How to prevent identity theft?

Identity theft is a crime that involves impersonating someone else with the aim of obtaining benefits to which the impersonator would not have access using their own identity.

In the following paragraphs, we will describe the different types of identity theft and delve into the best tips to protect oneself from these crimes.


Types of Identity Theft and Ways to Protect Yourself:

1. Identity Theft involving National Identification Document (DNI)

What is DNI Identity Theft?

DNI identity theft refers to the unauthorized possession and use of a National Identification Document for personal gain by the perpetrator, who pretends to be the victim. This can include creating a false identity to apply for loans in someone else’s name, engaging in criminal activities while concealing one’s true identity, incurring expenses under another person’s name without the intention of paying them, and more.


How to Avoid DNI Identity Theft?

The best ways to prevent your DNI from being stolen are:

  • Only provide it in physical establishments and on reputable and identifiable websites. Always ensure that the websites you visit are secure on the internet (the address should start with “https://” and have a closed padlock icon in the browser bar).
  • If you need to store a digitally scanned copy of your DNI, do so on a removable USB drive. This way, if your computer gets infected with a computer virus, your document will be safe. If you have to send a copy of your DNI, use the USB drive and then permanently delete the sent email (if applicable) and clear temporary files from the system (search for “temporary files” in the start menu). By doing this, even if your computer gets hacked later on, your document cannot be stolen in any way.
  • Be responsible by having an antivirus installed, avoiding public Wi-Fi networks, and browsing securely to prevent hacking and viruses on your computer system. If your system is already infected with a Trojan virus, the previous steps to protect your document will be ineffective.
  • Never throw away unshredded photocopies of your DNI or documents containing your DNI information (as someone could use the data to create a fake ID). When disposing of any type of document, official or a copy, shred it into tiny pieces to make reconstruction impossible.


What to Do in Case of DNI Identity Theft?

Despite being cautious and taking precautions, we can still become victims of DNI identity theft due to unscrupulous employees or cybersecurity breaches in companies where we have provided our document. If this happens, the following steps should be taken:

  • Report the incident to the police as soon as possible. The police will advise if additional measures need to be taken based on the situation. For example, if identity theft has resulted in unauthorized loans, you will need to take action to protect your assets and prevent future unauthorized debts.
  • Register the theft in the DER (Lost and Stolen Documentation) database. By enrolling in this database, companies will establish reinforced security protocols by default to prevent identity theft.
  • Notify your financial institutions about the theft of your DNI so they can strengthen the security measures for your accounts, thereby preventing potential fraudulent transactions.


2. Signature Forgery

What is Signature Forgery?

Signature forgery is a crime in which the perpetrator falsifies a signature, pretending to be another person, with the intention of gaining benefits. The replication of the signature can be in handwritten or digital format.


How to Prevent Signature Forgery?

Signature forgery typically starts with the theft of a DNI (or a copy thereof).

To prevent signature forgery, you should follow the steps outlined in the previous section to safeguard your DNI information.

It is also recommended to have a somewhat complex signature that is not easily replicable. If cybercriminals gain access to a database with multiple DNIs, they are more likely to commit crimes using those with easily replicable signatures. Additionally, a complex and difficult-to-copy signature will likely have noticeable flaws if it is forged, making it easier to prove its invalidity.


What to Do in Case of Signature Forgery?

If you become a victim of signature forgery, you should take the following steps:

  • File a report with the police and follow their instructions.
  • Request the annulment of contracts, signed without your consent, from the companies involved due to identity theft. If the perpetrator managed to sign a contract using a copy of your DNI and perfectly forged your signature, you may need to initiate legal proceedings to demonstrate that it was a case of signature forgery and that the company failed to verify the true identity of the perpetrator using the photograph on your document.


3. Credit Card Impersonation

What is credit card impersonation?

Credit card impersonation is the theft of credit card data for the purpose of conducting fraudulent transactions.

In this way, a criminal who obtains your card’s name, number, expiration date, and CVV code (the three-digit security code on the back) could make transactions and payments in your name with your card.

Similarly, another method that criminals use to carry out fraudulent transactions with your card is through the theft of the physical card or simply its electronic data from a copy of the card.


