What is Identity Theft?
An extreme example is John Woo’s 1997 mindbender movie “Face -Off”, where John Travolta and Nicolas Cage literally swap faces and assume each others’ identity. While nothing quite as extreme exists today, deep fakes are a real threat to identities. Most hackers or scammers these days don’t have to resort to such extreme measures to steal and take advantage of your identity though.
Identity theft is when bad actors use your personally identifiable information (PII) for personal gain. Example, your name, national ID card number and birthdate could have been exposed in a data breach , then used by a scammer to apply for a new credit card who then embarks on a spending spree in your name.
What’s Personally Identifiable Information?
Anything that can be used to trace your identity, including:
- Full name
- Date of birth
- Home address
- Government Provided IDs including: Tax Identification Numbers, Social Security number (SSN)
- Driver’s licence number and ID
- Banking and financial details (account numbers,card numbers, passwords)
- Account logins and passwords
- Biometric data (fingerprints, photos)
In fact, it’s perfectly possible that your card number, email address, phone number and other personal details are floating around on the web or dark web already thanks to a data breach, ready to be purchased by any unscrupulous actor. However, data breaches aren’t the only way your PII could be stolen.
How Identity Thieves Operate
All an Identity Thief needs is a few pieces of your PII to begin wreaking havoc resulting in existing bank and social account takeovers, credit card fraud, and loan fraud. But how do they get ahold of your details in the first place?
This is when scammers send unsolicited spam emails and texts or call you on the phone pretending to be from someone you trust. They could claim they are an agent or officer of your bank, needing to verify some account details for your ‘protection’ or from the post office where a ‘parcel’ awaits. They try to persuade you to share your personal information, including passwords. If any of your accounts use two-factor authentication, try to get you to share the one time passcode over the phone. Remember, that no legitimate bank or financial institution will ever ask you to disclose this information. Sharing any of your personal information over a call or message could result in an account takeover.
Sometimes, legitimate looking messages or emails come in from your bank or a well known organisation. The top most spoofed brands in phishing attacks in 2022 are Microsoft Amazon, and Linkedin. Scammers can even make it look like an email is coming from your own boss at your company. Always check the details of the sender, there are tell-tale signs, like spelling errors, typoes or curiously urgent requests. The goal is to get you to perform a task for them like a money transfer, or to get you to click on a link that either results in you landing on a spoofed or fake site, or downloads malware into your device.
Social Engineering Attacks
Here criminals use psychological manipulation to pressure you into doing what they want like disclosing sensitive or personal information. Identity thieves research your life and use your personal information against you.
Man in the Middle Attacks
A more sophisticated means of attack, criminals use a man-in-the-middle attack to intercept your Wi-Fi connection and spy on you.
A data breach can happen to anyone, from individuals, to enterprises and even governments. Hackers exploit weaknesses in technical security or use social engineering to expose confidential, sensitive, or protected information. They then go on to use the protected information to perform account takeovers, or sell it on to fraudsters who will.
Lost or Stolen ID Cards
The details of a lost or stolen card can be misused to perform activities using your name or details, or bits of information ,like your SSN or identity card number can be used to create a new fake identity.
Stopping ID Theft
Seems terrifying right? We are basically at risk any time, whether we receive an unsolicited message or call, browse online , lose documents with personal information, or use devices on public networks and locations. Heightened awareness and knowledge of how ID theft occurs in the first place, is part of the battle won. Learn to Recognise the Signs of ID Theft.
Besides investing in secure online behaviours and practices, consider using a personal cyber security application like Siren, which provides ongoing protection against forms of identity theft , and the added bonus of a financial guarantee.