Identity Theft
Home > 
Identity Theft
< back

Identity Theft

Identity theft is a criminal act of getting hold of personal data of others without their knowledge or permission with an intent to defraud. The personal data is used by identity thieves to impersonate the data subjects for fraudulent purposes, for example,

Access bank accounts, obtain credit cards, or make purchases for direct financial gains.
Carry out fraud or deception, exploit social networking profile to harass and sabotage someone’s online reputation, or conceal identity of wrongdoers.
The consequences of identity theft include the following: 
Financial hardships (e.g., money being withdrawn from victim’s bank accounts)
Damage to the reputation of victims (e.g., commit crimes in victim’s name or misrepresent victims)

Common ways to steal personal data:

Phishing: collect personal data through fraudulent emails or websites which appear to be associated with legitimate or trusted entities.
Hacking: intrude into computers that store personal data.
Surveillance in public: browse social media profiles, eavesdrop phone calls, sniff public or insecure networks, or use spoofed Wi-Fi hotspots.
Preventive Measures
Beware of any phishing websites or emails and conduct business with authentic websites only.
Apply appropriate privacy and security settings when using social networking services.
Shred documents, bank statements or storage media or securely erase personal data therein before disposal.
Encrypt electronic devices that store personal data and put them in a safe place.
Do not use untrusted communication channels (e.g., public Wi-Fi) or device to transmit or access personal data.
Do not disclose any personal data to unknown or untrusted parties or on social media.
Do not disclose or share your account identities, passwords and devices.
How Do I Know If I Have Fallen Victim to Identity Theft?

Signs that you may have fallen victim to identity theft:

Alerts for login activities from unknown locations and devices.
Unknown or suspicious transactions associated with your bank accounts or credit cards.
Statements for bank accounts you have never opened.
Unknown or suspicious activities associated with your social media accounts.
Other than the above signs, you could check whether your email accounts have been compromised.(Link)
What to Do If I Have Fallen Victim to Identity Theft?

If you have fallen victim to identity theft, you may consider taking the following measures:

Seek assistance from the Hong Kong Computer Emergency Response Team Coordination Center (HKCERT). (Link)
Report to the Police if criminal activities such as frauds are involved. (Link)
Complain to the Privacy Commissioner for Personal Data (PCPD) if personal information is involved. (Link)
Report to banks, credit card issuers or related online service providers immediately if any account is suspected to have been compromised.
Change all passwords of the online accounts concerned.
Force log off on all active sessions of your social media accounts from unknown devices.
Remove the authorisation grants for third-party applications in your social media accounts.
Extended Readings

Some references on understanding Identity Theft and how to protect yourself:

Federal Trade Commission of United States - Identity Theft Recovery Steps
Information Commissioner's Office of United Kingdom - Identity theft
Symantec Corporation - How to Avoid Online Scams

Disclaimer: Users are also recommended to observe the disclaimer of this website and read the user agreements and privacy policies of the security software and tools before download and use them.