In the 1997 film Face/Off, FBI Agent Sean Archer agrees to partake in a dubious yet necessary experimental face transplant to gain intel about a planned bombing. He takes the face of terrorist Castor Troy and sets off to do his job, but in obvious, cinematic fashion, Troy figures out the plot and forces the doctor to transplant Archer’s face on him, before killing the doctor. The film follows Archer and Troy as try to accomplish their personal missions while quite literally masquerading as each other, in a thrilling yet hilarious depiction of stolen identities. Now in real life, cases of identity theft are not as exciting or nefarious as this, but it takes considerably less effort for an attacker to assume an individual’s identity.
The problem with identity theft is that it has become easier for attackers to find personal information about their targets, or identify sources that can guide them to personal information. With the increased use of technology and reliance on communicative and social media platforms, people are inadvertently making themselves lucrative targets for attackers who wish to steal identities. This coupled with issues like large-scale data breaches makes the average person vulnerable to identity theft. On this blog and in general, there have been plenty of conversations about the state of cybersecurity in the times of the pandemic. This is especially pertinent when you consider the average individual who may not be aware of cybersecure practices online. It is no surprise that with the increased reliance on technology in the past year, people have been sharing more about themselves through online means as well. Regular use of online platforms is convenient and helpful in the communicative context, but such public platforms also tend to leave people vulnerable to attackers using OSINT techniques to gather data for malicious use.
Cases of identity theft have been steadily rising in the past years, and with the prevalence of personal information online, it has become easier for attackers to profile their targets and impersonate them to gain sensitive information. With more people using online services in the past year, cases of identity theft and fraud have been rising. According to the Consumer Sentinel Network, which is maintained by the Federal Trade Commission (FTC), 4.7 million reports were made to the FTC concerning identity theft and imposter scams in 2020 alone. Losses were valued to $3.3 billion, with the average individual losing around $850. Reports of false identities being used to apply for government benefits went up by 2920% in 2020.
There are simple steps that individuals can take to secure their information both online and offline. Some of these steps overlap with cybersecure behaviors; these include but are not limited to: (1) investing in antivirus software, (2) recognizing and reporting phishing emails, (3) using password managers or using passphrases, (4) using unique passwords across all online services, (5) securing sensitive information through encryption, (6) using two-factor authentication services wherever possible, and (7) securing personal and work devices. Opt-out services are another way of limiting spam calls, emails or post. A list of these services can be found on the FTC website (https://www.consumer.ftc.gov/articles/0262-stopping-unsolicited-mail-pho...). Phone numbers can also be added to do-not-call registries, which can help against vishing attempts. It is also important to keep track of all online transactions. For instance, with lockdowns and quarantines in effect, there have been major shifts to online banking. By keeping an eye on things like loan payments, credit scores, automated billing cycles, and bank statements, you can quickly spot any unauthorized activity before it is too late.
As with most cyberattacks, perpetrators take advantage of the fact that most people tend to disregard their security online. Following and maintaining a routine of these simple steps, and checking your online presence across different applications (like social media, your organization, or online services) can help you stay vigilant to any attempts of identity theft and fraud.