Identity Theft: How Scammers Exploit Personal Information Online

Elisabeth Do
Elisabeth Do
calendar icon
April 4, 2024
6 min

Identity theft involves the unauthorized acquisition and use of someone's personal information, typically for fraudulent purposes. This envelops a wide range of actions, from unauthorized credit card transactions to the opening of new accounts or obtaining loans under someone else's name. Given the increasing amount of personal data shared online, the relevance of this issue has skyrocketed, making it a global concern. The scope of identity theft is not confined to any one country or region; rather, it is a worldwide issue affecting millions of individuals and businesses across the globe.

The impact of identity theft is complex, affecting individuals and businesses alike. For individuals, the repercussions can be severe, including:

  • Financial Loss: Unauthorized transactions can lead to significant monetary losses.
  • Emotional Distress: Victims often experience stress, anxiety, and emotional disruption.
  • Long-term Credit Damage: Restoring one's credit score and financial reputation can be a lengthy and challenging process.

Businesses, on the other hand, face their own set of challenges as a result of identity theft, such as:

  • Loss of Customer Trust: Breaches in data security can deteriorate consumer confidence.
  • Financial Liabilities: Businesses may bear the financial impact of fraudulent activities, including compensations and legal fees.

Understanding Identity Theft 

It’s important in today's digital era, where personal information is increasingly stored and transmitted online. Below, we will explore the types of identity theft, how it occurs, and the role of personal information in these crimes.

Types of Identity Theft

  • Financial Identity Theft: This is the most common form, where thieves use someone else's personal information to access financial accounts, make purchases, or open new accounts.
  • Medical Identity Theft: Criminals use stolen personal information to obtain medical services, prescription drugs, or make fraudulent claims to health insurance providers.
  • Criminal Identity Theft: This occurs when someone gives another person's details to law enforcement when they are arrested, leading to a criminal record in the victim's name.
  • Social Security Identity Theft: Thieves use a victim's Social Security number for various fraudulent activities, such as opening new accounts, getting a job, or claiming government benefits.

How Identity Theft Occurs

  • Phishing Attacks: These involve sending fraudulent emails or messages that appear to be from legitimate sources to trick individuals into revealing personal information.
  • Malware and Ransomware: Malicious software is used to infiltrate and gain access to personal information stored on computers and networks.
  • Data Breaches: Unauthorized access to data in corporate or government databases can expose personal information of millions of individuals.
  • Social Engineering: Manipulating individuals into divulging confidential information through deception and psychological manipulation.

The Role of Personal Information

Personal information, such as names, dates of birth, Social Security numbers, and financial account details, is the basis of identity theft. This information is highly valuable to scammers for several reasons:

  • Personal data acts as a key that unlocks access to a person's financial life, medical records, and even their legal standing. It's the foundation upon which most forms of identity theft are built.
  • Scammers use stolen personal information in various fraudulent activities. They can open new financial accounts, make purchases, apply for loans, or even commit crimes in the victim's name. In the case of medical identity theft, they can receive medical treatment or drugs, leaving the victim with the bills and potentially harmful alterations to their medical records.

Methods Scammers Use to Exploit Personal Information

Scammers use various methods to exploit personal information, and it is essential to be aware of these tactics to protect yourself. Here are some of the most common methods scammers use to exploit personal information:

Online Platforms and Social Media

  • Fake Social Media Profiles: Scammers create fake social media accounts to impersonate individuals or brands, often to scam followers or steal personal information.
  • Social Engineering Tactics: Scammers use psychological manipulation to trick people into sharing personal information, such as passwords or financial details.

Phishing Emails and Websites

Scammers send emails or create websites that appear legitimate but are designed to steal personal information, often by tricking users into entering their login credentials or other sensitive data.

Examples of phishing emails/websites:

  • Fake Bank Alert: An email pretending to be from your bank, alerting you to unauthorized transactions or login attempts. It urges you to click a link to verify your account, leading to a fake login page designed to steal your credentials.
  • Tax Refund Scam: An email that appears to be from the tax authority, claiming you're eligible for a refund. It asks you to click a link and submit personal and financial information to process the refund.
  • Package Delivery Scam: An email from a fake delivery service (pretending to be FedEx, UPS, etc.) stating there's a package for you, but they need additional details to complete the delivery. The link leads to a phishing site asking for personal information.
  • Counterfeit Shopping Site: A website mimicking a reputable online retailer offering high-demand goods at reduced prices. It's designed to collect payment card details and personal information.
  • Impersonated Social Media Login Page: A site that looks like the login page of a popular social media platform. It's typically linked from emails claiming you need to verify your account or view a message, intending to capture your credentials.

Unsecured Networks and Wi-Fi Eavesdropping

Risks associated with public Wi-Fi

  • Man-in-the-Middle (MitM) Attacks: A hacker intercepts the communication between your device and the server you're trying to connect to. This can allow the attacker to steal personal information, such as login credentials, financial information, and other sensitive data.
  • Unencrypted Networks: Many public Wi-Fi networks do not encrypt the data being transmitted over the network. This means that any data sent or received can be easily intercepted by attackers. Sensitive information, such as passwords, emails, and credit card numbers, could be compromised.
  • Malware Distribution: Hackers can exploit vulnerabilities in public Wi-Fi networks to distribute malware to connected devices. Once infected, your device can be used to gather personal information, spy on your online activities, and even control the device without your knowledge.
  • Rogue Wi-Fi Networks: Cybercriminals can set up fake Wi-Fi networks that appear legitimate but are actually designed to steal information from unsuspecting users. Once connected to such a network, all your online activities can be monitored, and personal data can be stolen.
  • Wi-Fi Sniffing: Attackers can use special software tools to capture and analyze Wi-Fi traffic on public networks. These tools can pick up unencrypted data being transmitted over the network, allowing attackers to gain access to your personal information.

