Today, almost every Internet user has a profile in one of the social networks, something apparently innocent. However, we must adopt certain preventive measures to avoid being victims of the online identity theft, a crime that has increased in the last few years, and has mainly affected social platforms.


For some time, Carlos had been receiving messages from his friends that he did not understand: unreasonable greetings, appreciation from relatives, and even advices about how to overcome an illness. He did not give them importance until one day he received a bank notification. Unfortunately, he was informed he was not finally given the loan. Carlos started worrying: he had not requested any loan.

He discovered a social network profile that was using his personal data, pictures and information about his life. But there was a problem: even though the account was apparently his, Carlos had not created it.

Impersonating the name of a person, if it does not imply the publication of any image, is not considered a crime.

The cases of online identity theft have considerably increased in the last few years. As a result, every February, the Safer Internet Day (SID) is celebrated with the aim of teaching good ways of using the Internet. In Spain, diverse Security Offices have created special programs for this kind of online frauds. The National Institute for Spanish Cyber-Security (in Spanish, INCIBE) has been working for 12 years with the aim of teaching society to be aware of these situations and to know how to avoid and identify them.

I have had my identity stolen in a social network: what can I do?

  1. Gather all the existent information in the false profile (screenshots or conversations that the cybercriminal had, pictures, likes…). The more information gathered the better.
  2. Inform the social network where the crime has been committed so that the false account is closed. These platforms have a specific section devoted to this kind of crimes —it is convenient to search similar cases as they give greater credibility to those affecting more than one user.
  3. Report the case to the Spanish state security forces and bodies. You can personate or make an online report to the Spanish Civil Guard Group in charge of computer crimes, which gathers all kind of contents, as URL webs, blogs, tweets, etc.
  4. Inform the Security of the Internet-User (in Spanish, OSI) —entity dependent on the National Institute for Spanish Cyber-Security (in Spanish, INCIBE)

Why are the online identities stolen?

According to INCIBE, “the identity of a person, a bank, a service, a public institution, or a certain enterprise, among other entities, can be stolen”. No one is safe.

In the case of individual impersonation, the offender uses the personal information that the victims have published in Internet through all the platforms in which they are active so that a false account is created on their behalf. From that on, every fraud is possible in the online world.

The identity theft can cause loss of credibility, affect the reputation, and provoke economic losses.

These attacks to the personal identity range from the publishing of personal information or sending inappropriate messages to friends to spreading rumors that damage the online image of a person with the objective of extortion or request of a certain amount of money, in exchange of deleting the false profile. In the case of cyberbullying, a series of ads are published with the name, telephone and picture of the victim in different contact pages or sexual nature pages so that the victim receives obscene messages.

Trying to find mates in Internet is also a dangerous practice: “the cybercriminals usually create false profiles and, once they have gained the trust of the victim, they request him/her a money amount and, using threats, show compromising pictures or videos”, warns INCIBE.

The right to forget

In 2013, the EU stablished the juridical right to forget, whose objective is to delete the information published online that could gravely damage a person or enterprise.

According to the Spanish Data Protection Agency, every person or company that has seen their reputation damaged online through false or injurious information can request the right to forget. To achieve that objective, the links to these data are deleted from all the searching engines. The first step is to directly request to the data source the deletion of that information with the aim of avoiding its exposition in the searching engines. The second step is the law enforcement, including the possibility to report the case to the courts.

Other common frauds in Internet

The identity theft not only damages the person or enterprise whose identity is impersonated, but also those who trust in the veracity of the false profiles.

According to INCIBE, many frauds are made in the e-commerce sector, where “the products delivered are different to the ones purchased, the money amounts are higher than the agreed ones during the purchasing process, the delivery terms are not applied or the enterprise does not have any address or telephone to be contacted at, simply a contact form”.

To avoid risks, the best option is to access the pages from the browser, never from your email (INCIBE)

INCIBE makes special emphasis on the “false loans, at low interest rates, usually advertised in social network profiles in order to achieve a greater diffusion”. It also points out that “high amounts of money are offered at a low interest. They make the process via free email accounts, never under the name of a well-known enterprise. They request money in advance, alleging management costs, and they ask for Western Union o MoneyGram payments”. In these cases, the Security and Industry Incident Response Centre (in Spanish, CERTSI) facilitates the report of the frauds and closing of fraudulent pages.

Undoubtedly, Internet is one of the most powerful tools technology can offer, but it is necessary to adopt a cautious attitude when we make use of it. For this reason, several platforms have been created with the aim of discovering cases of identity impersonation such as Tineye, in charge of reporting the pages and networks where any image is published. These initiatives, together with the government’s support and users’ awareness, are the best way to put an end to the identity thefts in the digital world.