2. Knowledge base
  3. Cybersecurity Glossary

Last updated: 2025-12-10
See our solution:
Risk Management
Was this article helpful?
3 of total 3 found this helpful.

Digital identity theft happens when an attacker gains access to and abuses your digital identities, online accounts, or login credentials—such as email, social media, cloud storage, online banking, authentication tokens, or crypto wallet keys—to impersonate you, steal data, make unauthorized transactions, or otherwise cause harm to you or your business.

How does digital identity theft happen in a company?

  • Phishing / smishing / vishing — fake emails, texts, or calls that trick you into logging in or resetting your password.
  • Credential stuffing / password reuse — using the same password across sites lets attackers test leaked email+password pairs everywhere.
  • Malware / keyloggers — malicious software records keystrokes or steals session cookies.
  • Man-in-the-middle (MITM) — snooping on unencrypted traffic (for example, on unsecured public Wi‑Fi).
  • SIM swap — a scammer transfers your phone number to their SIM to intercept SMS codes and reset accounts.
  • Data breaches — large sets of usernames and passwords leaked from hacked services.
  • Abuse of OAuth / API tokens — third-party app permissions are misused.
  • Social engineering and account takeover — using personal info or tricking help desks to gain access.

How to tell your identity was stolen or misused?

  • Login alerts for sign-ins from new devices or locations you don’t recognize.
  • Password reset emails or texts you didn’t request.
  • “Sent” folder shows messages you didn’t send.
  • Messages or payment requests coming from your accounts.
  • You’re locked out because recovery info was changed.
  • Unknown apps or integrations connected to your accounts (OAuth).
  • Bank charges or purchases you don’t recognize.

How to protect yourself (user perspective)?

  • Use unique, strong passwords for every account (store them in a password manager).
  • Turn on multi-factor authentication (MFA) — prefer authenticator apps or hardware security keys (FIDO2) instead of SMS codes.
  • Regularly review login history and security alerts.
  • Disable autorun, avoid unknown USB devices, and keep systems updated.
  • Avoid public Wi‑Fi for sensitive activity unless you use a trusted VPN.
  • Review connected app permissions (OAuth) and remove what you don’t need.
  • Set a SIM PIN and ask your mobile carrier to enable a SIM swap/fraud protection flag on your account.
  • Store MFA recovery codes offline in a safe place.

How to protect as a company?

  • Use single sign-on (SSO) with centralized access management and conditional access policies.
  • Require MFA (ideally hardware security keys) for all sensitive systems and admin accounts.
  • Run regular phishing tests and security awareness training for employees.
  • Enable anomaly detection and logging, and maintain a clear incident response playbook.
  • Apply least privilege access and perform scheduled access reviews.
Recommended to know