A common form of Internet crime is where a user's name and date of birth is used by a fraudster to order items online. The fraudster gets the goods while the user is left with the bill.
Another form of identity theft takes place in social networks. It's called "nicknapping" – a portmanteau of the words nickname and kidnapping.
"This is the classic identity theft, especially since Facebook access is often the master key for other portals connected to the social network," says Michael Littger, an Internet safety campaigner.
The damage can be even greater if the fraudsters get access to login data for payment services or online marketplaces, which is often captured through phishing.
That's where victims are encouraged to divulge their data, often to a fake website. It's a method that's still widely in use, Littger says.
Criminals will also sometimes sell data packages containing tens of thousands of sensitive customer data such as passwords or credit card numbers. This information is seized during attacks on corporate servers, badly protected computers or online accounts. This data is then misused, often without the user knowing.
The theft of a user's personal data might be due to the carelessness of an online retailer or service provider. Consumers living in the European Union now have more rights vis-a-vis companies thanks to the new EU General Data Protection Regulations.
They stipulate that data should be deleted automatically at the end of the business relationship and prohibit secretly storing the information. Companies also have to inform affected customers in detail about data leaks and countermeasures within 72 hours.
At the first sign of data theft, unexpected payment requests or inexplicable debits, the user should act quickly to limit the damage.
"Inform the affected companies," Littger advises. The next step: "Change all passwords, possibly also usernames. That applies to all logins, including social networks. — dpa