VOLUME 105

   ISSUE 105

30 July 2020

Article of the Month Around the World

 

IDENTITY THEFT
IN THE
INTERNET



 

“Prevention is Better than Cure”


Introduction

The connected electronic information network has become an essential part of our daily lives. All types of organizations utilize the network by collecting, processing, storing and sharing vast amount of digital information. As more digital information is gathered and shared, the protection of this information and recognizing the potential vulnerabilities is becoming even more vital to our national security and economic stability. Identity theft is one of the most common cybercrimes in the internet that we should be aware as internet users.

Your Online & Offline identity?

As more time is spent online, your identity on both online and offline can affect your life. Your “Offline Identity” is the person who your friends and family interact with on a daily basis at home, at school or work. They know your personal information such as name, age or where you live. Your “Online Identity” is how you present yourself to the others online. This online identity should only reveal a limited amount of information about you.

 

Identity theft is the deliberate usage of someone else’s identity in the internet, in order to gain a financial advantage or obtain credit and other benefits. Nowadays, it has become a common practice to use their true identity. Identity theft is not a new phenomenon; this term was coined in 1964. It has been used and continues to be used in the frame of social security fraud, bank loan fraud, assurance fraud etc. Your personal information is a goldmine for cyber thieves.
ex: Name, Email Address, Phone Numbers, Banking Details, Medical Records.
They will attempt to steal information and then use it for fraudulent activities and other crimes such as selling information.
 

How Someone Can Steal Our Identity In The Internet?

The most common methods of online identity theft are as follows.

 



I.Phishing

In this tactic, hackers send emails to random or specific individuals with the purpose of tricking recipients to perform an action. Basically, they trick the recipients to open a file which usually contains some type of malware. When user enters his/her personal information, it falls straightly into the hands of the attacker. Then the stolen information will be misused.

II.Hacking

Hackers exploit vulnerabilities in your security systems and gain access to personal information. They can perform this task by directly hacking your mobile phone, computer or obtain access to devices by hacking the network you logged into.

III.Malware

Here an attacker infects some malicious software into your devices. When that software is executed, the attacker will gain access to your personal information in devices.

IV.Remote Access

In this method, the attacker tries to trick you by mentioning that there are some issues with your computer and/or network and they navigate you to buy a third-party software to fix those issues. This software will contain malware or severe security vulnerabilities.

V.Skimming

In this method, attackers steal your credit or bank card details. First of all, they configure an ATM machine to read your card information when you withdraw money. Then the stolen information will be transferred into a storage device of the attacker. They will misuse those details to make online purchases, withdraw money etc.

VI.Pharming

In this method, attackers exploit the foundation of how internet browsing works. Bogus versions of legit websites are used here. Attacker gain access to the website’s server or domain name system and installs a redirect address. Then all the website visitors will be redirected to the bogus version of the site. Here they trick people to enter some personal information and that stolen information will be stored in a device that belongs to the attacker.

Some Real-life Examples for Online Identity Theft

• A person called Phillip Cummings left his job in one of the software companies of US. He was working as a help desk worker and he had access to logins and passwords of 33000 credit reports. Monetary of that breach was between 50-100 million dollars.

• David Jackson and Lara Love who lived in Santa Cruz County in California, were tapping into a neighbor’s wireless internet router. They were able to access private data via that connection. After that neighbors realized they were having some bank accounts that they had never opened. Lara & David faced 24 years in state prison due to this crime.

• An 82 years old women from Lewisville, North Carolina got an email from a hacker that represented himself as “PayPal” support. He made a similar email account and asked for some personal data.

• As majority of drivers, Sadie Cornelius (US) used her debit card in a gas station. Owners of that card reader configured it to make a carbon copy of the magnetic strip. They managed it to a fake card and misused it. Ultimately, she realized that all of her money was taken by someone in Alexandria. Then she was able to contact the bank and change pins and passwords.

 

 


How to Stay Safe?


When your online identity is stolen by attackers, damage level depends on the purpose of attackers and our safety plans for such attack. For some cases it will be easy to recover and at the same time it can be frustrated and difficult to overcome the more extreme forms of attacks. Even though each scam type has its own way of protection, as users, you need to be aware of some common safety methods.

I.Activate security freezes and fraud alerts.
When an attack has happened, it’s really important to have rapid reactions. Security Freezes play a major role in that scenario. This will limit the access of your credit reports only for the bank and some government agencies. If someone else is trying to access those data, you’ll get a security alert.

II.Use Antivirus & Anti-Malware Software
This can be considered as one of the basic steps of protecting your online identity. You will be able to overcome most of hacking attempts and malware by enabling these programs. Anti-malware will serve as an extra layer of protection in case of failed scenario of antivirus.

III.Protect Ourselves on Social Media.
This is one of the main reasons to become a victim of an identity thief. Today it has become a trend of expressing too much personal information on social media. That can be the easiest way of losing your identity. You have to make sure that you publish only selected information which will not cause damage in any way. At the same time, it’s better if you can set your accounts to private mode so only friends can see your posts and other information.

IV.Hide the PIN when using ATMs.
When you withdraw cash from an ATM machine, someone can be there, watching your inputs to the machine with the help of a small camera or just by looking over your shoulder. Hence, you have to make sure they won’t see your PIN.

