1. Home
  2. Car insurance
  3. Car insurance guides

Identity theft: what it is and how to protect yourself

Cases of identity theft are rising as the UK returns to normal following the coronavirus lockdowns. There are lots of types of identity theft and here we investigate the most common. From how to prevent phishing, to getting money back if it’s stolen from your bank account we answer your questions to help you avoid being a victim. 

Identity theft

What is identity theft?

Every year billions of pounds are lost through identity fraud and many people aren’t aware they’ve become a victim until it’s too late. 

There was an 11% rise in identity fraud in the first six months of 2021, compared to the same period in 2020, according to the latest Cifas Fraudscape report.

A similar rise was seen in the aftermath of the 2008 financial crisis as the economy began to recover.  

There are lots of different ways criminals might access your details and they’re forever coming up with new ways to do it.

Phishing, where fraudsters pose as genuine companies to and trick you into parting with your personal information, is well-known.

And people are increasingly aware of smishing, when it’s done via text messages.

Some criminals could even steal your information from discarded letters or from lost or stolen ID cards.

With these details, they could then open bank accounts or take out loans or credit cards in your name.

In this guide we explore the different methods of fraud and arm you with the tools to protect yourself against these crimes.

 

Types of identity theft 

There are several different types of identity theft and it’s important to know how each works, so you can protect yourself against them. 

 

What is phishing?

Have you ever received an email from your bank asking for you to confirm your details via a link? If you have, it was likely a scam.

It might have also claimed to be from HMRC or your local council offering a tax rebate. 

The email often has an instruction in it, claiming that you need to either 'verify' or 'update' details, or 'reactivate' an account.

There’s usually a sense of urgency around when you complete this task and it might require downloading a link or visiting a website.

However, this is a type of fraud called phishing. It’s a way con artists might scam you out of your money.

If you then disclose personal information, the criminal could use your details for fraudulent purposes.

 

What is spear phishing? 

Phishing and spear phishing work in the same way, a fraudster contacting someone pretending to be another company. 

However, phishing is usually quite random and messages are sent out to thousands of contacts at the same time. As they’re sent to so many people, the hope is a small percentage might respond.

With spear phishing the messages are usually sent to fewer people and are far more calculated. So, the chance of someone being conned by one of these messages might be higher. 

 

Phishing examples

A phishing message could come from any number of companies but often they might be from your bank or HMRC.

HMRC regularly warn consumers of phishing and smishing scams where fraudsters contact people promising tax returns or refunds. 

In fact, in the 12 months to 30 April 2021, HMRC responded to more than 1,154,300 referrals of suspicious contact from the public. More than 576,960 of these offered bogus tax rebates.

Fraudsters have also used the coronavirus pandemic to con people out of their money.

They’ve done this by sending fake emails, pretending to be from the NHS or the government, persuading people to part with their personal details.

 

How to prevent phishing

The main indicator of a phishing scam is a company you know sending you an email, usually out of the blue, asking for you to do something. 

A major red flag should be if they ask for your personal information, like your account login details or bank details. Or if they want you to click a link within an email, or download something.

They also might have a vague greeting, like “Dear Sir/Madam” or “Dear Customer” instead of your actual name. 

If you suspect an email of being spam, never forward or open it, and don’t follow any links contained within. They might ask you for your personal details via this method.

If you’re on any website, the address should begin with ‘https’. The email address it has been sent from might seem suspicious and be different to the name of the sender.  

Look out for any changes to the bank’s website too, or if they’re asking for more details than they usually do.

If you’re unsure at all, contact your bank (or whichever company it is) the way you usually would and ask it to verify the email.

If you think you've been a victim of phishing, you should contact your bank immediately.

If you’ve received an email you think is fraudulent, you can forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk at Action Fraud.

 

What is smishing?

Smishing is a lot like phishing, but this kind of fraud uses text messages, or SMS.

It’s common for banks and other financial institutions to send customers text messages with balance or activity updates.

Even utility companies regularly use text messages to communicate with customers, as well as delivery services and the Royal Mail.

Fraudsters have exploited this method by sending texts to victims posing as legitimate companies.

These texts are designed to alarm people into acting. They’ll mostly claim that you need to act urgently or you’ll face serious consequences such as a fine or even jail time.

