The recent digitalization of business functions and remote working operations is the primary reason behind identity theft. There are different forms of identity theft, such as using someone's personal information to get into an organization or fulfilling financial benefits. Even a child’s name, social security number are utilized to get health benefits and a job. Criminals target children most for identity theft because of their less attention and simplicity to disclose credit card scores. Child identity theft remains undetected and hidden for long periods. Before we explain in detail, here is a short description of identity theft:
Using someone's PII (Personally identifiable information) such as driving license number, social security number, address, credit card details, and full name to perform different crimes and financial frauds. Criminals perform different crimes after stealing someone's personal information, such as smuggling and trafficking drugs and other hazardous substances, money laundering, and illegally entering a country. After committing serious offenses or crimes, criminals flee to other countries through identity theft. If someone realizes that he is a victim of identity theft, he must go through complex procedures to lessen identity theft consequences.
Identity theft and identity fraud are considered the same in the current digital era, although they are not the same. Identity fraud refers to the misuse of someone's personal information or using the existing accounts and profiles to perform fraudulent activities. In comparison, identity theft uses PII to create new accounts to either perform the fraudulent crime or use the information to illegally enter a country, getting a job or health benefits.
Online activities raise the fear of identity theft.
Last year due to a pandemic, most people spent their time on online activities and remote working operations. Identity fraud led to the loss of almost $56 billion. Also, a loss of $43 billion was recorded because of identity theft performed by hackers through phishing, spam links, and robocalls.
The digital payment methods act as a medium to victimize 18 million people, and cyber criminals exploited digital wallets such as Zelle and Apple Pay through identity theft. The unnecessary sign-up to newsletters, sharing PII in a rush at a phone call, clicking on spam links, and falling prey to spoofing are the main factors helping cybercriminals to utilize identity theft for fraudulent activities.
Different stages of Identity theft crime
There are three different stages of Identity theft crime: the acquisition, use of identity, and discovery.
- The first stage of acquisition is performed by hackers using legal methods such as purchasing information available on the internet or exploiting cookies of websites containing personal information. Acquisition of identity theft also works through computer hacking, cyber-attacks, intercepting mail, financial fraud, and trickery.
- The second stage is the utilization of identity to fulfill financial gain. This stage is categorized into different crimes such as account take over, disclosing critical personal information of individuals to the black market, acquisition of crucial documents such as health cards, driver's licenses, and visas, etc.). The information obtained from identity theft is also used to claim a refund from the insurance, steal rental cars, and file tax returns.
- The third stage is discovery, and it takes months to several years to discover confidential information breaches or identity theft. Sometimes CVE (common vulnerability exposure) databases and other databases that share security breach information about identity theft attempt instantly or after a security breach occurs in large organizations.
Different ways of Identity theft
There are different ways by which identity theft is utilized, either by the criminals to fulfill fraudulent activities or individuals to gain some benefit illegally.
Criminal Identity theft
Criminal identity theft refers to identity fraud or using someone's data to deceive and fraud for economic gain. There are different ways criminals obtain individual personal information, such as dumpster diving (exploring and investigating someone's trash to obtain credit cards and other critical details) or digitally exploiting unsecured Wi-Fi connections.
Unemployment Identity theft
When someone claims unemployment benefits by using another person's SSN, it is considered unemployment identity theft. The websites of the state workforce agency (SWA) warn against such scams. If someone wants to know whether someone is using his SSN for unemployment benefits, he must register through the process or check emails notifying him about taxable income.
Mail identity theft
Mail identity theft or email theft has become common in recent years because we do not check our email carefully. Criminals, after dumpster diving, use the bank statements, bills, and credit card information to steal identity and utilize it for financial gain. Cybercriminals target the mailboxes and remove the critical emails working passively and actively, both to crash your bank accounts.
Medical identity theft
Hackers or cyber criminals steal the Medicare numbers, names, and SSN (social security numbers) to claim health benefits and insurance without authorization. Cybercriminals also target health providers and medical companies’ databases to steal different people's personal information to claim insurance money. In recent years due to pandemics, health sectors have been affected a lot due to cyberattacks and identity theft attempts. Hackers sent attractive health benefits emails to people to make them click on spam links for ransomware and perform medical identity theft.
Senior identity theft
As we have mentioned in the start about child identity theft, senior identity theft occurs because it remains undetected for a more extended period or even years. The cybercriminals or hackers and the caregivers and family members use their PII for insurance claims, illegal purchases, and buying drugs from prescriptions. FTC (Federal Trade Commission) reported 306,090 cases of senior identity theft in the year 2020. Attackers lure senior citizens through insurance programs or instant pension redeems to share their PII and then utilize it for illegal activities.
Biometric identity theft
The artificial silicon fingerprints are used to copy and steal fingerprints impressions to perform biometric identity theft. Payment systems, digital wallets, bank accounts, and entering critical organizations through spoofing biometric security systems result in significant security breaches. Researchers claim hackers can easily exploit fingerprint databases and manipulate them by replacing the already saved fingerprint impressions with their ones.
