Identity Theft , Identity Fraud , And Phising : Case Study

1.Introduction

Computer technology and the Internet have become essential necessities of

modern life; they provide knowledge, communications, entertainment, and a
means for sharing. Nowadays, almost everyone is connected. People became
so addicted to this technology to the limit that it is a challenge now to stay
away for a while. Perhaps the most attractive services for many are those
provided by social networks.

1.1 Identity Theft

Identiy theft is a crime of using another person’s personal information, credit history
or other identifying characteristics in order to make purchases or borrow money
without that person’s permission.

Identity theft occurs when someone uses another person‟s information for a personal
gain or goal. During the past years, online identity theft has been a major problem
since it affected millions of peoples around the world .Victims of identity theft
may suffer different types of consequences; for example, they might lose
time/money, get sent to jail, get their public image ruined, or have their
relationships with friends and family broken.

1.2 Identity theft in social Networks

Identity theft in Social Networking sites can be done by manipulating people to get
sensitive information or by using posts of the victims on Social Networking sites.
While Social Networking sites promote sharing amongst users, some people over-
share. A large problem with Social Networking sites is that people tend to share a
lot of their personal data on their profiles. Such exaggerated(larger-than) sharing
makes it easy for identity thieves to do their job. On the other hand, Social
Networking sitesare facilitating the process for attackers to elicit user personal
information and use it in illegal behaviors . Identity thefts in Social Networking
sites via social engineering are increasing day after day.

1.2 How It Works

Let's say John Doe is at work and happens to see some paperwork on a co-
worker's desk. The paperwork is a stack of applications for credit from customers.
The applications list each person's name, birth date, social security number and
bank information. John Doe photocopies an application for Jane Smith. He then
uses Jane's information to apply for a credit card in her name, which he then uses
to buy a motorcycle and a beer stein collection.

Jane is a responsible adult and therefore checks her credit every four months
(once a year for each of the three credit bureaus). She notices the "new" credit
card and the massive balance for the motorcycle and beer-stein spree. She calls
the credit card company to dispute the charges and files a police report. In the
meantime, she is unable to qualify for a mortgage because lenders feel she is
carrying too much debt (thanks to the thief), and collection agencies are calling
her for credit card payments.
1.3 Why It Matters
(Merriam-Webster, 2019

Identity theft often involves stealing electronic data. It is very time-consuming for
victims to battle and takes a long time to recover from. Often, the perpetrators are
never caught, and the victims' credit scores suffer tremendously. Accordingly, smart
consumers check their credit often in order to detect identity theft before it gets out
of hand (or statutes of limitation occur), they avoid giving data out unnecessarily,
and they are alert to changes in normal financial routines, such as bills that no longer
arrive, mysterious bank charges, or communications from the IRS that more than
one tax return was filed in your name.

1.4 Methods of stealing information

Social Networking sites provide the biggest platform for the misuse of
personal information, and thus, promote frauds and personal data extraction.
Therefore, it is not recommended to share the national identity number, driver
license number and other important details on such sites; although, some
websites require this information from the user .However, sometimes they will
not ask directly for this personal data, they will search for related sensitive data
then use it in several harmful ways. There are various ways for identity theft
to happen.
 Data Breach:
Organizations and companies store and share all types of sensitive data about
their customers. "Data breach" occurs when any of this information is
lost by mistake or exposed by the neglected employees.
 Friendly Fraud:
A high percent of identity theft cases involve friends and family. Most of the
victims are young adults and college students because they lack enough
knowledge and experience. Hackers can use SN‟s, sharing sites, and other shared
interests to reach those victim's to steal their personal information.
For example,
An attacker can know from relative FB page that someone is in a trip to
Africa. Depending on this information, he will impersonating his identity and
send
an email to all the relatives and friends asking them to send money to him
due to its exposure to unexpected circumstances.

 Computer Hacking:
Cyber criminals are expert at breaking into computers or laptops to steal
online banking logins or other financial information.
.
 Stolen Wallet:
Identity theft occurs when the wallet has lost or stolen. Criminals look for
everything inside that wallet like driver‟s license, bank account numbers,
insurance information, and other sensitive information.

Mail Theft:
Stealing mail is an easy way for criminals to steal an identity from mailbox or
mailbox panels. They know that the mail may contain approved credit
offers, loan statements and other information that can use to steal an identity.
  Malware
 Job posting
 Spam attack
 Phone phising

1.5 Factors contributing to identity theft

primary profile data that was used by the attacker in order to misuse or steal a
user‟s identity are full name, date of birth, hometown, school info, bank
accounts, relationship status and hobbies or interests. Sensitive data can be
obtained through GPS enabled devices, like yourhome address, workplace
and places you visit. There are many reasons to keep this information
private, because providing this information is potentially dangerous for
the user and can put her identity at risk. The main ones are:
 Lack of knowledge on how to protect online identity.
 Lack of knowledge in regulations and cyber laws.
 The overconfidence in the SN provides.
 The enormous expansion in the number of users along withthe
emerging need of SN‟s(social Networking sites) is encouraging the
organizations to generate profits using those sites.
 Shortage in knowledge and awareness concerning the privacy policies
given by the SN(Social Network) providers