However, reacting to these messages risk giving criminals access to your details. Once they’ve these they could then access your identity and steal your money.

 

Smishing examples

If you receive a smishing message it might look like it’s from your bank or a company you know. It might use alarming or urgent language to scare you into action.

The Bank of Ireland lists common smishing examples on its website including the following: 

“BOI: Your account has been limited. Please follow these steps to reactivate.”

“BOI: A payment was attempted from your BOI account. If this was not you, please visit this link to verify your account.”

 

How to prevent smishing

The best way to prevent smishing is by being aware of what it is and always questioning any communications you receive.

If it’s out of the blue, the language is threatening or urgent, or it’s asking you to click on a link, it could be fraudulent.

If you’re worried, contact the bank yourself via the official website and phone number and ask if the message is real.  

 

What about physical fraud?

Criminals don’t need to access many details in order to steal money from you. 

Documents like your passport and driving licence could give a criminal the tools to steal your identity.

However, even with your name, address, and date of birth criminals might be able to open up or apply for new accounts in your name.

Once they have a password for one of your accounts, they might also access your online banking or email inbox.  

The most common type of fraud between 2000 and 2021 was cheque, plastic card and bank account fraud, according to Action Fraud.

It was followed by online shopping and auctions fraud, then application fraud (excluding mortgages).

If you’ve lost or had documents like your passport or driving licence stolen, then there’s a chance you could be at risk of identity fraud.

 

What should I look out for?

Fraudsters are forever using new tactics to carry-out physical fraud but there are ways to protect yourself.

Be on the lookout for anything out of the ordinary such as:

  • An email with an invoice or a bill of something you haven’t ordered
  • A payment demand for an item you didn’t receive.   

It could be a letter in the post regarding a credit card or loan. If you didn’t set it up, don’t respond to the letter and report it to Action Fraud.

However, fraudsters might also be able to commit fraud without sending anything in the post.

Regularly check your bank statements for anything unusual and if you spot something you don’t recognise, contact your bank.

Your credit record might also alert you to anything dodgy, such as a criminal opening up an account in your name or applying for a new loan. 

If you’re applying for a loan or a benefit for the first time, there’s a chance you might be refused if someone has stolen your identity.

 

Stay alert when using your bank card

Where possible it’s usually safer to use contactless payments rather than getting cash out of a machine.

This has become a lot easier because of the pandemic and most shops now accept contactless payments.

The amount you can spend will also increase to £100 from 15 October for contactless payments. 

If you’re taking money out of a cash machine, keep an eye out for anyone standing near to your or the machine, or looking suspicious.

Some cash machines have a small mirror on them so you can see behind you easily.

Look at the cash machine itself. Sometimes fraudsters fit devices that trap the bank card so they can retrieve these after you’ve left the area.

If your card gets trapped, call your bank's 24-hour help line straight away and cancel it.

Once you’ve finished using the machine, put your cash and card away.

 

If money is stolen from my bank account will I get it back? 

If money is taken from your bank account, your bank should refund this to you if it was stolen through fraud or identity theft.

It should do this as soon as possible after you report the problem.

In some cases your bank might refuse to refund you the money if it thinks you were negligent, such as if you shared your pin or password with someone. 

If this happens you could make an official complaint to your bank, and it then has eight weeks to respond to you.

If in this time it hasn’t or it still refuses to refund you, you could escalate the complaint to the Financial Ombudsman Service (FOS).

It’s a free, independent service and it should look into what has happened and carry out an investigation. 

If the FOS decides your bank needs to refund you, it could order it to do this. But if it agrees with the bank’s decision another option is to take the scammer to court to get your money back. 

If you’ve sent money to a criminal, because you thought you were sending it to a bank or other trusted company, it’s harder to get the money back.

However, it’s always worth contacting your bank as soon as you realise what has happened and asking it to refund you.

 

How to prevent physical fraud 

Personal documents such as your passport, driving licence, recent bank statements and utility bills need to be kept somewhere safe and secure.

If you aren’t using them, store them in a locked drawer or cabinet. 

If you notice anything is missing, or if you’re a victim of burglary, report it immediately and order a new document from the organisation that issued it.  

If your passport or driving licence has been stolen, you can report and cancel it through the government website.

Make sure you shred any correspondence from your bank, bills, receipts or unwanted post in your name once you’ve finished with it.