Gemma Combellack’s story, as published in the BBC magazine this weekend, is yet another example of the grave results of identity thefts. Gemma discovered she’d become a victim of an identity theft when she was refused a mortgage over a payday loan in her name that she knew nothing about. Apparently, Gemma’s is not alone.
Malicious actors use various techniques in order to obtain information about unsuspecting individuals online/ offline. One of these techniques could be simply asking the victim for it (or his/ her friends/ relatives), using the right lingo or previous knowledge about the victim, which can be obtained online or otherwise. This many times involves the malicious actors pretending to be someone they are not or making an offer the victim can’t refuse.
Other means could be exploiting unsuspecting third party service providers, convincing them to provide the attacker with the victim’s personal information or even credentials to access accounts, passwords reset, etc. It may sound unlikely, but it actually is if you give it another thought; How would you react if you were a customer representative and hear a “stressed’’ mom calling you with her baby crying in the background asking for some apparently non-sensitive information of her husband? After all, she is the wife, and you could be helping someone in distress, so you may very easily not sense the risk and ignore the strict rules of privacy and company internal policies.
Another good source for identity theft are massive data breaches, of which we hear/ read about on a weekly basis these days, and which result with leaks of data about individuals. Some of these pieces of data, even if at first sight seem insignificant, could be added to other details and together form enough information to serve an identity theft attempt.
Completing the puzzle using data collected over the public domain + data from customer support centers + data from past data breaches + data that the victim or his/her friends/ family provided the adversary with, could easily result with the story described in the article by BBC.
What can you do to mitigate the risk?
Awareness – It can happen to anyone. No one is immune. Therefore, educating yourself and your relatives about the potential risks of identity thefts and the countermeasures to apply is crucial to your ability to prevent its poor consequences.
Prevention – An assessment of one’s digital posture, major consumed services and the crown jewel information that have to be protected may allow to detect potential security weak points to be treated and exposures to remediate.
Reaction – If you would notice that your identity was stolen by a malicious party, what would you do? Good question ahh…?! Have a prepared recovery plan that is set as a ‘cookbook’, describing the steps to be made for fast and cost effective recovery.