Online Identity Theft

From SI410
Jump to: navigation, search
Back • ↑Topics • ↑Categories

Online Identity Theft is a form of fraud where a criminal impersonates another person by obtaining their personal information through the Internet. Typically, criminals steal another’s identity for financial gain such as applying for loans or credit cards without the person’s knowledge. Information gained from online identity theft includes but is not limited to social security numbers, signatures, names, addresses, phone numbers, credit card information, etc. Because there are so many types of online identity theft (see pie chart below to the right), criminals have more options in how they commit identity theft online, resulting in more and more cases of this crime. In order to combat the increasing frequency of online identity theft, the government is making the consequences for online identity theft more severe.

Overview of each type of online identity theft, based on the Federal Trade Commission complaint data

Background

The Internet has given people new ways of accessing information, however, the growing use of the Internet has led to an increase in cybercrimes. Online identity fraud is one of the fastest growing crimes in the online environment. The aftermath of being a victim of identity theft can be expensive and traumatic. Before computers and the Internet, criminals had to go “dumpster diving” or steal one's mail in order to gain his or her personal information. Now, with the advent of the internet, people are at risk in a number of more ways. All of the information that users share through social networks, online job and bank applications, and emails is vulnerable to theft by hackers from a remote location, making identity theft online far easier than in the real-world.

Types of identity theft

The most common forms of identity theft are listed below:

Financial Identity Theft

Financial identity theft, the most common form of online identity theft, occurs when someone illegally gains possession of another person's financial information, enabling the thief access to the victim's bank accounts and/or credit cards. Thieves have the ability to completely wipe the victim's entire bank account within hours or apply for numerous credit cards or loans using the victim's name and information. The rise in online banking and shopping has facilitated the increase in financial identity theft.

Criminal identity Theft

This occurs when a criminal gives another person’s name and personal information, such as a Social Security Number (SSN), to a law enforcement officer during an investigation. In some cases, the victim may not know their identity was stolen. In situations like this, the victim may not know there is a warrant out for his/her arrest and could lose unemployment or banking privileges. Criminals who steal another’s identity use the information it to open new accounts impersonating the victim.

Identity Cloning

Identity cloning is the use of another person's information to assume their identity. This can be done by obtaining their social security number, passwords, or PIN numbers. Cloning someone's identity can have devastating effects to the actual person. Identity cloners can pay bills as you, work as you, start a family as you, and have children as you. They essentially are living your life in another location.[1]

Medical Identity Theft

This is a subset of identity cloning which is used to obtain prescription medication or other drugs otherwise unattainable. This type of identity theft involves more investigation by the attacker on which medicine is trying to be obtained and which type of people use this medication. This can be done by stealing your health insurance information and making insurance claims using your identity.[2] Not only can this affect your finances, it can also have major effects on your health. For example, a medical insurance provider could drop you from your plan if faulty information is being provided to them or if bills are not getting paid properly.

Child Identity Theft

A rising trend in the world of identity theft is for adults to use their children's social security number to secure credit. Unfortunately, these parents oftentimes ruin their children's credit scores and when the children come of age and discover this, they are put into a perplexing situation; very few kids are willing to press charges against their parents, even though their identity was stolen. This type of theft is especially worrisome because it is often years before they discover the damage that has been done.

Causes

One way of obtaining information is by phishing. This involves sending spoof emails to people impersonating a business or institution. Spoof emails typically involve a user receiving an email to change his/her password after clicking the link. It takes the user to what appears to be a legitimate site; however it belongs to the thief. After the user enters his/her information, it is now in the hands of the criminal. Examples of this occur with online stores and financial merchants. Another cause of online identity theft can be phishing websites themselves, without sending emails. These types of websites put up a front of a legitimate business, but really have the intention of obtaining some information from you, whether it be credit card information, social security numbers, or personal identification numbers.

A second, increasingly common way of perpetrating identity theft is by social engineering, or tricking a user into giving up sensitive information. The process of social engineering relies on the user to make the mistake of trusting the criminal with information that normally would not be divulged. One method of social engineering would be to email the administrator of a network pretending to be a user who got locked out of their account, in order to trick the administrator into either giving up a valid password or getting the administrator to create the criminal an account on the network. Phishing, as discussed above, could be considered a form of social engineering. [3]

Social engineering is extremely difficult to defend against with technology systems, since the entire premise is based around exploiting human error and ignorance. Many users appear not to guard their passwords well enough, leading to potential identity theft by malicious users. In fact, many people will give away their passwords in exchange for a gift as trivial as a pen [4].

Effects

The effects of online identity theft are severe. People hesitate to use online banking, make financial transactions, and shop online. Identity thieves can cause financial and physiological damage. The financial damage can increase ones debt by thousands of dollars and severely damage the victim's credit score. Victims of identity theft claim they feel “violated” after having their identity stolen by an unknown person.[5]

Prevention[6]

In order to protect an identity, people need to protect their personal information, especially online. The most common information stolen online is account numbers, passwords, personal identification numbers (PIN), and Social Security Numbers (SSN). The most effective way is to never post this information in an online environment. However, there are professional companies with proven strategies to help people detect online identity theft. Likewise, many credit card companies have implemented fraud detection programs that help catch identity thieves by identifying fraudulent charges and contacting the cardholder.[7] Here are some easy steps to prevent your identify from being stolen:

1. Stay away from phishing websites

  • Phishing websites are sites that look like they are a legitimate business, but really is looking to steal your information. Make sure you are familiar with a website before giving them information, such as a username and password, credit card information, address, or social security number. After investigating the legitimacy of the website, if you are still unsure, call their number to find out more information.

