Skip to content

Services, Wiki-Artikel, Blog-Beiträge und Glossar-Einträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen
Bedrohungslandschaft Glossary

Identitätsdiebstahl

The unauthorized theft and misuse of another person's personal information—to enter into contracts, make purchases, commit crimes, or harm others in that person's name.

Identity theft (also known as identity fraud) refers to the unauthorized use of another person’s personal information without their knowledge or consent. In the digital world, identity theft is one of the most common forms of cybercrime.

What information is stolen?

Personal identification information:

  • Name, date of birth, address
  • ID card/passport number
  • Social Security number / Tax ID
  • Health insurance number

Login credentials:

  • Email addresses and passwords
  • Banking credentials, credit card information
  • Social media accounts

Company-related data:

  • Company names and business registration numbers
  • Business account credentials
  • Employee identities (for BEC attacks)

How Identity Theft Occurs

Data Breaches: Millions of pieces of identity data are stolen during hacks of major platforms and sold on the dark web. HIBP (Have I Been Pwned) catalogs over 13 billion compromised accounts.

Phishing: Victims are tricked into voluntarily entering their data on fake websites.

Social engineering: Phone scams, fake government agencies, and fake support staff.

Malware (Stealers): Malware (RedLine Stealer, Raccoon) steals credentials, cookies, and credit card data directly from the infected device.

Physical: ATM skimming, letters stolen from mailboxes, stolen wallets.

Damage Caused by Identity Theft

Financial:

  • Unauthorized debits from accounts and credit cards
  • Taking out loans and credit in the victim’s name
  • False tax returns (tax refund fraud)

Reputational damage:

  • Criminal offenses committed in the victim’s name
  • False job applications, fake profiles

Time commitment: Cleaning up identity theft takes an average of 6 months to 2 years and requires contacting government agencies, banks, credit bureaus, and courts.

Protective measures

Digital hygiene:

  • Strong, unique passwords (password manager)
  • Multi-factor authentication everywhere
  • Monitor email addresses for HIBP compromises
  • Recognize and report phishing emails

Data Caution:

  • Share personal data sparingly
  • Be skeptical of unsolicited contact attempts
  • Secure your mailbox, shred documents

Monitoring:

  • Check bank statements regularly
  • Credit monitoring (SCHUFA, Bonify)
  • Identity protection services (offered by many banks and insurance companies)

What to do in case of identity theft?

  1. Police: File a police report (necessary for many subsequent steps)
  2. Bank: Freeze accounts, block cards, dispute unauthorized transactions
  3. SCHUFA/Credit Bureaus: Dispute incorrect entries
  4. Authorities: BSI, Consumer Advice Center, data protection authority if applicable
  5. Digital Accounts: Change all passwords, enable MFA, terminate compromised sessions

Criminal Law: Identity theft as such is not a standalone criminal offense, but the associated acts (computer fraud § 263a StGB, forgery of documents § 267 StGB, obtaining services by deception § 265a StGB) are punishable.

Civil Law: Victims may claim damages. In cases where GDPR data breaches are the cause: claims against the affected company are possible.

AWARE7 Services on This Topic

Security Awareness Training
Back to Glossary Book a free consultation