Skip to Content

Identity Theft

IntroductionIntroduction

Identity theft is a criminal act of getting hold of personal data of others without their knowledge or permission with an intent to defraud.  The personal data is used by identity thieves to impersonate the data subjects for fraudulent purposes, for example,

  • Access bank accounts, obtain credit cards, or make purchases for direct financial gains.
  • Carry out fraud or deception, exploit social media, including instant messaging, profile to harass and sabotage someone’s online reputation, or conceal identity of wrongdoers.

ImpactsImpacts

Impacts

The consequences of identity theft include the following: 

  • Financial hardships (e.g., money being withdrawn from victim’s bank accounts)
  • Damage to the reputation of victims (e.g., commit crimes in victim’s name or misrepresent victims)


Common ways to steal personal data:

  • Phishing: collect personal data through fraudulent emails, social media applications or websites which appear to be associated with legitimate or trusted entities.
  • Hacking: intrude into computers that store personal data.
  • Surveillance in public: browse social media profiles, eavesdrop phone calls, sniff public or insecure networks, or use spoofed Wi-Fi hotspots.

Preventive MeasuresPreventive Measures

DOs

  • Beware of any phishing websites, emails and instant messages; and conduct business with authentic websites only.
  • Apply appropriate privacy and security settings when using social media, including instant messaging, services.
  • Enable multi-factor authentication for the online accounts if applicable.
  • Use strong passwords and change them regularly.
  • Shred documents, bank statements or storage media or securely erase personal data therein before disposal.
  • Encrypt electronic devices that store personal data and put them in a safe place.
  • Apply security patches on social media, including instant messaging, applications and end point devices in a timely manner.

DON'Ts

  • Do not use untrusted communication channels (e.g., public Wi-Fi) or device to transmit or access personal data.
  • Do not disclose any personal data to unknown or untrusted parties or on social media.
  • Do not disclose or share your account identities, passwords and devices.
  • Do not use the same password for different online accounts.

How Do I Know If I Have Fallen Victim to Identity Theft?How Do I Know If I Have Fallen Victim to Identity Theft?

Signs that you may have fallen victim to identity theft:

Alerts for login activities from unknown locations and devices.

Alerts for login activities from unknown locations and devices.

Unknown or suspicious transactions associated with your bank accounts or credit cards. Unknown or suspicious transactions associated with your bank accounts or credit cards.
Statements for bank accounts you have never opened.

Statements for bank accounts you have never opened.

Unknown or suspicious activities associated with your social media accounts. Unknown or suspicious activities associated with your social media, including instant messaging, accounts.
Check if you have an email account that may have been compromised.

Other than the above signs, you could check whether your email accounts have been compromised. (Link)

What to Do If I Have Fallen Victim to Identity Theft?What to Do If I Have Fallen Victim to Identity Theft?

Seek assistance from HKCERT, report to the Police and banks.

If you have fallen victim to identity theft, you may consider taking the following measures:

  • Seek assistance from the Hong Kong Computer Emergency Response Team Coordination Center (HKCERT). (Report to the Police if criminal activities such as frauds are involved. (Link)
  • Complain to the Privacy Commissioner for Personal Data (PCPD) if personal information is involved. (Link)
  • Report to banks, credit card issuers or related online service providers immediately if any account is suspected to have been compromised.
Change all passwords of the online accounts concerned.
  • Change all passwords of the online accounts concerned.
Force log off on all active sessions of your social media accounts from unknown devices.
  • Force log off on all active sessions of your online accounts from unknown devices.
Remove the authorisation grants for third-party applications in your online accounts.
  • Remove the authorisation grants for third-party applications in your online accounts.

Extended ReadingsExtended Readings

Some references on understanding Identity Theft and how to protect yourself:


  1. Federal Trade Commission of United States - Identity Theft Recovery Steps
  2. Information Commissioner's Office of United Kingdom - Identity theft
  3. Symantec Corporation - 11 ways to help protect yourself against cybercrime
  4. Trend Micro - What do Hackers do with Your Stolen Identity?
  5. Anti-Deception Coordination Centre - Hong Kong Police Force - Beware of Verification Code Scam
  6. Cyber Security Campaign – Privacy Settings on Social Media
  7. Facebook - What Is Two-Factor Authentication and how does it work on Facebook
  8. Twitter - How to Use Two-Factor Authentication

Disclaimer: Users are also recommended to observe the Important Notices of this website and read the user agreements and privacy policies of the security software and tools before download and use them.

Back to Top