The use of imitations and false documents to deceive people is not new. However, the introduction of the Internet and easily accessible online services has turned identity theft (opens new window) into an industry unto itself.

One world, many identities

Cybersecurity basics, first, understand what you're trying to protect, then what you're monitoring it from, so you can implement the appropriate controls. So to prevent identity theft, you need to know how your identity is defined, both in the physical world and in the online world. Once you understand this, you can ensure you have the appropriate controls in place to protect the aspects that define your entire identity.

In the physical world, your identity is defined by government credentials such as passports, national insurance cards, driver's licenses, and other necessary documents, all of which can be forged or stolen. However, most people are aware of the risks of stealing a passport or driver's license, and the government is implementing measures built into the document to make tampering much more difficult for criminals.

It is very different from the online world, where most people are not fully aware of what identifies us online. But unfortunately, it makes it much easier for criminals to steal and abuse those identities, because if you don't know what needs to be protected, how can you protect it?

In the physical world, we essentially have a singular identity. However, in the cyber world, we have many identities in legitimate online activities, and compromising any one of those identities can start to cause huge problems that transcend the real world.

Think beyond your physical identity

Protecting your identity starts with the basics: Minimize what identifies you, keep that information in as few places as possible, and don't share it with anyone. Keep your identity private and don't divulge it, because the less you divulge about yourself, the less chance you have of that information falling into the wrong hands.

It is well known that this is information that can be used to identify a person:

  • National insurance number
  • Address
  • Email
  • Phone number
  • Connection identifier
  • Social media posts
  • Biometric information
  • Digital images

However, there are also:

  • Geolocation
  • Behavioral data
  • IP address

How many people know your secrets?

If we think about the basic online identity, it is basically a username and a “secret”. Of course, you can use the same identity on all websites, but that becomes a risk because if that identity is stolen, criminals have the key to unlock access to everything you use online.

Your credentials (username and password) are not always stolen directly from you. Instead, they are often stolen from the operators behind the systems you log into or your password manager.

You only have to look at the volume of credentials leaked as a result of breaches to realize that if you've been using the Internet for a few years, it's likely that some of your credentials have been stolen and posted online as a result of breaches. Data leak.

try not to be yourself

According to Moore's Law, computing power doubles every 18 months, that is, every 18 months; the time required to deploy a brute force attack on a password will be halved. This is why recommendations on password length and complexity increase over time: a critical distance that was safe 10 years ago will not be safe today.

As a best practice, when choosing and changing your password, the NCSC recommends three random words that are not related to each other or relevant to you. Therefore, you should ignore your pet's name or hometown when creating your password.

Knowing something about someone is a great starting point for guessing their password. In today's world, you don't need to know them physically - most people these days will happily share details of their loves and hates on social media, which can be collected by those wishing to steal identities. It wouldn't take a genius to figure out that someone posting photos of their pet could have related words in their password.

However, as we know, passwords are frequently stolen, so while it is essential to change them regularly, it is also vital that online identities are protected by more than one set of credentials. This is where multi-factor authentication comes into play.

Recommendations for verifying a person's identity in the real world include the use of multiple documents. There are three fundamental factors in the cyber world:

  • Something you know, like your mother's maiden name.
  • Something you have, like a security token or a phone number
  • Something you are – biometric identifiers

The same factor can be used multiple times, but it's not as strong as using multiple factors, and for accurate 2-Factor Authentication (2FA), it needs to be two independent factors. The second factor should not depend on the first, so using the same username and password for a system to open your email account and retrieve a security token is not true 2FA.

Although biometrics is generally considered a reasonably important factor, it can be circumvented through the use of fake fingerprints, voice recordings, or photographs. Think about how many photos you have of yourself on social media platforms like Instagram, Facebook, or LinkedIn, and remember that these can provide a rich source of images to trick facial recognition.

Has your identity been stolen?

Let's go back to the original point about identity theft becoming an industrialized industry and not a cottage industry in the Internet age. The basic online identity of a username and password doesn't mean much on the dark web, but if it's one password you use for multiple accounts, it can become a rewarding purchase if the person is willing to dig a little deeper.

However, wallets consisting of identification numbers, addresses, dates of birth, credentials, medical records, etc. attract the best prizes. If someone is looking for your complete physical and cyber identity and is willing to do anything, they can probably get it if you're not careful.

Other than that, 99% of people involved in identity theft are looking for money quickly and easily. They're also likely to be in a different country or continent than you are, so they won't be able to steal or break into your home to steal devices; spies are not declared. However, they are the ones that will track your cyber identities which are much easier to attack, so educate yourself about the risks and not divulge any crucial information that is accessed remotely.

There are several steps you can take to limit your risk of identity theft both in the real world and online.

In the real world:

  • Securely store documents that contain personally identifiable information, such as your name, address, etc.
  • Securely destroy these documents when you no longer need them.
  • Monitor your bank accounts and credit score for suspicious activity
  • When moving to a new home, make sure all contacts are up to date and mail is redirected
  • When disposing of electronic equipment, make sure it is clean

In the cyber world:

  • If you are shopping online, take the time to review the website and make sure it is secure.
  • Educate yourself so you can recognize online scams
  • Social media quizzes often mean following the responders - copy and paste the link instead of clicking directly.
  • Secure your passwords and use different ones for different accounts
  • Don't secure your password vault with the same credentials you use online
  • Use multi-factor authentication whenever possible

Finally, in all circumstances, you should always disclose the minimum amount of information to ensure maximum security. Your identities are an integral part of you, so don't lose control over them. Stay alert and you won't be disappointed.

Share This