Identity Theft: Definition, Effect on Public and Ways of Protection - Research Paper Example

?Defining Identity Theft, its effect on the public and finding ways on how a company or an individual can be protected from Identity Thieves I. Introduction Identity theft is one of the most pervasive problems in our computerized era. Stealing the identity of a person may be incomprehensible 10 to 20 years ago but as more and more people rely on technology, stealing someone’s identity becomes easy for some techno savvy people. The Identity Theft Resource Center (see www.idtheftcenter.org)defines information security breach as an event when sensitive personal information of a certain person such as his or her Social Security Number (SSN), medical records, driver’s license or financial records such as bank accounts, credit card accounts and the like become potentially at risk. As it is, people whose identity are compromised and have been assumed by another can suffer tremendous loses. Once the important information of a certain person is exposed to unscrupulous persons, such information can be used against that person. If the financial information of a certain person is compromised and the identity theft gain access to the person’s bank accounts, credit cards and others, the theft may be able to easily steal the money of that person (Abagnale, 2007). Aside from taking money from their victims, some identity thieves may use the signature or the accounts of their victim to commit crimes either online or offline (Cullen, 2007). A good example of this is when an identity theft uses the signature of another person to perpetuate fraudulent transactions either online or offline. By use the identity of the victim, the identity thief may be able to get away with the crime and his or her victim gets into trouble with the authorities. II. How Identity Theft Can be Committed Over the years, techno savvy thieves have developed a number of ways to steal important information by breaking into the information security system of companies and individuals. Some of the most common methods used by identity thieves include social engineering, phishing, hacking to access personal information and company databases, using viruses and keyloggers, password crakers and the like to gain access into important databases and steal information. The success of the identity thief’s operation depends on the kind of strategies and mechanisms that he or she employs to get the necessary information to usurp the identity of another. In recent years, social engineering have become one of the most potent tools used by identity thieves to gain access to buildings, databases and computer systems across the country (Hadnagy, 2010). In this era of social networking when millions of people meet online to make friends or transact business, social engineering becomes one of the easiest methods of defrauding unsuspecting internet users. How does an identity theft make use of social networks to defraud his or her victims? Social engineering employs human psychology so instead of using software and programs to attack the database or the security system of a certain company or individual, the identity theft target the people who have access to the database or the security system (Hadnagy, 2010). The common strategy here is to study the work patterns of the target individual or group of individuals and find strategies to trick these people into divulging passwords and access codes to their system. Social networking sites are often used by these people to befriend their targets and learn whatever they can from these people through trickery and guile. In a sense, social engineering is like stalking a prey and punching when the prey is at its most vulnerable moment. As it is, this method of retrieving information from human sources is a long process so it may take days, weeks or even months before the identity thief actually gets the information that he or she needs. Given this situation most of those people who employ this strategy to gain access to database may need to invest a lot of time on their targets (Hadnagy, 2010; Wilhelm, 2010). Note that this method of retrieving information involves human psychology so those who actually use this method may need to conduct extensive research on their targets (Mitnick, 2003; Allsopp, 2009). For some identity thieves who use social engineering to steal valuable information from their victims, the process of stealing the information through trickery is like a game and they tend to derive satisfaction from the whole process (Allsopp, 2009). For these people, stalking their victims both online and offline is just as important as getting the information that they need, which make these people even more dangerous that the average computer hackers (Allsopp, 2009). Note that when planning their strategies to defraud or steal information from their victims, the identity thieves delve into the history of their target and find information that they can use to lure the victim into giving sensitive information that may allow the identity thief to access the database or the building of a certain company (Mitnick, 2003; Wilhelm, 2010). Most identity thieves hunt for victims on social networking sites such as facebook, myspace, linkedin and other domains that offer social networking (Mitnick, 2003; Wilhelm, 2010). Many unsuspecting users of these social networking sites post personal information about themselves including their email addresses, telephone numbers, date of birth and even pictures of their travels, family members and others (Mitnick, 2003; Wilhelm, 2010). All these personal information posted in the net can be used by the social engineering thieves to piece together the routine of their prospective victims and at the same time determine their personality type, strengths and weaknesses (Wilhelm, 2010). Using the information generated from social networking sites, a cunning identity thief will be able to psychologically manipulate the victim and lead to victim to divulge voluntarily and involuntarily sensitive information (Allsopp, 2009). In most cases, the victims and the identity thieves do not come face to face with each other and the deception or trickery mostly happen through emails, instant messaging or phone calls (Allsopp, 2009) which make it difficult for the authorities to actually catch the identity theft. Also, most of these identity thieves are adept at covering their electronic trails and they are often mobile with no permanent residences and public records so it is often difficult for the authorities to trace the whereabouts of these people and apprehend them (Allsopp, 2009). However, these people are not totally invisible and there are cases where these criminals are actually located and apprehended by the authorities (Cullen, 2007). For identity thieves who do not have the patience to make extensive research on their victims, phishing and computer hacking are some of the best options. Phishing is usually