How to prevent credit card impersonation?

To prevent the theft of your card data (name, number, expiration, and CVV) or its electronic data, follow these tips:

  • Always pay while being present.
  • Do not let anyone take your card or take it out of your sight to process payments.
  • When using card machines or ATMs, ensure that there are no cameras to capture the PIN code you enter, and check for any devices installed at the card slot that could read and steal your card’s electronic data.
  • Only make purchases on reputable, secure, and recognizable websites.
  • Configure your credit card with your financial institution so that online purchases always require a double layer of security (authorizing payment through an app or entering a code received on your mobile) and for any contactless transaction, always require entering the PIN.

Additionally, for added security, you can have two accounts with the bank and associate your card with an account that only has the amount of money you intend to spend. This is particularly useful when traveling or making online holiday purchases, where there is a higher risk of card impersonation. In such cases, even if your card is compromised, the maximum amount that can be taken is limited to the funds in the associated bank account.


What to do in case of credit card impersonation?

In the event of credit card impersonation and unauthorized transactions, immediately block or cancel your card and initiate a claim for the unauthorized transactions.

You can do these steps at any bank branch or through their app.

The bank will guide you on the necessary steps to successfully file the claim for the affected transactions and recover the integrity of your money (they may require a police report based on the bank statement for the last 4 months).

Generally, the money is eventually recovered as long as the establishment where the payment was made cannot prove that it was an authorized transaction. The timeframe for recovering the money depends on the country and the type of fraud, ranging from 2 weeks to 6 months, although banks usually advance the funds if it is evident that the transaction is fraudulent.

Finally, request a new credit card. You will be issued a new card associated with the same account but with a different number, preventing further unauthorized transactions.


4. Bank Account Impersonation

What is bank account impersonation?

Bank account impersonation is the theft of bank account data with the aim of conducting unauthorized transactions on behalf of the victim for the benefit of the criminal.

There are three types of bank account impersonation:

  • Theft of account digits.
  • Theft of online banking credentials.
  • Theft of an ID card and finding a person who physically resembles the photo on the ID.


How to prevent bank account impersonation?

To prevent bank account impersonation, follow these measures:

  • To prevent theft of your account digits, only provide your account details to recognized companies for direct debit purposes. Make sure to send the account details to a genuine email address of the company or through their official website.
  • Avoid keeping a copy of your account details on your computer; instead, store them on an external USB drive. After sending the information, delete the temporary data from your computer’s memory. This way, if your computer is hacked, your data will be safe.
  • To prevent theft of your online banking credentials, ensure you have a strong password. Learn how to create and securely store a strong password by reading this other article. Enable two-factor authentication for accessing and operating your account. Follow the tips mentioned in point number 6 to prevent mobile phone impersonation.

Lastly, avoid having your ID card impersonated by following the advice mentioned earlier in the first point of this article. Criminals can use a stolen ID to find a person who physically resembles the photo on the ID card and attempt to carry out transactions in person.


What to do in case of bank account impersonation?

In case of bank account impersonation, you can return the charged invoice and declare a non-payment order to the corresponding company through your bank branch or the bank’s app.

After taking these steps, it is unlikely that the company will be able to claim any debt since they would need to have also impersonated your ID data to make the payment of services in your name. If that were the case, refer back to the first point of this article. However, in any case, most invoices are associated with a postal address. If you don’t live at that address, it would be easy to prove the illegitimacy of debts incurred in your name.

If your online banking credentials have been stolen, and you notice unauthorized transfers from your account, you should:

  • Immediately contact your financial institution to block your account.
  • Obtain new passwords and associate a new phone number with your account (since your mobile number may have been impersonated as well).
  • File a report with the police.
  • Report the fraudulent transactions to your bank.

Lastly, to prevent transactions in your name from an impersonation of your ID card at a bank branch, refer back to point number 1. In any case, minimizing the impact of this potential fraud is relatively straightforward by following these two simple tricks:

Firstly, avoid keeping all your money in visible cash accounts and keep only a sufficient amount for regular expenses. Secondly, invest your savings in products with a balanced security/ risk ratio that you are comfortable with and limited accessibility. In other words, to recover your funds, you would have to wait for a few days or specific dates. If someone gains access to your accounts and you follow this advice, the potential loss would be limited to the money you have for ordinary expenses since you would notice the fraudulent withdrawal a few days before the funds become available (your bank would send you alerts confirming the withdrawal of funds for a specific future date).

