T 0.36 Identity Theft

In the case of identity theft, an attacker assumes a false identity, he takes advantage of information about another person, to act on his or her behalf. Here, data such as date of birth, address, credit card or bank account numbers are used in order, for example, to gain access to an Internet provider or to gain financial benefits in other ways. Theft of identity often leads directly or indirectly to damage of reputation, but also elucidating the causes and preventing the negative consequences for those affected is time-expensive. Some forms of identity fraud are also known as masquerade.

Identity theft occurs most frequently where identity verification is handled too carelessly, especially if expensive services are based on it.

A person who has been misled in respect to the identity of his or her communication partner can be easily persuaded to reveal sensitive information.

Examples:

• To register with various email providers or auction platforms on the Internet, it sufficed to invent a fictitious name and to provide a suitable address from the phone book with it. At first, attackers could register using recognisable fictitious names, for example, derived from cartoon characters. As stronger plausibility checks were later introduced for this purpose, names, addresses and account numbers of real people have been used. Those affected have only learned about a fraud, when the first claims for payment arrived.
• The sender address of emails can be easily spoofed. It happens again and again that users are this way fooled into believing that an email comes from a trusted communication partner. Similar attacks are possible by manipulation of caller ID for voice calls or by manipulating the sender identity for fax connections.
• An attacker may use a masquerade to try to enter into an already existing connection without having to authenticate himself, since this step has already been performed by the original communication participants.