Techniques of Online Identity Theft

Online identity thieves employ several techniques to carry out their fraudulent activities.

Some of these techniques have been examined by Manap, Rahim and Taji (2015) as follows:

i. Phishing: identity thieves use phishing to impersonate legitimate organizations. They can send out fake text messages, emails (spoofing) or telephone calls in the name of such organizations in order to trick victims to disclose personal information such as, full name, date of birth, credit card details etc.

79

ii. Pharming, Smishing and Vishing: Pharming also known as domain spoofing originated from the word phishing and entails using a spoofed website to lure gullible individuals into giving their personal information. It can be done in two ways. First, entries compromised computer host file sends legitimate domain names to illegitimate IP addresses. Second, weaknesses in the Domain Name System (DNS) software is exploited by the DNS positioning to gain control over the domain name of an existing website and change the numeric address. The affected website will automatically redirect internet users to the spoofed site, while their browser’s address retains the original correct address.

This will make them believe that the site is legitimate. Smishing involves the receipt of text messages by cell phone users from a company confirming their signing up one of its dating services for which they will be charged certain amount of money each day unless they cancel the order at the company’s website. The said website is compromised by the thieves and used to steal personal information. Vishing has to do with typical spoofed email appearing from legitimate businesses or institutions, recipients are asked to call a telephone number, where their personal information such as account number or password are requested for the purpose of security verification.

iii. Abuse of Privileged Access: This refers to a situation where personnel of government and credit institutions who have access to databases containing personal information collude with strangers and avail them of the information.

For example, a bank employee may use customers’ personal information and account details to open credit accounts.

iv. Hacking: Hacking refers to the unauthorized access to a computer system or network. Identify thieves may hack into computer systems, networks and databases so as to steal large amounts of personal information.

v. Fake Job Advertisement: Identify thieves can issue fake job advertisements in order to lure people into submitting resumes containing their personal

80

information like full names, qualifications, residential addresses, cell phone numbers, emails addresses, account numbers etc.

vi. Use of Malware: Identity thieves can use malware such as key loggers or other forms of spyware like Zeus to attack communications between users and their computers so as to steal personal information. The attack can also be between a user’s computer and the internet or designed to interfere with Wi-Fi signals. This can lead to the diversion of emails and interception of personal information of users.

vii. Preying on Social Network Sites: Identity thieves can infiltrate social networking sites such as Facebook so as to collect personal information disclosed by users. For example, they can use poorly protected downloadable photographs to impersonate the victim. They may also befriend the user with a view to deceiving him/her into revealing their personal information like home address, bank account number etc.

3.4 The Cost of Identity Theft Victimization

The cost of identity theft victimization can be measured in both monetary and non-monetary terms. McNally (2012) discussed the following cost of identity theft victimization.

i. Economic Costs: This comprise of hard costs which are the monetary losses resulting from identity theft that is shared between identity owners and collectives. Collective victims of identity fraud can bear the losses that have to do with some activity, or decide to offset them through the marketing of personal services or commercial sale of personal information. The hard costs for a nation may come in the form of higher taxes. It also comprise of soft costs which are monetary costs which are difficult to fully estimate because of some future contingencies. Example is the ongoing but unforeseeable maintenance costs of identity theft detection technologies.

81

ii. Human Costs: This refers to the lived realities of identity theft victimization, excluding the monetary aspect. However, the distinction between economic and human cost of identity theft is difficult to draw in some cases. For example if someone loses his/her job as the result of identity theft victimization or losing his/her job and home because the person was wrongly arrested. Whilst such cases may have economic consequences, they may also have some human costs which are often intangible.

iii. Opportunity Costs: This comes with the closing of a social door that was once opened to a person like those that leads to a mortgage or a new job. These are regarded as the soft human costs of identity theft because of how difficult it is to calculate what the scenario would have looked like if the target was not victimized. Individuals and corporate entities may suffer opportunity cost.

iv. Societal Costs: The social costs of identity theft basically refer to the threats it poses to national or public security. This is as it affects social problems such as tax evasion, immigration offenses, welfare fraud or terrorism. It may also constitute a threat to national or public stability if it affects the foundation of society. A government may lose public credibility if there is a breach and this may lead to instability or insecurity in the society.

4.0 CONCLUSION

The identity theft problem is compounded by the availability of vast personal information of individuals online. In the digital age, law enforcement agencies across the world are confronted with several cases involving the fraudulent use of the personal information of individuals. The fear of falling victim of identity theft tends to discourage some individuals from doing online financial transactions such as online shopping, online banking etc. However, there are security software programmes that can assist in protecting individual users from online identity theft victimization.

82

5.0 SUMMARY

This unit defined the concept of online identify theft and the types of identity theft. The various techniques used by online identity thieves to obtain personal information of their victims were examined and the costs of identity theft victimization were discussed.

6.0 TUTOR-MARKED ASSIGNMENT

Discuss the various techniques used by online identity thieves to steal the personal information of their victims.

7.0 REFERENCES/FURTHER READING

CIPPIC (2007). Working Paper No.2. Techniques of Identity Theft. Ottawa: Canadian Internet Policy and Public Interest Clinic.

Manap, N.A. Rahim, A.A. & Taji, H. (2015). Cyber identity theft: The conceptual framework. Mediterranean Journal of Social Science, 6 (4) 595-605.

Mcnally, M. (2012). Identity Theft in Today’s World. California: Praeger.

Reyns, B.W. (2013). Online routines and identify theft victimization: Further expanding routine activity theory beyond direct-contact offenses. Journal of Research in Crime and Delinquency, 50 (2) 216-238.

83