Despite stronger data‑protection laws, identity theft continues to rise; the Irish Data Protection Commission received 11,200 new cases from individuals in 2023, representing a 20% increase on 2022. Knowing how thieves gather and exploit your data is the first step to shutting them down.

The evolving tactics behind identity theft

1. Digital habits that expose you to identity theft

Risky Behaviour – Re‑using passwords across sites

• Why it matters – One breach can unlock many accounts
• Quick fix – Use a password manager and create unique, 14-character passphrase.

Risky Behaviour – Public‑Wi‑Fi without VPN

• Why it matters – Unsecured traffic is easily intercepted.
• Quick fix – Enable a business VPN like Microsoft Tunnel.

Risky Behaviour – Oversharing on social media

• Why it matters – Personal details can be used to guess security questions.
• Quick fix – Lock down privacy settings; remove birthday & pet names.

Read: Irish DPC – Top Tips for Protecting Your Data When Remote Working 

2. Offline channels thieves still exploit

1. Lost wallets & devices – A driving licence and card in one place can facilitate fraudulent loan applications.

2. Dumpster diving – Discarded documents like pre-approval loan letters can be misused. Always shred sensitive documents.

3. Mailbox fishing – Intercepting renewal notices to capture Personal Public Service (PPS) numbers.

3. Online techniques that fuel modern identity theft

3.1 Phishing & vishing

Sophisticated emails or AI-generated voice calls can deceive staff into revealing sensitive information, such as payroll files.

3.2 Data‑broker leaks

Marketing databases often resell phone numbers and demographics. Criminals combine this data with breached credentials from sources like Have I Been Pwned to build comprehensive profiles.

3.3 Dark‑web marketplaces

Personal details, including names, dates of birth, card information, and PPS numbers, are traded on the dark web. (CrowdStrike Threat Report 2025).

4. Step‑by‑step: how a thief builds a stolen identity

1. Harvest public info – Gather details from LinkedIn roles and Facebook profiles.

2. Phish corporate e‑mail – Gain access to payslips and expense receipts.

3. Combine with leaked credentials – Utilize data from breaches like Ticketmaster or MoveIt.

4. Open digital‑only bank account – Bypass in-person Know Your Customer (KYC) procedures.

5. Apply for credit – Purchase goods and have bills sent to a fake address.

6. Exit – The victim discovers the debt months later.

More than 320 cases of suspected identity fraud have been referred for investigation by welfare inspectors.

5. Warning signs your identity may be compromised

• Unrecognized transactions or Buy Now, Pay Later (BNPL) accounts.

• Notifications from Gardaí about found documents.

• Bank letters sent to an old address.

• Email alerts stating, “Your password appeared in a new breach.”

Immediate Actions:

• Freeze cards.

• File a police crime report.

• Raise a notice with the Credit Bureau.

Read: 10 Places Where You Should Never Give Your Social Security Number

6. Five‑layer defence strategy against identity theft

Layer – Password hygiene

• Tool/Action – Use Bitwarden or 1Password with passkeys.

Layer – Multi‑factor authentication

• Tool/Action – Implement FIDO2 keys for email, banking, and revenue.ie.

Layer – Dark‑web monitoring

• Tool/Action – Set up automatic breach alerts via Microsoft Defender for Business.

Layer – Credit monitoring

• Tool/Action – Request a freeze from the Central Credit Register.

Layer – Security‑awareness training

• Tool/Action – Conduct quarterly phishing simulations using platforms like KnowBe4.

Read: How can our Cybersecurity Services help you?

7. What to do if identity theft strikes

1. Contact banks & credit‑card issuers – Block compromised accounts.

2. Report to Garda National Cyber Crime Bureau – Obtain a case number.

3. Notify the Data Protection Commission: Especially if corporate data is involved.

4. Document everything: Keep records of all interactions and reports

Read: Identity Theft and Online Security

8. Emerging trends to watch in 2025

• Deepfake video KYC fraud – synthetic faces pass remote onboarding.

• QR‑phishing (quishing) – malicious QR codes on parking meters.

• AI chat‑bot scams – fake support agents extracting ID photos.

Stay alert, update this identity theft checklist twice a year and audit new apps before sharing data.

Protect your organisation from identity theft today

Spector IT’s Business Protection stack combines breach monitoring, MFA roll‑out and staff training—reducing credential‑phishing. Book a free 30‑minute consultation call and receive a personalised report.

Post updated on – 07/05/2025