Who Stole My Face? A story of identity theft and how it changed my online behaviour

By Simon Greig, Executive IT Architect, Global Business Services, IBM UKI


We are constantly faced with headlines warning us that “identity theft is on the rise” and is reaching “epidemic levels.” There is a frightening truth to most of these statements, yet how many of us can say that with every social media upload, every time we provide an online form with our home address or even share our surname, we consider “Who else could be interested in my personal information?”

Our identity, our personal life and consequently, our personal data is at risk of being exposed at any time.  With Safer Internet Day being marked today, I wanted to share my story of identity theft and how it changed my relationship with the internet.

Lifestyle and headshots

Photography has always been a hobby of mine. Never too shy to share my latest shots or projects with family and friends, I discovered that there are websites out there offering payment for stock images which meant I could receive some passive income for my hobby. I researched some of these stock image sites and later set up an exchange for a selection of my lifestyle and headshot images.

From this point I was a victim of identity theft – and I only realised after receiving an email about a particular camera lens that I had apparently “recommended.” It transpires, the one public photo exchange I made had made its way to a US retailer selling fraudulent photography accessories. My photo, my name and a fake signature were all used online to endorse a product – which was listed at 10 times the recommended retail price! I realised I had no idea how many times my photo had been used without my authorisation.

In websites we trust

We rely upon the good faith of the sites and online services we engage with – that they have adequate security measures built-in. We expect those sites to be custodians of our data because we enter into a contract with them, either explicit or implied, and that assumption is a risk in itself.

Whilst it’s important to have this trust, we must also take responsibility ourselves and ensure we are following the most up to date advice and recommendations to keep our data safe. Are we properly reading the terms and conditions of the sites we are choosing to share our information with?  If someone gets access to our data, how securely have we protected that data so it’s not a route in to obtain more information?  Are we thinking about up to date ways to protect ourselves such as using digital vaults to store passwords, or using biometric verification for example?

Our relationship with data

With legislation such as the GDPR very quickly coming into force, we may start to notice that we have much more control over our own data, with concepts such as the right to be forgotten coming into play.  How we manage our personal data will have a lot to do with how we view data, how important we think it is and how much we care about it.

Today, it is very unusual to find anyone without a digital footprint and my example shows that identity theft can happen to any of us. From our image on social media platforms to other personal data we may have released online, once it’s out there it’s difficult to track or delete properly.

Authentication and behavioural change

The internet has changed the world around us, and forensic cyberpsychologist Dr Mary Aiken argues it is also shaping our development, behaviour and societal norms.  Following my experience with identity theft, I have revisited how I share my information and also which information I deem as shareable.  I am also much more aware that we are in a new era of authentication and website owners, as well as individuals, can do a better job at protecting themselves online.

To learn more about Security, visit securityintelligence.com