The 10 Most Common Risks to Your Online Identity

The identity – the very essence of who a person is - is something precious which should be carefully protected. Every day, people leave details and clues to their identity in both the physical and online worlds – and both are at risk from thieves.

Proving your identity is essential to opening a current account, obtaining credit cards, loans and mortgages, and to purchase goods and services. But stealing an identity and using it for fraudulent financial activities – such as withdrawing money from accounts or applying for credit cards - is easier than many people think.

Your identity consists of a mix of personal information – name, address, date of birth – and documents of various kinds are issued to prove this identity, including passports, driving licenses, birth certificates, account statements and telephone bills The more detailed and authoritative the information, the easier it is for criminals to use it to steal an identity.

There are several techniques and technologies used by perpetrators of identity theft - but the principle is as old as the hills, and the objective is always the same: pretending to be someone else to obtain money. However, it cannot be denied that the Internet has made it easier for fraudsters to commit fraud, and also provides effective camouflage thus reducing the risks for fraudsters.

In the last five years, the Internet threat landscape has radically changed. Todays cybercriminals have realised that the Internet can be used to make money in a short amount of time and with little investment of their own. That’s why online fraud has increased so dramatically and organised criminal organisations have become involved – sometimes selling stolen identities to the highest bidder.

Outlined below are the 10 main threats to online identities. We have described them as simply as possible, avoiding technical jargon! If anything is not clear, please ask our experts.

10year

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 

1
Social engineering
Social engineering techniques are designed to take advantage of human nature and manipulate people into performing actions or divulging confidential information. In computer security, social engineering often involves tricking users into breaking normal security procedures. Social engineers can rely on the natural helpfulness of people. Appealing to vanity, authority, and natural curiosity are also all typical social engineering techniques.

2
Phishing
The term phishing was introduced because identity thieves literally ‘fish’ for personal financial information. Phishing is a form of identity theft which involves a fraudster sending an authentic-looking email to thousands, and potentially millions of email accounts, to trick the owners of them into giving out personal information.

For example, computer users may receive an e-mail that appears to be from eBay or a financial institution claiming that an account is about to be suspended unless credit card information is updated by clicking on a link in the email. By spamming large groups of people, the “phisher” counts on the email being read by a percentage of people who actually have eBay accounts. It is relatively simple to make a website that appears to be legitimate in order to convince visitors that they are on a genuine website and update their account information. Once the victim enters this information, it is collected by the fraudster who can use it to empty bank accounts, apply for loans and mortgages or buy goods online. It is estimated that roughly 3 percent to 5 percent of people who receive phishing scams take the bait.

3
Pharming
Pharming attacks (also called “phishing without the lure”) are similar to phishing in nature but they don’t rely on computer users clicking on links in an email. They use malicious code installed on a computer to misdirect users to fraudulent websites without their knowledge or consent. The process can be compared to switching street signs to send drivers down the wrong street. The fraudster hijacks a computer and mis-directs it to a copycat website, most commonly a page that looks identical to that of a bank or financial institution. At this point, the computer user is asked to submit passwords and financial information which is collected and sent straight to the fraudster.

4
Trojans
Named after the infamous Trojan horse used to infiltrate Troy, Trojans were given their name because these programs look like innocent files – such as games or jokes - but are in fact a type of computer virus implanted on computers to serve the uses of an attacker. Often they arrive on a computer via emails, chat rooms and other downloads such as music files. When the victim installs or runs the apparently genuine program it secretly installs malicious code on the victim's computer. Many Trojans use information that they find on the host computer to send copies of themselves to other addresses, often using the email address book of the victim. Some of the worst Trojans, however, are better described as spyware. They collect personal information from files on the computer or record every keystroke made on the keyboard to collect account details and passwords, then report this information back to the attacker.

5
Spyware
Spyware is the term used to describe a program that silently sits on a computer collecting personal information about users without their consent. The term is often used interchangeably with adware and malware (software designed to infiltrate and damage a computer respectively). Personal information is secretly recorded with a variety of techniques, including logging keystrokes (see below). Purposes range from the overtly criminal (theft of password and financial details) to the merely annoying (such as targeted advertising).

6
Keylogging
This describes the software or hardware used to track keystrokes on a computer in order to gather passwords, credit card numbers and other personal information. Keylogging software runs in the background, in “stealth mode” that isn't easy to detect on a PC. It can collect every keystroke and hide the information in a file which is later sent to a fraudster. When placed on a computer by an attacker, it's often placed there using Trojan software. More sophisticated keyloggers can do much more than simply logging keystrokes – for example monitoring the applications that are used and the websites that are visited.

7
Spoofing
Spoofing refers to a practice whereby fraudsters will change the information in an email header or in packets of data sent over the Internet to make it look as though the information came from another source. One of the most common methods used to get a person to open an email containing a virus or Trojan is to spoof the address that appears in the "from" field. If the message appears to come from a friend or acquaintance, or a place where the person has an online account, it is more likely to be opened. Phishing attacks will usually combine spoofed email information with a link to a fraudulent website.

8
Man-in-the-middle attack
This type of attack gets its name from the ball game whereby two people try to throw a ball directly to each other while one person in between them attempts to catch it. In a man-in-the-middle attack, a fraudster intercepts a legitimate online exchange between two parties by secretly controlling both sides of the communication stream. He can read and even change information, without either party knowing that the link between them has been compromised. In this way, an attacker can fool a victim into disclosing confidential information by “spoofing” the identity of the original sender, who is likely to be trusted by the recipient. The attack may be used simply to gain access to the message, or to enable the attacker to modify the message before re-transmitting it.

9
Vishing
One of the most recent risks to an identity exploits phone communication technology on the Internet or IP platform. The term vishing comes from “voice phishing” and the techniques used to attempt to dupe victims are similar to those of phishing attacks, with the first contact usually happening by email. The user is not necessarily asked to click on a link but is told to call the phone number of a presumed banking institute’s call centre in order to verify or restore a bank or credit card account. In order to do so, they will be asked to divulge personal information via the telephone’s key pad or potentially by responding to security questions verbally. The phone number in the email, however, does not belong to any legitimate bank or financial institution; it is a Voice over Internet Protocol (VoIP) number belonging to a fraudster and set up with the aim of soliciting the victim’s data for subsequent fraudulent use.

10
Trashing or Dumpster Diving
Identity thieves can be creative types, and do not always use the Internet to collect identity details, they also use ….your trash. This literally involves criminals searching through either home or office dustbins to find bank and credit card statements, household bills and receipts. Once they have this information it is used to build a profile and steal the victim’s identity. In particular, identity cheats will look for credit card slips that the owners have thrown away. The data gathered can then be used to conduct transactions via online channels, for example, when it is not necessary to physically present the credit card to purchase something (shopping online, orders by phone).