How scammers intercept data? Scammers can use tools to capture data transmitted over unsecured networks, such as passwords and other sensitive information.

Data Breaches

Case studies of data breaches:

  • U.S. Office of Personal Management (OPM):  In June 2015, the U.S. Office of Personal Management (OPM) experienced two separate hacking events that exposed background investigation records. Information impacted included Social Security numbers (SSN), fingerprint data, and security clearance information.
  • Yahoo: In September 2016, Yahoo announced a major data breach affecting 500 million user accounts. Information stolen included names, email addresses, phone numbers, birthdays, passwords, and security questions and answers.
  • Equifax:  In 2017, credit reporting agency Equifax experienced a hack that exposed 146.6 million U.S. consumers' personal information. Information exposed included names, birthdays, SSNs, addresses, phone numbers, Driver's License numbers, email addresses, payment card information, and Tax ID numbers.
  • Anthem, Inc.: In 2015, Anthem, Inc. had a major data breach that exposed nearly 79 million sensitive records. The breach received an overall risk level of eight on Breach Clarity.
  • Target: In 2014, retailer Target experienced a data breach that exposed 40 million stolen credit card numbers. The breach was caused by a hacker using stolen credentials from an HVAC contractor.

How stolen data is used in identity theft? Scammers can use stolen data to create fake identities, open fraudulent accounts, or commit other types of financial fraud.

Exploiting Public Records and Information

  • Accessing Publicly Available Information: Scammers can use public records and databases to gather information about individuals, such as their addresses, phone numbers, and other personal details.
  • Misuse of Public Data: Scammers can use this information to commit fraud, such as opening credit cards in someone else's name or filing false insurance claims.

Preventing and Responding to Identity Theft

Individual Prevention Measures

Secure Personal Information Online and Offline

It's important for individuals to take proactive steps in securing their personal information both online and offline to ward off identity thieves. Online, this means being cautious about the websites where personal information is entered and ensuring secure connections (look for HTTPS in the web address). Offline, it involves protecting important documents in secure locations and being mindful of who has access to your personal information. Shredding documents containing sensitive information before disposal can also prevent identity thieves from piecing together your identity from physical trash.

Use of Strong, Unique Passwords and Two-Factor Authentication

Adopting the practice of using strong, unique passwords for different accounts reduces the risk of unauthorized access. A strong password typically includes a mix of letters, numbers, and symbols. Utilizing a password manager can help in generating and storing complex passwords. Moreover, enabling two-factor authentication (2FA) adds an additional layer of security, requiring not only something you know (like a password) but also something you have (such as a mobile device) to access an account.

Regular Monitoring of Financial Statements and Credit Reports

Regularly reviewing bank and credit card statements allows individuals to spot unauthorized transactions promptly. Additionally, monitoring credit reports can help identify any fraudulent accounts opened in your name. In many countries, individuals are entitled to one free credit report per year from each of the major credit reporting bureaus, making this a cost-effective measure against identity theft.

Legal and Institutional Measures

Laws and Regulations Addressing Identity Theft

Governments around the world have enacted laws and regulations specifically targeting identity theft. These laws not only define the crime but also outline the penalties for perpetrators and provide a framework for victims to seek restitution. Legislation such as the Identity Theft and Assumption Deterrence Act in the United States is designed to protect consumers by making identity theft a federal crime and establishing the Federal Trade Commission (FTC) as the primary agency to assist victims.

Role of Financial Institutions and Credit Bureaus in Prevention

Financial institutions and credit bureaus play an important role in preventing identity theft. They employ sophisticated fraud detection systems to spot unusual activities that may indicate identity theft. Credit bureaus can place fraud alerts or credit freezes on accounts at the request of the consumer, making it more difficult for identity thieves to open new accounts in the victim's name. These entities also have protocols in place to assist customers in the event of identity theft, including closing compromised accounts and removing fraudulent transactions.

Responding to Identity Theft

Immediate Steps to Take if You're a Victim

If you suspect you've become a victim of identity theft, immediate action is necessary. First, contact the fraud departments of your credit card issuers and banks to secure your accounts. Then, file a report with the local police and obtain a copy of the report for your records. Placing a fraud alert on your credit reports by contacting one of the major credit bureaus is also a critical step. This will notify creditors to take extra steps in verifying your identity before extending credit.

Reporting Identity Theft to Authorities

In addition to local law enforcement, it's important to report the identity theft to national agencies tasked with combating this crime. In the United States, for example, the Federal Trade Commission (FTC) offers resources for reporting and recovering from identity theft through their IdentityTheft.gov website. Reporting the theft to these agencies not only helps you regain control of your financial identity but also aids in the larger fight against identity theft by providing data that can be used to track trends and apprehend criminals.

By taking individual prevention measures, understanding the support provided by legal and institutional frameworks, and knowing how to respond if identity theft occurs, individuals can reduce their risk and impact of this invasive crime.