G 0.36 Identity Theft

In identity theft, attackers pretend to have a false identity, using information about another person to act in that person’s name. For this purpose, data such as date of birth, address, credit card numbers, or account numbers are used to, for example, register for an Internet Service Provider (ISP) at someone else’s expense or to enrich themselves in other ways. Identity theft frequently also leads directly or indirectly to reputation damage, but also causes a high amount of time to clarify the causes and avert negative consequences for the affected people. Some forms of identity fraud are also referred to as impersonation.

Identity theft occurs particularly frequently where identity verification is handled too negligently, especially when expensive services are based on this.

A person who has been deceived about the identity of the other party can easily be brought to disclose sensitive information.

Examples:

• With various email providers and auction platforms on the Internet, it was initially sufficient for registration to come up with a fictitious name and back it up with an appropriate address from the phone book. Initially, attackers could also register under recognizable made-up names, such as those of comic book characters. When stricter plausibility checks were introduced, real names, addresses, and account numbers of real people were used for this. The affected parties did not learn about this until the first payment requests arrived.
• Email addresses are easy to forge. It happens again and again that users are deceived in this way into thinking that an email comes from a trustworthy source. Similar attacks are possible through manipulation of the caller ID in voice calls or through manipulation of the fax ID in fax calls.
• Attackers can attempt to impersonate someone to intercept an existing connection without having to authenticate themselves, since this step has already been completed by the original participants in the communication.