What is identity theft?

In an increasingly digitalised world, an open way of handling personal information makes it easier for "data thieves" to adopt someone else's identity and to abuse it for their own purposes. More and more cases of this so-called identity theft occur.

Here you can find out exactly what identity theft means, how you can protect yourself and which tools you can use to specifically defend yourself against it.

What Is an Identity Theft?
  • „Data thieves“ misuse private information, like addresses, dates of birth or bank account data, pretending to be someone else.
Which Types of Identity Theft Exist?
  • In most cases, identities are stolen in order to act specifically in the victim's name or to gain access to the victim's assets.
Which Consequences Can Identity Theft Have?
  • Identity theft can damage the victim's reputation, lead to debts or to notifications to credit agencies.

Which Tricks Are Used for Stealing Identities?

  • „Data thieves“ focus their activities on the Internet and use various strategies, like phishing, malware or viruses, in order to access personal information.
What to Do in Case of Identity Theft
  • In case of data abuse, you should immediately file a criminal complaint with the police, inform banks and credit rating agencies, and – ideally – involve a lawyer as a legal advisor.

How Can You Protect Yourself Against Identity Theft?

  • Handle your personal data sparingly! Only reveal as much personal information as is absolutely necessary.


Identity theft occurs when an unauthorised third person misuses personal data. In doing so, "data thieves" use stolen private information, like addresses, dates of birth, or bank account data, with the aim of pretending to be someone else.

Usually, the victims can go on using their own data and often need some time to understand that they have fallen prey to an identity theft. Therefore, "data abuse" is a fitting label, too.

In most cases, a "data thief" uses other people's personal data in order to buy goods or use services at their expense. In the broadest sense, the thief wants to gain financial advantages through assuming another person's identity.


Basically, two types of identity theft can be distinguished:

On the one hand, the identity of a stranger is assumed in order to carry out unauthorised actions in their name. This includes, for example, opening new credit card and bank accounts or concluding contracts.

On the other hand, the stolen personal data are used specifically for one's own financial enrichment in order to gain access to the assets of the person concerned. This happens, for example, when the "data thieves" plunder existing bank accounts or order goods online in the name of that person and have them delivered to their own address or a specific packing station.


Identity Theft on the Internet

Since transactions on the Internet usually take place completely without personal interaction, it has become much easier for "data thieves" to assume another identity with stolen personal information.

Unfortunately, the Web offers "data thieves" many opportunities to harm others: They can order goods and use services online, create fake profiles in social networks, misuse their identities in blogs and forums, misrepresent facts to their circle of friends and acquaintances, or even commit crimes under a false name.


Personal information in the hands of a "data thief" can cause great damage.

The consequences of an identity theft can be subdivided into the following core points:

  • You suffer financial damage.
  • Through notifications to credit agencies, your credit rating deteriorates.
  • Your good reputation is put at risk.

… and all of this through no fault of your own!


If you take a closer look at the consequences of data abuse, further undesirable effects are possible:

  • Your liquidity is affected; financial bottlenecks can arise.
  • Your creditworthiness is damaged.
  • Your personal effort to clear up the data abuse, so as to restore your good reputation and compensate for your financial loss, is immense.


What do these effects mean exactly? We will explain it to you in detail.


Your Liquidity Is Affected

If the "data thieves" gain access to financial assets, they can easily appropriate them without the knowledge of the person concerned. This includes bank and credit card accounts, savings or investment accounts.



While those affected learn relatively quickly what has happened when their bank account is looted, the situation is different with purchases on account. In the case of identity theft, for example, the "data thief" can enter a false billing address when ordering goods.

Here it is possible that, initially, the person concerned is completely unaware of the outstanding debts and also of the deterioration of his credit rating that will likely result from it. However, if the victim is about to make a major investment, such as buying a property or a car, the misuse of data will be noticed at the latest when applying for a so-called self-disclosure at a credit agency.


Your Personal Effort for Clarification and Financial Recovery

Before the data abuse and its consequences are largely clarified and reversed, there is usually a long and arduous road ahead. Depending on how much damage the identity theft has caused by then, the consequences will be felt for months or years to come. Handling your personal data sparingly and securely, on the other hand, is the most effective means of protecting yourself.


"Data thieves" usually take on a false identity, they pretend to be an IT administrator, for example, in order to gain easy access to sensitive personal data. While it is true that everyone is keen to protect their personal information and passwords, data misuse, on the other hand, is not always due to their own fault or carelessness.

In order to get to sensitive information, data thieves use:

  • Data leaks in companies,
  • fake web sites, e-mails and SMSs,
  • malware on end devices, smartphones, and apps,
  • insecure networks and connections.


