Legally, the crime of digital identity theft was created through Law No. 2011-267 of 14 March 2011, or 'LOPPSI II', introduced in Article 226-4-1 of the French Penal Code. It is defined as 'the act of assuming the identity of a third party or using one or more pieces of data of any kind that could identify the party in order to disturb the latter's peace of mind or that of others, or to harm their reputation or social standing'. It is punishable by a one-year prison sentence and a €15,000 fine.
More to the point, identity theft consists of using information to impersonate someone without that person's consent. This can include their first and last names, as well as their email address or even photographs.... Such information can then be used for fraudulent purchases, as well as for blackmail or to damage the person's reputation. The scope of damage caused by identity theft is vast.
Two main phishing methods
Though criminals are very clever at extorting data from their victims, there are generally two main types of identity theft perpetrated online:
- Via e-mail: the scammer sends an e-mail to their victim. Very often, they use the logo of a public service or company and ask the victim to disclose personal data (usernames, passwords or banking information). This information is then used to access accounts and carry out operations using the victim's identity (transfers, taking out credit, subscriptions).
- Via fake social media profile: in this case, the online scammer poses as a person. It may be one of the victim's relatives or a very seductive stranger who suddenly makes the victim's acquaintance... The scammer will then ask the victim for money for various completely fictional reasons (need to unlock a phone number, buy a train ticket, etc.). In rarer cases, the stolen identity is used to damage the victim's reputation.
How can you fight back against digital identity theft?
If you fall victim to digital identity theft, you have the power to defend yourself. However, you must act quickly and methodically.
You need to change all of your passwords – and without delay. You must also contact the different platforms related to the fraud. They will be able to block the scammers' access and walk you through the process.
Gathering evidence will allow you to build a solid case. You should save the URLs of publications, take screenshots and print them. You can ask your Internet service provider for help. They can provide you with valuable data such as your browsing history, the address hosting a spoofed website, etc.
A report must then be filed. Public services will help and support you through this process. The https://www.cybermalveillance.gouv.fr/ website contains a number of tips and solutions for victims of digital identity theft.
Patience is sometimes required, as procedures can be lengthy. A digital identity theft trial can take up to 50 months, though on average the duration is around 18 months. However, completing this process is essential, as the victim may be awarded damages up to the amount of the loss suffered.
It should be noted that identity theft is based on security vulnerabilities that public and private organisations work to close on a daily basis. Major improvements have been accomplished in recent years. The coordinated implementation of digital identity ecosystems, guaranteed by the government, is putting criminals in a tight spot. Digital identities are now equipped with increasingly reliable security systems, and the goal is to make them just as difficult to forge as physical IDs, if not more so.