Hopefully, you have already read part one of this series of blog posts on identity theft. Following on from the initial post which gave a primer on identity theft, this second part covers how identity theft is perpetrated.
Before jumping into the meat of this post, take a look over some of these facts, they demonstrate very clearly that identify theft and cybercrime in general, is a major issue, and one that is trending upwards.
A recent survey undertaken by Eurobarometer in Ireland, demonstrated that a third of the 1,000 people who took part, had been the victims of some form of malware attack. Further facts uncovered included:
And when it comes to identity theft, 9% of the people who took part had been the victim of this cybercrime. This is almost 1 in 10 people.
All cases of identity theft share one common similarity. That the cybercriminal was able to gain access to some critical piece of personal information, which allows them to begin the process of stealing an identity. There are many ways that we expose our own personal data to the risk of loss, including:
Additionally, we often trust a third-party to maintain our digital data securely. And whilst we are all fully responsible for the risks outlined above, these we have very little control over:
Of course, there are far more risks than these we have covered above; these are simply the most common.
You don’t need any special skills, or even much technical knowledge to steal a person’s online identity. All it takes are basic Internet skills and a lot of patience. Depending on the target, it could be done in less than an hour.
Identity theft begins with a fact-finding mission. The cybercriminal will try and learn as many facts about the victim as they can. This is shockingly easy to do. Sites such as Facebook and Twitter can provide information such as the names of family members and pets, the bank you use, where you work, the significant dates in your life (birthdays, anniversaries, etc.), your favourite restaurants, the kind of TV shows you like, and the list could go on and on.
Other sites, such as those that provide a database of criminal offences, county court judgements, bankruptcies, etc. can also provide good data.
Simply plugging a person’s name into a Google search can often bring back masses of information about a person, especially if they are a prolific blogger, or maintain active profiles on services such as Spotify.
Once the cybercriminal has enough information about you, they then have many options open to them. They can use the information to try and gain access to services such as Gmail. How many sites ask us to set security questions such as, “What was the name of your first pet?”, “What was your Mother’s maiden name?”, or “What was the name of your first school?”. It is very simple to see how a person, knowing the kind of information about a person that would be used to answer these questions, can very easily gain access to such services.
Another option is that the cybercriminal can use the information that they know about you, to try and gain information in another way. For example, if an identity thief were trying to gain access to your online banking. If they know enough about you, they could call your bank, and do a sufficient job of convincing the people on the other end of the phone that they are you.
All a cybercriminal needs to carry out identity theft is a computer/laptop and an Internet connection. No special devices or specialised software is used at all. That’s not to say that a well-rounded cybercriminal won’t have tools at their disposal that they use for other purposes, which could help with identity theft. Tools such as a network packet sniffer, or a brute force password hacking application.
No discussion of identity theft would be complete without mentioning the Dark Web. This is a small, hidden, private network of websites that are not typically accessible unless you know exactly where to find them. They don’t appear in search engines, and they work in a slightly different way to standard sites.
The Dark Web is the wild west of the Internet, with no policing or moderation. It has been used for everything from dealing drugs to hiring a hitman. A massive amount of information of interest to identity thieves is available for free, or for trade on the Dark Web. This is also where identity thieves sell identities that they have already stolen. Criminals pay an average of $160.15 to obtain an online banking account, and they can access other accounts for much cheaper according to this article by NBC News.
This second part of our series on identity theft has hopefully demonstrated how shockingly simple it can be to steal a person’s identity, even if they have taken steps to protect it. The take away here should be that although there are things you can do to protect your own digital identity, we all rely on multiple third-parties to “keep their end of the bargain” and make sure they store our critical data securely.
For the next part, we will give you tools on how can you assess yourself and find out if your Identity has already been compromised. Check back next week to find out!