Identity theft is a fraud that implies obtaining personal or financial data of users in order to utilize a person’s name or identity card for financial transactions. To get sensitive information, attackers gain illegal access to corporate databases to steal a list of customers and their data. When receiving the necessary information, fraud can destroy a person’s credit rating or gain access to other personal data. No wonder why people try to protect themselves, falling back upon PrivacyGuard reviews or utilizing other services for identity theft protection.
In the United States, identity theft is attributed to the widespread distribution of SSN (Social Security Number) as proof of identity. In order to obtain identity confirmation, a large number of organizations request an SSN. In the UK, NINO (National Insurance number) and NHS (National Health Service Number) are used to carry out “identity theft.”
Where to Buy a Digital Identity?
According to security experts from Kaspersky, the full set of user data can be bought on the darknet for only $50.
Identity theft can be expensive for a person, because by taking possession of their personal and banking data, intruders can spend money and carry out other, including illegal, transactions on their behalf. As a result of the actions of frauds, the financial situation and reputation of the victim may be affected. However, the fraud wishing to use the stolen data will be able to buy a person’s digital identity very cheaply.
For the specified amount of money, the buyer can purchase data from the victim’s social media accounts, bank details, remote access to servers or desktops, and even information from Uber, Netflix, Spotify, and other services, gaming resources, dating apps, and pornographic sites.
Many sellers ask for only $1 for one compromised account. Wholesale buyers are offered discounts. Moreover, some sellers offer their customers a lifetime warranty – if one purchased account becomes inactive, another is offered for free instead.
The most popular methods of stealing user data are phishing and exploitation of vulnerabilities in web applications, such as SQL injections. Password dumps contain combinations of passwords and logins for hacked services. As you know, many people use the same credentials for multiple services, making it easier for scammers to work. After receiving a password from only one service, the attacker can access the rest.
Most leaks come from large companies. Corporations allow them because they get a benefit. And so-called zero-day vulnerabilities identified by hackers, which have not been reported, can use governments to monitor citizens.
Legally, data in large corporations is stored in one place, although geographically separated. And that’s certainly bad, too.
How to Deal With Identity Theft?
Will the people ever invent a system that cannot be hacked? As soon as someone claims they invented something similar – such a system will immediately cease to be protected and turn into sweet bait, attracting hackers from all over the world.
Now everyone is talking about blockchain – probably, solutions based on decentralized systems of this type are possible. Still, we need to find a way to make them accessible “simple mortal,” because so far they require large amounts of memory on computers and a lot of electricity.
The approach to data protection should be developed and implemented at three levels: user, infrastructure, and legislation.
As for the first of them, we must develop a culture of consumption of Internet content and the use of devices, programs, and sites. It is worth explaining to people that they are not just “users,” but also active participants in the information market, that their data are valuable in itself. It is also necessary to introduce users to specific security tools and to instill common behavioral norms.
At the legal level, the organizations bear responsibility for collecting and storing our personal information (meaning not the data that we create ourselves through social networks and applications, but those known to the state, banks, insurance companies, etc.). There is a need to develop a legislative framework that does not leave room for artificial data breaches and manipulation.