Data breach and stolen identity are the big problems faced by net users. In spite of repeated warning people tend to be less cautious about revealing their identity. However, even the most cautious Individuals, organizations, and websites inadvertently leave bits and pieces of information in several places. These information, when grouped together, will make a perfect‘digital double’ or electronic copy that the cyber-thieves and internet fraudsters quickly pick up to exploit.
Many Websites and companies respond to a failed login attempt with an error message that reveals if a valid email address or name was used. Cyber thieves use these as a first stop filtering system to compile their fullz (a complete profile of the potential victim/ person/ organization).
The second kind of leak is via persons working from home leaving the home data stores open to the web or using cloud-based document sharing systems.
The harmless bits and pieces of information about an individual are collected from different sources and gradually construct a fullz. A fullz profile might include social security number, name and address, date of birth, phone number, credit card number, local bank, branch name and sort code, bank account number and social media likes and dislikes. The fraudsters compile from the harmless bits and pieces of information you share with the social media, websites and login failures to prepare a cyber double! They can use the identities to steal cash, buy things, and apply for loans, mortgages and state benefits in your identity.
Fraudsters buy the completed profile for a high price. A stolen credit card number, for example, will sell for a dollar or so because once a wrong transaction is detected the number can’t be used again. But, a fullz can fetch $27-$100 (£17-£64) because it can be used for a longer time in different places and law officers may even suspect the victim as a fraudster.
NuData estimates that more than 675 million data records have reached wrong persons in the US in the last 10 years, either because hackers have stolen by breaching companies’ security systems and raided their databases, or just because a company has mislaid them. A security agency BitGlass digitally floated fake data of a spreadsheet of 1,568 fake employee credentials. It included social security numbers, addresses and credit card numbers and was made to resemble the data stolen from health insurer Anthem. Within 12 days, fraudsters homed on it. People from 22 countries shared the data. It was viewed more than 1,100 times, and the spreadsheet was downloaded 50 times. Separate fraudulent gangs in Russia and Nigeria were the most active in examining the contents. The fraudsters then attempt to check by test logins. Fortunately, the login pattern can be spotted, and many companies now log behavioral data so they can detect fraudulent activity when it happens.
The behavioural signature of how someone types in a password, clicks a mouse, and navigates through a web site will be something fraudsters find almost impossible to copy.