Furthermore, from your bank branch, you can also set a maximum limit for daily, weekly, and monthly transfers from your online banking account. Therefore, even if you have a large sum of money in your current account, these limitations will prevent you from losing more than the authorized maximum.

These two additional tricks are very useful, but remember to manage your account wisely to always have funds available for unexpected or irregular expenses throughout the year.


5. SIM Swapping Mobile Number Impersonation

What is mobile number impersonation?

Mobile number impersonation occurs through SIM swapping, a technique in which a criminal poses as the victim to obtain a new SIM card for the mobile phone, with the aim of gaining illicit benefits.


How to prevent SIM card impersonation?

SIM card impersonation occurs when a criminal impersonates the identity of the victim to go to a telecommunications company’s establishment and request a copy of the SIM card. For this to happen, the criminal needs to acquire the victim’s ID card and physically resemble them. Therefore, to prevent SIM card impersonation, you should:

  1. Follow the advice given in point number 1 of this article to prevent ID card impersonation.
  2. When a criminal requests a duplicate SIM card, you will receive an SMS alert confirming the request for a new SIM. Therefore, regularly use your mobile phone so that if you receive such an SMS, you can immediately notify your telecommunications company to cancel the process as it is not authorized.
  3. If the criminal successfully acquires the new SIM card before you realize it, they will activate it, gaining complete control over your mobile number, while you will instantly lose network coverage. If you lose coverage in an area where you usually have it, you can call your telecommunications company to ensure that it is an incident and not the termination of service for the old SIM card because someone else has requested and activated a new one.


What to do in case of mobile number impersonation?

In case of SIM card impersonation, you should immediately alert your financial institutions to block your accounts and unlink them from your mobile number, as the criminal now controls it and could potentially operate through your online banking. Additionally, you should remove the association of your mobile phone with any accounts on platforms where you have a two-factor security system.

It is important to be aware that even if the criminal does not know your passwords and personal information, through your mobile number, they can attempt to recover forgotten passwords associated with your accounts. Since they control your mobile number, it would be relatively easy for them to obtain passwords and gain total control over your accounts.

Once you regain control of your mobile number with a new SIM card or if you decide to have a new phone number, you can reassociate your mobile number with your bank accounts and online platforms.


6. Email Impersonation

What is email impersonation?

Email impersonation is the theft of login credentials of an email account by a criminal, with the aim of posing as the victim to obtain illegal benefits.


How to prevent email address impersonation?

To prevent the theft of your email account, you should:

  1. Establish a strong password (read this article on creating a strong password) and set up two-factor authentication for access to your email account.
  2. Browse the internet with caution and have antivirus software installed to prevent your computer from getting infected with a Trojan virus that can easily access your email.


What to do in case of email address impersonation?

If you become a victim of email impersonation, you should try to recover your account by establishing new passwords. If the criminal has modified the recovery options for a forgotten password, you should contact your email service provider to prove that you are the legitimate owner of the account.

Once you regain control of your email account, you should check sent messages to uncover any illicit activities by the criminal. Additionally, review your saved emails to identify any sensitive information that could cause problems in the hands of a criminal, and take appropriate action if necessary (for example, if you sent an email with a copy of your ID card).


7. Social Media Profile Impersonation (Facebook, Instagram, YouTube, etc.)

What is social media account impersonation?

Social media account impersonation refers to the unauthorized takeover of someone’s social media account by a cybercriminal, with the aim of obtaining unauthorized benefits.


How to prevent social media account impersonation?

The best way to prevent the theft of a social media account is by adopting a strong password and implementing a two-factor authentication system. The two-factor authentication typically involves associating the account with an alternate email or mobile number, through which a temporary code is received to access the platform. Therefore, depending on the two-factor authentication system you use, refer to the tips mentioned in previous points to prevent the hijacking of your email (point 6) or mobile device (point 5).