2. Utilize some sort of antivirus and anti-malware software.

  • Computer viruses are easily spreadable and can gain access to personal information stored on your system. In order to prevent this from occurring it is essential to have these types of programs running on your computer at all times. A list of the best antivirus software of 2012 can be found at that link.

3. Password protection

  • When creating passwords, make sure they have at least one capital letter, numbers, letters, as well as some sort of symbol (%, &, ?). Creating different passwords for each site is also beneficial. Do not use any personal information in your passwords, such as your birthdate, childrens' names, pets' names, or your name.

4. Shop only at encrypted websites.

  • When a website is encrypted, the data you input into it will be secured. An encrypted website is identified by a small lock in the corner of your screen. When clicking this lock, a security certificate will appear, indicating that it is safe for you to input information. Shopping on these types of websites will ensure the safety of your personal information.

5. Limit the amount of personal information you input into social media websites

  • Although social media websites are an amazing form of communication and have drastically changed, and continue to change, how people interact with each other, it is important to limit the amount of personal information you allow people to see. Putting the proper privacy settings on these websites is also important, so people you do not know are unable to access the information you have posted.

6. Use a secured wireless network

  • While some people still used a wired connection, most people are using wireless connections. It is important to have a password on your wireless network not only to prevent others from using your network and taking up bandwidth, but also to prevent these users from seeing which webpages you visit. Giving attackers access to this type of information makes it easier to build an informative profile of yourself, thus making it easier to steal your identity.

7. Download software from reputable sites

  • This goes along the same lines as shopping through encrypted websites. Make sure the software you download is not a virus or other form of detrimental software. These types of programs may contain workarounds that antivirus or anti-malware software cannot detect.

8. Use a Virtual Private Network (VPN)

  • A Virtual Private Network will divert the location of the IP address of a private network, thus protecting the identity and obfuscating any potential attacks on that network.

Ethics

Criminal Activity

Financial identity theft, criminal identity theft, identity cloning, medical identity theft, and child identity theft are all unlawful, federal crimes since the 1998 Identity Theft and Assumption Deterrence Act.[8] Any misuse of someone else identifying information is punishable under that law. As the internet gains regular use in the world, people begin to store their private information there, and sets of information begins to be sold across the internet, thieves gain new opportunities to commit identity theft crimes. Theft online, as in the real world, is not a widely accepted value, thus apart from being unethical it is a federal crime. As online identity theft crimes become increasingly elaborate, as James Moor wrote in "Why we need better ethics for emerging technologies", "Better ethical thinking in terms of being better informed and better ethical action in terms of being more proac-tive are required."[9]

Privacy

A successful online identity theft violates the victims informational privacy. Data brokers, who gather and collect information to sell at cheap prices, enable the access of identifying information to anyone. A person unaware of their information privacy will have a reduced informational friction between themselves and others if thier data is gathered by a data broker. As Floridi says it in Informational Friction, "Given some amount of personal information available in a region of the infosphere, the lower informational friction in that region, the higher the accessibility of personal information about the agents embedded in that region, the smaller the informational gap among them, and the lower the level of privacy that can be expected."[10] Assuming a high amount of ones personal information is given, following Floridi's statement, one is at a higher risk of becoming a victim of online identity theft.

See Also

References

  1. Spam Laws. "What is Identity Cloning?" http://www.spamlaws.com/identity-cloning.html
  2. Federal trade Commission Consumer Information. " Medical Identity Theft", September, 2018. http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt10.shtm
  3. Granger, Sarah. Symantec Connect. "Social Engineering Fundamentals, Part I: Hacker Tactics", December 18, 2001. http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics
  4. Leyden, John. The Register. "Office workers give away passwords for a cheap pen", April 18, 2008. http://www.theregister.co.uk/2003/04/18/office_workers_give_away_passwords/
  5. Software and Information Industry Association. "Internet Identity Theft - A Tragedy for Victims", May 26, 2011.
  6. Drager, Dave. MUO. "9 Ways to Prevent Identity Theft From Your Online Activities", January 17, 2011. http://www.makeuseof.com/tag/9-ways-prevent-identity-theft-online-activities/
  7. Australasian Center for Policing Research. "Identity Crime Research and Coordination", June 30, 2006.
  8. FindLaw's team of attorney writers and editors. FindLaw. "Indentity Theft" https://criminal.findlaw.com/criminal-charges/identity-theft.html
  9. Moor, James. "Why We Need Better Ethics for Emerging Technologies", 2006. https://umich.instructure.com/courses/273552/files/9617421/download?download_frd=1
  10. Floridi, Luciano. "Informational Friction", 2014. https://umich.instructure.com/courses/273552/files/9617533/download?download_frd=1
Back • ↑Top of Page