What is Identity Theft?
As our lives become more and more digital, the amount of personal data that can be found online has increased massively. The data on one individual can exists on dozens, if not hundreds of servers all over the world. With this information existing online, it has increased the number of cases of identity fraud because of how accessible personal data now is.
Identity theft refers to any situation where a person uses someone's identification documents to impersonate them in one way or another, whether than means selling the information to someone else on the cybercrime marketplace or using the identity for other reasons. This tactic is rising in popularity too, as the number of victims in the US was recorded as being over 16 million people in 2017. Cybercriminals are constantly finding new ways to access consumer data, making it more difficult for people to gain protection. Whether its credit card details, addresses, or any other forms of personal information, it can be stolen and sold on the dark web to make a quick profit.
The flexibility of having someone's personal information means that there are a number of crimes that can be committed as a result. Financial fraud refers to the theft of bank details that mean hackers can gain financial control over their victim. Using someone's identity to commit a crime is the other example of identity fraud. Whether it's money laundering or drug trafficking, by using someone else's identity to do it, hackers believe they can get away with it all without the authorities ever suspecting them.
The Techniques Behind Identity Theft:
Identity theft isn't the most difficult thing to carry out in comparison to other cybercrimes out there. It is because of this simplicity that so many people become victims of it.
There are multiple ways that a hacker can eventually steal your identity depending on the software they have access to, and the information they are aiming to gain from their target.
Phishing basically means that the hacker poses as a legitimate source in order to gain the trust from the recipient, whether that is with the aim of getting them to open a malicious link/attachment, or through gaining information directly from the user through their trust.
With hackers using the same marketing techniques as businesses, they are able to create sophisticated emails and messages that customers don't even question as being fake. This means more and more cases of phishing are occurring because people are being caught out by how good the hackers are getting.
By causing their target to open a malicious source or gaining information first hand from the recipient, the hacker soon has enough data to imitate their victim, and from their they can use the identity however they want.
This is difficult to spot because of how invisible it is!
How it works is that the criminal seizes the domain names server (DNS) of a commercial site and from there they can direct visitors to a malicious site. So whilst the user innocently thinks they are being forwarded to their expected website, they are essentially kidnapped and taken somewhere else online.
It's so hard to tell you've been taken to a bogus website because the hackers can make it look so real the same techniques used in phishing. The visitor then enters their information, and in doing so they are handing over the tools hackers need to steal their identity.
Spyware is another danger that is hard to look out for. As a form of malware, it is downloaded by the users (without them realising) when they open an email attachment or visit a harmful website. Once you are drawn in, the software collects your personal information such as credit card details and account numbers (hence the name, it is spying on you without your knowledge). From there, the hackers gain the information to carry out identity theft.
Social network profiling
With the average person spending around 2 hours of their day on social media, it is hardly surprising that hackers use these platforms as the hunting ground to steal identities.
The whole point of social networking is that people are sharing their personal information with friends, creating a collection of information that hackers can break in to and take to use for their own good. The informal setting means that people let their guards down without thinking who might be watching, a quality that hackers thrive off. All the criminals need to do is piece together the information on an individual's profile, and they can commit identity fraud.
Whilst the larger data breaches tend the get the most coverage in the media, the frequency identity theft is enough to get anyone's attention. Our dependence on technology means that it doesn't take a lot of time for hackers to become someone else, all without having to leave the comforts of their computer screen.
Burying your head in the sand won't solve anything, as the crime has reached an epidemic level in the UK, with around 500 cases being reported every day. The fraud prevention service, Cifas, says that the majority of cases are taking place online now due to how accessible it is for people. The latest trend is that fraudsters have increasingly been getting into email accounts and posing as tradespeople such as builders and solicitors, creating an instant link with the customer. Some victims have lost thousands of pounds after being conned. Either by transferring money into the bank accounts of the sender, or handing over the personal details, the hacker can exploit their finances, and the first the user realises of it is when they receive a receipt months later.
There are even cases where a credit card has made it into the background of a photo posted online, and as a result the audience have been able to see the individual's card details, giving hackers what they need to steal an identity.
Anil Sharma is a prime example of how hackers can use their online tactics to exploit users. Fraudsters gained enough personal information on him to be able to set up multiple new smart phone contracts in his name, giving him a nasty surprise one day when he received a number of bills for phones he didn't know about.
How to Protect Yourself from Identity Theft
- Limit what you give away on social media and make sure you regularly check your privacy settings. It doesn't take a genius to see what you're up to and use the information they find to plan personalised attacks.
- Up to 80% of cyber-threats can be removed by keeping your software up to date. Next time that update box pops up, don't click the 'remind me later' because the longer you put it off, the more out of date your protection becomes, which can put you at risks through having gaps in security. The fast pace development of technology means that new threats are constantly surfacing, so maintaining up-to-date protection limits your chances of being caught out.
- Be vigilant with emails by installing a secure email gateway to filter what makes its way into your inbox, and generally keep your eyes peeled around who is contacting you.
- Have strong passwords for all of your accounts. Avoid popular sayings, personal details (eg. Birthday, pet name) and make them at least 11 characters long, with a range of letters, symbols and numbers. Strong passwords mean that hackers have a slimmer chance of guessing, improving not only protecting yourself from becoming the victim of identity theft, but most importantly improving your general cyber security.