The question is, what is identity theft, where does it come from, how do they do it, what are the risks, and what can one do about it?
One could define a category of cybercrimes that could be called “theft of personality”. Things that could be placed under this include identity theft, personality theft, personal abuse, cyberstalking, catfishing and deepfake. I give a definition of what happens in these criminal cases, but in this post I want to keep it mostly about identity theft. | In this post, I give my own opinion, not that of any organization |
What is Identity Theft?
Identity theft, according to ESET, is defined as: “a crime in which an attacker uses fraud or deception to obtain personal or sensitive information from a victim and misuses it to act on the victim’s behalf. Most of the time, perpetrators of such crimes are motivated by their own economic gains.”
See also https://www.eset.com/
Contents
What can be considered ‘theft of personality’?
Identity theft is the improper use of your personal information, such as your name, address, or credit card number, to commit crimes in your name.
Personality theft is the act of stealing someone’s online identity, including their photos, videos, and personal stories that can also be used to forge documents.
Abuse of identity is also the use of the name, image or other, but regardless of whether harm is caused. This includes impersonation: pretending to be someone else.
Catfishing is the creation of a fake online profile to deceive or manipulate others. This can easily happen on social media like Meta and LinkedIn.
Deepfake is a technology used to manipulate videos or audio to make it appear as if someone is saying or doing something that they never said or did. This is how malicious people spread fake news.
Where does the principle of identity theft come from?
Where the principle of identity theft comes from is difficult to trace. The term itself is relatively new, but applications have been around for some time.
In the past, there were often people who forged documents to gain privileges or access unlawfully. For example, birth certificates, often to conceal a person’s age or origin. Other documents included passports to travel incognito, escape the authorities, or conduct illegal business. Identification cards were also forged to gain access to services or locations.
But other documents were also forged or stolen, such as driver’s licenses, social security cards or credit cards. Letters and documents were stolen because of sensitive or valuable information.
An older technique, which is still used in cybercrime, is Social Engineering. This is manipulating people into disclosing sensitive information.
Finally, there is what we know from detective films and spy stories: personal observation. Thieves could obtain personal information by observing people in public places.
Identity theft is growing due to the growing digitization and use of personal information for various purposes online.
How do the thieves get hold of your data?
Identity thieves get hold of your personal information in a variety of ways.
Phishing is the most common way to get your data. The following methods are usually used:
- In fake emails that look like they come from a legitimate source, such as your bank or credit card company or a government agency, they ask for your personal information. Thinking about it for a moment ensures that you don’t fall for it: those agencies already have that information, and would never ask for it.
- Fake websites that look like they come from a legitimate source, but with a wrong extension. For example, a URL of the EU or NATO that suddenly ends with an extension ‘.ru’. Or by replacing the letter O with a 0 (zero), an I (uppercase i) with an l (lowercase L).
- Some send text messages with a link or a request for your personal information or ask for money directly, supposedly a question coming from an acquaintance or child in need.
- Vishing is a type of phishing where thieves call you instead of sending you an email.
A second way is when organizations that hold personal data are hacked. Then identity thieves can gain access to large amounts of sensitive information. Usually, they ask for a sum of money in order not to misuse this data. But you never know if they keep their word.
Another way of data loss is when one loses personal data accidentally. For example, by forgetting a briefcase in a taxi with a perfidious driver.
Skimming is done by installing devices on ATMs or payment terminals and the like to steal information from credit cards during transactions.
Malware: Thieves can install malware on your computer or smartphone. Spyware is often used. That is software that gets installed on your computer without your knowledge. This software can monitor your online activities and steal your personal information. An important example is a keylogger. It records everything you type on your keyboard. This includes sensitive information on secure websites. There are software keyloggers and hardware keyloggers. The latter are often USB keyloggers or wireless keyloggers. Online keyloggers now exist as well.
Physical theft remains classic: stealing physical objects that contain personal information, such as wallets, laptops, smartphones or postal items.
Be careful when making information public. There, on social media, thieves can find your personal information. This is careless handling of your data. Don’t share them with strangers and keep them in a safe place.
The ‘Dark Web’ is a part of the internet that cannot be accessed through regular search engines. On the dark web, thieves can buy and sell stolen personal data.
What are the risks?
There are many risks for the victims. The most important are:
Financial losses when one gains access to your financial accounts, credit cards, or bank accounts. Other financial risks in the rand are loans (with high interest rates) that they take out in your name, damage to your credit, that you have to reimburse the costs of their fraud on your behalf, or they can make purchases in your name where you pay for the costs. It can take years to restore creditworthiness.
Legal problems may arise when conducting criminal activity under your name, including arrests, legal proceedings, or fines for their crimes.
A damaged reputation, especially in the case of fraudulent activity. This can have serious consequences on a personal or professional level. For example, when sending spam or in the event of scams and fraud in your name.
Such matters do not leave emotions untouched. Discovering identity theft and dealing with it can cause stress and anxiety. This seriously disrupts daily life. It can take a long time to recover. It gives the feeling of losing your privacy, of insecurity and vulnerability. It can be a breach of interpersonal trust.
Repairing the damage is time-consuming and energy-consuming.
Finally (but not really lastly) the thief can misuse your data to obtain fake driver’s licenses, passports, and medical documents and care.
Conclusion: what can you do about it?
What you can do follows almost directly from the types of theft method. So be careful with emails, text messages, and phishing websites. Install antivirus software and keep it up-to-date against malware, such as keyloggers. Be careful who you give your personal information to. Especially on social media. This already helps a lot against social engineering. Check your credit report regularly. This helps, among other things, against long-term skimming. Keep your personal information safe in a vault. This helps against physical theft. Use unique, strong passwords and keep them safe. E.g. with a password manager. This also helps against social engineering and other things, where people find things by looking over your shoulder. Only download software and apps from reputable sources. This can also help against malware. Finally, use secure connections when entering sensitive information online. This helps against many types of seizures. Not just against identity theft.