The How What and Why of Identity Theft | Spector
Spector
Cyber Security

The How What and Why of Identity Theft

Published 21/01/2019
IT Support Ireland
Photo by rawpixel on Unsplash

Estimated Reading Time: 4 Minutes
Since 2012, the number of cases of identity theft has risen each year. What does this trend demonstrate? That the victims are becoming more susceptible to identity theft, or that the thieves are getting smarter? Our findings show that both are true.

Personal data is available everywhere, from profiles scraped from social networks to corporate data breaches, and criminals are able to use this data against users on a larger scale than ever before. They are generally multiple steps ahead of people and companies that are not prepared for them.

Below, you will find the first part of a series of posts, that will take a deep dive into the issues of identity theft: what it is, how is it done and how can you assess and protect your identity. In this introductory post, we cover the bare essentials that everyone needs to know about identity theft and how digital criminals use it to enable a number of crimes.

If you prefer to read it in PDF, our Essential Guide on How to Avoid Identity Theft is also available for download. 

What is Identity Theft?

Recently, we have seen an example of mass identity theft being used to blackmail victims into buying Bitcoin from the criminal. The Sextortion Scam” works by emailing victims their password, so that the victim can clearly see that the extortion attempt is not fake. The victim is then threatened by telling them that unless they purchase a number of Bitcoin, the thief will email compromising pornographic pictures to their entire address list.

“Your password is XXXX. Want to know how I know this?”

In its simplest form, identity theft will be deemed to have occurred whenever a criminal illegally gains access to a person’s personal information and uses it to “spoof” the victim’s identity for nefarious purposes.

The cyber criminal will target data such as ID number, Personal Public Services Number, bank account numbers and credit card information. This data is then used in a variety of ways, such as renting vehicles, applying for credit cards and loans, opening bank accounts, etc. All of these transactions will appear to have genuinely been made by the victim, who will then be financially accountable for them.

This is the classic form of identity theft. Unfortunately, criminals have diverged from this model, evolving new, more complex scams that target particular end results.

What Forms can Identity Theft Take?

In the modern digital age, identity theft takes many different forms. Many of which have very specific goals. Below, is an overview of the most common types of identity theft:

  • PPSN theft – the criminal will capture the victim’s PPSN, and then use it to embezzle finances from the victim by assuming their identity. Or they may use the PPSN as a stepping stone to applying for other documents such as a passport.
  • Financial theft – the criminal will capture key financial data, such as credit card information. This data is then used to procure additional finances, such as applying for new credit cards, personal loans, or taking on high ticket price items such as cars under a finance agreement, which they then resell.
  • Criminal activities – the criminal will use a spoofed identity if they are caught perpetrating some form of crime.
  • Medical/insurance – the criminal will use the social security number, other medical identification numbers, or medical insurance data, to obtain medical services and treatment, which the victim will have pay for.
  • Driving offences – the criminal will use the driving license of the victim to avoid being prosecuted for any number of driving offences.

These are the most common forms that identity theft can take, there are more, although none as prolific as these above.

Who Perpetrates Identity Theft and Why?

An important aspect of understanding digital identity theft is knowing how the end-to-end process of stealing an identity works. From initial data theft, through to gaining benefit from this data illegally, generally involves several parties. Most usually, the person responsible for stealing the identity will intend to sell it on to other criminals, who will then use it themselves in one of the ways outlined in the previous section.

This makes tracking down the initial perpetrator of identity theft very difficult. More usually, the criminal using the identity for illegal purposes will be caught, with the original identity thief remaining at large.

Indeed, many of the hackers who successfully gain access to the kind personal data required to spoof an identity, live in countries far removed from the victims’. The identities they have stolen have little value to them as a digital asset. Their only value is in selling them on to criminals near their regions.

Protecting Your Digital Identity

Your main weapon in the war against identity theft is common sense. Obviously, never share your passwords with anyone, as the human factor is one of the most likely to cause a leak. Even if you trust them implicitly, they may mistakenly expose your passwords to identity thieves. Of course, using technology such as malware detection applications is highly beneficial as well.

Another option, one that is gaining traction, is to use two-factor authentication for key websites such as online banking, email access, etc. Using two-factor authentication involves having a unique passcode sent to your cell phone as an SMS message every time you log in to a site.

We have a lot more detailed information available for download, including specific tools and techniques recommended against Identity Theft. If you want to dive deeper into this topic, make sure to check our Essential Guide on How to Avoid Identity Theft.

The threat of identity theft will not be going away anytime soon. Each year, the cybercriminals become more proficient, and the task of preventing cyber crimes becomes more complex. Believing you will not be a target is very much like hiding your head in the sand until the threat passes by. You need to take responsibility for protecting your own critical private data by adopting best practices, training your staff and hiring specialists, tools and insurance to minimise the risk of identity theft.

What’s Next

This has been a general introduction to the topic of identity theft and hopefully has left you with a basic understanding of the concept. If you are ready to learn more about this critical topic, please check the following articles in the series, or download our PDF Guide:

Part 2: How Identity Theft happens
Part 3: How can you find out if your identity has been stolen
Part 4: My Identity has been stolen, what to do now?
Guide: Essential Guide on How to Avoid Identity Theft

Thank you for reading.

Back to articles list