How Do Cybercriminals Steal a Person's Identity?

There are many ways that cybercriminals can steal an identity, and one is by compromising a database that contains personal information. Major corporations, government agencies, and even your doctor’s office manage these databases, but they are all vulnerable to hackers. Once a hacker gets into the system, they have access to all of your personal data, such as credit card information, Social Security numbers, address, and birthdates.

They use this information to take over an existing financial account, or they can even open a new account.

Cybercriminals are always looking for the path of least resistance into these networks and databases, and they exploit any vulnerability that they might find. Outdated browsers or operating systems is one way that they get in, but they can also get in by using unsecured wireless internet connections. Cyber-attacks are quite common these days, and those organizations that store data are targeted at an extremely high rate.

Though security experts are striving to always protect sensitive data, hackers are working just as hard to find ways around any standing security measures. Many people become victims of these hackers, even in their homes. Let’s look at this example:

A woman was working on her computer and she saw a pop-up window warning that she needed to update her antivirus program.

The pop-up said that she could click a link, pay a license fee, and her computer would be protected. She clicked the links and entered her information. At this point, another pop-up appeared, and it claimed that a customer service representative was requesting access to the computer, remotely, to install the upgrade and scan the system.

When she allowed this, she was informed that there was a virus on her system, and it would be $150 to remove it.

Not only did this woman allow a stranger to remotely access her computer, but she also gave her credit card information. The pop-up windows were not from her antivirus software, of course, it was from a cybercriminal, and she simply gave her personal information to this criminal.

Defining Common Terms Associated With Cybercrimes

Here are some of the most common terms associated with cybercrimes along with easy to understand definitions:

  • Malware: Refers to “malicious software.” Any type of invasive software can fit into the malware umbrella including viruses and Trojans. Essentially, any program that gets onto your computer without you realizing it or consenting to it is considered to be malware.
  • Trojan Horse: Just like its Greek namesake, this virus will sneak onto a computer disguised as a harmless, or perhaps even helpful, program, such as an antivirus software. However, once the individual downloads the program, the Trojan comes alive and either steals information from the hard drive, or in some cases, destroys it.
  • Spyware: There is one job associated with spyware: to track information and spy on the habits of a computer user. Spyware can collect account information, passwords, and even credit card numbers. It then sends all of this information back to the creator of the file.
  • Root-Kit: This is the most difficult type of invasive software you will find on a system, and once they have settled in, they are almost impossible to fully remove. As the name might suggest, this software digs itself into the roots of the drive, and they will steal personal information, passwords, and more, often without the computer owner even realizing it is there.

A Brief Overview of Phishing

When you think of fishing, you know that you will throw a hook with bait into the water, and then wait for a fish to come.

The concept of phishing on a computer is similar. In this case, the cybercriminal sends out a spam email, which is the bait, and waits for a victim…the fish, to take a bite. A good phisher might send thousands of emails each day, so the odds of a couple of victims taking the bait is high.

Despite the efforts to educate people, victims fall for phishing emails each and every day. They might appear to be from someone you know who is infected, for instance, such as a colleague, friend, or family member. “Whaling” is a type of phishing, but in this case, it targets a CEO or other executive, and these can be even more successful. As you might realize, the bigger a target is, the harder that target is going to fall. To protect yourself from phishing and whaling, do not click on any email link, even if it appears to be someone you know or from a trustworthy source, such as a bank or hospital. Instead, manually type in the link to the website or use an existing bookmark.

Phishing creates billions of dollars for cybercriminals, and there is almost a never-ending supply of victims available for them. Though people in developed countries are somewhat aware of phishing, people in China, India, and other developing countries are only recently jumping on the broadband internet bandwagon. To the bad guys, these people are fresh fish that they cannot wait to hook.

Botnets, and How They Work

Have you heard the term, botnet? This is a shortened term for a robot network, which is a group of connected computers that have been infected by some type of malicious program. This allows a hacker to control all of these computers without actually notifying the owners of these systems. Since these machines are remotely controlled by a single person, they are known as robots, bots, or zombies.

When a virus infects a computer and turns it into a botnet, the hacker can not only control the computer from afar, he or she can also often gain access to all of the data on the computer.

