Since 2012, the number of cases of identity theft has risen each year. What does this trend demonstrate? That the victims are becoming more susceptible to identity theft, or that the thieves are getting smarter? The simple truth is that the cyber criminals are generally one step ahead of the companies that develop the security tools intended to stop them.
Recently, we have seen an example of mass identity theft being used to blackmail victims into buying Bitcoin from the criminal. This “Sextortion Scam” works by emailing victims their password, so that the victim can clearly see that the extortion attempt is not fake. The victim is then threatened by telling them that unless they purchase a number of Bitcoin, that the thief will email compromising pictures to their entire address list.
“Your password is xxxx. Want to know how I know this?”
Below, you will find the first part of a series of posts, that will take a deep dive into the issues of identity theft: what it is, how is it done and how can you assess and protect your identity.
In this introductory post, we cover the bare essentials that everyone needs to know about identity theft, how it works, and how digital criminals use identity theft to enable a number of crimes.
In its simplest form, identity theft will be deemed to have occurred whenever a criminal illegally gains access to a person’s personal information and uses it to “spoof” the victim’s identity for nefarious purposes.
The cyber criminal will target data such as ID number, Personal Public Services Number, bank account numbers and credit card information. This data is then used in a variety of ways, such as renting vehicles, applying for credit cards and loans, opening bank accounts, etc. All of these transactions will appear to have genuinely been made by the victim, who will then be financially accountable for them.
This is the classic form of identity theft. Unfortunately, criminals have diverged from this model, evolving new, more complex scams that target particular end results.
In the modern digital age, identity theft takes many different forms. Many of which have very specific goals. Below, is an overview of the most common types of identity theft:
These are the most common forms that identity theft can take, there are more, although none as prolific as these above.
An important aspect of understanding digital identity theft is knowing how the end-to-end process of stealing an identity works. From initial data theft, through to gaining benefit from this data illegally, generally involves several parties. Most usually, the person responsible for stealing the identity will intend to sell it on to other criminals, who will then use it themselves in one of the ways outlined in the previous section.
This makes tracking down the initial perpetrator of the identity theft very difficult. More usually, the criminal using the identity for illegal purposes will be caught, with the original identity thief remaining at large.
Indeed, many of the hackers who successfully gain access to the kind personal data required to spoof an identity, live in countries far removed from the victims’. The identities they have stolen have little value to them as a digital asset. Their only value is in selling them on to criminals near their regions.
Your main weapon in the war against identity theft is common sense. Obviously, never share your passwords with anyone. Even if you trust them implicitly, they may mistakenly expose your passwords to identity thieves. Of course, using technology such as malware detection applications is highly beneficial as well.
Another option, one that is gaining traction, is to use two-factor authentication for key websites such as online banking, email access, etc. Using two-factor authentication involves having a unique passcode sent to your cell phone as an SMS message every time you log in to a site.
The threat of identity theft will not be going away anytime soon. Each year, the cybercriminals become more proficient, and the task of preventing cyber crimes becomes more complex. Relying on a third-party such as a software vendor to protect your digital identity is very much like hiding your head in the sand until the threat passes by. You yourself need to take responsibility for protecting your own critical private data by adopting best practices that minimise the risk of identity theft.
This has been a general introduction to the topic of identity theft, and hopefully has left you with a basic understanding of the concept. The next posts in this series will cover How Identity Theft happens and How can you find out if your identity has been stolen. Come back next week to find out.