Identity theft: we explain its meaning, types and what to do when it happens

As we become more and more digital, we are also more vulnerable to certain crimes, such as phishing. A criminal act that has been included in our Criminal Code for decades, but with the massive use of social networks and mechanisms such as electronic signatures, it has acquired a new dimension.


What is spoofing of identity?

It is a crime that consists of just what its name says, to impersonate another person. Although the crime can change, the truth is that behind it we find purposes that are always similar:

  • Causing harm to the impersonated person and violating their honor or their privacy.
  • Use the stolen identity to commit another crime.
  • Ask for a loan.
  • Make purchases in online or physical stores in the name of the impersonated person.

Identity theft is an easier crime to commit today than it was in the 1990s. Criminals use techniques such as phishing or malware to access the computer equipment of its victims and all the information contained therein

In just a few minutes they can use all that data to create fake profiles, access checking accounts, etc.


Types of phishing

We can differentiate between physical and online usurpation. To commit a physical identity usurpation the offender needs a person's DNI, a document that can be obtained by theft or even if it is found. Hence the importance of reporting immediately if we are aware that we have lost our documentation.

Physical impersonation can also be done via signature. So the criminal makes another person or entity believe that their identity is another and signs documents on behalf of another.

Online impersonation is the most common today. Not only because of how relatively easy it is for criminals to access the data, but because we can increasingly contract more products or services remotely.


How does identity theft occur on social media?

This version of identity theft is one of the most common. What the offender does is adopt measures to obtain the passwords of his victim's social profiles and once he has them, he accesses their accounts and changes the passwords so that the affected person cannot enter again.

From that moment the usurper pretends to be his victim. Logically, this is always done with the intention of causing some kind of personal or work harm.


And if your identity is stolen through your ID or electronic signature?

If your ID has been lost or stolen, you should not only report it to the Police, it is advisable that you include yourself in the File of lost, stolen and self-inclusion documentation (DER File).

If your name appears in this file, companies and companies will receive an alert to activate a security protocol and avoid fraud. In fact, there are those who register in this file even without having lost their documentation to have more security with respect to possible identity theft.

In the case of digital signature. If your computer has suffered an attack, it is best to access the Fábrica Nacional de Moneda y Timbre website and cancel or revoke it.


Tips to avoid phishing

  • Ask the bank, electricity company, etc. not to send you paper communications home. The information in the mailbox is easily accessible and anyone could take it.
  • Always check when you get home that all your documentation is still in order.
  • If you are getting rid of personal documents or documents containing your data, make sure to destroy them first. Use a shredder or scissors.
  • Install antivirus and firewall on all your electronic equipment and keep them up to date.
  • Use complex passwords on social networks and other online services. Change them periodically and don't use the same one to access more than one site.
  • Do not share your keys or passwords with anyone.
  • Do not reply to emails from strangers providing your private data.
  • Reduce the use of open WiFi networks as much as possible.
  • Do not share personal information on social networks such as your place of residence, photos of your house, etc.


I've been impersonated identity, what should I do?

If it's just someone impersonating you online and it's not really important, report what happened to the owner of the service. Facebook, Twitter and other social networks have systems that collect and investigate these types of complaints. Also, don't forget to change all passwords, even for unaffected services.

If the impersonation is serious and they are using your personal data, you should immediately go to the Police to report the facts. In these cases, the sooner you act, the better. Report the facts as soon as you are aware of what happened.


¿ What to do to report cases of identity theft?

If possible, gather evidence. Then report the facts to the police station. If you have not been able to obtain evidence, do not worry, also report the fact and have the Police investigate what happened.

The conviction for identity theft

For identity theft, the Penal Code provides for a prison sentence that can range from 6 months to 3 years. However, the offender can also be sentenced for what he has done after impersonating the victim. 

For example, if you have violated your image you can be sentenced to 3 years in prison. If you have used these data to commit a scam, the prison sentence can be from 6 months to 3 years if the amount cheated exceeds €400.


Other questions of interest about identity theft

Is impersonating a person who doesn't exist also a crime?

No, the crime involves the subject impersonating a real person. Inventing a character and impersonating him is not considered a crime of identity theft.


Is it possible to be totally safe from phishing?

No, but we can take precautions to reduce the risk and keep our personal data as protected as possible.

When it comes to protecting our identity, no precaution is too small. This is an issue that we have to take very seriously. By adopting some precautions and cChanging the way we use social networks a bit can make us much more secure.


