Identity theft involves the unauthorized use and therefore abuse of one’s personal data. Names, addresses, telephone numbers, e-mail addresses, online access data to banking and credit card information; these are just a few examples of types of personal data that can be used against you when left unguarded. When access is gained to just a few of these aforementioned items, fraudsters - whether in the virtual world or in reality - are able to inflict considerable financial damage on their victims. All too often this information falls into the wrong hands faster than one expects.
There are different ways for a criminal to gain access to sensitive online data. A security breach cannot always be chalked up to careless security: some tricks are so well orchestrated that even the most careful of users sometimes fall victim.
The unpleasant consequences of identity theft are generally financial in nature. Once criminals gain access to online profiles, banks, auction portals, etc., multiple financial instruments are at their disposal. Using the name of another person, fraudsters can make large orders and have these shipped directly to their address. PayPal can also be used to make purchases, and in the worst scenario, victims’ entire bank accounts or credit cards can be maxed out. When a hacker is granted access to such data, it is the equivalent of a thief getting their hands on someone’s wallet: IDs, credit cards and debit cards – nothing stands in the way of their next shopping spree.
Not all cyber criminals are after payment information. Mere access to e-mail accounts or other communication channels, like Skype or Facebook, are enough to satisfy many of their needs. Creating a botnet is the goal of this mischievous undertaking. By using the stolen address of millions of different users, the botnet is able to spread spam en mass, and most of the time the victims remain unaware that their computer or e-mail address has been infected until it is too late.
Identity theft is not always just about financial gain. Data is also often misused for the purpose of harassing others online. By hijacking a social media account, hackers are able to spread rumors or lies, thereby damaging the victim’s reputation or the reputation of others. Misleading messages can be drafted, controversial political views can be expressed, or malevolent statements can be published in the name of the victim. Statements reported as hate speech make the victim appear to be the perpetrator, and, in serious cases, may call the attention of authorities. The resulting damaged reputation is not limited to one’s private life; work-related consequences can also arise from attacks. These types of attacks are very difficult to explain and often involve very long and drawn-out legal action.
Another type of scam has been a growing source of much frustration over the past few months. Cyber criminals are using stolen personal data to found and register online shops. Such platforms are commonly used to sell fake merchandise. This particularly ruthless form of identity theft puts victims at risk of being legally confronted by manufactures whose goods are being counterfeited. Victims should notify authorities as soon as they can in order to increase the chances of their name being cleared. Cases are only very rarely solved, and most of the time the perpetrators leave behind little or no trace of their deeds.
Every user can take preventative measures to ensure their data is safe:
Often the biggest security flaw are the users themselves and one of the biggest problems is the topic of password selection. Passwords should be at least eight characters long and should be composed of an arbitrary combination of numbers, letters, and symbols. Every service should have its own individual password and this should also be regularly changed. These password managers and useful tricks are helpful for managing secure passwords.
Many online services like Google or Dropbox offer the user 2-step or two-factor verification. Users can only log into their accounts after they receive a code that was sent to their mobile. Users are also able to set up the authentication process in such a way that only allows known devices to be used for logging in. Different providers support apps that generate codes for log in. This is a simple and effective way of preventing third parties form accessing accounts to which they possess both the username and password.
One common mistake that many users make is not thoroughly making sure that their software has been updated. Browsers, operating systems, and especially anti-virus software should always be kept up to date. New security gaps are constantly being discovered that can easily be filled by completing the provided updates. Only those who regularly install these updates can benefit from such improvements.
Libraries, airports, or other highly frequented public spaces, such cafés and restaurants, often provide access to WiFi networks. Data traffic in these unencrypted networks is public and can, under certain circumstances, be intercepted by third parties. Browser pages should always be accessed through the transmission protocol “HTTPS”, and e-mails should only be sent under an encrypted connection. VPN services offer additional protection and allow data traffic to flow through an encrypted tunnel. Online banking and other sensitive transactions should only transpire from privately owned devices, and, in order to minimize any unnecessary risk, an encrypted connection should be used.
The level to which someone is an easy target for hackers depends on where and to what extent their data is exposed online. Thinking twice about every log-in and questioning the reputability of the service provider being used is a good practice to get into. Checking the terms and conditions, the data privacy policy, and site disclaimer is a good way of spotting bad apples. Data should always be revealed with caution. Requests for sensitive data, such as bank account information, via e-mail or Facebook should raise a red flag. The same rules apply to apps, too. Users should always be aware of which data the program is trying to access. Free apps are often data collectors in disguise. A program seeking access to data that is irrelevant to its function (for example a flashlight app requesting your contact data) is a further potential indicator of an untrustworthy service.
It can take weeks for some individuals to recognize that they have fallen prey to an online identity theft scheme. Only when mysterious bills, request for payment letters, or debt collection notices begin arriving do the victims finally begin to realize what has happened. Being mindful of and quickly reacting to suspicious transactions is the key to stopping fraudsters before things get out of hand.
Those who fear that their name is being misused can verify their suspicions with just a few easy steps. Registering a Google Alert for your name is a good place to start. With this service, an automatic e-mail notification is sent to the user anytime the name they are registered with appears online. Google’s reverse image search further allows users to check if their photos have been unrightfully used by others.
Most often users are informed and warned in cases where customer data has been stolen from large companies. Ideally, the affected business creates a webpage where users can check to see if they are affected.
All of the aforementioned precautions make it more difficult for criminals to gain unauthorized access to personal information and data. 100 percent security, however, is never possible. In the case that an individual becomes the victim of identity theft, it is best to react as quickly as possible. Unauthorized financial transactions are subject to grace periods by most financial institutions. For this reason, it is best to adhere to the following measures:
Want to make your website more secure? Learn more about SSL certificates from 1&1 IONOS and how they increase your site’s trustworthiness.
Have you ever heard of cross-site scripting (XSS)? This is when unauthorized users take advantage of security gaps in internet browsers and on web servers to plant malware and run it anonymously. But what lies behind these attacks and how can website operators and users protect themselves?
Would you leave your window open at night if you knew there were intruders lurking about? Obviously the answer to this question is ‘no’. Many companies and individuals leave their virtual window open to cyber criminals by not adequately protecting their websites. Website security is an extremely important topic. Only by regularly carrying out security checks and following the proper precautions...
Malvertising is a growing problem for webmasters, online marketers and, last but not least, the millions of people who are affected every year. Behind this term is a sneaky method in which advertising banners are used to spread malicious software. No website is safe from this deceit – even well-known websites with millions of visitors have been compromised by these viruses. There are, however,...
