Identity Theft

In this article we will look at what is identity theft, what is personally identifiable information and different types of identity theft.

What is Identity Theft?

Identity theft refers to the fraud committed by pretending as a legitimate official or some other person and stealing the sensitive information of victims. The person (victim) whose identity is used can suffer various consequences and he/she is responsible for the perpetrator’s actions. Federal Trade Commission (FTC) has listed prime frauds related to identity fraud and they are:

• Credit card fraud: when someone uses victim’s credit card details to make illegal purchases or sell that information.
• Bank fraud: when someone steals Internet banking details or performs cheque theft or ATM pin theft and uses them to commit illegal transactions.
• Employment fraud: when someone uses victim’s SSN or other personal information to get a job.
• Government fraud: when someone uses victim’s personal information like Aadhar number, mobile number, etc. for getting benefits from government schemes.
• Loan fraud: when someone uses victim’s personal information for applying a loan in the bank.

Watch this video to learn about identity theft:

Personally Identifiable Information (PII)

Fraudsters always has an eye on the information which can be used to uniquely identify, contact or locate a single person or can be used with other sources to uniquely identify a single individual. The information which can be used to personally distinguish an individual is:

• Full name
• National identification number (like Aadhar, SSN, etc.)
• Telephone number or mobile number
• Driver’s license number
• Credit card number
• Digital identity
• Birth date
• Birthplace
• Face and fingerprints

Information which can be combined with other information to personally identify an individual is:

• First or last name
• Age
• Country, state or city
• Gender
• Name of the school/college/workplace
• Job position, grades, salary
• Criminal record

The information can be further classified as a) non-classified and b) classified.

Non-classified information

• Public information: Information that is a matter of public record or knowledge.
• Personal information: Information belongs to a private individual but the information is shared with others for personal or business reasons.
• Routine business information: Business information that do not require any special protection and may be shared with anyone inside or outside of the business.
• Confidential business information: Information which, if disclosed, may harm the business.

Classified information

• Confidential: Information that requires protection and unauthorized disclosure could damage national security.
• Secret: Information that requires substantial protection and unauthorized disclosure could seriously damage national security.
• Top secret: Information that requires highest degree of protection and unauthorized disclosure could severely damage national security.

Types of Identity Theft

The different types of identity theft are as follows:

• Financial ID theft: This includes bank fraud, tax refund fraud, mail fraud and others. Financial identity theft occurs when a fraudster makes a use of someone else’s personal details to commit fraud that affects victim’s finances. The process of recovering from the crime is often expensive, time-consuming and psychologically painful. Financial ID theft will continue to pose a great threat to many individuals.
• Criminal identity theft: It involves taking over someone else’s identity to commit a crime such as enter into a country, get special permits, hide one’s own identity or commit acts of terrorism. These criminal activities can include:
  • Computer and cybercrimes
  • Organized crime
  • Drug trafficking
  • Money laundering
• Unfortunately, the victim of criminal ID theft may not know what warrant has been issued under his/her name for quite some time. The victim will only come to know in case of being detained on a routine traffic stop and arrested due to outstanding and overdue debts.
• Identity cloning: Instead of stealing the personal information for financial gain or committing crimes in the victim’s name, identity clones compromise the victim’s life by actually living and working as the victim. ID clones may even pay bills regularly, get engaged and married, and start a family.
• Business identity theft: A fraudster rents a space in the same building as victim’s office. Then the fraudster applied for corporate credit cards using victim’s firm name. The application passes a credit check because the company name and the address match, but the cards are delivered to the fraudster’s mailbox.
• Medical identity theft: Medical facility providers are moving from cumbersome paper records to faster and easier file and trace electronic records; however, the concern over medical ID theft is growing. The stolen information can be used by the fraudster or sold in the black market to people who need them. If the fraudster has successfully stolen the victim’s identity and received treatment, the record can become part of a victim’s permanent medical record.
• Synthetic identity theft: This is an advanced from of ID theft in which the fraudster takes parts of personal information from many victims and combine them. The new identity is not any specific person, but all the victims can be affected when it is used.
• Child identity theft: Parents might sometimes steal their children’s identity to open credit card accounts, utility accounts, bank accounts, and even to take out loans or secure leases because their own credit history is insufficient or too damaged to open such accounts.

Techniques of ID Theft

Identity theft can affect all aspects of a victim’s daily life and often occurs from a different place than victim’s location. The attackers use both traditional, that is human-based methods, as well as computer-based techniques.

Human based methods: These methods are techniques used by an attacker without and/or minimal use of technology.

• Direct access to information
• Dumpster diving
• Theft of a purse or wallet
• Mail theft and rerouting
• Shoulder surfing
• False or disguised ATMs (skimming)
• Dishonest or mistreated employees
• Telemarketing and fake telephone calls

Computer-based techniques: These techniques are attempts made by the attacker to exploit the vulnerabilities within existing processes and/or systems.

• Backup theft
• Unauthorized access to systems and database theft
• Phishing
• Pharming
• URL and other kinds of redirectors
• Malicious hardware

Identity Theft Countermeasures

Following are the measures to protect oneself against identity theft:

• Monitor your credit (bank) closely
• Keep record of your financial data and transactions
• Install security software
• Use an updated web browser
• Be wary of email attachments and links in both email and instant messages
• Store sensitive data securely
• Shred documents
• Protect your personally identifiable information
• Stay alert to the latest scams

Suryateja Pericherla

Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.

He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.

He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.