Internet privacy and security course
About translation
Previous Next

Chapter 12

Digital identity theft

Identity theft is a crime when the personal data of a person are illegally used to gain profit. I propose in practice to consider what information and why it is stolen.

What information is stolen

Photographs, passport details, photocopies of documents, selfies with documents, copies of bank cards can be stolen. Using search you can find a lot of offers to buy copies of passport data, maybe you will find yours among those sold. How to check your data for identity theft we have told in this chapter of the course, but what to do if there is a leak?

Why do they steal a digital identity

Fraud

You are a beautiful girl with a sweet face and a slim body, in your Instagram men surf for hours and everything is fine until a fraud chooses your personality. Your data and photos can be placed on a page of a dating site, which will then be used to get a prepayment out from those men who want to meet you.

One of these schemes works as follows: a beautiful girl, whose account is used by a scammer, meets on a dating site a man who has a role of a victim. With the help of template phrases and messages the malefactor makes acquaintance, which ends with an invitation to the cinema. But this is not an ordinary cinema, but tickets to private places where they can watch movies only together. Well, how to refuse it?

These tickets are sold on a special website and are provided as a special service in cinemas. The site has the opportunity to pay by card, the possibility of ticket refund one hour before the start and other pleasant moments for the buyer. There is only one small detail, as the site belongs to the scammer and after payment the money will go into the pocket of the malefactor and the “beauty one” will stop communicating.

There are other ways to monetize: photos in a swimming suit are perfect for a fraud sex service site, and if your friends get on it, you will need to have a long story to tell about the theft of your photos and data.

Getting bonuses and postpay services

I suppose you have seen the advertising of betting companies, forex sites, online poker rooms and other sites offering money to new clients for an account where you can use the services. It's very simple, since your data will be used by the malefactor to create an account in order to receive bonuses. As a rule, it is quite harmless for the victim, except that you can’t use the ad offer in the future.

The consequences of acquiring postpay services on your data may be less perfect when a malefactor registers an account with your data, uses services, and in the end just disappears instead of paying for them. This is the case when the complex fraud has been committed on your behalf.

Registration of accounts

Photos of beautiful girls are used when creating accounts for spamming on social networks, as it increases the frequency of successful attacks. The malefactors often do not bother to change the data and take the real data of the victim, including the first and last name.

But not only beautiful girls are interesting to frauds, any stolen data can be used to create accounts. For example, a well-known Russian team was accused of interfering in elections, the United States used hundreds of accounts to distribute data. As you can guess, the real data owners did not know that their photos were used in a political company against Hillary Clinton.

Online you can find offers to sell accounts in various social networks and other sites. To register such accounts attackers also use stolen data, less often such accounts are collected as a result of phishing or data leaks.

Getting a loan

Today, in terms of great competition, companies engaged in online loans lower the link for borrower requirements all over by simplifying the procedure for obtaining a small amount. Such risks pay off high interest on loans, which sometimes reach thousands of percent a year, and heavy fines for any delay. Minimizing checks and data provided have turned online loans into a tasty morsel for frauds who take loans to other people's data.

In some cases frauds have enough electronic copies of two documents of the victim, for example, passports and driving license. To receive them one can create a job offer post and ask potential applicants a copy of the documents after “being accepted”. Frauds know many ways to get copies of documents and take a loan.

There are more sophisticated loan fraud schemes behind the owner’s back. On one of the Russian underground forums there was an offer to sell tickets for 50% of their real value. The service owner who offered the one assured that there was no fraud, no air tickets were bought for stolen funds.

At first, visitors of the forum were distrustful to this tempting offer, then positive feedback began to attract more and more customers. Clients sent the malefactor all the data, including photocopies of their documents. None of the clients had any problems with the flight. Problems arose later on when the bank, which these tickets were issued on credit in, began to demand the return of the ticket sum, interest and an impressive penny for the delay. As a result, the victims paid 200-300 percent of the real value of the purchased tickets.

Revenge

I have already written above about creating fake profiles of prostitutes to get money from victims, but sometimes such forms can be created with the revenge purpose. Online you can find a lot of stories how guys, wanting to revenge a girl, posted her photo and profile on the website of sex services. Darknet has illegal services that offer this kind of service. 

The main problem is that even if the site deletes the photo and the profile of the victim, by this time other sites that copy the data will place their profile there, the photo will get into the search results by pictures. Removing data from all websites and search engines often becomes an almost impossible task, especially if the victim does not have sufficient funds for this. The data cleaning campaign can cost about $ 10,000, depending on the number of sites, the country and the search engines involved.

Reputational damage

If you are a person dependent on reputation, detractors may try to spoil it for you. For example, register an account on your behalf and start posting reviews on erection improval products. All those who will continue to look for information about you, whether employers or potential partners, may face these reviews that do not adorn you.

I read this story in the press, a deputy of one of the small cities of central Russia began to find online reviews on his own behalf, published on various resources. Based on the first look these were nothing special but the reviews containing real details of his family life and a description of the goods, but in the reviews there were always rudeness and disrespect to other users, just the reader always had a negative attitude to the author. As a result, the deputy preferred to ask law enforcement agencies to search for the malefactors.

Corporate attacks

A fairly well-known scheme of attacks on corporate infrastructure involves the creation of social profiles of company employees who are not registered there and adding to a friend list real employees.

Then communication with real employees starts; the malefactor chooses the following attack methods: this could be a compromise of the real employee’s device or the use of social engineering techniques to obtain valuable data.

 

Tip

If you have added a colleague in the social network, be sure to verify them, since a fraud may be hiding behind his or her account.

Remember, it is easier to prevent identity theft than to deal with the removal of personal information from the network. We have a set of recommendations that will allow you to reduce the risk of identity theft significantly. Be sure to get acquainted with them.

 

Tip

It is easier to prevent identity theft than to deal with the consequences. Get acquainted with our recommendations regarding prevention of identity theft.
Previous
5235
Next