If a data leak has been spotted in a company, "data thieves" can gain access to sensitive personal data, just as names, postal and e-mail addresses, dates of birth, phone numbers and even passwords. Time and again, "data thieves" forge websites or e-mails so that unsuspecting users voluntarily enter their passwords, PINs or TANs via the user interface. A phenomenon almost as old as the Internet itself are viruses and other malware, which are often spread via file attachments to e-mails, visits to websites, or fake messages in social networks. These programs then spy on the users' moves on the Internet in order to collect a wide range of personal data. A regularly updated anti-virus software is an effective counteragent against this. You should also keep an eye on your firewall and network security at all times.

Likewise, you should be wary of some programs that have been developed directly for mobile terminals. Some free apps gather an unnecessarily large number of personal data and transmit them to the respective provider. In most cases, however, this only serves the purpose of displaying personalised ads so as to address the user in the best possible way.


Last but not least, you should avoid insecure networks and public WLAN connections at all costs when entering personal information and passwords on the Internet. Only visit those websites that offer secure encryption of personal data, i. e. an "https" encryption. Nowadays, good antivirus programs and browsers automatically block connections to unsafe websites.


If identity theft has actually occurred, or if there is at least a suspicion of it, it is important to act quickly. The sooner the data misuse is reported to the relevant institutions, the greater the probability of catching the "data thief" and keeping the damage as low as possible.


  • Inexplicably, amounts are withdrawn from your bank account.
  • Companies or credit institutions make unknown demands for payment.
  • Personal passwords are no longer accepted for a user account; the user account may have been locked.


Rule number one in the event of (suspected) identity theft: Act immediately!

If you yourself could be affected, you should not hope for a mishap, but make an immediate effort to have the corresponding accounts and accesses blocked. Even with services that are not affected for the time being, but which offer an increased risk of data misuse, you should change the passwords immediately!



1. File a Criminal Complaint with the Police

If there is a risk that you have become a victim of data abuse, it is recommended in any case to file a criminal complaint with the police. If the "data thief" is not known by name, the criminal complaint will be filed against "unknown". The police will then do their utmost to identify the perpetrator.

Please obtain a copy of the criminal complaint filed. You should keep this well and, if necessary, forward a copy of it directly to the creditor, the social media portal, the bank or other affected third parties as proof of the identity theft. In this way, you make it possible and easier for those stakeholders to look into the situation.

2. Inform Credit Agencies about Data Abuse

Credit agencies have special departments that deal with fraud cases; you should inform them about the misuse of your data. This is because they have the possibility to send fraud alerts for affected accounts to their contractual partners.

As a consequence, banks and lenders must first obtain permission from you as the person concerned before your credit line can be extended. In order to have a fraud alert created, it is usually necessary to provide the credit agencies with a copy of your identity card as well as a copy of the criminal complaint filed with the police. Please do not hesitate to do this! The credit agencies help you in protecting yourself from further financial damage.

3. Contact Financial Institutions

Of course, you should also inform banks and lenders as soon as possible - preferably in person or by telephone - about the misuse of data. In order to be able to present proof later, it is advisable to submit the facts in writing afterwards and to immediately report unlawful transfers and debits as well. Document anything remotely suspicious to the best of your ability.

4. Seek Legal Advice

If the situation threatens to become too complex or the damage so high that you can hardly set things to rights on your own, a lawyer will help you. Do not hesitate to seek legal help if you are overwhelmed by the situation. At the latest when it comes to the question of who will pay for the damage caused, legal assistance is appropriate. If criminal or civil proceedings are instituted, your legal expert will stand up for your rights.


Important: As a matter of principle, it is essential that you keep all statements, transcripts and copies related to the identity theft carefully. These are important to protect yourself from false accusations!


5. Collection Proceedings Already in Progress? Get in Touch!

If you are a victim of identity theft and have therefore received mail from us, please contact us directly. Only through your feedback can we clarify the matter for you and thus avoid further costs and inconvenience for you!


In Germany, identity theft is not included as a separate criminal offence in the Criminal Code (StGB). However, it can still be punishable under certain conditions. Relevant offences are often fraud (§ 263 StGB), computer fraud (§ 263a StGB), forgery of documents (§ 276 StGB), falsification of data relevant to evidence (§ 269 StGB) or spying and interception of data (§ 202a StGB).

In addition, companies can also be liable to prosecution if they lose personal data of their customers through a data leak or pass them on to third parties without permission in the event of a data breach. Unfortunately, however, the probability of catching a "data thief" is often low. So the only thing you can usually do is file a criminal complaint against "unknown", process all unauthorised claims, have any affected accounts blocked and inform all affected third parties about the identity theft.


