Personal data

Address trading

Address trading is a component of direct marketing and represents the analogue form of individualist advertising. The aim of address trading, also known as list broking, is to expand the customer base through potential customers by means of advertising in the form of flyers, vouchers and the like. Companies turn specifically to address brokers, who provide not only private addresses but also company addresses. If a certain target group is aimed at, it is possible to include certain criteria in the creation of the address list. For example, only addresses from certain neighbourhoods and streets can be passed on. No consent is required from the persons concerned, so the trade in addresses and customer data is not illegal (according to §28 BDSG). This concerns both the purchase and the sale.

Phishing

Phishing describes the fishing of access data and identities directly from the person concerned. In the process, victims are requested to enter access data on a website via a link in an email or also via SMS. This website was created specifically for phishing the data and often looks confusingly similar to the corresponding legitimate site. The data entered is then intercepted by the fraudsters and used for their own purposes. It is not uncommon for bank websites to be copied for this purpose. If bank data is actually entered, the fraudsters have the opportunity to transfer money or even steal the identity.

How can I recognise phishing emails? 

• Watch out for spelling mistakes - texts are often translated mindlessly using translation programmes. This results in strange characters, unconverted umlauts, forgotten letters or even incorrect punctuation.
• A certain urgency is conveyed to those affected. The aim is to act quickly to avoid consequences such as the blocking of the account.
• The text may be in a foreign language. If you are not a customer of a foreign company, you should be sceptical.
• The lack of a direct personal form of address is also conspicuous. Fraudsters often resort to the formulation "customer" or "user".

How can you protect yourself from phishing? 

Many anti-virus programmes warn victims of the phishing website. The computer or browser can also warn of such a danger. It is important that all available security updates are installed. This applies to the computer as well as the anti-virus programme and the browser.

A certain amount of scepticism also helps. If you do not know the website or if there are strange characters in the URL, you should not click on the link and certainly not enter any data.

If the phishing is particularly disguised, it is also called pharming. When entering the URL in the browser, the victim is redirected to a fake website. A conspicuous feature is a request to enter new data and numbers in the URL.

The following applies here: secure websites usually begin with "https" and have a small lock in front of the URL.

Data trading

Data trading is a lucrative business in which customer data is sold to companies. The seller makes a profit and the buyer has a list of potential new customers. In return, companies send out advertising material to expand their customer base. This approach is called direct marketing. The most widespread form is address trading.

Often, such an intention to sell is announced in a privacy policy, which is usually accepted by data subjects without being read. This consent makes it legal to resell the data of the data subjects. An exception is special personal data such as health data. These may only be stored, used, processed or even passed on in very rare exceptional cases.

Identity theft

If third parties access personal data with the aim of misusing it, this is called identity theft. In this case, third parties can shop online under false names or even book money from a person's account to their own. The person concerned is still able to use his or her own identity.

How can it be determined whether the identity has been stolen? 

Clues that point to identity theft are:

• Login to a supposedly genuine website using password and email is not possible,
• Receiving payment requests or reminders for orders that have not been placed,
• Debit entries on the account by unknown companies,
• Or also claims from debt collection agencies for the settlement of outstanding sums

How should you react to identity theft? 

• Report to the police, this is often a prerequisite for having accounts blocked.
• Contact the companies concerned and report your identity theft.
• To avoid negative entries, you should also inform Schufa.
• If you have not already done so, change all passwords.

What are the penalties for identity theft? 

Identity theft is not a specific offence in Germany. Consequently, there is no specific punishment, but fraudsters are liable to other criminal offences. For example, forgery of documents according to §267 StGB or false suspicion (§164 StGB), if crimes are committed online under another name. This has legal consequences for the perpetrators in the form of fines and imprisonment (up to 10 years). However, this only applies insofar as the perpetrators can be identified.

How can you protect yourself from identity theft? 

• Use strong passwords - pay attention to criteria for strong passwords (length, characters used).
• Do not share your passwords, and it is not advisable to write passwords on loose leaf. Instead, use an online password manager.
• Activate two-factor authentication for important accounts. By leaving a mobile phone number, you will receive a confirmation message every time you log in to your account.
• Watch out for phishing emails and do not respond to them.
• Keep your computer up to date and perform the security updates.
• Anti-virus programmes also contribute to protection.