done through emails and instant messages where the thief pretends to be a reliable online company asking for information from its clients (Abagnale, 2007). Common targets for these people are online shoppers who use their back accounts, credit or debit cards to purchase goods online (Abagnale, 2007; Cullen, 2007). By sending links of what look like legitimate websites and inviting online shoppers to follow the links and get huge discounts on their online purchases, these people are able to steal a lot of money from online shoppers. For instance, some identity thieves send fraudulent links to online financial sites such as paypal but these links actually do not lead to paypal but on a masked site where the identity theft can capture the email address and the password of unsuspecting paypal client. Once the thief has the email address and password of the victim, he or she can now steal whatever is inside the account of the victim. Another example of phishing is to send an email to an unsuspecting client asking them to update their client profile to keep their accounts active. The email often bears the name, corporate colors and logo of the company and it may even have a false tracking number which lend the email some sort of legitimacy in the eyes of the unsuspecting client. The client profile sheet asks for sensitive information such as Social Security Number, telephone number, address and the like. If the client fills the form up and send the submit button, all the information in the profile sheet will go directly to the database of the identity theft. Aside from phishing, most identity thieves also hack into computer systems using different types of tools such as vulnerability scanners, port scanners, packet sniffers, password crackers, rootkits, social engineering, keyloggers, viruses, worms, Trojan horses and others (Wilhelm, 2010). Vulnerability scanners allow the hacker to identity the softest entry points into the database or computer system and attack this soft entry points to gain access into the system (Wilhelm, 2010). The attack can be done through hijacked computers from different locations so it is often difficult to trace the real location of the hacker (Street, 2010). Computers that are connected to the internet are the most vulnerable in this case since computer hackers can send programs and commands to these computers via the internet to attack the systems of certain companies through the entry points identified by the vulnerability scanners (Street, 2010). Computer hackers often use a combination of tools to gain entry into the system and then mask their presence inside the system to avoid detection (Street, 2010). Most hackers rely on rootkits to avoid detection. Rootkits are programs that blind the computer security system and mask entry of the hacker into the system (Blunden, 2009). Aside from concealing the presence of the hacker, rootkits may also be programmed to fight back and shield the hacker from attacks (Street, 2010) so when someone spots the breach and try to purge out the unwanted invaders in the system, the rootkits may do something to prevent the removal of the unwanted programs. Aside from rootkits, most computer hackers are fond of keyloggers which record the keystrokes of the person using an infected computer. Keyloggers are deposited on the computer of the victim via viruses and once the keyloggers are active, anything that the victim types on the computer will be recorded and interpreted (Cullen, 2007). As it is, it becomes easy for the identity theft to steal passwords, account numbers and other important information inputted into the victim’s computer (Cullen, 2007). III. Deflecting Identity Thieves In the United States, there are laws that protect the general public from identity thieves and there are special government bodies that investigate reported cases of identity theft (Mitic, S., 2009). However, the government can only do so much when it comes to protecting the people against these techno savvy robbers. As it is, computer and internet users must set up firewalls to protect themselves from these notorious characters that are set to steal important information and use the information for their own gains. According to Cullen (2007), big companies as well as government offices that hold important public records now use strong encryption to protect their data. The encrypted data stored in the database of these companies and government offices are well-protected, however, the protection is not impregnable. Meaning, there will come a time when some brilliant computer hackers may be able to hack into the system and steal valuable information (Street, 2010). Note that all types of systems have their own vulnerabilities and it is only a matter of time when someone will spot these vulnerabilities and use these to gain access into the system. While big companies and government offices may have strong information security system, individual computer users remains vulnerable. Yes, there are anti-virus and anti-malware that individual users can use to protect their computers against intruders but these people may not have the capacity to outwit a reasoned identity theft who uses different strategies to retrieve valuable information. As it is, Welsh, (2004) suggest that individual computer users should take extra care when navigating through unfamiliar websites and always make sure that their firewalls are up to prevent invaders from taking over their computers. He also suggests that internet users should never follow links sent to them through emails unless they are absolutely sure that the link is from a legitimate source. On the other hand, Abagnale (2007) suggests that for added protection, internet users should use different passwords for different accounts and change these passwords regularly to thwart any attempts of account hacking. References Abagnale, F. W., 2007. Stealing Your Life: The Ultimate Identity Theft Prevention Plan. Broadway Books Allsopp, W., 2009. Unauthorised Access: Physical Penetration Testing For IT Security Teams. 1st ed. Wiley Blunden, B., 2009. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. 1 ed Jones & Bartlett Cullen,T., 2007. The Wall Street Journal. Complete Identity Theft Guidebook: How to Protect Yourself from the Most Pervasive Crime in America (Wall Street Journal Identity Theft Guidebook: How to Protect). Three Rivers Press Hadnagy, C., 2010. Social Engineering: The Art of Human Hacking. 1st ed. Wiley Mitic, S., 2009. Stopping Identity Theft: 10 Easy Steps to Security. 1st ed. NOLO Mitnick, K., 2003. The Art of Deception: Controlling the Human Element of Security. 1st ed. Wiley Street, J., 2010. Dissecting the Hack: The F0rb1dd3n Network, Revised Edition. Revised Ed. Syngress. Welsh, A., 2004. The Identity Theft Protection Guide: Safeguard Your Family Protect Your Privacy Recover a Stolen Identity. 1st ed., St. Martin’s Griffin Wilhelm, T., 2010. Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques. Syngress Read More