No one can protect themselves one hundred percent from identity theft. However, you can significantly reduce the probability of becoming a victim of data misuse if you observe some crucial rules of conduct. Here, we point up some simple, but effective protective measures, which you can implement immediately and successfully.



Personal data that do not fall into the hands of third parties cannot be misused. Data economy is the keyword here. Only disclose personal data that are absolutely necessary!

Pay close attention to whom you entrust your personal data to. How reputable is the website? Take a look at the imprint, the information on data protection (keyword: GDPR) and the ratings of other consumers. Check whether the personal data requested are necessary at all for the further use of the service or whether a disproportionate number of queries are made.

Example online shop: If you do not have to indicate your date of birth when ordering something from an online shop, do not provide it.

Example fake e-mail: Beware of dubious e-mails and phone calls - no reputable company asks for confidential personal data, such as passwords, addresses, or dates of birth, in this way.



When it comes to revealing your personal information, your motto should be: As much as is necessary, as little as possible!


How you can protect yourself against identity theft.

Choose strong and secure passwords!

Use different passwords for different platforms. Do not include your family name, your birth data or your pets' names.

Ideally, every password has at least 10 characters: letters, numbers and special characters.

Change important passwords from time to time in order to keep your protection on the highest possible level.

Keep your financial data in sight and under control!

Check your bank account statements and credit card billings at least once per month. In this way, you will easily detect unauthorised debits and can react to them in time.

Keep devices and operating systems up to date!

System updates are regularly provided for computers and mobile devices – make sure to install them without delay. This will remedy systemic vulnerabilities as soon as possible.

By always keeping the operating system, the Internet browser, and the anti-virus software up to date, you can protect yourself in a simple and very reliable way against attacks via the Internet. The updates close security gaps and keep viruses, spyware, and dubious websites away from the device and thus your home network.

Carefully destroy documents including personal information!

Whenever you need to destroy documents containing personal information, such as name, address or even your bank account number, you should always proceed with care.  

These documents include addressed envelopes, parcels, advertising leaflets, and catalogues, but also and in particular expired identity documents, bank or insurance cards.

Simply disposing of them via wastepaper or even residual waste is not safe enough – the best thing is to shred them!

Use unknown WLAN connections and devices with caution!

Many facilities and shops offer public and free WLAN networks.

However, especially those WLAN connections that do not require a password result in unencrypted data traffic of their users; this, in turn, can easily be intercepted by criminals. In such cases, it is advisable to use encrypted connections on one's own end device.

As a general rule, it is advisable never to access websites for online or credit card banking on foreign devices or in public WLAN networks.

Secure your personal documents!

It is best to store important financial documents and personal documents in lockable cabinets or drawers.

For very important documents, it is advisable to rent a safe deposit box or at least to store them at home in a safe.

Use Two-Factor Logins!

More and more online services are relying on the advantages of two-factor authentication. Here, you receive a confirmation code - usually by SMS or e-mail to your smartphone, less often by means of a phone call. This code must be entered in addition to the password when logging in or carrying out a transaction.

If one's user data are secured in this way, they are protected even if the access data should fall into the hands of a "data thief". Two-factor authentication provides an optimal level of security for making online transactions.

Keep an overview of your personal data!

Of course, you have a right to know which personal information about you is circulating on the Net.  

A lot can already be found out with the help of search engines. But you can also ask companies directly which data they have stored about you. This is called self-disclosure.

If the stored information is incorrect or outdated, you have the right to demand the deletion or correction of the data.

Check your apps and services!

Before downloading an app, you should take a close look at which functions and personal data it wants to access.

Be careful when dealing with free apps, as they are often financed not only by advertising, but also by gathering and selling personal data.

If in doubt, fall back on an alternative app or inform yourself online whether you can trust the desired app to be on the safe side. 




Identity theft or data misuse is a criminal offence that can have serious consequences for you as the person affected. If you suspect that you have already become the victim of identity theft, it is important to act quickly. Please do not hesitate to file a complaint with the police. If a major loss has already been incurred, it is advisable to consult a lawyer for legal assistance.

To prevent this from happening in the first place, you should handle personal data very sensitively and extremely sparingly. Please use the protective measures mentioned above to make attacks more difficult and unattractive for fraudsters.




If you are a victim of identity theft and have therefore received mail from us, please contact us directly. Only through your feedback can we clarify the matter. Contact us so that we can avoid further costs and inconvenience for you!