What is identity theft?

Current developments and advancements in AI have created a universe of impressive opportunities. Nevertheless, they bring along an increasingly deceptive and cunning threat: identity theft.

Personal data has become a highly valuable asset, leading cybercriminals to seek vulnerabilities to hijack such identities constantly.

This event can have disastrous consequences for victims and pose highly complex challenges to the privacy protection and digital security of individuals and institutions.

Hence, it becomes necessary to understand exactly what identity theft entails, what risks it poses, and what measures must be taken to protect against such risks, as this threat is becoming increasingly common.

What is Identity Theft?

Many Internet users are unaware of these types of threats. Therefore, to prevent or eliminate digital identity theft, it is necessary to know what it is, how it occurs, and its consequences.

Identity theft or fraud is a crime that involves obtaining and using someone’s exclusive personal information without their consent, that is, unlawfully and unauthorizedly.

Such information, which may include names, addresses, social security numbers, among others, is typically used to carry out fraudulent actions such as making unauthorized purchases, applying for loans, obtaining credit, opening new digital accounts, etc.

Basically, cybercriminals steal identities and exploit them for their benefit, usually for profit-making purposes.

This personal information can be obtained in various ways, such as through phishing (deception via emails or fake messages), accessing databases, hacking, or even physical theft of documents.

It can also occur through the theft of physical documents or wallets/purses containing personal information, such as driver’s licenses or ID cards, or through other methods, such as skimming (installing devices on ATMs, payment terminals, or vending machines to steal credit card information during legitimate transactions) and shoulder surfing (an old method that involves basically looking “over the shoulder” of someone while they enter their PIN at an ATM or fill out forms at banks and post offices).

Identity theft is a serious crime that can have devastating consequences for victims, including emotional stress and financial problems. Therefore, users need to take measures to protect their information and be alert for possible signs of theft.

Applicable Spanish law

In Spanish legislation, identity theft is punished through the offense of usurpation of civil status, which is regulated in Article 401 of the Penal Code.

This crime consists of appropriating a person’s characteristics to impersonate them with the purpose of obtaining any type of gain. The article establishes a prison sentence of six months to three years for the commission of this crime.

The elements that compose the concept of civil status are as follows:

• Birth
• Name and surname
• Age
• Gender
• Nationality
• Parentage
• Marriage
• Divorce or separation
• Death

Therefore, the characteristics of this crime are as follows:

• It involves personal falsification.
• It is a crime of mere activity, so obtaining results is not necessary.
• The situation must be maintained for a period that generates confusion, not just for specific acts.
• It must have a certain importance or significance.
• It affects civil status, covering elements such as name, marital status, and profession, among others.
• It requires a clear intention to obtain benefits or cause harm, even if they are not materialized.
• Certain rights and actions must be exercised on behalf of the victim.
• The replaced person must be real, even if they are deceased.

Definition of Digital Identity Theft

Digital identity theft occurs when someone assumes the identity of another person in the digital realm, for example, on social networks or in other types of online communications, in order to contract services or acquire products, such as financial products.

How Digital Identity Theft occurs and common areas 

This type of fraud can occur in multiple ways; some of the most common ones include the following:

• Phishing: Scammers impersonate legitimate institutions by sending emails or SMS to request confidential data such as passwords and credit card information, among others, with the aim of stealing your identity.
• Hacking: Through vulnerabilities in computer system security or through malware, criminals can illegally access databases or computer systems to obtain stored personal information (names, addresses).

Indeed, there are various types of identity theft, each with its features and methods. Understanding each is necessary to protect your users’ personal information.

