Identity theft, also called identity fraud, use of an individual’s personally identifying information by someone else (often a stranger) without that individual’s permission or knowledge. This form of impersonation is often used to commit fraud, generally resulting in financial harm to the individual and financial gain to the impersonator. In the context of identity theft, identity refers to information intrinsic to a specific individual. Publicly available information, such as a person’s telephone number and home address, as well as confidential information, such as a person’s Adhar card number, mother’s maiden name, and credit card numbers, contribute to a person’s identity. By acquiring access to that information, an identity thief can impersonate someone else to commit online frauds. While identity theft is often associated with financial gain, it can also be used to acquire unauthorized entry, privileges, or benefits. It sometime used to Cyber bully someone else too. The stolen information can be used to run up debt purchasing credit, goods and services in the name of the victim or to provide the thief with false credentials.
Identity theft is an insidious crime to combat because the repercussions often don’t happen immediately. It can take months for the effects to be noticed, and some people don’t find out for years. Identity theft crimes are on rise. The data on Identity theft crimes found that the Cyber criminals are becoming increasingly sophisticated, gaining toeholds into poorly secured social media accounts as a way to access more important segments of the victim’s financial life. The data suggest that in 2019, 14.4 million consumers became victims of identity fraud — that’s about 1 in 15 people. Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average. Statistics say that identity theft occurs every 2 seconds, and a third of the time it’s not even an individual’s fault. In 2017 there were 1,579 data breaches which exposed 179 million personal records from companies. One in five victims of identity theft has experienced it more than once. Over 1 million children in the U.S. were victims of identity theft in 2017, costing families $540 million in out-of-pocket expenses. There’s a new victim of identity theft every 2 seconds. Identity theft is the most common consequence of a data breach, occurring 65% of the time.
Types of Identity theft: There are many different examples of identity theft. The 6 major types are as below.
Financial Identity Theft: This is the most common type of identity theft. Financial identity theft seeks economic benefits by using a stolen identity. When someone uses another person’s information for financial gain. Senior citizens may be particularly vulnerable to identity theft because they may be more trusting and less able to recognize a scam. For instance, a fraudster may use user’s bank account or credit card numbers to steal money or make purchases, or use user’s Social Security number to open a new credit card. However, credit card fraud is just the tip of the iceberg. With enough of victim’s personal information, criminals could successfully apply for new credit cards and loans in victim’s name, drain victim’s bank account, and receive a bogus income tax refund
Criminal Identity Theft: All identity theft is criminal, but this particular type means someone who is arrested provides victims information to law enforcement. Victim wouldn’t be able to detect this until consequences arise. Such as a speeding ticket goes unpaid, and a judge issues a bench warrant for victims arrest. Criminals sometimes back this up with containing stolen credentials. If this type of exploit is successful, the victim is charged instead of the thief. This type of ID theft is low is number as compared to other ID thefts. But it can be difficult for the victim of a criminal identity theft to clear their record. The victim might need to locate the original arresting officers and prove their own identity by some reliable means such as fingerprinting or DNA testing, and may need to go to a court hearing to be cleared of the charges.
Child Identity Theft: This ID theft occurs when someone uses a child’s Social Security number or other identity information to commit fraud. The impostor can be a family member, a friend, or even a stranger who targets children. That might include opening credit accounts, obtain driver’s licenses, taking out loans or applying for government benefits or a job. The crime can go undetected for years. Victims of child identity theft often discover it when they’re older. Not only are children in general big targets of identity theft but children who are in foster care are even bigger targets. This is because they are most likely moved around quite frequently and their identity information is being shared with multiple people and agencies.
Medical Identity Theft: Medical identity theft occurs when someone steals user’s personal information and uses it to obtain medical services, treatment or drugs. It can also occur when criminals use user’s personal information to fraudulently bill insurance providers or government programs for medical goods and services never provided. In other cases of medical identity theft, a doctor or other medical provider might submit insurance claims for services not provided.
Identity cloning: In this situation the identity thief impersonates someone else in order to conceal their own true identity. Identity thieves may use victim’s information to get a job or pass a background check. Examples are illegal immigrants hiding their illegal status, people hiding from creditors or other individuals, and those who simply want to become “anonymous” for personal reasons. Unlike identity theft used to obtain credit which usually comes to light when the debts mount, concealment may continue indefinitely without being detected, particularly if the identity thief is able to obtain false credentials in order to pass various authentication tests in everyday life.
Synthetic identity theft: In synthetic identity theft, fraudsters can create fake identities using fake or real information, or a combination of the two. For instance, an identity thief might use a real Social Security number but use a name that’s not associated with that number. Children and deceased people can be vulnerable since their Social Security numbers typically aren’t actively used. Usually, this type of theft is difficult to track because the activities of the thief are recorded files that do not belong to a real person.
Identity Theft Techniques: Before the Cyber criminals can impersonate a victim they need to get the victims personal or identifying information. There are few common ways a Cyber criminals can achieve this. Following are few techniques used by Cyber criminals to get the desired information from the victims.
Dumpster diving: Retrieving personal paperwork and discarded mail from trash dumpsters is an easy way for an identity thief to get victims information. Dumpster diving is salvaging personal or identifying information from the items discarded by their owners. This may include unshredded mails, Credit Card receipts, Bank statements, Phone bills. Many a times users and organizations do not wipe clean the data before their PCs, servers, PDAs, mobile phones, USB memory sticks and hard drives that have been disposed of carelessly at public dump sites, given away or sold. A cyber-criminal may be able to salvage useful information from the poorly disposed devices.
Mail Theft: Mail theft is a non-technological identity theft technique, as it merely involves a thief removing sensitive information from users’ mailbox. Through mail theft, someone else can obtain information about users from credit card bills, bank statements and other personal materials that can be used to assume users identity. The main motive behind Mail theft is to gain the victims information before actual identity theft can be mounted.
Shoulder surfing: This happens when the thief gleans information as the victim fills out personal information on a form, enter a passcode on a keypad or provide a credit card number over the telephone. In this attack the attacker has to be physically in the vicinity of the victim and should be able to observe victim while he shares this information. Likely hood of this is pretty low, but not zero. The attacker might get Common-knowledge questioning schemes that offer account verification, such as “What’s users mother’s maiden name?”, “what was users first car model?”, or “What was users first pet’s name?” etc.
Phishing: Attacker might trick the victim to voluntarily share the personal information. Such as advertising bogus job offers in order to accumulate resumes and applications typically disclosing applicants’ names, home and email addresses, telephone numbers and sometimes their banking details. Phishing might also lead to stealing personal information from computers using breaches in browser security or malware such as Trojan horse keystroke logging programs or other forms of spyware Hacking computer networks, systems and databases to obtain personal data, often in large quantities.