- Identity thefts are one of the fastest-growing types of cybercrime, with fraudsters becoming more innovative.
- Stolen identities are often used in money laundering schemes and cause serious damage for both direct and indirect victims, like institutions involved.
- Complex identity verification service allows companies to prevent money laundering.
Ellis Pinsky comfortably sat in his chair, turned on the computer, pressed a button, and watched $24 million entering his account. Back in 2018 Ellis Pinsky, the so-called hacker mastermind was still 15 when he stole millions in cryptocurrency from Michael Terpin, the crypto investor and millionaire.
The civil suit of a $71.4 million, however, caught Pinsky this year, after he legally became an adult. The hacker will be held liable for the cryptocurrency theft that he made by using one of the identity theft techniques – a SIM-swapping attack to breach the victim’s cryptocurrency account.
The depicted situation is one of hundreds of thousands of cybercrimes that occurred during recent years. Despite the effort to fight them, the numbers of cybercrimes are increasing, cyber-attacks are evolving as hackers are targeting the human layer, which most often is the weakest in the cybersecurity defense system.
Identity theft is an insidious type of fraud as it might be unnoticed immediately and may last for years, causing even bigger damage. Since it requires time and effort to recover from such a type of theft, it is very important to be vigilant and understand the ways of how to protect yourself.
In this article, we will review what are the most common methods and schemes fraudsters use when committing identity thefts, what the stolen data might be used for, and, certainly, we will learn how to prevent identity frauds to save your funds, reputation, and even freedom.
What is identity theft?
Identity theft, sometimes also called identity fraud is one of the fastest-growing types of cybercrime. Generally, it is an illegal activity when personal details are misappropriated for gain. This means that personal data like name, birth date, social security number, account number, passwords, or any other piece of personal information could be used by fraudsters to impersonate someone.
The goal of such a sort of crime is to commit a direct fraud or use the stolen identity for a more complicated and not necessarily direct scheme of moving and withdrawing money. Meanwhile, the damage could be devastating both for the victim itself and for the institutions or companies that participate in the fraudulent scheme without knowing it.
There are various ways of how criminals can use identity theft to steal money. Since most identity frauds are committed for the financial advantage, the most common reasons why such kind of criminal activity is done is the goal to access the victim’s credit card or bank account, fill fraudulent tax returns, apply for a loan, or medical treatment. Not to mention the fact that those stolen identities are widely used for the preparation of false documents, that is an important tool for terrorists to facilitate anonymous traveling across the globe.
Furthermore, if personal details fall into the wrong hands, they can be used for more complicated financial crime schemes that involve money laundering. The particular type of crime generally includes a series of multiple transactions used to disguise the source and origin of the financial assets. This is how funds, obtained from the illegal activity, are transferred to the legitimate businesses or institutions like banks.
There are however the common patterns of the ways how the personal data might be stolen. Since more and more private data is available online, identity thefts are those that might happen to anyone. This is why it is so important to know how to spot and to prevent them.
Complex usage of security layers
Since no one can ever be completely sure of being protected from cybercriminals, there are methods of how to strengthen the personal cybersecurity level as much as possible.
Although lots of people use separate protection layers – like strong passwords or 2-factor authentication (2FA) to protect their online accounts, to rely on only one of them might be not enough.
This is why cybersecurity experts always highlight the importance of being well prepared and recommend using different security layers at the same time. The complex use of layers increases the security level and is more efficient. Here is what should everyone apply to better protect their account and confidential data:
A huge percentage of data breaches are caused by weak or reused passwords. This is why different passwords for different accounts is a must. The strong and unique passwords decrease the possibility of hacking into a user’s other accounts if one of them has been compromised.
Another security layer that should be applied on top of the strong and unique password is 2-factor authentication (2FA). It is an extra layer of security used to double-check if the users are who they are. This means that anyone who has logged in with a password still has to verify themselves.
In most cases, the account holder will be required to provide two separate passwords to gain access to the account. The 2FA like Google Authenticator or Authy protects from unlocking an account in case one of the passwords is compromised or lost.
Furthermore, if you do not rely on your computer security and online password storage, there is an option of keeping passwords in hardware devices like Trezor or Mooltipass that encrypt password entries.
