Identity theft on the Internet – how to act correctly

If someone uses your personal data on the Internet, it can be expensive. Read our tips on how to protect yourself from identity theft and how those affected can react appropriately.

With a stolen identity, strangers can do you serious harm. For example, by signing subscriptions and other contracts, making purchases or creating user accounts in their name. Those affected usually only notice the identity theft when invoices and reminders arrive or debits are recorded on the account.

Protect your digital identity

  • Be sparing with information. Think carefully about which site you reveal information about yourself. If you use social networks, create your own groups there. You will then share different things with close friends than with work colleagues.
  • Don't accept every friend request. Instead, network with people you've actually met before. 
  • Stay sparing with public identities. For example, use a different email address for entering sweepstakes or discussion forums than you do for work or communicating with friends.
  • Keep your devices up to date and make regular updates.
  • Use virus scanners and the firewall of your systems.
  • Never click links in emails from unknown senders and do not open file attachments if they are from an unknown person.
  • Make sure you use strong passwords or even better use 2-factor authentication.
  • Use individual passwords and usernames for different services.
  • Before entering sensitive data such as address, date of birth or payment details, be sure to check a store for reliability.
  • Make sure that no one is standing behind you when you enter sensitive data.
  • Be sure to use a secure connection when you're on the road.
  • If you want to sell, give away or dispose of a device, make sure that it no longer contains any personal data. 

How to find out if your identity has been stolen

If there are more signs that your identity has been misused, it is usually already too late. It is therefore advisable to find out whether personal information has already been published on the Internet, for example on the Darknet. Use the security test of the BSI or the security check of the Hasso Plattner Institute. All you need to do here is enter the e-mail address that is to be checked. The response will tell you whether any data has already been made publicly accessible, and if so, which.

How to react correctly

If you have reasonable suspicion that your personal data has been stolen. Proceed as follows:

  • Change the access data of all your user accounts at all online services and offers. 
  • Inform friends and acquaintances about the data theft so that they critically check messages from you or alleged posts in social media in the future. 
  • Check all your devices for viruses and pests with up-to-date programs. 
  • Check your bank statements and credit card statements more closely. Keep an intensive eye on the documents, even over a longer period of time, to detect unauthorized charges more quickly. 
  • Obtain a current statement from Schufa. This is the best way to detect transactions that you did not initiate.

If the criminals were successful despite all precautions, the victim will have to go through an annoying and tedious process. 

  • Go to the police and file a complaint. This is also recommended for liability reasons.
  • Do not sit out reminders and inquiries from retailers, but seek dialog. If in doubt, seek the help of a lawyer.

Of course, no one is liable for the actions of others, but the victim must prove in each individual case that he or she was not the originator of the order, the criminal store or the defamatory statement. 

And that can incur costs, for example if a lawyer is called in to help. Such risks can be mitigated by cyber insurance, which often includes automatic monitoring of the darknet. This is where compromised data is searched for (for example, owlDetect).

Further reading