We’re living in an age when identity theft is probably a bigger threat than it has been at any other time in human history.
Most of us are now active social media users, where it’s very easy to share sensitive information that could be exploited by criminals.
Cybercriminals have also become more adept at exploiting this type of information and at targeting potential victims with sophisticated social engineering attacks or powerful malware. That increases the risk of falling victim to an identity theft scam that could wreak havoc on your personal life or financial affairs.
These real-life identity theft examples demonstrate the need to be vigilant but there are ways to avoid it if you take the right precautions.
1. Twitter’s celeb takeover
In 2020, Twitter was rocked by a coordinated attack on the accounts of Bill Gates, Barack Obama, Elon Musk, Joe Biden and many more major celebrities. Their official accounts all posted a message offering to give $2000 to anyone who donated $1000 in Bitcoin.
The Bitcoin scam was one of the most audacious identity theft scams ever attempted and the people responsible attacked Twitter itself in order to carry it out. The attack showed how cybercriminals can use a recognised social media account to gain the trust of potential victims.
How to avoid it
If the social media platform you use is hacked, there isn’t much you can do. But you can protect your individual accounts, particularly your login credentials.
Always use strong passwords with letters, numbers and special characters, backed up with two-factor authentication. Change your passwords regularly and never reuse or share them. A password manager is a great way to store complex passwords more securely and improve your security.
Beware of phishing scams that try to obtain your details using a fake link, message or email. These will often try to create a sense of urgency or warn you that your account has been hacked. Consider subscribing to identity protection services to add another layer of safety for your identity.
2. The victim turned expert
Dr. Kyung-shick Choi is now a cybercrime and cybersecurity expert at Boston University Metropolitan College but that didn’t prevent his identity from being stolen. The South Korean native was studying criminal justice in Boston when he was contacted by South Korean police.
He was accused of conning South Korean citizens out of $50,000 in an online scam. The former policeman set about working with the police to trace the person responsible, who turned out to be the husband of one of his friends.
Choi had a public website that included personal information about his work and academic experience. This was used by the husband to impersonate Choi and trick his five victims to pay towards tuition ‘for Choi’, using the former policeman’s good name to win their trust.
Choi eventually cleared his name, but the incident did cause embarrassment, and he revealed that some people on his course questioned whether he might be guilty.
How to avoid it
Be careful about what information you put out into the world. Sharing your birthdate, place of birth or information about your family, work, education or background may be all it takes for unscrupulous people to impersonate you.
Be particularly cautious when adding information to a personal website that can be publicly viewed. Check your privacy settings on social media and consider whether you really need to share information that could potentially be used against you.
3. A scam that affected thousands
Identity theft is not always committed on a one-to-one basis. Another example of identity theft is that of York native Edward Pearson carried out a hacking campaign that was estimated to have affected thousands of people and could have potentially earned him £834,000.
He was jailed for identity fraud after using viruses to gain access to personal information that included details of PayPal accounts, birth dates, names, postcodes and more. Some viruses or malware can attack your device, stealing personal details or sensitive information and sharing it with your attacker. You may not realise your identity has been stolen until it’s too late.
How to avoid it
Always keep your devices updated to avoid cybercriminals exploiting vulnerabilities that they’ve identified. A good antivirus package can provide extensive protection against various sorts of nasty malware.
Take some commonsense precautions as well – don’t click on links in suspicious emails or sites, avoid clicking on pop-ups promising freebies or claiming that you have a virus, and never download any files unless they’re from a reputable source. The same goes for links or downloads that come from legitimate addresses without any context.
4. A family affair
It turns out that the family that commits identity theft together doesn’t stay together. A mother and son ended up on the wrong side of the law when they used software from the dark web to commit credit card fraud, identity theft, and wire and bank fraud.
The identity theft and fraud ring was uncovered when police officers arrested Quinae Shamyra Stephens and her son Deandre Copes in a stolen rental van in South Carolina, U.S. Police investigated the duo’s suspicious behaviour when they were spotted going back and forth between a bank and a retail store.
A search of the van revealed over a dozen identification documents, a device for re-encoding credit cards, and multiple credit and debit cards. The sophisticated criminals had downloaded instructional material from the dark web to tell them how to commit credit card fraud using the details of innocent people.
How to avoid it
Stolen personal information can end up on the dark web where it can be accessed or bought by criminals. The best way to help protect yourself is to set up two-factor authentication on all your accounts and protect yourself with antivirus protection.
Even with this precaution, you should always practice safe password management. If you’re concerned that you were the victim of a breach or that your sensitive data has been compromised, use dark web monitoring to check if your information is available to hackers.
5. The solicitor who was hacked
It’s not always the person whose identity is stolen that ends up as the victim. A Manchester woman ended up £35,000 out of pocket after her solicitor’s email was hacked and she mistakenly sent £96,000 to a fraudster’s bank account.
The money was supposed to go towards an investment property. Sally Flood received an email from her solicitor asking her to transfer a first installment of £50,000 towards the property. When the firm emailed confirmation of the lodgment, she sent the outstanding balance as asked.
It turned out to be an elaborate bank transfer scam, initiated by hackers who had gained access to her solicitor's email system. While Sally received two thirds of the money back, she still lost a huge amount of money.
How to avoid it
In this example of identity theft, could Sally's solicitor have done more to avoid being hacked? Common business-focused scams include using ‘CEO fraud’ to pretend to be a company executive. Scammers demand credentials, sensitive information or a transfer from junior staff members. If in doubt, always check the email address. Attackers often use fake addresses that are very similar to the real thing.
We’ve already discussed ways to help protect yourself against phishing, malware and social engineering scams. Businesses are also vulnerable to these attacks, so it pays to be vigilant at home and at work.
Things can quickly spiral out of control if you fall victim to identity theft but there are ways to help protect yourself.
No one can prevent all cybercrime or identity theft.