Monday, May 11, 2009

Online Identity Theft

Online Identity Theft. A definition.

We talk about online identity theft when somebody steal somebody else's personal bits of information, such as name, address, phone numbers and banking and credit card information, taking them from the Internet tools. Thieves can use the information they access (i.e. email addresses, bank accounts and log-in details) to commit fraud in the name of the victim.
Internet criminals can obtain personal data in many ways, for example they can:
* Infect the victim's computer with softwares that secretly monitor the user's activity;
* Mess up the victim's computer with popups and viruses;
* Take over a victim's computer and use it to attack other people;
* Hit a victim with spam and scam emails;
* Hack into the victim's wireless network.
Victims understand their personal data are being stolen because:
* Their computer becomes slow, it is infected by a virus and some files are corrupted or lost;
* They start to have problems with their bank accounts or credits cards;
* They or their friends receive strange emails.
Online Identity Theft. Details.
Identity theft is a crime whereby criminals impersonate individuals, usually for financial gain. In today's society, you often need to reveal personal bits of information about yourself, such as social security numbers, a signature, name, address, phone numbers, and even banking and credit card information. If a thief is able to access this personal information, he or she can use it to commit fraud in your name. With this information the thief could do things such as apply for loans or new credit card accounts. They can then request a billing address change and run up your existing credit card without you knowledge. They can also use counterfeit checks and debit cards, or authorize electronic transfers in your name, to wipe out your your bank account (Beal, 2006).

Identity theft can also go beyond this type of a monetary impact. Thieves can use your information to obtain a driver's license or other documentation that would display their photo but your name and information. With these documents thieves could to obtain a job and file fraudulent income tax returns, apply for travel documents, file insurance claims, or even provide your name and mailing address to police and other authorities if involved in other criminal activities (Beal, 2006). Let's analyze online identity theft considering its categories, techniques, consequences and the way we can protect from it.

According to the non-profit Identity Theft Resource Center and other sources, identity theft can be sub-divided into five categories (Wikipedia):

  • business/commercial identity theft (using another's business name to obtain credit);
  • criminal identity theft (posing as another when apprehended for a crime);
  • financial identity theft (using another's identity to obtain goods and services);
  • identity cloning (using another's information to assume his or her identity in daily life);
  • medical identity theft (using another's information to obtain medical care or drugs).

Identity theft may be used to facilitate crimes including illegal immigration, terrorism, and espionage. Identity theft may also be a means of blackmail. There are also cases of identity cloning to attack payment systems, including online credit card processing and medical insurance.

Some individuals may impersonate others for non-financial reasons - for instance, to receive praise or attention for the victim's achievements. This is sometimes referred to as identity theft in the media. (Wikipedia)

Online identity thieves usually use some techniques for obtaining the personal information they need. Indeed, a criminal needs to obtain personally identifiable information or documents about an individual in order to impersonate them (Wikipedia). They may do this by:
  • stealing mail or rummaging through rubbish containing personal information (dumpster diving);
  • retrieving information from redundant equipment, like computer servers that have been disposed of carelessly, e.g. at public dump sites, given away without proper sanitizing etc.;
  • researching about the victim in government registers, internet search engines, or public records search services;
  • stealing payment or identification cards, either by pickpocketing or surreptitiously by skimming through a compromised card reader;
  • remotely reading information from an RFID chip on a smart card, RFID-enabled credit card, or passport;
  • eavesdropping on public transactions to obtain personal data (shoulder surfing);
  • stealing personal information from computers and computer databases (Trojan horses, hacking and Zero day attacks);
  • data breach that results in the public (i.e. posted on the internet) or easily-obtainable (i.e. printed on a mailing label) display of sensitive information such as a Social Security number or credit card number;
  • advertising bogus job offers (either full-time or work from home based) to which the victims will reply with their full name, address, curriculum vitae, telephone numbers, and banking details;
  • infiltration of organizations that store large amounts of personal information;
  • impersonating a trusted company/institution/organization in an electronic communication to promote revealing of personal information (phishing);
  • obtaining castings of fingers for falsifying fingerprint identification;
  • browsing social network (MySpace, Facebook, Bebo etc) sites, online for personal details that have been posted by users;
  • changing your address thereby diverting billing statements to another location to either get current legitimate account info or to delay discovery of fraudulent accounts;
  • using false pretenses to trick a business (usually through a customer service representative) into disclosing customer information (pretexting). (Wikipedia)

Online identity theft may cause several consequences for the victim. Some of these consequences include:
• cost, time and hassle involved in resolving the issue;
• a bad credit rating and/or loans refused;
• final demands for products and services not purchased;
• wrongful accusation of criminal activities;
• difficulty getting a mortgage;
• unwarranted receipt of summons, court actions and county court
• difficulty opening a utility account. (Nik, 2006a)

To protect our identity online we should follow this ten-point guide.
1. keep your wits about you at all times (operate with caution and appropriate scepticism);
2. question why a Web site is asking for information about you;
3. never give any online security details to anyone unless it is completely necessary;
4. Look after your password (change your passwords regularly, avoid standard passwords and do not use the same password for every secure site you are registered with);
5. never click on links in emails;
6. keep up-to-date (keep your security software, such as anti-virus, up-to-date at all times);
7. remove the spies (check all files on your computer at least once a week using anti-spyware and adware applications);
8. keep your connection secure;
9. if it seems too good to be true, it probably is (don’t open emails or go to sites that claim you have won a prize. If an email looks suspicious and is unsolicited delete it and don’t open it);
10. know where to go for help should you be a victim of online identity theft (there are wide range of organisations and groups that people can turn to for advice). (Nik, 2006b)
In conclusion, we should be very careful about the data we share on the Internet because there are many individuals ready to take advantage of our good faith. In spite of this, we shouldn't simply avoid using the Internet and in general the new technologies since "the Internet is quite a safe place to do business too, and, as long as precautions are taken, keying in credit card details on an encrypted webpage is probably safer than, say, calling personal numbers out over the phone to some unknown sales clerk [...]. However, ID theft has been the subject of different legal characterisations in OECD (Organisation for Economic Co-Operation and Development) countries, leading to different enforcement schemes. While the US and Canada consider it as a serious crime, EU member states classify it as fraud". (Acoca, 2008)


Acoca, B. (2008). Online identity theft. OECD Observer, 268. Retrieved May 6, 2009 from /Online_identity_theft.html

Beal, V. A.(2006). Defend yourself against identity theft. Retrieved May 6, 2009, from

Nik. (2006a, February 14). What is ONLINE identity theft? Message posted to retrieved May 6, 2009

Nik. (2006b, February 14). What can users do to protect their online identity? Message posted to retrieved May 6, 2009

Wikipedia. (n.d.). Retrieved May 6, 2009, from the Wikipedia Wiki:

No comments: