Types of Identity Theft and Issues of Social Engineering

Introduction

“Everything that you have access to, short of your own family, the identity thief masquerading as you has access to.” In his book, Stealing your life, Frank W. Abagnale precisely sums up the danger of identity theft in mentioned quote. What would you do if you woke up and find that you are being impersonated and that person committed a crime?

In a day and age where connectivity is key, data is extremely easy to access. The new currency of this generation has become data, I will give you a free coupon in exchange for your data. This doesn’t only happen on a personal level, but organizations and large companies are also taking part in this ‘data spree’. However, this abundance creates risk and elevates the possibility of danger in the world. Believe it or not, there are some people in the world that don’t have the best intentions and will utilize, even abuse, this to their own gains, even if it means hurting you.

Just like a person is born with an identity that is ever-developing, that same person creates a digital identity the very first-day s/he accesses the internet. With time, this digital identity becomes prey to people that thrive on abusing people’s data for their own.

In this report, we will define, discuss and highlight some terms like digital identity, digital identity theft, and its various types, and conclude by briefly talking about the ways to prevent this and stay safe.

Literature Review

In this literature review, be highlighting some key topics, as described and discussed by many authors and professors, about the digital realm and the dangers that our identities face on a daily basis. Every day we have access to the internet is another day the world gathers more information about us. This information is useful to many facilities and institutions, such as schools and hospitals, but in the wrong hands can be very detrimental.

Digital Identity

In the modern world, digital identity (or digital ID) is a very sensitive subject. This is mostly because the data or information of this person is usually built up over a span of years and contains many private moments. In the book Digital Identity Management, the authors describe it by saying “the Internet has been built up over the years as a space of unregulated freedom for the individual, where everyone is free to exhibit themselves, consume, educate themselves, have a social life, etc.” (Laurent, Bouzefrane, & Pomerol, 2015) From there, we can start to sense the danger that is to come, when they say the words exhibit and consume. By including consume in their description, this means that people will utilize content that is not theirs to begin with. Abagnale, in his book, described an experience where he would ask one of his students for his address and would be able by the very next morning, to extract 22 pieces of private information about him, his life, his parents, neighbors, financials and his job. (Abagnale, 2013) This is a petrifying thought that any random person, from one string of information, can find out almost everything about you. Since about 80% of birth certificates are processed online, your digital identity such as your name, address, weight and height are online before you leave the hospital. (Abagnale, 2013) Moreover, your data is most definitely of great personal value to you, but on the black market, it’s a rare commodity. Wrapping up the definition of digital identity, quoting Rob Cover in his book Digital identities: creating and communicating the online self “We are, in some ways, always performing ourselves online because even when we are nowhere near a digital communication device (which is now extremely rare), we leave traces all over the Internet, social-networking pages, blogs, Twitter, and other sites that are actively contributing to elements of our identity.”

Identity Theft

Identity theft is becoming a bigger dilemma and a more serious crime with time and the evolution of technology. (Whiting, 2013) Moreover, these crimes happen over the internet, so granted it’s easier to trace (thanks to IPs, cookies, and technology) but prosecution for the crime still remains unsolved. So, what is identity theft and where did it all start? Identity theft is somewhat of an old trade that has now massively developed with the help of technology. Back in the 16th century, when King Sebastian of Portugal went missing in a battle in Morocco and several imposters in Portugal tried taking his place by using methods of impersonation. In the 1930s a homeless Samuel Jones impersonated by “ghosting” the life of well-known actor Wallace Ford after finding him dead on a train. (Hur, 2017) Ghosting was the earliest form of identity theft, where imposters would wear a deceased person’s ghost and become them. Eventually, on his deathbed, Samuel Jones did admit his identity theft. This is just to prove that Identity theft is not a new cybercrime phenomenon, but an ancient technique in disguise and equipped with new technologies. “Cybercrime accounts for only 11 percent of actual identity fraud cases” (Sileo, 2010)

Save your time!
We can take care of your essay

• Proper editing and formatting
• Free revision, title page, and bibliography
• Flexible prices and money-back guarantee

Place Order

Type of Identity Theft

As we have read before, identity theft comes in all shapes and sizes. Some of them are armed with the most advanced technology and others prefer to go with the old-fashioned ways. Nonetheless, their goals are all the same: to use your identity or your information for there own personal or financial gains. With that said, let us dive into the realm by defining them.

Universal Identifiers

A system was put in place to create unique personal identification and to connect a person to their information easily. These cards, passports and documents were standardized in 1985. Unfortunately, with the evolution of technology, all of this data about people and their lives has shifted online. They are stored on servers are connected to the “Internet of things” which makes them accessible. Also, due to the lack of data transparency in the past years and the unknowing of where our data would go or be stored, many organizations and companies have decided to become more transparent by allowing by data visibility to users. “Unfortunately, with that knowledge, we must also accept that because the SSN is so heavily relied upon as an identifier, it is a valuable commodity for lawbreakers.” (Whiting, 2013)

Phishing

Phishing is one of the most popular ways of identity theft. Especially nowadays, it has converted from the old traditional way to online, real-time, and more aggressive than ever. “Bait” and “Hook” is also another way it is commonly known as. (Whiting, 2013) Phishing is when a scammer pretends to be someone else, selling a product, free e-book, or a lottery ticket. Once a user clicks on this replica website and enters the requested user data, this data is directly sent to the scammer. (Whiting, 2013) At this point, the scammer has obtained the required information and can begin using it for personal gain. The first motive that comes to our mind for someone to do this is the fast cash effect, however, if we move past this, we see that financial motive is just the tip of the iceberg and that other motives are darker and more twisted. (Hadnagy & Fincher, 2015) Delving deeper into phishing, there are several methods or ways where e-mail spoofing and website cloning. E-mail spoofing is basically when a scammer sends you a replica of a legitimate e-mail from your company, bank, amazon, or e-commerce website asking you to take a specific action. At the same time, the button included in the e-mail links to a replica webpage that the scammer has cloned, but is directly linked to their e-mail. Once a user views that e-mail, clicks on the button and enters their credentials on the “fake” website, that data is viewable to the scammer and at this time the scammer will access the website and take whatever information they deem of importance to them. (Hadnagy & Fincher, 2015) Phishing is a popular method that gets dispersed on a massive scale. “Hackers are creating these pages to look exactly like professionally crafted bank pages. So, it does have the look and feel and touch of your bank’s website. The text of the email is very well crafted. It looks like something Bank of America would actually send you.” (Whiting, 2013)

Spearphishing

A variant of phishing, spearphishing uses the same methods but personalizes ‘content’ to an individual. (Whiting, 2013) Another version of this is called Whaling, which is the exact same as spearphishing, with the difference that it targets top executives at large companies and high-net-worth individuals. (Whiting, 2013) Scammers that focus on both whaling and spearphishing put a lot of effort to personalize the e-mails that are being sent. Determined to perfect a replica an e-mail’s tone, vocabulary and aesthetics. (Whiting, 2013) This is commonly known as “going after the big fish in the company.” (Hadnagy & Fincher, 2015) And rightfully so, a hook while whaling could mean a major financial income for the scammer.

Social Engineering

The newest phenomenon in this generation is social media. With the abundant advantages that social media has offered us this generation such as constant connectivity, it has also opened a new door for identity thieves and scammers. Enter Social Engineering. FBI agent Alice Tsujihara gently describes it by saying “With social engineering, what you can do is you can use other people and resources and not necessarily have to go in through the front door hacking through a computer.” (Whiting, 2013) In this section of the report, we will extensively discuss this phenomenon outbreak, the stages, and ways to prevent it.

What is Social engineering?

In the book Unmasking the social engineer: the human element of security, Hadnagy et al. define social engineering as any act that influences a person to take an action that is not to their best interest. With the advancement of social media and the internet, the tools for social engineering are increasing. Social engineers target a person or an entity that they think they will be able to influence into gaining information from. Therefore, completing their first stage of social engineering. (Hadnagy, Ekman, & Kelly, 2014) Sometimes social engineering is not about obtaining information, rather than denying other access to that information and therefore halting any operations. (Mann, 2017)

What are the stages of Social Engineering?

In Unmasking the social engineer, Hadnagy et al. refer to the stages that are taken by any identity thief to create a successful social engineering experience for himself or herself. These crucial stages are:

