Game of Clones: Defeating Identity Theft

Sep 5 / Eloise Watts
Welcome to the second edition of our Cyber Crime Series! This time we’re tackling the Night King of the Cyber Crime world: Identity Theft.

As explained in our last instalment, we’ll be breaking the post down into the following sections, to help you find what you need:

  • What is it
  • How to protect you
  • How to protect your business
  • What’s coming next

Ok, now you know how this post is going to work, let’s get started: How to say bye bye Identity Theft…
An illustration of a brain

Identity Theft: What is it?

Identity Theft involves an “attacker” doing 3 things:
  • Stealing personal information
  • Cloning it
  • Using it to pretend to be you

This could be to make purchases, apply for loans, extort you, and lots of other nasty things.

But, as we start moving to electronic letters and banking, Digital Identity Theft is on the rise. This is a little different from offline identity theft, but just as dangerous. With Digital Identity Theft, attackers steal the electronic information, rather than paper copies. They do this by misleading or hacking you, instead of breaking into your house - which makes their job easier. They can then share/sell the information on the Dark Web once they’ve used it.
An illustration of a notebook

How does it work?

Identity Theft can be really difficult to spot and sort. Especially, with Digital Identity Theft, as nothing is “missing” - a letter hasn’t been stolen. But, that’s not to say it’s impossible! Let’s take a look at how Identity Thieves would carry out an attack…

Of course attacks will vary, depending on what the attackers want. But, to get the information, they usually use techniques like:

  1. Phishing - using dodgy emails and phone calls to trick you into giving away personal info. For more info, head to our first Cyber Crime post Plenty of Phish.
  2. Buying data off of companies - some companies sell personal data. It’s worth noting that not all companies do this. However, if you’re providing lots of info, and you aren’t sure why, then check their Privacy Policy (usually at the bottom of the page).
  3. Social media spying - using the info you post. By spying on your socials, thieves can start to piece together little bits of info about your life. For example, where you work, your birthday, where you live, etc. But, don’t panic too much about this. There’s lots of things you can do to avoid this, which we’ll look at later.

Ok, so now they’ve got the data. What do they do with it? Well, as we said, that really depends. To be Identity Theft, the attacker needs to use the data. This could be in many ways, but is usually one of the following:

  1. To hide their criminal identity - this may be to get a loan, a job, or a mortgage. They may use your identity to apply.
  2. To get money - they may use your info to get a credit card, and then make loads of purchases, with no worry. They won’t be charged for them, so don’t care.
  3. To get a driving licence - they can then use this as a form of ID.

For companies, this can look a bit different. Phishing and social media spying are the main techniques used to gather info and clone companies. But, the main concern for companies is extortion. Attackers can use the data they’ve gathered to set up clone social media accounts, websites, or products. This could damage the company’s reputation, or put customer/employee data in danger. That’s a major concern, and attackers may refuse to stop until the company pays them. However, there’s lots of techniques you can do to protect your business. So don’t worry. Let’s have a look at that next.
Illustration of a key

How to protect yourself against Identity Theft

Ok, now you know what Identity Theft is, and how it works, let’s discuss tactics. What can you do to protect yourself and your business? We’ve split our top tips into sections, but it’s worth reading both to become super knowledgeable.

Protecting yourself and your family

  • Security Software - downloading Security Software onto your computer AND PHONE can be really helpful. Think about it as a protective bubble around your data and information. Next time you’re calling an Uber, sending your location, and payments, maybe wrap it in a lovely encryption so no one else can see it. Especially if you’re on shared WiFi.
  • Change. Your. Passwords. To be at the best protection against hacking or Phishing, you should change your passwords regularly. And according to McAfee, that means about every 60 days. Plus make it easy by using a Password Manager to remind you and remember them. And this is the biggy. We all do it, but to protect yourself against Identity Theft, don’t use the same passwords (or a slight variation) on all of your accounts. Attackers are smart, and will try the different variations. If all the accounts are the same, the attack could get a whole lot worse as they gain access to EVERYTHING.
  • Privacy and account settings - if you’re worried about who’s seeing your social media posts, there’s an easy fix: make it private. By having to give permission to who can see your content, you can monitor who knows what.
  • Post smart - if you want to keep your account public, that’s ok. You can still protect yourself against Identity Theft by posting smartly. For example, if you’re posting a picture in front of your house, make sure the number or street name is out of shot. Or, use erasing software to remove/slightly blur the house number. That way you can keep posting, but sleep better knowing that Identity Thieves are kept at bay. That tactic goes for all posts: bank card in the image? Move it, or cover the details. Bye bye social spies.
  • Stop hitting “ignore” on your updates - security is a BIG thing for companies (as it should be). They’re constantly monitoring any risks, or possible weak spots in their apps or websites. So, when an update comes through, you should probably hit download! That update may be fixing the weak spot that an Identity Thief was eyeing up!

Protecting your business

Protecting your business from Identity Theft is a little bit different. But still very important! If your business is cloned, it can shatter your reputation; put customers’ data at risk; cause lots of confusion. But don’t worry, here are our top tips for protecting your business:

  • Social listening - with companies, attackers usually clone their social media. But if you don’t expect an attack, how would you know about a clone until it’s too late? Panic. Well, don’t because you can set up Google alerts to monitor the internet for mentions of your company! For example, if an account is set up, or a customer comments something about your business then ding! You’ll know about it, and can then deal with the issue.
  • Make passwords strong and unique - keeping up with passwords as a business is hard. We get it. But they’re a crucial barrier between your business and attackers. Keep track of your passwords, and check the password strength using password managers such as Bitwarden or NordPass.
  • Keep track of updates - similarly to normal apps, business systems and apps need to be updated regularly. Security is constantly monitored, and new weak points, or improvements are being made. These are sent out as updates, which you need to download. We understand that as a business, you probably use a lot of different apps and software. So, the easiest way to keep up to date with them all and ensure you're super protected, is by allowing automatic updates. Let your computer/system do the work, by automatically installing the updates as they’re released. That way you don’t need to spend your time manually installing them all, and can carry on with your work!
  • Be transparent with your customers - this is really important. Customers need to be able to trust you. Especially when the worst does happen. So be honest with them! If you spot a clone, make your customers aware that YOU are the real account, and to ignore the other account. Respond to any questions quickly, and make sure to monitor what customers are saying about it (look through comments and hashtags). Plus, customers can be super helpful. If the clone account blocks you, then you might not know what’s happening - ask your customers, get them to report the account. They will appreciate the honesty, and will see how seriously you take security. This could boost your reputation.
An illustration of a webpage with a smiley face on it

So, what's next?

And that’s it for Identity Theft! We hope you’ve got a better understanding of what it is, and how to protect yourself and your business.

And our key takeaway?

Think about what else the picture is saying!
Before you post that really cool picture of you, just check what else is in the picture. What other information could an attacker get from that image? Your card details? House number? Just take a minute to check and remove what you don’t want people knowing.

Want more information on Identity Theft? Head online, there are loads of really great resources and articles to help you learn more and protect yourself. As we mentioned in our last post, Government websites are always great - they have the most up-to-date info, and how to report and solve Identity Theft.

Check in next month for our next instalment in the Cyber Crime series, featuring… Malicious Software.

Interested in joining the tech/cyber-security industry?

Why don't you check out our Web Development Mastery course? Go from complete beginner to industry-ready Junior Developer in as little as 28 weeks. 

Study around your life with our self-led course, and cancel at any time. Why don't you have a go? Enjoy a whole month on us...

Start your free trial today! Check it out here.