ESET Online Help

Search English
Select the topic

Identity Theft

Identity theft is a criminal act in which an attacker fraudulently obtains a victim's sensitive data and then impersonates the victim. The motivation is, of course, financial gain.

An attacker steals sensitive data, such as a password, ID number or payment card details, and then uses it in a fraudulent act, impersonating a given person or authority. The sensitive information obtained is misused for illegal purposes, including loan applications, online purchases, or access to the victim's medical and financial information.

How does it work?

Identity theft is closely related to social engineering techniques used to obtain a victim's sensitive data. For example, profiles on social networks and other popular services are an excellent source of sensitive data.

When an attacker collects enough sensitive data, they can try to imitate the victim's identity for various activities, such as applying for a loan, buying goods on the internet, withdrawing money from an ATM, and so on.

If the fraud is successful, the victim will contact the user whose identity has been misused. They usually have no idea that something similar has happened, yet they have to face all the consequences—accusations, loss of reputation and finances.

How to protect yourself?

Secure connection—If you need to use applications and programs on the internet that work with sensitive data, always connect to a secure network. Public Wi-Fi networks in shopping centers are definitely not suitable.

Device protection—On Windows, Android and macOS devices, you should use a quality security solution from a proven manufacturer. Today's "antiviruses" contain a variety of technologies that protect against various types of threats on the internet, not just viruses.

Other types of ways to protect yourself

Beware of Phishing—Learn to spot these social engineering techniques.

Use strong passwords—Secure and strong passwords are the foundation of computer security. Password managers that automatically generate secure passwords can help. Another important rule related to passwords is never to use the same password for multiple services. Suppose the password is leaked, which may not even be an error on the user's part. In that case, the attacker automatically gains access to other services where the user uses the same login name and password combination.

Checks accounts—Regularly check your bank accounts for outgoing payments and suspicious money movements.

Be careful with sensitive data—Always factory reset the device when selling your phone or computer. Sensitive data will be deleted.

Only share some things—Social networks are a very good source of information about users. Always think before you post something on your profile.