Previous Lesson

DIM-03-01 Why Steal an Identity

We indicated, earlier, that identities are the key to gaining access to services and resources. Anyone who can present themselves as us, and satisfy the persons or processes used to authenticate our identity, could get authorised access to our services and resources.

Let us consider some motivations a person presenting themselves as us could have.

Data harvesting

Knowledge facilitates impersonation. The more someone knows about you, the more they are able to appear as you. Gathering information about you, your family, your contacts, your interests, your activities, your movements, your commercial relationships, and your financial status is useful to someone with malicious intent. Your information, and the information of many others, is stored in databases online.

Data harvesting is the gathering of bulk data, perhaps simply usernames and email address or phone numbers, to build a base for further information gathering. You can be used as a springboard for gaining access to others and their information.

By gaining access to a device using the device identity and authenticator, all information on your device may be harvested.

By gaining access to your email identity, the information your email archives hold can be harvested. The impostor can now access all your online emails, read and access any information recorded in the emails including file attachments, bank statements, utility accounts, creditor statements, travel records and plans etc. This information may assist in providing clues relating to finding out identities used for your other online services.

Service entitlement

Online services that you have subscribed to, entitle you to certain benefits. These benefits may be related to entertainment services, government, educational, social, commercial or transport services. Use of these services by others appearing as you, may result in you having less or no service access.

Service profile changes

Hijacking of an online service can occur when someone, acting as you, changes your profile making it impossible for you to take control. The other person continues to use the service and you have no way of getting back control.

Cyber-Bullying

Also known as online bullying, cyber-bullying is any form of bullying behaviour or harassment that takes place using digital devices.

Bullying occurs when a person is repeatedly targeted using social media sites, and other online interaction and messaging services.

Stalking, repeatedly harassing and intimidating, and even excluding individuals from groups can be seen as cyber bullying. Cyber-bullying includes sending, posting or sharing mean, perhaps false, negative and potentially harmful content about others that leads to embarrassment or humiliation.

The impact of cyber bullying may be initiated online but extend to real-world social outcomes including peer pressure and social exclusion.

Common amongst teenagers and young adults, this behaviour can also be done anonymously.

Potentially, cyber-bullying can be considered as criminal if the behaviour is unlawful.

Reputational damage

Posing as you, and posting inappropriate information online on social media sites, can harm your reputation. This could damage your credibility and jeopardise your career, family or social environment.

 

Sending emails that look like they originated from your personal or business account can also do damage to you social and business relationships.

Financial impact

Using your identity to successfully access your financial services allows someone to transact on your behalf. Buying online, transferring funds, using credit services and doing credit purchases can harm you financially.

This could be achieved through the use of your bank cards, or cloned cards in the real world and your card information online, or accessing online banking services using your identity.

Scenarios that could result if someone took your identity:

  • Access your online banking services, change your profile, manipulate funds, transfer cash out of accounts etc.
  • Access your services at retailers where you have accounts. Purchase goods on your credit facility.