For many, it’s their worst nightmare: Imagine if criminals were to steal your personal details, such as your name, date of birth, telephone number, address or access details to your e-mail account or other user account and pretend to be you – also known as identity theft. Most people only realise their identity has been stolen when amounts suddenly start being debited from their bank account or they start receiving invoices for orders they haven't placed. What can you do if it happens to you? The number one rule is to stay calm and then act quickly and decisively.
E-mail account: change your access data, contact your provider
If you can still access your user account, change your access data and password immediately. This also applies to other customer accounts where you may have used the same or a very similar password (which of course you should never do!). Then check to see if any changes have been made to your personal settings.
If you find you can no longer access your account because the access data has been changed by the cybercriminals then you’ll need to contact your provider directly and follow their instructions.
You should also tell your personal contacts that your identity has been stolen. After all, it’s possible that the cybercriminals will contact them – even if they only do so a long time after the initial hack. The risk is particularly high that people are the victims of a cyberattack if they receive phishing mails from someone they know. Simply by clicking on an attachment, your contact might inadvertently download malware that can be used to access their devices unnoticed.
File a criminal complaint
If you discover someone is buying things, placing orders or concluding contracts in your name, then you should file a criminal complaint immediately. And not only if there are financial damages involved, but also if someone is disseminating misinformation, libel or illegal content online under a false name. Report identity theft to the police immediately. It is often helpful to show them printouts of all the available information or screenshots of suspicious transactions.
Cancel direct debits, recall payments
Bank customers can cancel unauthorised direct debits and have the amount repaid to their accounts. However, it is also important to contact the payment recipient – the dealer or business – directly and tell them you were a victim of identity theft (and show them the police report).
Stay vigilant
Your personal details may have been given to lots of providers and also used on social media, so if you’ve been a victim of identity theft, stay vigilant and be careful for a long time after the initial hack. Depending how much data was stolen from you, it might be advisable to set up a new email address and use this as your new contact address to avoid further cases of misuse. Since your personal data is stored for all sorts of everyday situations, such as orders, registrations, bookings etc., you need to take particular care over a longer period of time.
Tips on how to protect yourself
- Be particularly careful with your personal data. The rule of thumb here is to limit how much data you give away! Only reveal as much information as is necessary. This applies in particular to social networks.
- Use different passwords for difference user accounts and purposes. This way, if criminals get their hands on your data then they can access more than one of your user accounts on the internet.
- Two-factor authentication offers additional protection, also for e-mail accounts.
- Even though it might be inconvenient: Using stronger passwords and changing them regularly offers additional protection.
- Regularly check your online bank accounts, e-mail accounts and bank statements.
- Also, be careful if someone contacts you via social media, even if it appears to be someone you know. If you are in any doubt, contact the person directly to check whether they really did send you a message.
- Before following a link to an online offer, move your cursor over the link before clicking on it. This shows you the actual web address that the link will take you to if you click on it. If the web address is clearly not the one you were expecting to see, we recommend being extra careful. As soon as you’ve clicked the link and the web address appears in your browser, check it again. Often, only a few letters or characters distinguish a genuine company from a fraudulent website.