1.6 Ways To Protect Our Privacy

Based on this research, I would like to emphasize that privacy is a personal
responsibility; users should not give their personal information to others who may
use it illegally. SN‟s continually change their privacy policies to protect
themselves and to put the blame on the users. According to users can do the
following:
 Secure your PC against theft:
Activate hard disk encryption and always use password to access your
devices. Continually update your operating system, security packages and
review your web browser security setting. Install and automatically update
your anti-virus, anti-spyware software, use an anti-phishing tool and use a good
firewall.
 Be careful when you share your personal data:
Always be careful from sharing your personal information with
strangers and trusted people especially over unsecure medium.

 Do not use one’s email

Create a new email for SN‟s sites and do not use your personal email or work
email to signup in SN‟s. Do not share your email that you used to register with
anyone and do not choose a username that is similar to your email. If a
hacker knows your email, you will facilitate his job to send youviruses or
suspicious links. Make sure to use a real email in your profile to help
you to restore your forgotten password.

 Create a difficult password:

Users should not use weak passwords in personal accounts or use the names of
relatives as password as that can be easily guessed. Many software systems
can identify weak passwords. Moreover, users should not use the same
password for all accounts. When creating a new password, use letters, numbers, and
symbols at the beginning or end of the password. Users should always try
to make the password at least 12 characters to make it unpredictable and
impenetrable and never use a password similar to
email or username.

 Be careful with any message from a stranger:

Attackers use different methods and different messages to reach their victims.
careful user will always very the sender before responding to such messages.

 Be careful of phishing:
Phishing is an attempt to gain sensitive data such as username, password,and
credit card information by impersonating trustworthy pages in SN‟s. Some hacker
will pretend to help you in promoting your profile by increases your
followers or protecting your account. Where he will ask you to enter your personal
data in false sites that look similar to the real one. To protect against phishing
attacks, experts advise paying attention not opening a suspicious link and
ignoring any request to enter your personal data unless it is the official site
otherwise your account will be at risk. Furthermore, make sure access to
the
company's website via the correct URL.

Real-life case
Man cheated of Rs 455,000 by Facebook pal

(Times, 2019)
Police have arrested a woman for allegedly swindling a youth of hefty cash on the
pretext of getting the victim a beautiful bride.

According to Metropolitan Police Crime Division, Kalpana Basnet, 23, was traced
and taken into custody by plainclothes cops on Sunday. Basnet, who hails from
Shailung Rural Municipality-5 of Dolakha district, was residing in Balkot,
Bhaktapur.

Basnet befriended Hari Bahadur Karki, 24, on Facebook a few months ago.
Though Basnet and Karki never met each other until this case came to the fore,
they used to chat for hours on messenger and talk on phone, almost every day. As
Basnet knew about Karki’s financial status, she created a fake Facebook account
in the name of Sangita, with profile picture of a beautiful woman. She then posing
as Sangita, sent a friend request to him. Karki accepted the friend request. One day,
Basnet told Karki, who also hails from Dolakha, that Sangita was a beautiful
woman and she knew her very well. “Sangita became a topic of their telephonic
conversation for many days. One day Basnet asked Karki if he was interested in
marrying Sangita and Karki’s response was positive,” a police official said. Karki
was already in love with his virtual friend, Sangita. After a few weeks, Basnet
informed Karki that Sangita was critically injured in a road accident, and had to be
rushed to New Delhi for treatment. She also requested him to provide some money
for her treatment. Saddened by the news, Karki decided to provide money to
Sangita through Basnet.

He sent Rs 455,000 in installment to Basnet via wire for Sangita’s treatment.

“After receiving the cash, she told Karki that Sangita died while undergoing
treatment,” according to the police officer. Suspicious about Basnet’s conduct,
Karki lodged a complaint with the MPCD to probe into the incident and identify
Kalpana. Police investigation established Basnet as a Facebook scammer and
arrested her.

She has been handed over to Metropolitan Police Range for legal action under
cyber crime and fraud. Police have not disclosed further details about Basnet and
Karki.

Cheating, blackmailing, phishing, identity theft, hacking, spreading hatred and

inciting violence, circulating lewd photos and videos and grooming are major
forms of cybercrime often reported to the law enforcement agency. Any person
involved in cybercrime is liable to Rs 100,000 in fine or five years in jail or both,
as per the Electronic Transactions Act.
Police have appealed to social media users not to accept friend requests from
strangers.

Accepting strangers not only gives way to the risk of identity theft, but also puts
unsuspecting persons at the risk of being cheated.

Bibliography
Merriam-Webster, 2., 2019. Merriam webster. [Online]
Available at: https://www.merriam-webster.com/dictionary/identity%20theft
[Accessed 12 12 2019].

Times, T. H., 2019. The Himalayan Times. [Online]

Available at: https://thehimalayantimes.com/kathmandu/man-cheated-of-rs-455000-by-facebook-pal/
[Accessed 12 12 2019].