Organised criminal gangs have learned that it is easier, less risky, and more rewarding, to steal money through identity theft, than it is to conduct more traditional crime such as an armed hold-up of a bank. Internet users should be acutely aware of the real dangers that lurk when opening innocent-looking emails, when online banking, when online shopping, or even when using Facebook or Twitter for social networking.

What is identity theft?

Identity theft is the stealing of personal information that enables the criminal to impersonate someone else. The more personal information a criminal has on their victim, the more susceptible the victim is to the theft of their money.

How do criminals steal your identity?

A simple email address may be where the criminal starts. Armed with your email address, a criminal is able to send you a phishing email, to entice you to a phishing site where you may enter more personal information such as your name and bank account or credit card details.

A criminal can add to the personal information they have on a victim by visiting their Facebook page, LinkedIn site, or searching Google. If the criminal has infiltrated the victim’s PC with malware, they are able to obtain more personal information such as login usernames and passwords, credit card number, date of birth, etc. The more information the criminal is able to gather, including social security number, phone number, address – all adds to the value of the information, and the likelihood of success in stealing money by impersonating the victim online.

Cyber criminals trade personal information amongst each other in order to build up a more complete digital picture of individuals. The more complete the picture the more valuable the information becomes. Once a cyber criminal has possession of your digital identity, he can do anything you can do online.

There is a specialisation of tasks within organised crime gangs. There are those who gather the data, others who develop the malware, key loggers and phishing sites, botnet controllers who assist with distribution, traders of stolen identities, mules and gang bosses. These criminals offer others in their gang, data or specialised tasks, and are cogs in a well-organised network.

Botnets are a collection of PC which have been infiltrated by malware and remote-controlled by the botnet owner. Botnets are used for sending out phishing emails, hosting phishing sites, and harvesting the stolen identity data. The botnet owner rents out the botnet to criminals who send spam and phishing emails, and host phishing sites. Botnet owners grow the size of their botnets by infiltrating new PCs with their botnet malware.

How do criminals convert identity data into money?

The personal information that is stolen is used to steal money. It can be used to purchase goods online, open bank accounts, borrow money, or transfer money out of a compromised bank account.

Mules are used to help transfer money out of bank accounts and into the hands of the cyber criminals. Emails are sent to potential mules offering them the job of mule – all they need is a bank account into which money will be paid, and they are required to forward it onto another bank account and can keep a small percentage in return.

One way to shift money out of a compromised bank account is to transfer the money into an online payment channel (such as a less sophisticated version PayPal for example). Debit cards can be linked to these accounts and the cash is withdrawn through an ATM. Alternatively, large sums of cash are transferred into a false account setup by the criminal and then immediately withdrawn before the bank becomes suspicious.

How can you protect yourself from identity thieves?

Cyber crime is big business, conducted by organised criminal gangs. Internet users need to take sensible precautions.

1. Be extra careful when clicking on links within emails.
2. Be careful about entering sensitive personal information online such as when logging into the bank, and also when posting information on Facebook, Twitter or other social networking site.
3. Ensure that you have basic anti-virus protection on your PC.
4. Ensure that your PC is protected with additional data protection software which safeguards against key logging, phishing, screen captures, etc.
5. Check your bank statement regularly for any unauthorised payments.