6 Things you need to know about identity fraud

Identity fraud means the usurpation of a person’s identity in order to use it to carry out criminal acts (theft, obtaining private data, cyberbullying, etc.).

It is currently one of the biggest concerns of technology users, who are increasingly aware of their privacy and the protection of their personal data when interacting on social networks or shopping online. And they have good reason to do so, since more and more users are reporting identity theft.

This type of fraud, which has always occurred in the physical world, impersonating a person’s identity by using similar clothes, by means of different deceptions, or through their identity document, has jumped to the digital world, making us very vulnerable targets for cybercriminals.

1. What are the most common types of identity fraud?

It can be very easy for a criminal to steal your online data. These are the most common types of identity theft on the internet:

Spoofing

Through the use of different hacking procedures it is possible to impersonate another person’s identity in order to obtain private information or access to a platform with the use of a fake credential. 

Any digital channel can be exploited for identity theft through spoofing. The most common types of spoofing are:

• Email spoofing
• Web spoofing
• DNS spoofing
• ARP spoofing
• IP spoofing

Pishing

It is a method of identity theft that involves tricking users into sharing confidential information (such as credit card numbers, passwords or codes) by pretending to be a trusted person, entity or company. It is named in reference to fishing, where the bait is set to catch the victim.

The most commonly used types of phishing today are:

• Phishing via mass emails.
• Spear phishing (personalised email sent specifically to a person or company).
• Cloning phishing, where legitimate emails are copied or cloned containing a malicious attachment.

Pharming

It comes from the terms phishing and farming, being a type of digital crime very similar to phishing. By impersonating an email or web page, an attempt is made to obtain confidential information from the user. In this case, web traffic is redirected to the attacker’s site by installing a virus or Trojan horse on a user’s computer or even using fake DNS so that users do not realise that they are visiting a fake website. 

2. How to avoid the risk of identity fraud?

Needless to say you can never be 100% sure when surfing the net, the best recommendation is to be cautious and always be on the lookout for suspicious emails or websites.

However, we leave you with a series of tips that will undoubtedly help you to mitigate the risk of identity theft.

• Use an antivirus to detect malware, in order to minimise the effects of an attack.
• Check that URLs are reliable, and truly belong to the provider with whom you are communicating.
• Secure your connection and try to avoid using public Wi-Fi.
• Verify that the sender of an email is someone you can trust before performing any action or executing any downloadable or attached file.
• Check that the web page you are accessing is really where you want to go, especially in cases where you are going to use credentials or confidential data.
• Do not open links that look strange and hover over them to see the real url.
• Search for the digital certificate of the website. This is usually located on the left hand side of the search bar.
• You should be especially careful when browsing websites that contain our financial or personal information, since it is the most vulnerable.
• Monitor the movements of your bank accounts and credit cards on a regular basis.
• If you are a company, it is highly recommended that you use secure hosting and payment gateway services, as well as installing complementary security tools for your website or digital shop.
• There are procedures for stealing personal information in person in our daily lives, such as the manipulation of ATMs or credit card cloning. Be cautious.
• If you have lost your ID card, or if you have been the victim of theft, you should report it as soon as possible.
• Use strong passwords containing lowercase and uppercase letters, as well as digits and characters. Similarly, avoid using passwords that can be guessed because they are related to your life (your pet’s name or a special date).
• Periodically renew the access credentials to your platforms.
• Do not use the same password for all platforms, because if one platform is breached, all of them will be breached.

3 What are the legal consequences of impersonating someone?

The prison sentence for identity fraud can range from a minimum of 6 months up to 6 years imprisonment, depending on the severity, due to infringement of privacy, theft of personal information or acting on behalf of another person.

There are several factors to take into account when measuring the penalty for impersonation:

• The type of offence
• The benefit obtained from the offence
• the harm that may have been caused to the victim
• and whether the offender is a repeat offender.

As this offence is covered by the Penal Code, victims are entitled to compensation for the damage caused, whether psychological, material or even legal problems that may have been caused by impersonation, (such as inclusion on a list of defaulters).

4. How do you know if your identity has been impersonated?

It is almost impossible to detect identity theft without experiencing negative consequences. Some of the clues that can help us to know if we have been supplanted are:

• Bank withdrawals that we have not made.
• Purchases and charges on the card that we do not recognise.
• Notification by a service that reports a security or data breach.
• Notification of a suspicious access to a digital platform from an address that does not correspond to that of the user.
• When you go to apply for a credit service and you are rejected because your financial health is not good.
• On social networks, when you see photos in your profile (or data) that you do not recognize.
• When you receive communications (emails, calls, correspondence) demanding payment of debts that are not yours.

5. What to do if your identity has been impersonated?

Depending on the type of identity theft you have suffered, you will have to proceed differently, but as a general rule it is advisable to report it, after gathering all the information that may help in the investigation process: charges you have not made, purchases you have not made, screenshots, emails…

Once all the information has been gathered, you should file a report with the authorities as soon as possible to mitigate the consequences.

In the case of bank data theft, the first action to take is to cancel all credit or debit cards, as well as blocking the account from further action and going to a branch for a possible claim and to request information. 

If the identity theft has occurred on a social network, you should inform them immediately as they have teams that specialise in the investigation of these cases. However, they usually take a long time to resolve and deal with the incident and the process is not very transparent.

If you have an insurance policy that guarantees and covers this type of damage, you should contact them explaining the situation and providing them with as much evidence as possible.

6. How can you prevent identity fraud in your company?

In businesses, it is most frequent for new customers to impersonate a person’s identity by providing the details of a third party in order to register or receive the benefits of a service.

To avoid these situations, a rigorous procedure should be carried out to review the data provided by the new client such as: full name, date of birth, signature of the person and be sure of the veracity of the documents presented as well as checking that the person presenting it is the same as the person on the document.

At Mobbeel we want to make the world a safer place, where you can make digital transactions with the same confidence as in person, avoiding identity fraud and providing a great user experience that allows you to verify the identity of your customers in seconds.

MobbScan allows you to scan an identity document while verifying its authenticity and verify the identity of the owner.

If you want to know more about MobbScan, our KYC solution, do not hesitate to contact us, and if you liked the article, share it and add value to your followers!

Download our KYC guide and discover how it affects you

• Meet AML / KYC requirements and regulation.
  Enhance user experience.
  Reduce the dropout rate during onboarding.
  Automate user verification.
  Avoid documentary and identity fraud.