What is identity theft?
According to various studies, it is estimated that millions of people worldwide suffer from identity theft or impersonation each year. Knowing how it is done can help you to protect yourself against possible identity theft.
What is it?
Impersonation or identity theft on the Internet refers to pretending to be another person in order to commit illegal acts, such as fraud or deception, obtaining sensitive or confidential data or information, cyberbulling (internet harassment), grooming (sexual abuse of minors)...
How is identity theft carried out on the Internet?
To impersonate or steal another person's identity, it is necessary for the hacker to obtain certain personal data using known vulnerabilities in computer security systems. Cybercriminals may use various techniques to access this personal information: the theft of devices containing personal information and the interception of an individual's own personal information sent over unreliable networks using man-in-the-middle techniques.
Impersonation is a crime and is punishable by imprisonment. According to the OSI (Internet Security Office), there are several ways to steal someone's identity:
- by accessing the user's account via phishing and malware techniques.
- by using a fake profile, for example, in social media, creating a profile of another person and interacting with other users by pretending to be them
How can you protect yourself?
The following are some recommendations to reduce the leakage of personal data that can be caused by identity theft:
- Have procedures for classifying and processing information that includes personal data.
- Training and awareness of staff regarding good practices in information security and personal data protection, responsible use of ICT, as well as procedures for classifying and processing information.
- Equipment, system and application security updates and patches.
- Scanning, analysis and repair of vulnerabilities in systems and applications.
- Pentesting to detect and correct weaknesses and vulnerabilities.
- Implementation of data loss prevention systems (DLP).
- Encryption of information in storage and in transit.
- Encrypt the hard drives of portable devices to prevent access to information in the event of loss or theft.
- Avoid the use of removable media such as USB sticks, using alternative media such as secure cloud storage or encrypted email and, if it is essential to store personal data on such media, encrypt them.
- When sending personal data over the Internet it should be sent through secure channels such as encrypted email, VPN, SSH tunnels or web forms using HTTPS.
Impersonation or identity theft can be used to commit fraud and deception or to obtain sensitive or confidential information that may cause serious harm or damage to individuals or organisations.