Back to Back Issues Page
Watch For Scams Newsletter. Identity Theft
March 10, 2024

Identity Theft

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below:

Subscribe Here

Identity Theft

The German Federal Office for Information Security (BSI) has published a report on The State of IT Security in Germany in 2023, and the number one threat for consumers is… identity theft.

The thing is, you can protect your devices and your online privacy as much as possible, but what happens when some organization which you have trusted with your personal information gets breached?

The report states:

“For consumers, the issue of data leaks was prominent in the reporting period (2023). In many cases, these were related to ransomware attacks, in which cybercriminals extracted large amounts of data from organizations in order to later threaten to publish it unless a ransom or hush money was paid.“

In addition to data breaches, there is the danger of information stealers that allow cybercriminals to obtain various types of personal data, such as login details for various online services, and financial information. The stolen data may also include website cookies and biometric data that can be used by criminals to defraud the victim.

Cybercriminals are also getting better at using this data. For example, the report mentions that on one of the largest underground marketplaces for identity data, cybercriminals offered interested parties a browser plug-in that made it possible to import stolen credentials directly into the web browser, allowing criminals to assume the victim’s digital identity with just a few clicks.

Now, with the mass availability of Artificial Intelligence tools, it becomes so much easier to correlate all these data sets and piece together a complete profile of everyone affected.

As you can see, it’s usually not the victim’s fault that their data become available to cybercriminals. In many cases, there isn’t even that much that they could have done about it. Some services simply are not available in the offline world anymore, and we have no choice than to trust an organization with our information.

So, all we can do is make sure we come prepared to act when a data breach affects us, and keep an eye on how much we share and how much others will be able to find out about us.

What to do in the event of a data breach

1. Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.

2. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

3. Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.

4. Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.

5. Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

6. Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!


Back to Back Issues Page