Identity theft is a crime inherent to the modern age. The prevalence of electronic and paper forms of identification and confidential documents makes the release of sensitive information risky for everyone. This paper explores the methods, effects, results, and methods of prevention of identity theft. Ultius publishes regular security bulletins to help clients protect their information and identify threats.
Identity theft and the impact on security
Identity theft is the process of a hacker acquiring, or attempting to acquire confidential documents, then using these documents to gain access to sensitive information of the user, such as bank accounts and government websites. Most identity thefts are cyber crimes and intended to gain from the person's reputation. There are many causes for identity theft, the most common being a simple financial gain.
It can also be done as a simple malicious attack against someone for whom the hacker holds a personal grudge. Whatever the motivations of the attacker, it is important to be educated about how identity theft works and how to prevent it. This article will examine how hackers trick people with identity theft, its effects on the modern world, and measures to counter it.
People who are affecting most by identity theft
The first step in understanding identity theft is identifying how hackers use it effectively. An article by Markus Jakobsson and Steven Myers (2007) explains that identity theft is a multi-stage process.
- The lure
- The hook
- The catch
The lure
First, the hackers use what Jakobsson and Myers call “the lure.” This is where the hackers send out a mass number of email messages that appear to be from legitimate sources, such as a bank or cell phone service provider.
The hook
The next step is called “the hook.” Here, the hackers must encourage the user to go to a specified website and enter sensitive and identifying information (such as passwords, bank account information, or answers to security questions).
The catch
The final step, “the catch,” is where the hacker uses this information to actually hack a user’s account by using information gained in the previous two steps to impersonate them. Oftentimes, if a hacker has already reached step three, it is too late to do anything about it save for changing passwords.
Analyzing the three steps to stealing a person's identity
This three-step process can sometimes happen in mere minutes, giving the potential impulse-minded consumer little time to rethink their actions. For this reason, it is important to be proactive in identifying possible identity theft attempts before they start. To this end, it is necessary to look at some of the most common online privacy risks and ways of preventing identity theft.
An article by Neil Chou, Robert Ledesma, Yuka Teraguchi, and John C. Mitchell (2004) explains a few common solutions that can help the average consumer identify phishing attempts. The most obvious line of defense is simple observation. Examining the URL of a webpage can expose phishing attempts easily, as explained in the article.
“An @ in an URL causes the string to the left to be disregarded, with the string on the right treated as the actual URL for retrieving the page." (p.4)
Identifying risks to personal information before theft occurs
This means that it is possible to identify phishing attempts simply by looking for an @ symbol in the URL bar. If it does, it may be necessary to take other preventative measures to determine if an URL is a phishing attempt. This step, according to Chou et al. involves using a program called SpoofGuard, which is a plug-in that can scan pictures in potential phishing emails to determine if those same pictures have been reported in other identity theft cases.
The last resort for a victim of identity theft is to quickly notify all credit and banking agencies of the identity theft in order to minimize the financial damage done. Even if it is too late to save finances and such, many banks and credit cards have some form of insurance for identity theft that will soften the financial blow it can cause. With these tools and knowledge, at least preventing identity theft is a little easier, although, of course, there is no substitute for common sense.
Identity theft on a national level
Finally, it is prudent to examine how identity theft affects the nation on a daily basis; in particular, the world of cyber-security. A study by Avivah Litan (2004) found that more than 30 million people were positive they had been victims of identity theft. Even more surprising, only 49 million consumers of the 141 million surveyed said they had not experienced identity theft in any form. In addition, the study also estimates that identity theft costs U.S. banks and credit card issuers, two of the most commonly impersonated entities, about $1.2 billion annually.
The study also believes that these identity theft cases are doing more than simple financial harm. Consumer confidence, according to Litan, is continually threatened by identity theft and could hamper the growth of booming websites such as Amazon.com. Even government agencies aren't immune to theft. The IRS recently reported a criminal stole more than 200,000 taxpayer records during a cyber attack. Perhaps worst of all is that identity theft has clear detrimental effects on one’s psyche.
A study by Sharp T., Shreve-Neiger A., Fremouw W., Kane J., and Hutton S. (2004), found that the majority of patients who have been victims of identity theft experienced “…an increase in maladaptive psychological and somatic symptoms post-victimization”(p.3).
This study shows how serious an issue identity theft is, and why it is so important to take measures to prevent and counteract it. Identity theft is a massive problem, especially in today’s world, where almost all transactions and personal information are available to hackers tech-savvy enough, or perhaps just desperate enough, to attempt to steal it.
References
Chou, N., Ledesma, R., Teraguchi, Y., & Mitchell, J. C. (2004, February). Client-Side Defense Against Web-Based Identity Theft. In NDSS
Jakobsson, M., & Myers, S. (Eds.). (2006). Phishing and countermeasures: understanding the increasing problem of electronic identity theft. Wiley. com.
Litan, A. (2004). “Phishing Attack Victims Likely Targets for Identity Theft.”
Sharp, T., Shreve-Neiger, A., Fremouw, W., Kane, J., & Hutton, S. (2004). Exploring the psychological and somatic impact of identity theft. Journal of forensic sciences, 49(1), 131.