Showing papers on "Identity theft published in 2021"

A survey of phishing attack techniques, defence mechanisms and open research challenges

Abstract: Phishing is an identity theft, which deceives Internet users into revealing their sensitive data, e.g., login information, credit/debit card details, and so on. Researchers have developed various a...

Phishing Attacks: A Recent Comprehensive Study and a New Anatomy

Abstract: With the significant growth of internet usage, people increasingly share their personal information online. As a result, an enormous amount of personal information and financial transactions become vulnerable to cybercriminals. Phishing is an example of a highly effective form of cybercrime that enables criminals to deceive users and steal important data. Since the first reported phishing attack in 1990, it has been evolved into a more sophisticated attack vector. At present, phishing is considered one of the most frequent examples of fraud activity on the Internet. Phishing attacks can lead to severe losses for its victims including sensitive information, identity theft, companies, and government secrets. This article aims to evaluate these attacks by identifying the current state of phishing and reviewing existing phishing techniques. Studies have classified phishing attacks according to fundamental phishing mechanisms and countermeasures discarding the importance of end to end lifecycle of phishing. This article proposes a new detailed anatomy of phishing which involves attack phases, attacker’s types, vulnerabilities, threats, targets, attack mediums, and attacking techniques. Moreover, the proposed anatomy will help readers understand the process lifecycle of a phishing attack which in turn will increase the awareness of these phishing attacks and the techniques being used; also, it helps in developing a holistic anti-phishing system. Furthermore, some precautionary countermeasures are investigated and new strategies are suggested.

Blockchain-enabled Decentralized Identity Management: The Case of Self-sovereign Identity in Public Transportation

Abstract: Identity management has been ripe for disruption over the past few years due to recurring incidents of data breaches that have led to personal information leaks and identity theft. The rise of blockchain technology has paved the way for the development of self-sovereign identity—a new class of user-controlled resilient identity management systems that are enabled by distributed ledger technology. This paper examines how SSI management can be used in a public transportation sector that spans different operators in multiple countries. Specifically, the paper explores how a blockchain-based decentralized identity management system can draw on the SSI framework to provide high-level security and transparency for all involved parties in public transportation ecosystems. Accordingly, building on analyses of the existing public transportation ticketing solutions, we elicited requirements of a comparable system based on the SSI principles. Next, we developed a low-fidelity prototype to showcase how passengers can utilize standardized travel credentials that are valid across different transportation networks in Europe. The proposed system eliminates the need for multiple travel cards (i.e., one for each transportation provider) and empowers individuals to have better control over the use of their identities while they utilize interoperable ticketing systems across Europe. Overall, building on the public transportation case, we offer a proof-of-concept that shows how individuals can better manage their identity credentials via the SSI framework.

A Machine Learning Driven Threat Intelligence System for Malicious URL Detection

Abstract: Malicious websites predominantly promote the growth of criminal activities over the Internet restraining the development of web services. Furthermore, we see different types of devices being equipped with WiFi capabilities, that allow web traffic to pass through the device’s data systems with ease. The proposed framework in the present study analyzes the Uniform Resource Locator (URL) through which malicious users can gain access to the content of the websites. It thus eliminates issues of run-time latency and possibilities of users being subjected to browser oriented vulnerabilities. The primary objective of this paper is to detect malicious links on the web using a machine learning classification technique that would help users defend against cyber-crime attacks and related threats of the real world. This may be helpful in the newly expanding Intelligent Infrastructures, where we see more data availability almost daily. The embedding of malicious URLs is a predominant web threat faced by the Internet community in the present day and age. Attackers falsely claim of being a trustworthy entity and lure users to click on compromised links to extract confidential information, victimizing them towards identity theft. The present work explores the various ways of detecting malicious links from the host-based and lexical features of the URL in order to protect users from being subjected to identity theft attacks.

Real-Time Detection of Fake Account in Twitter Using Machine-Learning Approach

Abstract: In day-to-day life for sharing of information and communication among others, online social networking has emerged as one of the eminent ways Online social networking offers attractive means of social interaction and communication but it raises various concerns like privacy and security of user and its account During the events, people share unreliable information and misleading content through social media platform such as Twitter and Facebook Our objective is to detect the fake account by analyzing different characteristics that spread malicious contents in real-time environment Fake profiles are the identity theft of genuine user’s profile content and create a similar profile using users credential At later stage, the profile is perverted for aspersing the legitimate profile owner as well as sending friend request to the user’s friend In this article, we discuss about our chrome extension-based framework that detects the fake accounts in Twitter environment by analyzing the different characteristics

Transformative or Not? How Privacy Violation Experiences Influence Online Privacy Concerns and Online Information Disclosure

Abstract: Previous research has shown that people seldom experience privacy violations while using the Internet, such as unwanted and unknown sharing of personal information, credit card fraud, or identity theft. With this study, we ask whether individuals’ online privacy concerns increase and online information disclosure decreases if they experience such a worst-case scenario. Using representative data from a five-wave panel study (n = 745), we found that people who generally experience more privacy violations also have stronger privacy concerns (between-person differences). However, people who experienced more privacy violations than usual in the last 6 months were only slightly more concerned afterward and did not change their disclosure behavior afterward (within-person effects). The need for privacy moderated these processes. We untangle under which circumstances such experiences may be transformative, and discuss practical and conceptual consequences of how experiences translate into concerns, but not necessarily behaviors.