• Financial identity theft: In this case, the victim’s personal information, such as credit cards, is used to make unauthorized purchases, open new accounts, or transfer funds.
• Tax identity theft: This occurs when criminals use the victim’s data, such as their social security number, to file fraudulent tax returns and claim illegitimate refunds.
• Medical identity theft: At this point, the victim’s social security information is misused to obtain medical treatments, prescriptions, or health services in the victim’s name.
• Child identity theft: it occurs when data from minors, who often do not have a credit history, is stolen to open bank accounts or apply for credit. These incidents usually go unnoticed until the child reaches the age to apply for such services.
• Identity theft on social networks: It involves taking advantage of these platforms’ low privacy requirements or creating fake accounts to impersonate victims’ identities.
• Synthetic identity theft: Combination of real and fake information to create new identities.
• Social Security identity theft: Criminals use social security numbers to open new lines of credit in the victim’s name.
• Online shopping fraud: Involves identifying and exploiting weaknesses in insecure or vulnerable online shopping platforms to obtain personal information from users.
• Fraud against the elderly: Perpetrators often pose as trustworthy people, such as customer service representatives, to obtain sensitive information.

The fertile ground of the Dark Web for Identity Theft 

The Dark Web, the dark corner of the Internet famous for hosting thousands of illegal activities, is also transforming into fertile ground for the proliferation of Artificial Intelligence services and identity theft.

Accessing the Dark Web requires specialized software to be done anonymously, making it an attractive platform for various illegal activities, including the trafficking of stolen data. This encompasses everything from personal and login information to financial data and medical records.

The trading of such data often takes place through cryptocurrencies to ensure the anonymity of buyers and sellers.

Some of the most notable examples of this new issue are:

• OnlyFake: a website that offers the possibility to generate overly realistic identity documents. It also includes a service for editing metadata in photographs. This represents a serious security threat, as it can be used to generate information to identify individuals such as passports, etc.
• DeepFakes: refers to fake images, videos, and audios that are difficult to distinguish from reality.

Identifying Identity Theft

Considering that identity theft can take various forms, warning signs are not always obvious. Some of the most common indicators that identity or confidential personal information has been compromised include the following:

• Unusual activity in financial accounts, such as unknown transactions or unauthorized withdrawals.
• Unexpected credit rejection.
• Receiving bills for services that have not been used, such as medical services, phone bills, or others.
• Missing important mail such as bank statements or credit card statements.
• Contact from creditors or debt collectors about accounts you don’t recognise.
• Receiving notifications about changes in personal information such as email addresses or passwords.

Differences between Identity Theft and Identity Fraud

Identity theft and identity fraud (impersonation) are two distinct forms of fraud, but at the same time, they involve and are linked to the misuse of other people’s personal information. Some key differences between both concepts are as follows:

Identity Theft 

• Personal information of another person is obtained and used without their consent.
• This information is often obtained through phishing techniques, hacking, or physical theft of documents.
• The main objective is to use the victim’s personal information to obtain illegitimate benefits or commit financial fraud.

Identity Fraud / Impersonation 

• The individual impersonates another person using their personal information.
• It may involve the use of forged documents, as well as the victim’s forged signature.
• The objective may be broader than identity theft, as the attempt may be made to gain access to services, goods, or privileges that would not otherwise be available to the perpetrator.

In summary, identity theft involves the misuse of the victim’s personal information, while impersonation consists of posing as the victim.

Both are serious crimes that could harm the victims, so it is essential to be vigilant and take appropriate measures to protect oneself from them.

Consequences of Identity Theft 

The effects of these types of crimes can be truly severe for the victims and have significant ramifications.

Some of the effects that identity theft can produce include:

• Loss of funds, leaving the victim with considerable debt.
• Legal issues arise due to the unjust accusation of the victim of crimes committed by the perpetrator.
• Credit damage from unauthorized charges or new accounts opened in the victim’s name.
• Damage to the victim’s reputation which can harm personal relationships or even result in criminal records.
• Significant time and effort are required to resolve the problem.
• Emotional consequences can lead to anxiety and depression while trying to recover from the problem.
• Difficulty in obtaining employment as companies may be reluctant to hire individuals with a history of fraud or financial crimes.
• Inability to participate in democratic processes due to electoral fraud.

