Identity Theft and its perils

What is identity theft?

Stealing of personal identification information belonging to another person is known as identity theft. Some examples of personal identification information are

1. Social Security Number

2. Credit Card / Debit Card / ATM Card details

3. Driver’s License details

4. Bank account information

5. User Id and Password/PIN of an Online Banking site, Web based email, eCommerce site etc

Can stolen identity information be misused?

Yes. The basic intent of stealing identity information is to misuse. Misuse typically is either for the purpose of financial gain or for the purpose of misrepresenting in performing mischievous / illegal / criminal / terrorist activities. The innocent victims whose identity information is stolen and misused undergo tremendous hardship and/or financial loss. Additionally, they even need to prove their innocence with respect to the illegal acts committed by the miscreants. Most often the stolen information is misused at a geographically distant location from where the actual person is residing and hence becomes difficult for the investigating agencies to track down the actual miscreants.

How can identity information be stolen?

There are various ways of stealing identity information. Some are traditional techniques where the mail containing identity information is stolen either at the point of dispatch or at the destination. However, there are several online identity stealing techniques that are used.

Phishing - An attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Typical cases of phishing involve emails requesting identity information from email ids that look to originate from a genuine source. The recipient is expected either to respond to the email with the identity information or to visit a web site whose links are given in the email for the purpose of providing the identity information.

Pharming - A Hacker’s attack aiming to redirect a website’s traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victims computer or by exploitation of a vulnerability in DNS server software. In these situations, inspite of the user typing the correct web site address in their browser they are taken to bogus websites that look identical to the genuine website.

Skimming - Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an “inside job” by a dishonest employee of a legitimate merchant, and can be as simple as photocopying of receipts or by using specialized skimming devices which copy the data stored on cards. This information is then used to either create duplicate cards or the card information is used online for making purchases.

Social Engineering - A collection of techniques used to manipulate people into performing actions or divulging confidential information.

Spyware, Malware - Software programs that stay resident on the user’s computer and monitor user interactions. These software can either log the keystrokes or network traffic before encryption and then upload the information to the hacker’s server.