Understanding the Motives Behind Online Personal Information Theft

Have you ever wondered what exactly cyber criminals are doing with other people’s identities anyway? You’ve had yours your whole life, and while it’s (hopefully) suited you just fine, it can be hard to imagine what benefit it might be to someone else. 

Sometimes the intention of cybercrime is straightforward. The criminal wants to use your payment information to make purchases for themselves. Often, however, it’s more nuanced. When Marriott was hacked and half a billion people had their data compromised, the criminals were not motivated by credit card numbers. So what were they after?

In this article, we take a look at how data breaches happen, why criminals commit them, and what this all means for you. 

The Equifax Data Breach

Equifax is a credit reporting agency. In 2017, hackers exploited a defect in their website to gain unauthorized access to sensitive data. The breach wound up impacting almost 150 million customers. Their names were exposed, along with their social security numbers, birthdates, addresses, and even driver’s license numbers. 

The way that the hackers accessed the system is a little complicated for the context of this article. However, it is worth noting that Equifax knew about the problem already and was working on a patch. They just couldn’t work quickly enough. 

The incident highlighted the tremendous consequences that lax security measures can produce. It also highlighted an uncomfortable fact pertaining to digital technology. Bad actors don’t need much room to access a system. Once they get in, the damage they can do is swift and tremendous. 

But what exactly are they doing with this information?

Financial Gain: Monetizing Stolen Information

When cybercriminals steal information—particularly at the scale described above, they usually aren’t doing it for their own personal use. They sell data on what is known as the “dark web.” If you thought the regular internet was dim to begin with, you would be shocked by the things that go on in its unregulated cousin. 

The more information a hacker has to offer, the higher the price they command. Their customers may then use the information for everything from applying for credit cards to even getting medical care under the victim’s name—thus transferring their debts to someone else. 

Depending on how cleanly the cybercrime is executed it can be very difficult to detect, and even harder to trace back to a culprit. This allows hackers to make a living out of routinely carrying out breaches. While it is hard to get a precise number on this, experts speculate that only 5% of cybercriminals are ever caught.

Identity Theft: Assuming False Identities for Fraudulent Activities

As alluded to in the previous heading, identities can be stolen not for financial benefits but as a way of cloaking one’s own identity. Cybercriminals use stolen identities to commit fraud, apply for loans, or conduct financial transactions (including bank withdrawals) in the victim’s name. 

While identity theft can be detected fairly quickly—particularly when the activity is blatant—it can take many years to recover the damage done to the victim’s credit score and general finances. 

Credential Harvesting

Cybercriminals may also target individual's personal accounts. This can include everything from social media profiles to email addresses, and other important, regularly used online tools. 

Hackers are often able to gain easy access to personal accounts through “phishing campaigns”—social engineering tactics that involve ostensibly tricking the victim into divulging their own information. For example, if you receive an email that appears to be from Netflix asking you to re-enter your password, it could be a phishing scam attempting to get you to divulge your login information. 

How valuable is a Netflix account login? It depends. Skilled phishers are good at exploiting as much information as they can from their victims. 

Holding Data Hostage

Sometimes hackers steal information in the hopes of landing a large payday. Perhaps the most famous instance of this occurred in 2019 when a group of Russian Hackers effectively broke Ireland’s digital healthcare network. The terrorist group offered to restore the system—in exchange for $10 million.

Ireland declined to cooperate. Their system was down for almost two months. Hundreds of people had their data leaked, and the ensuing repairs cost much more than the ransom. 

Elderly Adults at Higher Risk: Exploiting Vulnerabilities

As you might imagine, certain segments of the population are at higher risk than others. Cybercriminals often make a point of targeting elderly individuals who aren’t well-acquainted with online safety protocols. 

It’s important to help the elderly people in your life understand what risks they face when they go online, and know what they must do to avoid them. Firewalls aren’t enough—particularly not in a world where well-engineered phishing scams are around every corner, waiting to trick the victim into revealing their own information. 

Parents should also educate their children on steps they can take to stay safe online. When you worry about how your kids experience the internet, inappropriate content, cyberbullying, and excessive screen time will most likely cross your mind well before identity theft. However, even children are not beyond the reach of a determined hacker. 

Reducing the Risk

To minimize the risk of cybercrime, individuals and organizations should be proactive in their approach to security. This certainly involves maintaining high-quality, fully updated protection software. However, it’s human error that ultimately leads to the majority of breaches. The best security system in the world is worth nothing at all if you leave the front door open. 

It’s also important to:

Protect your passwords: While it’s tempting to give all of your accounts the same password or leave a password key written down on your desk doing so leaves you very vulnerable to intrusion. When a hacker gets into one of your accounts, it makes it much easier to gain access to the rest of them. Don’t give them any room.

Consider multi-verification on your most important accounts: Multi-verification is even more annoying than good password hygiene. Who wants to type in an SMS code just to check their email? But if you are protecting information in a high-profile environment—say, a business or institution that hackers are likely to target—this can be a powerful tool for thwarting criminals.

Be very mindful: Good security also requires constant vigilance. Don’t use unknown WIFI networks. Avoid dicey websites. Scrutinize even mildly suspicious emails carefully. One way to determine if an email is a fraud? Reach out to the real company and ask them if they sent it to you. Customer service will usually reply promptly. 

While all of this may sound overwhelming, it’s really just a matter of making small, sensible choices every time you get online. With good judgment, awareness, and maybe a little bit of luck, it’s possible for everyone to stay safe online. 

Post a Comment