Warning: 1 in 10 people in the UK has been a victim of identity fraud. Will you be one of them?

Paul Chapman sifted through the usual mix of junk mail and bills at breakfast, opening a new letter from a mobile phone company. It was a demand for £178 for calls made from a new phone.

A phone he'd never ordered or used... Philip Cortocoro, got an email in his inbox welcoming him to a British dating site he had never joined. When he checked his credit card bill he found he'd been charged $200 for the privilege.

Both these men were victims of the world's fastest growing crime; identity credit card purchases, forged transactions and loans applications. A drop in the ocean compared to the millions who are affected by the same crime in the States. Many don't realise they've been targeted until weeks or months down the line - when the evidence turns up in cards and bank statements.

"Identity thieves only need very minimal information in order to steal an identity," says Charles Rudagard, head of product and services at Garlik. "To 'access' an identity, only three main particulars about an individual are needed; their name, date of birth and mother's maiden name. A thief can gain a victim's address through web sites such as 192.com. Their date of birth and mother's maiden name are then easily accessible from online births, deaths and marriages search engines."

How to steal a life

There are many methods thieves use to gather initial information. Neil Munroe, Chair of the Identity Fraud Consumer Awareness Group, points to an increase in attacks on big companies - like the recent revelation that hackers stole the details of close to 46 million payment cards from TJX, the company that owns TK Maxx. "Data breaches are quite common now," says Neil. "Employees may be bribed, planted or corrupted to steal data."

On a smaller scale, there are other 'real world' methods. 'Dumpster divigin' - scavenging through bins for discarded bill and documents containing personal data - is as old as fraud itself. Old-fashioned stealing play a part, too - with a nicked wallet or laptop providing all the data a dedicated crook needs. These days, the internet makes identity theft an even more attractive crime. "Once you have the right information, the internet makes it easier to use it remotely," says Maury Shenk, a partner in the Steptoe & Johnson law firm.

"The anonymity of the internet means that a criminal can trick users out of their personal details without knowledge of who they are really dealing with," says Detective Superinendent Russell Day, of the Met's Economic and Specialist Crime Command. A prime example of this is 'phishing'; the practice of persuading users to enter personal data into fake web sites, using spam email to lure in unsuspecting victims.

Geoff Sweeney, Chief Technology Officer of security software developers Tier-3 points out a more hi-tech threat. "Thieves use a variety of methods," says Geoff, "including highly sophisticated internet-based distributed 'malware' program attacks'" Geofff offers the example of the Gozi Trojan, a malware application that stole data from Secure Socket Layer transactions - like credit card form submissions.

Discovered in January 2007, the application was sent to victims using a spam email that featured a link to a fake Internet Explorer 7 beta download. Ironic, considering the enchanced security features the genuine IE7 offers to users.

Although identity theft is scary for the victim, the financial loss may not be the biggest problem. In the majority of cases, banks and credit card companies will cover your lossess.

The real hassle is cleaning up the mess afterwards. "It's not like someone stealing your TV," says Neil Neil Munroe, chair of the Identity Fraud Consumer Awareness Group. "When your identity is stolen, you've no idea when they'll stop using it."

Password access only

By switched to Windows Vista, you've already taken a very big step towards protecting yourself from identity fraud; many of its security features are embedded and enabled by default.

Dyanamic Security Protection is the name given to a variety of features that protect you from malicious software like worms, viruses and sites that phish for data.

These range from pop-up blocking and opt-in ActiveX controls to Internet Explorer 7's built in Phishing Filter. This connects you browser to a database of known phishing sites and can detect fradulent activitiy on sites that arne't yet listed. Be aware that the Phishing Filter is turned off by default - you'll need to enable it.

Internet Explorer 7 users on Windows Vista have an extra layer of security, with its always-on Protected Mode, designed to provide fortification against 'elevation of privilege' attacks, where malware programs attempt to change data on your machine without your consent.

Your browser works hand in hand with another Windows Vista innovation, Windows Defender. This adddition to your core tools is accessible from the Start menu. By default, it's scheduled to perform a scan on your system for malware at 2am every morning - but you can perform a manual scan by simply selecting Scan whenever you like, or change the scheduled time in Tools > Options. Windows Defender also works in the background as you work, alerting you to new threats as they happen.

If theives swipe your laptop or gain physical access to your machine, malware protection won't help. Password protecting your account will, though. Go to User Accounts in the Control Panel and make sure you've specified a password for your default account.

Users of Windows Vista Enterprise and Ultimate editions have the extra protection of BitLocker, a technology that encrypts a data partition on your hard drive using a key stored on a USB Flash drive or a Trusted Platform Module (TPM) installed in your machine. No one can access a BitLocker encrypted drive without the correct authentication, not even the law.

Microsoft is also working on ways to make online transactions safer, with Windows CardSpace - a system that stores encrypted personal data in a virtual 'ID card'.

Integrated into Windows Vista, your CardSpace cards are unique to you and are issued in a similar way to the security certificates that SSL web sites issue. You can also create your own cards. The main bonus is that CardSpace eliminates the need for passwords, which reduces the chances of identity theft through phishing. The technology is promising, but at an early stage, requiring more support from vendors to truly take off.

Identity theft is a serious threat to everyone. But with Windows Vista security features and a little common sense, you can do as much as possible to protect yourself from becoming another statistic.

Protect your personal data