fraud and a UK credit reference agency. The former will help to tackle what’s happened and get your money back, while the latter will do what they can to salvage your credit report.


Register with Cifas

You’ll want to file a protective registration notice in order for all future lenders to see you’ve been a victim of identity theft in the past. This will encourage them to take greater security measures when you make any future credit applications.


Keep a record of all interactions

From the point when you realise you’ve been a victim until the moment you’ve been reimbursed, make sure to keep a contact log. That means recording all interactions. This is important, as it will help you back up any claims you make at a later date.

How to recover money from fraud and identity theft

To get your money back, you’ll need to apply to the bank who your account is with.

Explain the situation, letting them know exactly which transactions were made by you and which weren’t. If it helps, you could go into your local branch and discuss this in person.

It’s important to remember a bank has the right to reject your claim if they feel you’ve been negligent. That means if:

  • If you’ve told someone else your pin
  • If you’ve given another person your password for any account
  • If it’s taken you 13 months or more to make a claim for an unrecognised payment

If a bank does reject you, you have the option of going to the financial ombudsman to launch a formal complaint and appeal.

Where to seek for help and support

While the financial toll of identity theft is obvious, perhaps less consideration is given to the emotional turmoil which can come with a crime of this nature.

Getting help with both the immediate aftermath and this mental trauma is important for getting you back on the road to recovery.

We’ve already seen some of these names popping up elsewhere. But some of the most important providers of help include:

Victim Support

Victim Support

Victim Support was set up with the intent of helping those who’ve been directly affected by a crime getting back on their feet. They have branches which are specific to a number of different felonies, including those who have been the victim of identity theft.

Action Support

Action Fraud

These guys are the primary centre for reporting cyber crime in the UK. If you’ve been the victim of an attack, make sure to get in touch with them straight away. They’re run by the City of London police, so you’ll know your case is being handled by the authorities. You’ll even be given a crime reference number.

Financial Ombudsman

The Financial Ombudsman

We’ve already mentioned how an ombudsman can help you if you need to file a complaint against a bank who are refusing to reimburse you. Ombudsmen act independently, upholding or rejecting your claim after a completely impartial investigation.


Your friends and family

Who better to support you at a troubling time than those nearest and dearest to you? Don’t be afraid to turn to your family and friends if you’re feeling like you need emotional support. They’ll no doubt be happy to help in any way they can.

There are also support networks and forums where you talk through with people who’ve experienced what you’ve gone through in the past. Make sure you’re getting all the support you need at every point of the journey.

Useful links and further information

Want to find out more? Be sure to read our FAQs and and secondary sources to discover more.


Can you get identity theft insurance?

Yes. You’ll be able to take out identity theft insurance to cover you for any reimbursement you’re not given, as well as legal costs which you might face when trying to repair your credit score.

Do criminals only ever want to steal money?

Not necessarily. While this is the most common reason a criminal might target you, there’s also the possibility they could just be trying to assume your identity to cloak their own actions. Using you as a smokescreen, they’ll be able to mask any non-legal activity.

How do I protect my child from identity theft?

The best way to do this is by limiting the amount of personal information you give out about your child. Even if it’s their school asking, be sure to find out why they actually need the info.

Is there a specific demographic who are targeted?

The elderly and those under 24 are the most frequently targeted victims of online fraud. This is as a result of a lack of knowledge of what kinds of threats they’re being targeted with.

Useful links

To find out more about the threat of identity theft, be sure to check out some of these useful secondary reading materials.

The Digital Guardian look at how data is encrypted online:

Lifelock look at five way to protect your child from the threat of identity theft:

The Met Police discuss their approach to Online Fraud:

Tech Jury look at some of the most shocking identity theft stats from 2019:

Which? take a look at some of the most common types of internet scams: