What is identity theft?

Current developments and advancements in AI have created a universe of impressive opportunities. Nevertheless, they bring along an increasingly deceptive and cunning threat: identity theft.

Personal data has become a highly valuable asset, leading cybercriminals to seek vulnerabilities to hijack such identities constantly.

This event can have disastrous consequences for victims and pose highly complex challenges to the privacy protection and digital security of individuals and institutions.

Hence, it becomes necessary to understand exactly what identity theft entails, what risks it poses, and what measures must be taken to protect against such risks, as this threat is becoming increasingly common.

What is Identity Theft?

Many Internet users are unaware of these types of threats. Therefore, to prevent or eliminate digital identity theft, it is necessary to know what it is, how it occurs, and its consequences.

Identity theft or fraud is a crime that involves obtaining and using someone’s exclusive personal information without their consent, that is, unlawfully and unauthorizedly.

Such information, which may include names, addresses, social security numbers, among others, is typically used to carry out fraudulent actions such as making unauthorized purchases, applying for loans, obtaining credit, opening new digital accounts, etc.

Basically, cybercriminals steal identities and exploit them for their benefit, usually for profit-making purposes.

This personal information can be obtained in various ways, such as through phishing (deception via emails or fake messages), accessing databases, hacking, or even physical theft of documents.

It can also occur through the theft of physical documents or wallets/purses containing personal information, such as driver’s licenses or ID cards , or through other methods, such as skimming (installing devices on ATMs, payment terminals, or vending machines to steal credit card information during legitimate transactions) and shoulder surfing (an old method that involves basically looking “over the shoulder” of someone while they enter their PIN at an ATM or fill out forms at banks and post offices).

Identity theft is a serious crime that can have devastating consequences for victims, including emotional stress and financial problems. Therefore, users need to take measures to protect their information and be alert for possible signs of theft.

Applicable Spanish law

In Spanish legislation, identity theft is punished through the offense of usurpation of civil status, which is regulated in Article 401 of the Penal Code .

This crime consists of appropriating a person’s characteristics to impersonate them with the purpose of obtaining any type of gain. The article establishes a prison sentence of six months to three years for the commission of this crime.

The elements that compose the concept of civil status are as follows:

• Birth
• Name and surname
• Age
• Gender
• Nationality
• Parentage
• Marriage
• Divorce or separation
• Death

Therefore, the characteristics of this crime are as follows:

• It involves personal falsification.
• It is a crime of mere activity, so obtaining results is not necessary.
• The situation must be maintained for a period that generates confusion, not just for specific acts.
• It must have a certain importance or significance.
• It affects civil status, covering elements such as name, marital status, and profession, among others.
• It requires a clear intention to obtain benefits or cause harm, even if they are not materialized.
• Certain rights and actions must be exercised on behalf of the victim.
• The replaced person must be real, even if they are deceased.

Definition of Digital Identity Theft

Digital identity theft occurs when someone assumes the identity of another person in the digital realm, for example, on social networks or in other types of online communications, in order to contract services or acquire products, such as financial products.

How Digital Identity Theft occurs and common areas?

This type of fraud can occur in multiple ways; some of the most common ones include the following:

• Phishing: Scammers impersonate legitimate institutions by sending emails or SMS to request confidential data such as passwords and credit card information, among others, with the aim of stealing your identity.
• Hacking: Through vulnerabilities in computer system security or through malware, criminals can illegally access databases or computer systems to obtain stored personal information (names, addresses).

Indeed, there are various types of identity theft, each with its features and methods. Understanding each is necessary to protect your users’ personal information.

• Financial identity theft: In this case, the victim’s personal information, such as credit cards, is used to make unauthorized purchases, open new accounts, or transfer funds.
• Tax identity theft: This occurs when criminals use the victim’s data, such as their social security number, to file fraudulent tax returns and claim illegitimate refunds.
• Medical identity theft: At this point, the victim’s social security information is misused to obtain medical treatments, prescriptions, or health services in the victim’s name.
• Child identity theft: it occurs when data from minors, who often do not have a credit history, is stolen to open bank accounts or apply for credit. These incidents usually go unnoticed until the child reaches the age to apply for such services.
• Identity theft on social networks: It involves taking advantage of these platforms’ low privacy requirements or creating fake accounts to impersonate victims’ identities.
• Synthetic identity theft : Combination of real and fake information to create new identities.
• Social Security identity theft: Criminals use social security numbers to open new lines of credit in the victim’s name.
• Online shopping fraud: Involves identifying and exploiting weaknesses in insecure or vulnerable online shopping platforms to obtain personal information from users.
• Fraud against the elderly: Perpetrators often pose as trustworthy people, such as customer service representatives, to obtain sensitive information.

The fertile ground of the Dark Web for Identity Theft?

The Dark Web, the dark corner of the Internet famous for hosting thousands of illegal activities, is also transforming into fertile ground for the proliferation of Artificial Intelligence services and identity theft.

Accessing the Dark Web requires specialized software to be done anonymously, making it an attractive platform for various illegal activities, including the trafficking of stolen data. This encompasses everything from personal and login information to financial data and medical records.

The trading of such data often takes place through cryptocurrencies to ensure the anonymity of buyers and sellers.

Some of the most notable examples of this new issue are:

• OnlyFake: a website that offers the possibility to generate overly realistic identity documents. It also includes a service for editing metadata in photographs. This represents a serious security threat, as it can be used to generate information to identify individuals such as passports, etc.
• DeepFakes : refers to fake images, videos, and audios that are difficult to distinguish from reality.

Identifying Identity Theft

Considering that identity theft can take various forms, warning signs are not always obvious. Some of the most common indicators that identity or confidential personal information has been compromised include the following:

• Unusual activity in financial accounts, such as unknown transactions or unauthorized withdrawals.
• Unexpected credit rejection.
• Receiving bills for services that have not been used, such as medical services, phone bills, or others.
• Missing important mail such as bank statements or credit card statements.
• Contact from creditors or debt collectors about accounts you don’t recognise.
• Receiving notifications about changes in personal information such as email addresses or passwords.

Differences between Identity Theft and Identity Fraud

Identity theft and identity fraud (impersonation) are two distinct forms of fraud, but at the same time, they involve and are linked to the misuse of other people’s personal information. Some key differences between both concepts are as follows:

Identity Theft?

• Personal information of another person is obtained and used without their consent.
• This information is often obtained through phishing techniques, hacking, or physical theft of documents.
• The main objective is to use the victim’s personal information to obtain illegitimate benefits or commit financial fraud.

Identity Fraud / Impersonation?

• The individual impersonates another person using their personal information.
• It may involve the use of forged documents, as well as the victim’s forged signature.
• The objective may be broader than identity theft, as the attempt may be made to gain access to services, goods, or privileges that would not otherwise be available to the perpetrator.

In summary, identity theft involves the misuse of the victim’s personal information, while impersonation consists of posing as the victim.

Both are serious crimes that could harm the victims, so it is essential to be vigilant and take appropriate measures to protect oneself from them.

Next up: Consequences of Identity Theft

Ready for more? Follow the rest of this article on Mobbeel's blog>.