Biometric data is safe when there are strong encryption standards followed. Still, hackers steal the passcodes sync with biometric security devices and mobile systems and then exploit user's systems to fulfill illegal concerns.
Other types of Identity theft
The most prominent types of identity theft are mentioned above, but some other ways in which stolen PII are beneficial to hackers and attackers. Creating a fake identity to illegally enter and exit a country through SSN compromise is a serious crime.
The primary security breaches in critical organizations disclose the personal information of millions of consumers. Hackers display that information on the dark web to use in the future for illegal activities—the use of fake identities through SSN known as synthetic identity theft.
Other than criminal intentions, digital identity theft is common nowadays, where people pose differently by posting fake images and videos of someone else. The intent behind creating fake social media accounts can be several such as revenge, getting close to someone, and handling social media campaigns.
Some other causes lead to identity theft: to avoid any legal citation by utilizing someone else's driving license. Misinterpreting one's own identity to gain unauthorized access to an account is also a form of identity theft.
Identity theft Vulnerabilities
There are different vulnerabilities exploited by hackers leading towards identity theft and security breaches:
- You might have heard about "Security is as weak as the weakest link in the chain". Insider threats can lead to severe security breaches. It can be of two types: unwilling participants and malicious hackers or employees who intentionally install malware and click on spam links leading to security breaches and identity theft. Hackers can exploit online databases through various advanced ways, and sometimes employees, due to less knowledge towards shoulder surfing and social engineering attempts, fall prey to identity theft.
- Weak authentication mechanisms are the main reason behind biometric identity theft and fraud theft. Random, easy, and the same password for multiple systems can lead to identity theft. The shoulder surfing attack acts severely when there are weak authentication and authorization mechanisms. Hackers use advanced techniques to exploit password-based, biometric, certificate-based, token, and multifactor authentication mechanisms to steal PII.
- Lack of technological sophistication and assigning SSN default to various authorization systems such as driving license, insurance policies, ID cards, and much more help hackers perform illegal activities after the compromise of SSN. The social security number (SSN) should not be universal as its compromise can lead to medical, biometric, financial, criminal, mortgage, senior and other types of identity theft.
- Outdated technologies and organizations that do not follow the information security standards and policies compromise confidential information and identity theft.
- The public Wi-Fi connections are an attraction for hackers to perform hacking attempts on the user's systems connected to them. Hackers exploit or install malware into systems of people connected to public or unsecured internet connections to perform identity theft attempts further.
Furthermore, weak data protection, dumpster diving, lost security card, mail theft, phishing, and data breaches are the most apparent mediums and vulnerabilities through which hackers attempt identity theft to fulfill their criminal intentions.
How to control Identity theft - Security Advice
Here are some quick tips to protect your identity and save your organization and personal devices data from being stolen by hackers:
- If you want to combine corrective and preventive action to weaken identity theft attempts, you will have to be careful about phishing, shoulder surfing, social engineering, and dumpster diving. Most security breaches and identity theft occur when there is a lack of knowledge and training to respond to spam emails and sharing PII with someone who poses as the authorized person. Everyone must match digital progress and hacking advanced techniques to stop identity theft and security breaches.
- The organization and individuals must check for email headers before clicking on any spam links. Never share SSN through email or phone to someone who poses to be an authorized person from the bank or a financial institution.
- Firstly, do not connect to public Wi-Fi and if you connect to it, then always use VPN (virtual private networks), firewalls, IPS (Intrusion prevention mechanisms), and IDS (intrusion detection systems) as a hurdle against unauthorized or system breaches. When your browsers and systems are secure, then there will be fewer chances of identity theft.
- Always shred the documents containing critical information to reduce dumpster diving attempts for identity theft.
- Never share your passcodes of digital locks and biometric devices. Attackers breach one system, take over the control of other systems, and pose severe consequences to individual digital information.
- Continuously checks for all emails and credit card reports thoroughly. It can help to detect identity theft at early stages and save from severe consequences.
- As a family member or a caregiver, store essential documents of children and senior citizens at secure places and in digital locks.
- Implementing security controls, standards, and policies hardens the hackers' layers and increases time for him to complete his hacking procedures for identity theft. Legal authorities must tighten their laws against the offender to discourage them from performing illicit activities and identity theft. Security professionals must set rules, alert conscience, arrange training sessions, and strengthen the procedures against identity theft.
- Extending guardianship, assisting natural surveillance, reducing anonymity, and strengthening formal surveillance through the backup, disaster recovery plans, checking cameras, and ATMs can increase the fear of hackers performing identity theft.
- RFIDs (Radio frequency Identification) chips add an extra layer of security towards preventing identity theft. It encrypts the PII such as credit card details, SSN, passport numbers, and national ID card numbers to prevent them from being stolen and utilized in illegal activities. Furthermore, robust authorization mechanisms also weaken identity theft and help in protecting digital information to a great extent.