Botnets have an interesting history. A “bot” is a type of computer program that has been designed to connect remotely to a server, and then execute commands. McAfee did a study on these networks, and found that they are the most common way to commit cybercrimes. These crimes including stealing data, installing malware, disrupting services, and compromising information. The results of this to businesses and individuals can be devastating, and not only does it put individuals at risk for identity theft, businesses can lose revenue, customer confidence can fall, their reputation will suffer, and in some cases, their business will have to close completely.

Back in 2010, there were more than two million U.S. computer systems placed into botnets without the knowledge of the owners. That equates to 5 to 6 out of every 1,000 computers. Systems that are outdated, old, or have operating systems that are no longer supported, such as Window XP, are highly vulnerable to these attacks. Additionally, those systems that have old browsers, such as older versions of Internet Explorer could also be at high risk.

Learning About Typosquatting

You might also have heard about typosquatting. This is a type of cybersquatting that will target people on the internet who make a mistake when typing in an address online. For instance, you might want to go to Google.com, but type in Gooogle.com, instead. When this happens, you might be directed to a website that is actually owned by a hacker.

These hackers, called “typosquatters,” create a number of these spoof websites, which imitate the actual site. You might find that these sites have services or products that are similar to those found at the intended website, which is relatively harmless, but you also might find that they are built to steal a person’s personal information, such as Social Security numbers or credit cards.

Sometimes, typosquatters will use phishing to get people to their websites. For instance, when AnnualCreditReport.com was first launched, there were several spoof sites, all with intentional errors in the address…think AnuallCreditReport.com. These websites were made to trick those who visit them. As you can see, phishing and typosquatting often work hand in hand.

Defining Ransomware

You might also come across “ransomware” as you browse the internet. Also called “ransom software,” these programs infiltrate a computer when downloading an attachment that was infected with a virus. People might also get ransomware by visiting the wrong site.

When a computer becomes infected with ransomware, you will be unable to access any files, and the hacker will have total control of the machine. There might be a pop-up that appears stating that it is a “Browser Security” application or even poses as “Anti-Adware” software. A computer running Windows will often show a full-screen message that looks just like a Windows error alert. Generally, a window pops up with an actual countdown clock informing you that ransomware is running and you have only so much time until the clock counts down to pay. It’s pretty unnerving and quite insidious.

These programs are becoming more popular, and are an up an ongoing malware threat. To avoid ransomware, make sure that you are running the most current version of your browser, operating system, and antivirus software. You also must ensure that you don’t click on any links in an email, nor visiting any websites that seem a bit sketchy. Even these websites can contain viruses that can implant themselves into your computer.

Defining Scareware

You might also find that you have scareware. This is a type of malware that seems like a warning message, but instead, is simply a ruse that is made to scare a person into paying up and sharing their personal information.

As soon as a person accepts the prompt of the scareware, the program will start scanning the computer. It also often takes a screenshot of the “My Computer” section of the machine, and then uses that to mimic the characteristics of the computer that the owner knows. These scans will inform the individual that they have a virus, and then says for the low price of $49.99…or more…they can download software that will take care of the issue immediately. If the computer owner doesn’t want to download the software, they will be inundated with pop-ups.

Sometimes, a website is programmed to distribute scareware. These pages trick people into clicking on the hackers links, and then downloading the software. The software sometimes comes with a link that will lead the individual to a chat session with a scammer. Once the individual connects to this chat for help, if remote access control is part of the equation, the scammer has full access to their computer.

The newest feature of scareware involves using a pop-up window that looks just like an internet browser. This window contains a warning that claims the website’s security certificate is expired, or similar, and it might say “This Site May Harm Your Computer.” You might also see a button, link, or pop-up that asks you to download software or update security settings.

This software is often found under conspicuous names such as “WinFixer,” “WinAntispyware,” “DriveCleaner,” or “WinAntivirus. Though they look as if they are safe programs, they are actually spyware, or even a virus, that will either become an annoyance or fully disrupt the way you use your computer and steal your data. You might think that this is unbelievable, but what actually tricks so many intelligent people is that there is a lot of follow-through with this type of scam. You will see an actual shopping cart, an invoice or order form, there is a place where you can enter your credit card, and you will download the actual program. In fact, it is no different than buying any other type of software online.

Though many of these programs have silly names, there is really nothing funny about criminals hacking into your computer. Ultimately, any of these programs can wreak havoc on your life, whether it is simply an annoyance or a full blown disaster. Start today by updating your operating system and browser, and make sure that you have a good antivirus program installed, too.