Five big mistakes that could make you a victim of identity theft

Fraud accounts for about 40% of offences in England and Wales. So are you doing enough to avoid being a victim of identity theft?

identity theft Scam and fraud prevention concept.
Are you making any of these key mistakes when it comes to preventing identity theft? (Getty)

Identity theft is incredibly common in Britain today. Fraud accounts for 40% of offences in England and Wales, with 64% of those cases being identity fraud, according to official figures.

Research by the cybersecurity watchdog the National Cyber Security Centre (NCSC) found that 80% of fraud is now ‘cyber-enabled’, where criminals scour the internet for information on people before stealing identities and committing fraud.

In a time when people frequently share personal information online, what are the biggest mistakes people can make which lead to identity theft? Yahoo News spoke to some top cybersecurity experts.

Think carefully before you share images like concert tickets or yourself at work on social media, advises Javvad Malik, lead security awareness advocate at KnowBe4.

"Social media users may feel excited to be going on holiday or to a concert or event, but taking pictures of boarding passes, concert tickets or similar may reveal information like names, date of birth or addresses, not to mention let criminals know they’re not at home," says Malik.

Sharing an image of your workplace can reveal large amounts of potentially identifying information that could also open up you (or your employer) to cybercriminals.

Every time you sign up to an online service that requires your name and address or phone number, you increase the risk of these details leaking in a cyber breach. You should avoid giving out this information unless really necessary, warns Malik.

You should also be wary of sites that ask for details such as full name, date of birth, address and mobile number as a condition of signing up. He observes, "For non-essential accounts, users shouldn’t have to feel like they need to give this information away when it is not legally required."

For ‘less important’ online accounts, many of us still use very obvious passwords such as the names of football teams or pets.

The NCSC found the password 'Liverpool' had been used 280,723 times and ‘Chelsea’ 216,677 times in just one trove of passwords leaked from major cyber breaches.

KIRKBY, ENGLAND - JUNE 19: (THE SUN OUT, THE SUN ON SUNDAY OUT) Arne Slot new first team manager of Liverpool Football Club at AXA Training Centre on June 19, 2024 in Kirkby, England. (Photo by Andrew Powell/Liverpool FC via Getty Images)
Hundreds of thousands of people use 'Liverpool' as a password (Photo by Andrew Powell/Liverpool FC via Getty Images)

Simon Newman, co-founder of Cyber London and International Cyber Expo Advisory Council member, says, "Many people still use the same password for multiple accounts. Setting up two-step verification (2SV), is a way of 'double checking' that you really are the person you are claiming to be when logging into online services, such as banking, email or social media.

"It only takes a few seconds to set up, but makes it significantly harder for the cyber-criminal to access your accounts."

Doing seemingly innocent quizzes online can give criminals enough information to assemble a fake identity, warns Brian Higgins, security specialist at Comparitech.

Higgins says, "A famous example on Facebook a while ago was, 'What’s your Hobbit name?'"

"These days there are plenty doing the rounds on other platforms that ask for images instead – 'post your ‘90s self' etc – which are clearly designed to build more sophisticated deepfake content."

Unsecured public wifi hotspots can pose serious security risks, warns Chris Hauk, consumer privacy champion at Pixel Privacy.

Hauk says, "Many people also use unsecured routers, either at a wifi hotspot at a coffee shop or at home. Many wifi hotspots are not password-protected to offer convenience of use.

"Unfortunately, this means that unless you're using a VPN, your online activities could be monitored or intercepted."