Since the dawn of the twenty-first century, news reports of hacking incidents involving significant financial institutions, companies, governmental organizations, and any other location where hackers can acquire personal information and use it to defraud millions of people worldwide have been almost daily. Identity theft is the practice of stealing personally identifiable information, and it can happen to anyone, at any moment. Who you are doesn't exist. Identity thieves only care that they can successfully use your identity to set up fraudulent accounts or hack into your existing ones and rack up as much debt in your name as they can before they get caught or to use your identity for other illegal reasons. Even though cybersecurity measures are better than ever, hackers continue to break into systems and steal personal information because ordinary users are careless with the security of the data their devices hold and because hackers are continually finding new ways to break into systems and steal information.
To understand the crime of identity theft, one must begin with a basic definition of what it is. Identity theft, per research by Biegelman (2009), is when “criminals acquire key pieces of personal identifying information— such as name, address, date of birth, SSN, mother’s maiden name, employment information, credit information, and other vital facts—in order to impersonate and defraud the victim” (p. 2). With this information in hand, criminals can, and do, create new online personalities in order to run up debt in the victim’s name or, in extreme cases, actually become the victim in the real world and use the identity for all sorts of schemes to defraud the victim. However, the predominate method of identity theft is, and will remain, the online theft and use of personally identifiable information (PII) for fraudulent purposes. The criminal will use the information and identity for as long as they can until they are discovered or the identity is no longer useful to them. Regarding the prevalence of identity theft, the U.S. Federal Trade Commission in 2012 noted that “over 9 million people are victims of identity theft each year” (as cited in Marcum, et al., 2015, p. 318).
Now that the basic definition of the crime has been laid out, an examination of how the crime occurs is appropriate. The list of how criminals obtain PII for use in illegal activities runs the gamut from low tech to high tech. Identity theft can be done in the real world, by physically assuming the identity of an individual, or by theft of PII in order to create fraudulent accounts or to use the information to steal an individual’s existing finances. Identity information can be obtained by the time tested, and extremely dirty, way that is commonly known as “dumpster diving”, where a criminal will sort through an individual’s trash to find discarded papers which contain PII. Identity theft also sometimes involves old fashioned theft. Stealing a wallet, purse, or these days, a mobile device, can give the criminal an avenue to invade your life and steal PII that they can use for financial gain.
Regarding the cyber avenue to an individual’s PII, the methods used are just as varied as the non-technical means. One of the most widely used methods for cybertheft of your PII is by the use of spyware. Criminals who want to obtain your PII often send out emails or set up websites which aid them in stealing PII. The emails contain links to sites offering everything from free music downloads to free antivirus software which download programs onto your computer or other mobile device which, if undetected, can steal any piece of information which is inputted to the system or typed on the keyboard or keypad. Per Biegelman (2009), “If you fall for this too-good-to-be-true offer and download or open unknown attachments, you may expose yourself to surreptitious installation of spyware on your computer” (p. 29). These clandestine download schemes are getting less obvious to the average user as the cybercriminal gets more sophisticated in the ways the schemes are presented. Sometimes, something as innocent as opening a picture online can start a chain of events that can end up costing thousands of dollars and months of your time cleaning up in the wake of the mess created. In contrast to these more “lone wolf” types of cybercriminals, there are groups, ones such as “Darkode” who operate secure websites where criminals can “buy, sell, or trade zero days, malware, credit card numbers, and trojans” (McMahon, Bressler & Bressler 2016, p. 27).
Another aspect of cybercrime, one that ties in very closely with identity theft, is the practice of social engineering or “human hacking” (Conteh, 2016, p. 31). Hackers exploit the users’ “tendency to trust, be corporative (sic), or simply follow their desire to explore and be curious” (Conteh, 2016, p. 31) to obtain PII, system information, passwords, or other pieces of information which can be used in attacking systems and extracting information. The hackers install malicious software or leave “backdoors” into the system that can give them access to a myriad of data from corporate plans to customers’ PII. These kinds of attacks are becoming so prevalent in the United States that FBI Director James Comey, testifying before a Senate Homeland Security Committee in 2013 stated “cyber-attacks have surpassed terrorism as a major domestic threat, with the threat continuing to rise” (as cited in Conteh, 2016, p. 32). Comey’s statements accentuate the growing threat that cyber-attacks pose to not only national interests but also to an individual’s privacy and security.