Frequently Asked Questions about Impersonation

1. What exactly is spoofing?

Identity theft, also known as "identity theft" or "phishing," is an illegal practice that involves obtaining and using someone's personal information without their consent for the purpose of committing fraud, accessing benefits or services, or take actions that compromise the victim's reputation or assets. This action can be carried out in both the digital and physical realms. Criminals seek to steal data such as personal identification numbers, passwords, credit card numbers and other details that allow access to accounts and services on behalf of another person.


2. How do I know if my identity has been impersonated?

Detecting phishing can be tricky as criminals often operate stealthily. However, there are some red flags:

  • Unusual movements in your bank accounts or charges that you do not recognize on your credit cards.
  • Receive invoices for services or products that you have not contracted.
  • Notifications or collection calls for debts that you have not contracted.
  • Trouble filing your tax return, especially if you're told it's already been filed.
  • Receipt of correspondence that does not belong to you, or stop receiving regular correspondence.
  • Unauthorized changes to your online accounts or passwords that stop working.

It's critical to regularly review your account statements, monitor your credit score, and be alert to any unusual activity or communication.


3. What types of phishing are there?

There are several types of spoofing, depending on the objective and how it is carried out. Some of the most common are:

  • Phishing: A technique in which criminals impersonate a legitimate entity (such as a bank) and send fraudulent emails to trick people into providing personal information.
  • Vishing: Similar to phishing, but using phone calls instead of emails.
  • Skimming: Use of devices placed in ATMs or point-of-sale terminals to steal bank card information.
  • Physical identity theft: Obtaining stolen personal documents, such as passports or driver's licenses, to impersonate someone else.
  • Medical Impersonation: Using another person's medical information to receive treatment or medication, or to file health insurance claims.
  • Financial identity theft: Use of personal data to access accounts, carry out transactions, open new accounts or apply for credit on behalf of another person.

These are just a few examples, but the creativity and audacity of criminals mean that new impersonation methods are constantly emerging.


4. What risks do I run if someone steals my identity?

Being a victim of identity theft can have serious consequences. These are some of the risks you face:

  • Financial Damage: Criminals can drain your bank accounts, make purchases with your credit cards, or apply for loans in your name.
  • Credit problems: If impostors incur debts in your name and don't pay them, this could negatively affect your credit history.
  • Legal issues: You could be wrongly accused of crimes you did not commit if criminals commit illegal acts using your identity.
  • Problems with medical services: If someone uses your identity to getmedical care, the information in your medical record could be altered, which could result in incorrect diagnosis or treatment in the future.
  • Compromised reputation: Criminals may act in ways that damage your reputation, which could affect your personal or professional relationships.
  • Costs and time: Resolving phishing can be a lengthy and expensive process, as it may require filing reports, terminating accounts, and more.


5. What steps should I take if I think I have been a victim of impersonation?

If you suspect that you have been a victim of phishing, it is essential to act quickly. These are the recommended steps:

  • Alert your financial institutions and request that your accounts be frozen to prevent unauthorized transactions.
  • Check your account statements and report any suspicious transactions.
  • Filing a phishing report with the proper authorities.
  • Consider filing a fraud alert or credit freeze with major credit reporting agencies.
  • Change all your passwords, especially for bank accounts, email and social networks.
  • Regularly review your credit history for unauthorized applications or accounts.
  • Consider getting a credit or identity monitoring service to be alert for future threats.


6. What tools or services does SPY offer to help me prevent impersonation?

ESPIAMOS is a leader in security and counter-espionage, offering a range of tools and services designed to protect you against identity theft:

  • Protection Software: Technological solutions that alert you to unauthorized access attempts to your devices or accounts.
  • Encryption Devices: Tools that encrypt your data so that even if it is intercepted, it cannot be read without the correct key.
  • Courses and training: Education on the latest phishing tactics and how to prevent them, tailored for both individuals and businesses.
  • Monitoring services: Constant monitoring of your data and information on the web to detect and alert you to possible leaks or unauthorized use.

We recommend consulting directly with ESPIAMOS for a detailed and up-to-date list of their services and how they can help in your particular situation.