• Information Gathering: “Information is the lifeblood of the social engineer.” (Hadnagy, Ekman, & Kelly, 2014) Information is a crucial point for the success of social engineering. The more data the person has about his/her target, the more knowledgeable about their weak points. When speaking about data here, we incorporate all types of media, from videos to images to maps and voice notes. There are many tools that help thieves with gathering and retrieve information from the internet and the dark web. The difference between an expert and a beginner is what they do with this abundant amount of data. The data will be overwhelming; therefore, an expert identity thief will be using tools such as BasKet to organize and understand this data. (Hadnagy, 2011)
• Pretexting: This stage is also very vital as this is the preparation phase after you have done your research. The identity thief in this stage portrays the target, studying and practicing the way they dress, walk, talk, send text messages, interact, like, dislike, comment and many more. (Hadnagy, Ekman, & Kelly, 2014) If a thief is successful in this stage, they will be able to fool the public.
• Elicitation: Asking for information that you, as the target, should already know will raise an alarm bell in your surroundings. This is why a stage is one of the most important aspects of social engineering. (Hadnagy, Ekman, & Kelly, 2014) “Being able to effectively use elicitation means you can fashion questions that draw people out and stimulate them to take a path of a behavior you want.” (Hadnagy, 2011) Now, this is really powerful, without asking you make people tell you what you want to hear, give you the information you want.
• Rapport: So now that the identity thief is ready with all his/her notes and has practiced the lines and the tone of his conversations, let’s go to work. When you start your conversation with the target audience, you must develop trust between one another, and fast. This trust-building exercise, in the beginning, will eventually cause them to let you in on some valuable information. (Hadnagy, Ekman, & Kelly, 2014) Using emotions like sympathy, reciprocity, and mindfulness goes a long way. Rapport can be broken down into 10 methods. (Dreeke, 2011)
• Influence/Manipulation: Now that you have their attention and trust, convince them. In this stage, it’s all about influencing someone to do what you want. And even better, convincing them and making them believe that they want to do you what you want. Dr. Robert Cialdini, one of today’s greatest, explains this stage of influence/manipulation with the Cialdini principle. (Hadnagy, Ekman, & Kelly, 2014) The Cialdini principle talks about reciprocity, obligation, concession, scarcity, authority, consistency and commitment, liking, and social proof. (Cialdini, 2018)
• Framing: This stage is all about the person. The person’s emotions, thinking and personal history. What to interact with and what not to is the difference between getting caught or being flagged as suspicious. (Hadnagy, Ekman, & Kelly, 2014) The way an identity thief uses framing will ultimately decide how long they will be able to continue tricking and deceiving people.

How to prevent Social Engineering

In order to prevent social engineering, you must clearly understand what it is, and how will impact you. Creating a Vulnerability map is one of the first things that you need to do in your path to prevention. (Mann, 2017) This will allow you to evaluate the loopholes that identity thieves could possibly use and also reinforce your strong points. Mapping your digital assets will allow you to see where you need to strengthen more. As your network becomes your weakest link when hacked, make them your strongest link now. Always be very aware when sharing valuable information, and always keep them behind closed doors as much as you can. As companies and organizations are aware of the vast problem of identity theft, privacy policies, regulations and code of conduct are being changed all the time to avoid as incidents as much as possible. Always be aware and updated to these policies.

Bibliography

1. Abagnale, F. W. (2013). Stealing your life: the ultimate identity theft prevention plan. New York: Broadway Books.
2. Cialdini, R. B. (2018). Pre-suasion: a revolutionary way to influence and persuade. New York: Simon & Schuster.
3. Cover, R. (2016). Digital identities: creating and communicating the online self. Amsterdam: Academic Press.
4. Dreeke, R. (2011). Its not all about 'me': the top ten techniques for building quick rapport with anyone. People Formula.
5. Hadnagy, C. (2011). Social engineering: the art of human hacking. Indianapolis, IN: Wiley Publishing, Inc.
6. Hadnagy, C., Ekman, P., & Kelly, P. F. (2014). Unmasking the social engineer: the human element of security. Indianapolis, IN: John Wiley & Sons, Inc.
7. Hadnagy, C., & Fincher, M. (2015). Phishing dark waters: the offensive and defensive sides of malicious E-mails. Indianapolis, IN: Wiley.
8. Laurent, M., Bouzefrane, S., & Pomerol, J.-C. (2015). Digital identity management. London, England: ISTE Press.
9. Mann, I. (2017). Hacking the Human: Social Engineering Techniques and Security Countermeasures. Hampshire: Gower Publishing Limited.
10. Rabin, N. (2013). You dont know me but you dont like me: Phish, Insane Clown Posse, and my misadventures with two of musics most maligned tribes. New York: Scribner.
11. Sileo, J. D. (2010). Privacy Means Profit: Prevent Identity Theft and Secure You and Your Bottom. John Wiley & Sons.
12. Sullivan, B. (2004). Your evil twin: behind the identity theft epidemic. Hoboken, NJ: John Wiley & Sons.
13. Whiting, J. (2013). Identity theft. San Diego, CA: ReferencePoint Press.
14. Windley, P. J. (2005). Digital identity: Beijing: OReilly.
15. Hur, J. (2017, November 17). History of Identity Theft Protection. Retrieved December 15, 2019, from https://bebusinessed.com/history/history-of-identity-theft-protection/.