Digital Identity

What is identity theft?

Identity theft takes place when someone steals personal identifiable information (PII) of an individual to commit more crimes.
Normally, we classify PII as data used to identify a personal, such as mailing address, phone numbers, credit card numbers, and Social Security and driver’s license numbers. However, the list has expanded considerably in recent decades to include IP addresses, login credentials, social media posts, geolocation, biometric, and behavioral data.

What does the web know about you?

Your digital life map consists of public and private information.
Publicly available information refers to your first and last name, address and date of birth, while private information may be usernames, circle of friends, online shopping history, and even music and movie playlists.

Studies show that Identity theft is one of the fastest-growing crimes. Why? ”Illegal is always faster”, and criminals can’t resist taking advantage of any mistakes you or your service provider might make. Although the number of identity theft cases fluctuates yearly, fraudsters are becoming more creative and sophisticated.

A snapshot of the fraud landscape published in the Identity Fraud Study by Javelin Strategy & Research shows that 14.4 million U.S. citizens fell victim to credit card fraud in 2018. The number of reported cases fell from a record high of 16.7 million in 2017, but losses increased from $3 billion to $3.4 billion.

How can criminals capitalize on stolen personal information?

When it comes to identity theft, the criminal may use your true name or take over one of your existing accounts. In both cases, the imposter can open a new credit card or checking account, or set up a new phone service in your name. Criminals often change the mailing address on an account. By the time you realize the account was compromised, huge bills are piling up.

Identity theft is mostly financially motivated, and criminals can use the scrapped data in many ways. Financial identity theft implies that stolen data is used to apply for loans, fill out false tax returns and even acquire medical insurance in your name. With stolen passwords, identity thieves can access your online accounts, while credit card numbers can lead to fraudulent purchases that drain your bank account.

When personal information is not up for grabs, criminals deploy clever tactics to steal valuable information from you. Most run-of-the-mill techniques include:

Data breaches have littered the cyberscape for years now. A data breach takes place when outside parties gain illegal access to the personal information of others. The stolen data may include names, email addresses, medical and financial records, or any highly sensitive and private information that gives thieves key pieces to your identity.

Every piece of information is valuable for cybercriminals, and billions of pieces of looted data riddle the dark web. Some of the most prominent data breaches of the decade include Yahoo, Marriott International, Equifax, eBay and Capital One.

While the Yahoo attack impacted the email addresses of around 3 billion user accounts, in the case of Marriott International, hackers got their hands on sensitive information of 500 million customers. The stolen data included contact information, passport numbers, travel information and some credit card numbers.

Phishing accounts for 90% of data breaches worldwide. Some of the most popular phishing techniques are spear phishing, email/spam and vishing (voice phishing). Spear phishing targets a specific person or organization, while traditional email phishing scams target millions of rand users with fraudulent messages sent in bulk. The messages usually mimic actual emails from trusted entities and ask you to verify accounts, fill in or change personal data, or access bogus links. In 2018, Verizon’s Data Breach Investigations reported that 30% of phishing messages get opened by targeted users.

Outside of cybertheft, identity thieves can get ahold of sensitive data by means such as perusing through discarded mail or paperwork from dumpsters, also known as ‘dumpster diving’. This is an easy way to retrieve a pre-approved credit card application you received in the mail. You might not think that this is a reliable source, but how many of us actually shred confidential letters from banks and credit card companies? Turns out that your trash can be a treasure trove of information for criminals. Last but not least, misplacing or losing your wallet, credit card or driver’s license can also lead to a series of unfortunate events and identity theft.

About the author

Alina Bizga

Alina has been a part of the Bitdefender family for some years now, as her past role involved interfacing with end users and partners, advocating Bitdefender technologies and solutions. She is a history buff and passionate about cybersecurity and anything sci-fi. Her spare time is usually split between her two feline friends and traveling.