Identity Theft: How It Works, Who It Affects, and How to Combat It

The first step in understanding identity theft is by identifying how hackers use it effectively. An article by Jakobsson and Myers (2007) explains that identity theft is a multi-stage process. First, the hackers use what Jakobsson and Myers call “the lure.” This is where the hackers send out a mass number of email messages that appear to be from legitimate sources, such as a bank or cell phone service provider. The next step is called “the hook.” Here, the hackers must encourage the user to go to a specified website and enter sensitive and identifying information (such as passwords, bank account information, or answers to security questions). The final step, “the catch,” is where the hacker uses this information to actually hack a user’s account by using information gained in the previous two steps to impersonate them. Oftentimes, if a hacker has already reached step three, it is too late to do anything about it save for changing passwords. This three-step process can sometimes happen in mere minutes, giving the potential impulse-minded consumer little time to rethink their actions. For this reason, it is important to be proactive in identifying possible identity theft attempts before they start.

To this end, it is necessary to look at some of the most common ways of preventing and counteracting identity theft. An article by Chou, Ledesma, Teraguchi, and Mitchell (2004) explains a few common solutions that can help the average consumer identify phishing attempts. The most obvious line of defense is simple observation. Examining the URL of a webpage can expose phishing attempts easily, as explained in the article. “An @ in a URL causes the string to the left to be disregarded, with the string on the right treated as the actual URL for retrieving the page. (p.4)” This means that it is possible to identify phishing attempts simply by looking for an @ symbol in the URL bar. If it does, it may be necessary to take other preventative measures to determine if a URL is a phishing attempt. This step, according to Chou et al. involves using a program called SpoofGuard, which is a plug-in that can scan pictures in potential phishing emails to determine if those same pictures have been reported in other identity theft cases. The last resort for a victim of identity theft is to quickly notify all credit and banking agencies of the identity theft in order to minimize the financial damage done. Even if it is too late to save finances and such, many banks and credit cards have some form of insurance for identity theft that will soften the financial blow it can cause. With these tools and knowledge, at least preventing identity theft is a little easier, although, of course, there is no substitute for common sense.

Finally, it is prudent to examine how identity theft affects the nation on a daily basis; in particular, the world of cybersecurity and current technologies. A study by Avivah Litan (2004) found that more than 30 million people were positive they had been victims of identity theft. Even more surprising, only49 million consumers of the 141 million surveyed said they had not experienced identity theft in any form. In addition, the study also estimates that identity theft costs U.S. banks and credit card issuers, two of the most commonly impersonated entities, about $1.2 billion annually. The study also believes that these identity theft cases are doing more than simple financial harm. Consumer confidence, according to Litan, is continually threatened by identity theft, and could hamper the growth of booming websites such as Amazon.com. Perhaps worst of all is that identity theft has clear detrimental effects on one’s psyche. A study by Sharp et al. (2004), found that the majority of patients who have been victims of identity theft experienced “…an increase in maladaptive psychological and somatic symptoms post victimization”(p.3). This study shows how serious an issue identity theft is, and why it is so important to take measures to prevent and counteract it.

Identity theft is a massive problem, especially in today’s world, where almost all transactions and personal information are available to hackers tech-savvy enough, or perhaps just desperate enough, to attempt to steal it.

References

Chou, N., Ledesma, R., Teraguchi, Y., & Mitchell, J. C. (2004, February). Client-Side Defense Against Web-Based Identity Theft. In NDSS

Jakobsson, M., & Myers, S. (Eds.). (2006). Phishing and countermeasures: understanding the increasing problem of electronic identity theft. Wiley. com.

Litan, A. (2004). Phishing attack victims likely targets for identity theft.

Sharp, T., Shreve-Neiger, A., Fremouw, W., Kane, J., & Hutton, S. (2004). Exploring the psychological and somatic impact of identity theft. Journal of Forensic Sciences, 49(1), 131.