What to do in case of social media account impersonation?

If your social media account has been impersonated, try to establish a new password. If the cybercriminal has already changed the various methods of resetting a new password, you will need to contact the social media platform and provide evidence to prove that the account belongs to you in order to recover it. Once you have regained control of your account, review the activity carried out by the cybercriminal and take appropriate actions.


8. Identity Theft through Social Engineering via WhatsApp or Email

What is identity theft through social engineering?

Identity theft through social engineering is a crime in which the perpetrator studies a person to assume their identity solely through communication, without the need to illegally steal any documents or information, and always with the intention of gaining illegal benefits.

Commonly, this crime takes the form of “phishing,” which is a technique in which the perpetrator uses email language to impersonate a person or company in order to gain the trust of email recipients and obtain money, passwords, or illegitimate information.

However, this crime can take many other forms and is currently occurring frequently through instant messaging applications such as WhatsApp.


How to prevent identity theft through social engineering?

To prevent identity theft through social engineering, the best way to protect yourself is by adopting a preventive behavior on social media. Share information only with known individuals, avoid posting sensitive information on the internet, and limit the data you share on completely public social media platforms.

Additionally, if you are a business professional or own a company, maintain a strict policy regarding your relationships with suppliers, ensuring that there is no room for deception by third parties pretending to be you, as they would be outside of the official communication channels you have established with other companies.

Furthermore, to avoid falling victim to social engineering, consider these three tips:

  • When receiving a message, verify the email address of the sender. It is possible that the address may be similar to imitate another person or company.
  • Be cautious and verify the authenticity of any messages or calls that urgently request sensitive information or immediate payment.
  • When receiving text messages on instant messaging platforms like WhatsApp, verify the real identity of the other person if they ask for urgent information or money, especially if they contact you from an unregistered mobile number.


What to do in case of identity theft through social engineering?

In case of identity theft through social engineering, the direct victims are those who have been deceived by the perpetrator. However, the person whose identity has been impersonated may suffer indirect harm, such as damage to their professional reputation if they are a business professional or entrepreneur.

Therefore, if you experience identity theft through social engineering, determine the technique used and inform your suppliers about your external relationship policy.

For example, if someone manages to impersonate you and sends messages to your clients, notifying them of a change in bank account details and instructing them to make payments to a new account, you should contact your clients to remind them of your official communication channels (email, phone, fax, etc.) and alert them to the situation to prevent additional victims.

Additionally, if you are the victim, inform the real person whose identity was impersonated to prevent further incidents and report the crime to the police.

If you mistakenly made a payment by credit card, you can easily request a refund from your bank, but if you made a transfer and are unable to cancel it on the same day, you will need to initiate a legal process, making the recovery of your funds more complicated.


9. Corporate Identity Theft

What is corporate identity theft?

Corporate identity theft is a crime that involves impersonating a company in order to obtain benefits.

For example, a criminal may call pretending to be a telecommunications company and claim that due to an error, the last bill was returned, requesting urgent payment to a bank account, threatening immediate disconnection of the phone line.


How to prevent corporate identity theft?

To prevent your company or yourself as a business owner from having your identity stolen, establish a clear and singular communication channel between you, your clients, and your suppliers, ensuring that there is no room for identity theft through fraud.

If you want to avoid being deceived by third parties pretending to be companies you have a relationship with, be cautious, distrust requests for urgent money or information, and always communicate through the official channels established by the company. If in doubt, before rushing into any transactions, contact the company directly to verify the authenticity of the process.


What to do in case of corporate identity theft?

If your company’s identity has been impersonated, you should take immediate action in two aspects: regain the trust and reputation of your company among the victims of the fraud to prevent losing clients and suppliers, and contact your clients and suppliers to explain the situation, prevent additional victims, and remind them of your official communication channels and procedures.

Furthermore, if you are the direct victim of corporate identity theft, contact the real company to inform them of the situation and report the fraud to the police. If you made a bank transfer due to the fraud, you can cancel it on the same day, but if the time has passed, you will need to pursue legal action to recover your funds, which can be more challenging.