Identity theft is reaching “epidemic levels”, according to a fraud prevention group, with victims most likely to be aged in their 30s.
ID fraudsters obtain personal information before pretending to be that individual and apply for loans or store cards in their name.
A total of 89,000 cases were recorded in the first six months of the year by UK anti-fraud organisation Cifas.
That is a 5% rise on the same period last year and a new record high.
“We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day,” said Simon Dukes, chief executive of Cifas.
“These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster.”
ID theft accounts for more than half of fraud recorded by Cifas, a not-for-profit organisation that shares fraud prevention tips between businesses and public bodies.
More than four in five of these crimes were committed online, it said, with many victims unaware that they had been targeted until they received a random bill or realised their credit rating had slumped. This would prevent them getting a loan of their own.
Fraudsters steal identities by gathering information such as their name and address, date of birth and bank account details.
They get hold of such information by stealing mail, hacking computers, trawling social media, tricking people into giving details or buying data through the “dark web”.
Analysis: Rory Cellan-Jones, technology correspondent
I got a worrying insight into how our online activity can leave us open to identity theft when a security company offered to examine my digital footprint.
Its 30-page report showed that a lot of personal details that might be useful to a criminal were out there on public websites – but if you choose to have an online presence, that is quite hard to avoid.
Far more worrying was the presence in hidden corners of the web of some of my passwords for various accounts, harvested in some of the many hacking attacks on major online firms.
Luckily I had already changed those passwords, but the security researchers told me that anyone in the Western world who used the internet reasonably often was likely to have their details held in one of these data dumps. That information is up for sale on a number of criminal marketplaces.
Identity theft is big business and it is thriving on the dark web.
Victims are more likely to be in their 30s and 40s, often because a good deal of information about them has been gathered online.
The stereotypical image of a fraud victim is someone who is elderly and vulnerable, but the over-60s are the only age group that has seen cases fall this year compared with the first half of the year, according to Cifas.
The age group which has seen the biggest rise is 21 to 30-year-olds. This finding was mirrored in separate research by credit checking company Experian. It said that since 2014, it was increasingly likely that victims were male, aged in their 20s and living in London.
Cifas said it was important that employers needed to be alert to fraud, rather than just consumers. There had been a sharp rise in ID fraudsters applying for loans, online retail, telecoms and insurance products, it added.
“For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber-security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough,” Mr Dukes said.
Katy Worobec, from UK Finance, which represents the banking industry, said: “Tackling fraud and financial crime is a top priority for the industry. Banks have sophisticated controls in place to safeguard the financial system from fraudsters, and work closely with enforcement agencies and government to identify and disrupt criminal activity.”
One victim’s story
Anil Sharma found out the hard way that fraudsters had enough information about him to obtain new smartphones in his name. Not one but two mobile phone contracts taken out through a well-known high street retailer were posted to his Liverpool home.
He says the chain was quite dismissive of his plight and he was forced to contact the mobile networks to resolve the situation. One was more helpful than the other, Mr Sharma says, but ultimately both accepted that the contracts were taken out fraudulently and cancelled them.
As well as taking a good deal of phone bashing to resolve, the identity theft was also stressful – and affected his credit score as well. “It’s very very worrying.”
But how did the fraudsters obtain his details? Initially Mr Sharma thought it was the result of losing his wallet a couple of years ago, but Action Fraud says an online breach is the more likely culprit.
How to protect yourself from identity crimes
- Limit the amount of personal information you give away on social networking sites. Your real friends know where you live and know your birthday
- Update your computer’s firewall, anti-virus and anti-spyware programmes. Up to 80% of cyber-threats can be removed by doing this
- Never share passwords or PINs (personal identification numbers) with others and do not write them down
- Use strong passwords and PINs – don’t use your date of birth or your child’s name, include a mix of upper and lower case letters, numbers and punctuation marks. Aim for a minimum of 10 characters in a password
- Do not use the same password or PIN for more than one account
- Shred all your financial documents before you throw them away