In contrast to the crime itself, it is also important to understand who it is that commits these kinds of acts, what motivates them (besides the obvious financial gains), and how they can be identified and helped before they turn to a life of crime. Individuals who turn to cybercrime generally are believed to have low self-control which is caused by “ineffective parenting, including lack of bond, poor monitoring and inconsistent or ineffective discipline” and are characterized as “impulsive, insensitive, risk-taking and attracted to simplistic tasks” (Marcum, et al., 2015, p. 319). Low self-control and lack of concern for the long-term consequences, per the research of Marcum and her associates (2015), creates a perfect marriage of criminal to task when it comes to identity theft. They go on to explain that in regard to identity theft:
“The impulsive or shortsighted individuals fail to see the breach in trust when they perform identity fraud. Further, the insensitive person does not consider the amount of time and resources necessary to prevent the behavior, nor do they consider the possibility of being caught and legal sanctions” (p. 320).
One other factor that contributes to the making of a cybercriminal, noted in the study done by Marcum, et al. (2015), was that with an increase in GPA, high school students tend to be more likely to have the proclivity to engage in cybercrime. As Marcum, et al., stated “As the respondents’ GPAs increased, the more likely they were to participate in identity theft” which backed up similar findings on adult cybercriminals, done by Skinner and Fream in 1997, which showed that “cybercriminals are more likely to possess higher levels of intelligence compared to those who perform property crimes in the physical world, as those individuals often have lower IQ levels” (as cited in Marcum et al., 2015, p. 325). This is because cybercrime and identity theft require the ability to outwit an opponent rather than physically overcome them.
Turning to the state of users’ awareness and participation in cybersecurity programs in their personal and professional lives, one of the most vulnerable groups today is college students along with the elderly. College students tend to be more vulnerable because, per the research conducted by Seda (2014), because (1) they tend to use information technology and the Internet more than the general public does, (2) they are frequently solicited by financial institutions as potential new customers giving the identity theft rings another avenue of approach, and (3) they are more less likely to be familiar with financial transactions and how they are supposed to work and are much more likely to be trusting to others, some of which might be there to take advantage of them (p. 463). The best offense in the world of cybersecurity is always a good defense.
Taking steps to ensure your PII remains private is an important step which everyone should take. One of the most abused identifiers of you as an individual is your Social Security Number (SSN). Every effort must be taken to protect your SSN and restrict its access to only those who absolutely need it and those that have non-disclosure agreements (like the U.S. government) which restrict the use of your SSN. As Bidwell, Cross and Russell (2002) point out “People whose SSN is less readily obtainable might be passed over by an identity thief in favor of victims for whom obtaining an SSN is easier” (p. 26). Also, without your SSN identity thieves must work harder to impersonate you which is not in their nature when there is a much easier target readily available in most cases. Another step which is simple and can keep your information out of others’ hands is to opt-out of marketing lists which are used to contact you by telemarketers and are bought and sold by hackers to obtain your PII.
Identity theft and its consequences are a growing problem for more and more people around the world. Cybersecurity is improving but so are the tactics of hackers who want to obtain your PII. Vigilance by individual users will go a long way in thwarting identity thieves and cybercriminals from making you a victim. As Sullivan (2004) noted describing the situation faced by victims of identity theft, “The real world of identity theft, the world where some 10 million people found themselves in 2002, is a much more perilous place. It is a haunting, paperwork nightmare, one often compared to financial rape, littered with small and large tragedies” (p. 36). It behooves us all to adhere to cybersecurity in protecting our PII.
References
Bidwell, T., Cross, M., & Russell, R. (2002). Hack Proofing Your Identity in The Information Age. Rockland, MA: Syngress.
Biegelman, M. T. W. K. S. (2009). Identity Theft Handbook. Hoboken: John Wiley & Sons, Incorporated. Retrieved from http://ebookcentral.proquest.com.ezproxy2.apus.edu/lib/apus/detail.action?docID=416169.
Conteh, N. N., & Schmick, P. J. (2016). Cybersecurity: Risks, Vulnerabilities and Countermeasures to Prevent Social Engineering Attacks. International Journal of Advanced Computer Research, 6(23), 31-38.
Marcum, C. D., Higgins, G. E., Ricketts, M. L., & Wolfe, S. E. (2015). Becoming Someone New: Identity Theft Behaviors by High School Students. Journal of Financial Crime, 22(3), 318-328. Retrieved from https://search.proquest.com.ezproxy2.apus.edu/docview/1686358377?.
McMahon, R., Bressler, M. S., & Bressler, L. (2016). New Global Cybercrime Calls for High-tech Cyber-Cops. Journal of Legal, Ethical & Regulatory Issues, 19(1), 26-37.
Seda, L. (2014). Identity Theft and University Students: Do They Know, Do They Care? Journal of Financial Crime, 21(4), 461-483. Retrieved from https://search-proquest-com.ezproxy2.apus.edu/docview/1660751510?
Sullivan, B. (2004). Your Evil Twin: Behind the Identity Theft Epidemic. Hoboken, N.J.: Wiley.
