More cases of identity fraud were reported last year than ever before, fraud prevention organisation Cifas says.
A record 172,919 incidents were recorded, with almost 25,000 victims aged under 30.
Most take place when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. In one case late last year, for example, a gang of identity thieves was able to steal £90,000 from a couple's pension pot and almost managed to sell their £500,000 home.
To do this, fraudsters need access to personal information such as their name, date of birth, address, their bank and who the victim holds accounts with.
And they get hold of this in a variety of ways, from stealing mail through to hacking; obtaining data on the 'dark web'; and exploiting personal information on social media.
A common technique is 'social engineering' where innocent parties are persuaded to give up personal information to someone pretending to be from their bank, the police or a trusted retailer.
Police forces warn over contactless fraud
"With nine out of ten identity frauds committed online and with all age groups at risk, we are urging everyone to make it more difficult for fraudsters to abuse their identity," says Mike Haley, deputy chief executive of Cifas.
"There are three simple steps that anyone can take to protect themselves: use strong passwords, download software updates when prompted on your devices; and avoid using public wifi for banking and online shopping."
PayPal users warned of scam
Cifas is concerned by the rise in younger victims - there was a 34% increase in the under-21s. It's calling for better education around fraud and financial crime and urging young people to be more careful about protecting their personal data.
So how can you keep yourself safe?
- Set your privacy settings across all the social media channels you use. And think twice before you share details – in particular, your full date of birth, address and other contacts details.
- Password-protect your devices, and keep them complex. Cifas recommends picking three random words, such as roverducklemon, and add or split them with symbols, numbers and capitals: for example, R0v3rDuckLemon!.
- Install anti-virus software on your laptop and any other personal devices and then keep it up to date. MoneySavingExpert has a recommended list here.
The four stupid mistakes that increase our risk of online fraud
- Take care on public wifi, as it's easily hacked or mimicked. If you absolutely have to use it, never access sensitive apps such as mobile banking.
- Download updates to your software when your device prompts you to, as they often add enhanced security features.
- Think about your offline information too: always redirect your mail when you leave home and try to make sure your letterbox is secure.