V.Use Strong & Unique Passwords.
This plays a major role when protecting our online identity. Most of people tend to use a simple password for their convenience to remember it and most of the times they use their names, nick names or telephone numbers for passwords. These things can be easily guessed by an attacker. And you should never reuse passwords between different accounts. Some times it’s impossible to remember different passwords for accounts but there are some online tools such as “LastPass…” (https://www.lastpass.com/password-generator) to store our passwords and usernames in a safe environment.

VI.Don’t click on Unauthorized Links.
If there are suspicious emails, we should not open those. If we accidently open a suspicious email, we should not click on any attachments or links.

Conclusion

Among various kinds of cyber-attacks, identity theft is a real threat and there is a high probability of falling victims to online identity theft. First of all, we have to be smart while using the internet and we should stick to the common safety methods in order to prevent such attacks. We should not be late to take proper reactions when we realize we are a victim of an attack otherwise the damage could be worse.  


By:

Prageeth Bhanuka

Bhanuka
is an undergraduate following BSc (Hons) in Computer Engineering at University of Sri Jayewardenepura since 2016, currently working as an Intern-Information Security Engineer at Sri Lanka CERT|CC.




 

 

 

 

 

 

 

 

 

 


 




 

 

 

 

 

 

 

 

 

 

 

 

References

1 Statistics on the Internet growth in Sri Lanka
http://www.trc.gov.lk/images/pdf/
statis_sep_2012.doc
2.The Dragon Research Group (DRG)
http://www.dragonresearchgroup.org/
3.TSUBAME (Internet threat monitoring system) from JPCERT | CC
https://www.jpcert.or.jp/english/tsubame/
4.Shadowserver Foundation
http://www.shadowserver.org/wiki/
5. Team Cymru
http://www.team-cymru.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
  
  How to securely erase your Android device in 4 steps
  

  

"...It's an inevitable moment in the smartphone-owning cycle, the point at which a newer, shinier model comes along and your trusty old device is no longer needed.

Maybe your company bought you a new Android phone. Maybe your old one was getting too slow. Or maybe you just love electronics and couldn't resist the lure of whatever sexy new Android device your favorite manufacturer started selling.. .."

 

IT snapshot: Ethnic diversity in the tech industry

  

"...With growing attention on the need to achieve proportional representation and equal treatment of minorities in the business world, Computerworld decided to provide a snapshot of where a few major Western countries stand in terms of their ethnic diversity in IT.

As expected, several minority groups remain significantly underrepresented, despite decades of efforts by governments, industry associations, and tech industry themselves to achieve more equal representation....."

  Energy Unveils Blueprint for Nationwide, ‘Unhackable’ Quantum Internet
   

 

'...The Energy Department on Thursday released a strategic blueprint to construct a potentially “unhackable” nationwide quantum internet.....'

Contact Tracing Demonstrates Need for National Privacy Laws, Lawmaker Says

   

  

'...Privacy rights should not be diminished in the name of public health, Rep. Cathy McMorris Rodgers, R-Wash., said Thursday. McMorris Rodgers said digital contact tracing developed to track the spread of the coronavirus pandemic underscores the need for a national privacy framework.....'

Google Drive vs. OneDrive: Which one is better for your business?

  

'....Moving your shared business files from a local server to the cloud does much more than simply eliminate the headache of managing local hardware. It also enables scenarios that are difficult or impossible to realize using your own private servers......'

Facebook SDK issue reportedly causing problems with several iOS apps

'...Last week, iOS users encountered issues wherein certain third-party apps on their devices couldn't launch properly. While many immediately presumed that Apple was to blame, tech industry pundits quickly uncovered exactly what caused it. It appears applications that rely on Facebook for certain functionalities were affected. So far, there were no reports of similar problems for those on Android. Many attempted basic troubleshooting, which did not work, but developers eventually communicated on social media to inform users to wait instead. ...'

It’s baaaack: Public cyber enemy Emotet has returned

"...It was never a question of “if” but “when”. After five months of absence, the dreaded Emotet has returned. Following several false alarms over the last few weeks, a spam campaign was first spotted on July 13 showing signs of a likely comeback.

The Emotet botnets started pushing malspam actively on Friday, July 17, using the same techniques as it employed previously. Malicious emails contain either a URL or an attachment. One familiar technique is for the document to be sent as a reply within existing email threads....."

​Sports team nearly paid a $1.25m transfer fee… to cybercrooks

“...If you were about to spend more than a million dollars, how careful would you be about where you sent the money? More importantly, how would you check with the recipient of the money – and how would they check with you – that both ends of the transaction were lined up correctly, with no treachery in between?...”

Google’s Plan to Use Android Phones to Dominate Virtual Reality

."...In the two years since Google showed off the first version of Google Cardboard, its simple virtual-reality viewer, a lot has changed in the VR market. Samsung released its smartphone-powered Gear VR headset, high-end headsets like the Oculus Rift and HTC’s Vive hit the market, and a growing wave of developers are committing time and money to creating immersive content that goes with these devices.

Now Google is stepping up its VR game, too. At the company’s annual developer conference in Mountain View, California, on Wednesday, it introduced a new virtual-reality platform called Daydream that will be available in the fall as part of the latest version of its Android operating system, Android N....."

 
  

 

  

Brought to you by: