The How What and Why of Identity Theft [Part 1]

Identity Theft
Photo by rawpixel on Unsplash

Since 2012, the number of cases of identity theft has risen each year. What does this trend demonstrate? That the victims are becoming more susceptible to identity theft, or that the thieves are getting smarter? The simple truth is that the cybercriminals are generally one step ahead of the companies that develop the security tools intended to stop them.

Recently, we have seen an example of mass identity theft being used to blackmail victims into buying Bitcoin from the criminal. This “Sextortion Scam” works by emailing victims their password, so that the victim can clearly see that the extortion attempt is not fake. The victim is then threatened by telling them that unless they purchase a number of Bitcoin, that the thief will email pornographic images to their entire address list.

Below, you will find the first part of a series of posts, that will take a deep dive into the issues of identity theft: what it is, how is it done and how can you assess and protect your identity.

In this introductory post, we cover the bare essentials that everyone needs to know about identity theft, how it works, and how digital criminals use identity theft to enable a number of crimes.

What is Identity Theft?

In its simplest form, identity theft will be deemed to have occurred whenever a criminal illegally gains access to a person’s personal information and uses it to “spoof” the victim’s identity for nefarious purposes.

The cybercriminal will target data such as ID number, Personal Public Services Number, bank account numbers and credit card information. This data is then used in a variety of ways, such as renting vehicles, applying for credit cards and loans, opening bank accounts, etc. All of these transactions will appear to have genuinely been made by the victim, who will then be financially accountable for them.

This is the classic form of identity theft. Unfortunately, criminals have diverged from this model, evolving new, more complex scams that target particular end results.

What Forms can Identity Theft Take?

In the modern digital age, identity theft takes many different forms. Many of which have very specific goals. Below, is an overview of the most common types of identity theft:

  • PPSN theft – the criminal will capture the victim’s PPSN, and then use it to embezzle finances from the victim by assuming their identity. Or they may use the PPSN as a stepping stone to applying for other documents such as a passport.
  • Financial theft – the criminal will capture key financial data, such as credit card information. This data is then used to procure additional finances, such as applying for new credit cards, personal loans, or taking on high ticket price items such as cars under a finance agreement, which they then resell.
  • Criminal activities – the criminal will use a spoofed identity if they are caught perpetrating some form of crime.
  • Medical/insurance – the criminal will use the social security number, other medical identification numbers, or medical insurance data, to obtain medical services and treatment, which the victim will have pay for.
  • Driving offences – the criminal will use the driving license of the victim to avoid being prosecuted for any number of driving offences.

These are the most common forms that identity theft can take, there are more, although none as prolific as these above.

Who Perpetrates Identity Theft and Why?

An important aspect of understanding digital identity theft is knowing how the end-to-end process of stealing an identity works. From initial data theft, through to gaining benefit from this data illegally, generally involves several parties. Most usually, the person responsible for stealing the identity will intend to sell it on to other criminals, who will then use it themselves in one of the ways outlined in the previous section.

This makes tracking down the initial perpetrator of the identity theft very difficult. More usually, the criminal using the identity for illegal purposes will be caught, with the original identity thief remaining at large.

Indeed, many of the hackers who successfully gain access to the kind personal data required to spoof an identity, live in countries far removed from the victims’. The identities they have stolen have little value to them as a digital asset. Their only value is in selling them on to criminals near their regions.

Protecting Your Digital Identity

Your main weapon in the war against identity theft is common sense. Obviously, never share your passwords with anyone. Even if you trust them implicitly, they may mistakenly expose your passwords to identity thieves. Of course, using technology such as malware detection applications is highly beneficial as well.

Another option, one that is gaining traction, is to use two-factor authentication for key websites such as online banking, email access, etc. Using two-factor authentication involves having a unique passcode sent to your cell phone as an SMS message every time you log in to a site.

The threat of identity theft will not be going away anytime soon. Each year, the cybercriminals become more proficient, and the task of preventing cybercrimes becomes more complex. Relying on a third-party such as a software vendor to protect your digital identity is very much like hiding your head in the sand until the threat passes by. You yourself need to take responsibility for protecting your own critical private data by adopting best practices that minimize the risk of identity theft.

What’s Next

This has been a general introduction to the topic of identity theft, and hopefully has left you with a basic understanding of the concept. The next posts in this series will cover How Identity Theft happens and How can you find out if your identity has been stolen. Come back next week to find out.

Back to articles list