On the other hand, some consequences of identity impersonation include:

• Forged documents.
• Suffering harassment and humiliation on social networks.
• Theft of money, data, and user accounts, among others.
• Making online purchases with the victim’s money.
• Contracting services in the name of the victim or the company.
• Committing scams or frauds in the name of the victim or the company.

Identity Theft in specific sectors 

Identity theft has become an insidious practice that not only affects individuals but has also infiltrated specific sectors, expanding its consequences.

This phenomenon, driven by global connectivity and dependence on technology, has created gaps in sectors ranging from electronic voting to the labor market.

Role of Identity Theft in electoral fraud 

This fraud not only threatens financial security and privacy but can also significantly impact the democratic process, especially elections.

• Identity theft in voter registration: Criminals use victims’ personal information to fraudulently register them without their knowledge and consent and cast votes in electoral registers.

• Manipulation of mail-in voting: Mail-in voting can facilitate electoral fraud. Criminals may intercept or forge mail-in ballots sent under stolen names and use them to fraudulently influence electoral outcomes.
• Impact on the integrity of the electoral process: Identity theft and electoral fraud undermine trust in the integrity of the electoral process and its outcomes. The perception that elections are unfair and non-transparent can erode confidence in the democratic system as a whole.

Impact of Identity Theft in the world of work 

Identity theft can greatly impact individuals’ professional lives, ranging from complications in job searches to job stability and professional reputation.

• Fraud in job searches: Criminals can use stolen identity to apply for jobs fraudulently.
• Identity theft in the workplace: Identity theft can occur directly in the workplace, where employees may use their colleagues’ personal information to commit fraud or gain unauthorized access to company resources.
• Damage to professional reputation: If identity theft occurs, the victim’s name is used in criminal or fraudulent activities, resulting in a negative impact on their professional reputation.

Emerging trends that can reduce Identity Theft 

In recent years, cybersecurity has become increasingly important in businesses, extending beyond the information technology departments to become a significant concern in boardroom discussions.

The rise of cyberattacks and their potential consequences, both in terms of legitimacy and loss of customer trust, has made digital security a priority at all organizational levels.

Self-sovereign Identities (SSI) and Decentralized 

It’s an emerging concept that aims to give individuals greater control over their digital identities. It is linked to the eIDAS2 Regulation and the EU Digital Identity Wallet.

This user-centric identity is based on the principle that each individual has the right and ability to generate and control their own digital identity autonomously. This is achieved through technologies like blockchain, where each user can create a unique and secure identifier registered on a decentralized network of Distributed Ledger Technology (DLT).

By generating this identity, the user obtains credentials that allow them to access their profiles on different digital services without the need to share personal information with the recipient of these credentials. In other words, the recipient does not have direct access to the user’s data; they only verify the authenticity of the credential without needing to know the details of the underlying identity.

Blockchain technology provides the foundation for this identity control mechanism. It works like a personal URL, where the user has a unique address that only they can control.

Additionally, the user has the power to complete their profile with the information they wish to share, such as banking data or records from institutions or the government.

How can Mobbeel help against Identity Theft? 

It is essential to adopt a proactive approach to prevent identity theft. This includes implementing security measures such as data encryption and two-factor authentication, as well as biometric systems in identity verification processes.

The implementation of biometric systems can be done by introducing a digital onboarding process that includes validation of identity documents and facial matching with passive liveness proof. The inclusion of this last component is of utmost importance as it analyzes the liveliness of a person through a micro video that does not require active collaboration from the user.

For processes that require user identification and/or authentication in platforms or private areas, facial or voice recognition can prevent the theft of personal information such as passwords

Finally, multifactor authentication can be added for processes or transactions that require an extremely high level of security, making it difficult for unauthorized access or theft of identification information.

Reach us if you are looking for an identity verification solution that puts an end to identity theft.

Download Mobbscan's Dossier for Digital Onboarding

• AML / KYC compliant.
• Improves user experience.
• Reduces abandonment rate during registration.
• Automates user verification.
• Prevents document and identity fraud.