They steal our identity on the internet and activate a small loan on our behalf: just a small amount of money each month from our bank account, so we do not notice it. The cyber-criminal diverts, to their advantage, a large wire transfer that should be credited to us.
There is no end to what a cybercriminal will attempt such as renting a car to commit a crime, open an additional bank account to launder ill-gotten gains from illicit trafficking or take out a mortgage in our name.
Phishing remains the preferred method of attack by cybercriminals, but we must also keep our guard up against the skimmer who copies data from our credit and bank cards while we are out and about; or through a SIM SWAP scam, a technique by which criminals clone our SIM and take control of our smartphone to empty our bank account.
Some real cases to help us understand the identity theft risks to which we are exposed to on a daily basis
- CREDIT SCAMS
- BANKING TRANSACTIONS
- PUBLIC NETWORKS
- SERVER ATTACKS
- REPUTATIONAL DAMAGE
- ONLINE SCAMS
- PUBLIC SMARTPHONE CHARGING
Let’s imagine your data is stolen. Do you know that, without your knowledge, of course, someone else could activate a loan in your name? This happened to a doctor from Palermo who received a letter from a financial company in which they advised that a loan of 45 thousand euros had been granted, to be repaid in 60 instalments, for the purchase of a car.
In addition to the loan for the car, on behalf of this modest professional, another 7 loans had been activated, never requested, with different lending institutions, to obtain sums between 3 thousand and 20 thousand euros. The doctor had to file a police report for identity theft and fraud at the Prosecutor’s Office. After the formal fraud complaint was filed the loan processes – carried out with real data, but cloned documents – were blocked, but in the meantime the doctor’s name had been entered in the register of Bad Payers.
Unfortunately, negative credit reporting can remain for up to 3 years creating potentially long term problems for the victim.
Imagine being on the subway, on our way to work.
We would not imagine that someone nearby, with a simple application downloaded to their smartphone, would be able to clone data from our contactless ATM or credit card, that we believe is safe in the wallet.
It will only be at the end of the month, when we check our bank statement, as do almost 90% of card holders, that we realize the unusual withdrawal activity.
The skimmers will have almost emptied our account by making small withdrawals without having to type in the PIN.
How many times have you received an email from a friend asking for money because they are in difficulty abroad? For phishing it works just like this: we get an email, apparently from a trusted source, a bank or a friend. The message could be a request for money from a friend in distress or could come from our regular bank asking us to confirm data. Or, in this era of COVID-19, someone might ask us to participate in the fundraiser in favor of a local hospital.
We click on the link and end up and in a fictitious website full of malware where the credentials of our credit card data are stolen or worse a Malware silently and maliciously installs on our computer or tablet and transmits our data and our passwords, to criminals.
There are thousands of these cases reported to the Postal Police every month.
Imagine relaxing in your favorite café, a hot cappuccino on your table. Your smartphone signals that there is free wi-fi with the café’s name identifying the available network.
We often get these messages; at the airport, the public library, or on board a train.
It’s nice to be able to connect to a public network without consuming your own data plan… but watch out, connecting to an unprotected network exposes you to many risks.
All it takes is a device costing around 70 euros and few computer skills to allow a hacker to create a fake network enticing people to use, in the café, airport or train station, and be able to steal sensitive data contained in the innocently connected laptops and mobile phones, including sign-on credentials, bank account passwords and other critical personal identity information.
Cyber-criminals often attempt attacks on international servers – web services, hotels, airlines or government websites – that focus on users' personal data.
How do they use them?
The stolen data often ends up in encrypted files for sale on the dark web.
These are personal data of users (name, surname, date of birth, email) and financial data (credit card number, holder, card expiration).
The cyber-criminal doesn't care who the victim is, their interest is in using another person's identity to get a consumer loan or a line of credit.
They may also be interested in using another person's identity to compromise their reputation, as in the case of fake profiles on social networks, for personal gain.
How much is our personal data worth on the web? Suffice it to say that during operation “Data Room”, the Italian Postal and Communications Police, with the coordination of the Public Prosecutor's Office in Rome, found that those criminals that managed to steal data from unknowing victims illegally earn thousands of euros per month.
In the crosshairs: call center operators, accused of selling phone numbers of users to cyber criminals. The suspects, in collaboration with the cyber criminals, were found responsible for the aggravated perpetration of the crime of abusive access to the computer system and abusive detention and dissemination of access codes, and for the violation of the law on privacy and illicit dissemination of personal data subject to large-scale processing.
How do identity thieves go into action
The news is full of sensational cases. Here's one of the many. Someone takes your professional picture from the Internet, uses your first name, surname and profession (i.e. pretends to be you) to post an online ad selling a listed piece of property, such as a home or commercial building, in the context of a bankruptcy proceeding.
Then, in support of this ad create a fake WhatsApp profile, with your picture, and once the purchase request is received, they provide alternative bank details, like an IBAN, to which the unsuspecting buyer deposits the down payment.
After this transaction the scammer disappears and the unsuspecting buyer will only realize that they have been deceived when they manage to track down the real professional.
The two scammed parties (the unsuspecting buyer and the professional who had their identity stolen) immediately alerted law enforcement.
JUICEJACKING IS A TECHNIQUE TO STEAL YOUR DATA OR INSTALL MALWARE ON YOUR SMARTPHONE
Did you know that when you use a public charging station to charge your device cyber criminals can easily steal personal data from you?
Typically there are five USB ports in a charging station, not all of which are needed to recharge the device. Two of these are usually dedicated to data transfer.
By charging your mobile phone or tablet in public places, you can run into a lot of trouble.
For example, some criminals can take advantage of the connection of a charging station, where malware was previously uploaded, to automatically download this malicious software it to your mobile device.