Which? uses cookies to improve our sites and by continuing you agree to our cookies policy

ID theft soars as millennials targeted by fraudsters

Find out how scammers steal your personal data

Young people are increasingly falling victim to scams, as new data reveals the number of identity-fraud victims aged under 21 has climbed by 30% – so how can you protect yourself?

Identity theft occurs when a criminal steals your personal information to create a fake identity, apply for credit or launder money.

We explain how criminals are able to steal your information and how you can protect yourself.

Fraud up by a third

People aged under 21 are increasingly vulnerable to being scammed, a new report from fraud-prevention service Cifas has found.

The number of people under 21 who reported impersonation cases increased from 1,780 in 2016 to 2,321 in 2017 – a 30% jump.

Younger people are also vulnerable to becoming ‘money mules’, meaning they are using their bank accounts to move criminal funds – often unwittingly or without understanding the full consequences. Cifas found a 36% increase over the year, with 8,474 cases in 2017.

How public is your personal information?

People of any age could be victims of identity fraud, but young people may be especially at risk if they share information on social media.

An experiment by Cifas, in conjunction with BBH London, shows how quickly personal information can be collected just from a public Facebook profile, including address details, phone numbers and banking providers.

Criminals can use this information to their advantage – for example, by calling your bank and impersonating you, using their knowledge of you to answer your secret questions and access your account.

You can watch an example of how scammers steal your details in the video from Cifas below:

To prevent your social media presence revealing too much, change your settings to private and lock down the information available to people you don’t know.

It’s also worth being conscious of what information you show in pictures you post online. Avoid revealing your car licence plate or leaving paperwork on a table in the background, for example.

Aside from monitoring your social media presence, you should also take the following steps to protect yourself:

  • avoid using public wi-fi networks to access sensitive information
  • never give out your bank details, or account login details – even if the person who contacts you claims to be from the bank
  • if you receive a call that claims to be from your bank, hang up, wait several minutes, then call your bank’s customer-care line
  • create strong passwords, and don’t use the same one on every online account
  • shred paperwork with your name on it before throwing it out – a bank statement or bill can give a potential criminal plenty of information to use against you
  • follow up missing statements or bills – they may have been intercepted or redirected
  • when you move home, have your mail redirected to stop it falling into the wrong hands.

You can find out more in our guide to identity theft and your rights.

Company directors vulnerable to ID theft

Aside from people under 21, another vulnerable group are company directors, whose contact information is listed on the official company register at Companies House. Company directors are twice as likely as the general public to be victims of ID theft, Cifas research shows.

Last year, Which? reported on a company director who had been targeted for identity theft over 29 times.

To lower the risk, the government last week announced that company directors could remove their personal address from the register, though they will still be required to provide their business address as a legal requirement.

Public authorities, including police, the insolvency service and the pension regulator, will still have access to directors’ personal addresses.

How to know if your identity has been stolen

Victims of ID fraud may have no idea what is going on for months,nor even years, after the crime begins.

Keep an eye out for activity you didn’t authorise, including bills showing up in the mail, emails confirming goods or services you haven’t ordered or unfamiliar transactions from your account.

Even if you don’t lose money, you should be follow up any red flags – fraudsters may be using your identity to move money illegally.

Another warning may be an unexpected dip in your credit score. Check your credit history carefully for any records that don’t seem right and alert your credit agency to any unauthorised activity.

In some cases, you might see that your credit record will be tagged ‘Victim of Impersonation’. If this is the case, it’s possible the credit reference agency has noticed the suspicious behaviour and is in the process of contacting you.

If you don’t receive a letter from them within a week, you should follow it up directly. A ‘Victim of Impersonation’ tag will stay on your file for 13 months.

What to do if you’re ID is stolen

If you suspect you’re being impersonated, you need to act quickly.

You can take the following steps to prevent scammers from using your information:

  • contact your bank, credit card company and other financial-product providers to alert them
  • report the crime to Action Fraud (the police fraud-reporting service) or to the local police on the non-emergency line 101
  • check your credit records and ask companies to correct any errors
  • consider signing up for the Cifas Protective Registration service, though there is a fee for registering
  • be suspicious of any unsolicited contact, either via phone, mail or text message.

Find out more about how to report a scam.

Back to top