The most common ways of identity theft
Identity theft begins when cybercriminals gain full or even partial access to private information, used to identify a person. Sometimes approach to this data is simply physical, by using stolen or copied private documents. However, most often this private information might be collected through data breaches, malware attacks, or scams.
Breaches are far too common tools to access sensitive data of a large number of people at once. There constantly appear cases when sensitive databases were leaked from various institutions, websites, online shops of cryptocurrency exchanges by using hacker’s attacks.
The unintentional leak of confidential information occurs when a cybercriminal successfully infiltrates a data source. This can be done by exploiting the weaknesses of the infrastructure, system, or application to infiltrate a particular network.
To protect from them requires various means of extra security including secured and private wi-fi, regular security software updates, difficult passwords, or even limited access to the most valuable data, encryption, and data backup. The list is endless. However, the awareness of possible cyber threats and cautious behavior of users themselves are equally important factors.
Malware, or in other words – malicious software – is the computer programs that were designed to infiltrate, damage devices and steal data without the user’s agreement. The general term usually covers various types of threats such as viruses, spyware, ransomware, trojans, and others.
The malicious software is often created by teams of hackers and is typically delivered in the form of a link or file over emails. Usually, it requires clicking on the link or opening an email to execute the malware.
These days malware is getting more and more sophisticated in its methods and can be used not even to steal the confidential data, but also to lock the computer and demand ransom (ransomware) or to spy on what a user is doing (spyware).
The best way to protect from it is anti-malware programs, that constantly monitor the network, email, web requests, and other activities. On the other hand – personal vigilance is a key factor, as in most cases the user itself allows malware by opening suspicious links or malicious attachments.
In general, scam is a fraudulent activity done in an attempt to defraud someone by gaining their confidence. There are dozens of different scam types today, meanwhile, the most dangerous in terms of sensitive data thefts are phishing and SIM card swaps.
Phishing is a type of attack that is often used to steal user data, including login credentials and credit card numbers. The scammers usually gain users’ trust by pretending to be a trusted authority or entity and then convince them to open a malicious attachment or click suspicious links.
In order to prevent phishing attacks it is first and the most important rule – to think twice before clicking on links that appear on random emails. Moreover, installing an anti-phishing toolbar like Sophos or PhishFort might be an option, as most of them run quick checks on opened websites and alert about them. Cautious users should also consider the antivirus software, firewalls, browser updates, and not clicking on pop-ups.
SIM card swaps
Meanwhile, a SIM-swap occurs when fraudsters take over the SIM card connected to the user’s mobile number. They exploit the mobile carrier’s ability to transfer phone numbers into another SIM card by impersonating a particular user, whose private data were previously acquired through phishing, malware attack, or data breach.
When scammers gain control over the number, they get access to the person’s text messages. And since most cellphones have access to their owner’s financial accounts, fraudsters are free to receive the code or password reset sent to a singular mobile number in the form of the text message. This is how they are into someone else’s accounts.
The ways to prevent SIM swap scams include the avoidance to use SMS as the primary form of authentication with the bank as well as boosting cellphone’s account security with a strong password and Q&A, not building ID authentication solely based on a phone number or using authentications apps like Google Authenticator, that encrypt messages and are not tied to the SIM card.
Stolen identities can be used for money laundering
Money laundering is a serious financial crime that can incur criminal liability and imprisonment even for those who participate in the scheme without knowing it. Since it affects both individuals as well as companies of every size, it also remains a serious threat to national security and the economy.
A sophisticated and complex financial crime can be done through a variety of financial transaction schemes. However, these schemes require the names to create an account for transferring funds. Since criminals do disguise their real personalities, stolen identities are used to open and manage the accounts.
The process of money laundering usually comes up in a typical scheme called laundry cycle which includes three different stages: placement, layering funds and finally integrating them into the economy in a legal form.
The stage of placing occurs when any account under the control of the fraudster is used as a target to deposit illegal funds. The second one – layering – involves remittances using a wide variety of means to make it as difficult as possible to trace the primary source of money. Since stolen identities are used for opening fake accounts, the number of them might become very large. This makes splitting up solid amounts of illegal funds into many small transfers easier.