7. Are there any signs or indications that could alert me to an impersonation attempt?

Yes, there are several signs that can alert you to an attempted or successful phishing. Some of these signs include:

  • Unknown transactions: If you find unrecognized transactions on your account statements or receive invoices for products or services you did not purchase, someone may be using your identity.
  • Notifications of unauthorized changes: If you receive alerts of password or email address changes on your accounts, it is essential to act quickly.
  • Spam: Receiving credit cards or welcomes to services that you have not requested may be indicative of an impersonation attempt.
  • Suspicious calls or emails: If you are contacted asking for personal or financial information for no apparent reason, it is always advisable to be cautious and verify the identity of the requester.
  • Unexplained credit denials: If you're turned down for credit for no apparent reason, it could be due to damaged credit history by impersonators.

It is vital to always be vigilant and take proactive steps to protect your identity.


8. How can I protect myself against phishing online?

Protecting yourself online is essential in the digital age. Here are some tips to prevent online phishing:

  • Rob passwordsYou must: Use unique and complex passwords for each website or online service and change them regularly.
  • Two-Factor Authentication: Turn this option on whenever available to add an extra layer of security.
  • Avoid public connections: Do not conduct financial transactions or enter sensitive data when connected to unprotected public Wi-Fi networks.
  • Security Software: Install and regularly update antivirus and antimalware programs on your devices.
  • Site verification: Before entering personal information, make sure the website is secure by looking for the "https" in the address or the lock icon.
  • Be wary of suspicious emails: Do not click on links or download files in unsolicited or questionable-looking emails.

Always remember to be cautious and educate yourself on the latest threats and phishing techniques online.


9. Is it possible to recover my identity after being impersonated?

Yes, it is possible to recover your identity after being impersonated, although the process can be complicated and time consuming. Here are some steps you can take:

  • Notify authorities: Report the crime to the proper authorities so they can take action and help you in the recovery process.
  • Financial Institutions Alert: Contact your banks, credit card issuers, and other financial providers to inform them about the impersonation.
  • Monitor your credit reports: Request regular reports and review closely to identify and dispute any unauthorized activity.
  • Change all your passwords: Be sure to change the passwords for all your online accounts to prevent further unauthorized access.
  • Seek advice: Consider seeking professional help or organizations that provide support to victims of identity theft.

Although recovery can be a challenging process, with the right support and determined action, you can restore your identity and protect yourself against future threats.


10. What should I do if I receive suspicious emails or calls trying to get my details?

If you receive suspicious emails or calls, caution is essential:

  • Do not provide information: Do not disclose personal or financial information in response to an unsolicited or suspicious request, whether by email or phone call.
  • Don't click on unknown links: Avoid opening links or downloading email attachments that you didn't expect or that seem strange to you.
  • Verify the source: If in doubt, contact the entity or person who allegedly sent you the message directly, using known contact information and not the one provided in the suspicious message.</li >
  • Use spam filters: Make sure you have spam filters activated and updated in your email.
  • Report the attempt: Report fraudulent emails or calls to the proper authorities to help prevent future scams.

The key is to always be skeptical and cautious. Your security and privacy are at stake.


11. Is it safe to share personal information on social media?

Sharing personal information on social media carries risks. Although these platforms offer ways to connect and share with others, it is essential to be cautious:

  • Privacy Settings: Be sure to adjust your account privacy settings to control who can see your information.
  • Limit what you share: Avoid posting sensitive details such as your address, phone number, financial information, or data that could be used to impersonate you.
  • Meetto your contacts: Accept friend requests or connections only from people you know in real life.
  • Be wary of unexpected messages: Be wary of messages that ask for personal information or contain suspicious links, even if they come from "friends".

It is always best to err on the side of caution when it comes to sharing information online, especially on social media.


12. What laws protect victims of identity theft?

Laws that protect victims of identity theft vary by country and jurisdiction. However, many countries have implemented specific laws to combat this crime:

  • National Legislation: Many countries have established laws that criminalize phishing and related fraud. These laws often offer victims legal remedies and protections.
  • Data Protection Guidelines: In regions such as the European Union, the General Data Protection Regulation (RGPD) establishes guidelines on the collection, use and protection of personal data, offering rights and protections to people.
  • Consumer Protection Agencies: These organizations often offer resources and guidance to prevent phishing and help victims.
  • Breach notification requirements: In some places, companies are required to notify those affected in the event of a security breach that may have exposed personal data.

If you suspect that you have been a victim of identity theft, it is crucial to familiarize yourself with the laws and resources available in your jurisdiction and to seek appropriate legal advice.