At the final stage of integration, the money is poured into the economy in a legal form. They can be converted into portable financial instruments or used to buy properties or things.
The scale of money laundering is considered to be significant. The estimated amount of money laundered globally during a year is 2-5% of global Global Domestic Product (GDP) or from $800 billion up to $2 trillion.
Who are the victims of money laundering?
Identity theft is a criminal activity that causes solid damage for the direct victim, which loses its funds or even gets charged with a criminal or financial offense, that was done by illegally using the stolen name.
However, there is another type of victim, that might experience solid losses and reputational damage even without being directly involved. These are financial institutions, government entities, retailers, and all kinds of businesses that deal with numbers of clients online. Those companies might be involved in money laundering schemes even without knowing about it. It is enough for them to serve customers with false or unverified identities to damage their reputation.
Since ruined reputation, financial losses, or even criminal charges are very serious consequences, the risk of not knowing and not using self-protection means is too high.
Identity verification allows preventing money laundering
Since almost all developed countries have a legal basis and regulations against money laundering and terrorist financing activities, the most effective approach in preventing them might be by using the proper tools and applying procedures like identity verification.
An identity verification service is a process of verifying a customer’s identity using independent and reliable sources of documents, data, or additional information. It ensures that users or customers provide information that is associated with the identity of a real person. Moreover, identity verification is a way to know the customers before giving them access to the services.
This means that the ID verification service requires detailed information about who your customers are, what are the sources of their funds and whether they comply with the Anti Money Laundering (AML). Better knowledge of who the clients or investors are eliminates the risk of involvement in financial crime and thus protects the companies or institutions themselves.
The sophisticated identity verification services use complex technologies such as biometrics, artificial intelligence (AI), document forensic analysis, and verification experts to quickly verify that a person’s true identity matches his digital identity.
How is the digital identity verified?
Although there are various companies across the world that provide digital identity verification services, there is no single method available that could be praised as the most effective and best one.
Moreover, it is a complex process that requires multiple layers of investigation, expertise and cross-checking, when alternative forms of inspection and different sources of information are used to verify the identity.
The experienced ID verification service providers like Swiss GlobalPass conduct the verification process through applying the coherent methodology, that involves analyzing the document, biometric scanning, checking up databases and advanced personal research.
The document scanning, MRZ code and advanced document forensic analysis are done to check up whether the document has been digitally manipulated. This means that image, clone stamp, luminance gradient, and contrast level inspection allows to identify the exact areas of document forgery.
After the first document research is completed, the biometric screening will be applied to distinct facial information from dozens of random snapshots. The move is necessary to confirm that the person’s unique biological traits are matching with those in the document.
Further steps of a proper ID verification include checking the person’s background in an extensive document database that include Interpol, Europol, Dynamic International Business Association debtor, and late payers lists as well as Politically Exposed Persons (PEP) lists. Information such as names, dates of birth, social security numbers, or addresses can be very helpful in determining if a person is involved in financial crime.
The companies like GlobalPass even require proof of geolocation to gather the device’s IP and geographical information. To provide an even higher level of security, the full identity verification can be done through the real-time screening that involves contact with the live experts.
Generally, digital identity verification is a part of Know Your Customer (KYC) process, that covers the steps of verifying identity, managing the risk factors, and monitoring the particular accounts.
The frequency and severity of financial crimes have increased over the years as criminals have adapted and become more innovative. The various types of these crimes are committed by using the stolen identities and seriously affect individuals as well as companies or institutions.
Following the development of digital technologies more and more different industries are moving their services and are dealing with clients online thus increasing the level of risk to become vulnerable to financial fraudsters.
Since cybercriminals take advantage of any opportunity they can, it is smart to take steps to prevent malicious fraudsters from using stolen personal information and causing financial or reputational damages. Here the safety advice would be the usage of multi-layer security. This includes using strong and complex passwords, 2-factor authentication as well as detached hardware devices for storing different information. In the meantime for those dealing with KYC compliance, the broad scope of identity verification services allows deeper investigation and thus the more efficient results. Although there are various ways of preventing identity theft, dispersion of security layers would be the key rule for cyber safety.