Explaining Fear of Identity Theft Victimization Using a Routine Activity Approach

Abstract: The current study aims to estimate and explain citizens’ fear of identity theft victimization by examining data collected from a nationally representative sample of South Korean residents. Specific...

Cybersecurity Awareness and Skills of Senior Citizens: A Motivation Perspective

Abstract: Senior citizens are one of the most vulnerable groups of Internet users who are prone to cyberattacks. Thus, assessing senior citizens’ motivation to acquire cybersecurity skills is critical to hel...

AI-enabled digital identity – inputs for stakeholders and policymakers

Abstract: This conceptual article’s primary aim is to identify the significant stakeholders of the digital identity system (DIS) and then highlight the impact of artificial intelligence (AI) on each of the identified stakeholders. It also recommends vital points that could be considered by policymakers while developing technology-related policies for effective DIS.,This article uses stakeholder methodology and design theory (DT) as a primary theoretical lens along with the innovation diffusion theory (IDT) as a sub-theory. This article is based on the analysis of existing literature that mainly comprises academic literature, official reports, white papers and publicly available domain experts’ interviews.,The study identified six significant stakeholders, i.e. government, citizens, infrastructure providers, identity providers (IdP), judiciary and relying parties (RPs) of the DIS from the secondary data. Also, the role of IdP becomes insignificant in the context of AI-enabled digital identity systems (AIeDIS). The findings depict that AIeDIS can positively impact the DIS stakeholders by solving a range of problems such as identity theft, unauthorised access and credential misuse, and will also open a possibility of new ways to empower all the stakeholders.,The study is based on secondary data and has considered DIS stakeholders from a generic perspective. Incorporating expert opinion and empirical validation of the hypothesis could derive more specific and context-aware insights.,The study could facilitate stakeholders to enrich further their understanding and significance of developing sustainable and future-ready DIS by highlighting the impact of AI on the digital identity ecosystem.,To the best of the authors’ knowledge, this article is the first of its kind that has used stakeholder theory, DT and IDT to explain the design and developmental phenomenon of AIeDIS. A list of six significant stakeholders of DIS, i.e. government, citizens, infrastructure providers, IdP, judiciary and RP, is identified through comprehensive literature analysis.

Social Media Identity Deception Detection: A Survey

Abstract: Social media have been growing rapidly and become essential elements of many people’s lives. Meanwhile, social media have also come to be a popular source for identity deception. Many social media identity deception cases have arisen over the past few years. Recent studies have been conducted to prevent and detect identity deception. This survey analyzes various identity deception attacks, which can be categorized into fake profile, identity theft, and identity cloning. This survey provides a detailed review of social media identity deception detection techniques. It also identifies primary research challenges and issues in the existing detection techniques. This article is expected to benefit both researchers and social media providers.

Is This Phishing? Older Age Is Associated With Greater Difficulty Discriminating Between Safe and Malicious Emails

Abstract: OBJECTIVES As our social worlds become increasingly digitally connected, so too has concern about older adults falling victim to "phishing" emails, which attempt to deceive a person into identity theft and fraud. In the present study, we investigated whether older age is associated with differences in perceived suspiciousness of phishing emails. METHODS Sixty-five cognitively normal middle-aged to older adults rated a series of genuine and phishing emails on a scale from definitely safe to definitely suspicious. RESULTS Although older age was not related to a shift in overall perception of email safety, older age was related to worse discrimination between genuine and phishing emails, according to perceived suspiciousness. DISCUSSION These findings suggest that cognitively normal older adults may be at particular risk for online fraud because of an age-associated reduction in their sensitivity to the credibility of emails.

Detecting Phishing Websites Using an Efficient Feature-based Machine Learning Framework

Abstract: Phishing is a form of digital crime where spam messages and spam sites attract users to exploit sensitive information on fishermen. Sensitive information obtained is used to take notes or to access money. To combat the crime of identity theft, Microsoft's cloud-based program attempts to use logical testing to determine how you can build trust with the characters. The purpose of this paper is to create a molded channel using a variety of machine learning methods. Separation is a method of machine learning that can be used effectively to identify fish, assemble and test models, use different mixing settings, and look at different mechanical learning processes, and measure the accuracy of the modified model and show multiple measurement measurements. The current study compares predictive accuracy, f1 scores, guessing and remembering multiple machine learning methods including Naive Bayes (NB) and Random forest (RF) to detect criminal messages to steal sensitive information and improve the process by selecting highlighting strategies and improving crime classification accuracy. to steal sensitive information.

Wild, Wild Theft: Identity Crimes in the Digital Frontier:

Abstract: Identity theft is a pervasive and expensive problem. Not only does the crime incur a significant financial and mental cost on the victim, but also exhibits a financial toll on the organizations tha...

Forecasting Identity Theft Victims: Analyzing Characteristics and Preventive Actions through Machine Learning Approaches

Abstract: Researchers in criminology and criminal justice have been making increasing use of the machine learning approach to investigate questions involving large amounts of digital data. We make use here o...

Preventing Identity Theft: Perspectives on Technological Solutions from Industry Insiders

Abstract: An estimated 26 million American citizens per year have been victims of an identity-based crime. This study contributes to the scholarship on financial crimes facilitated through identity-based cri...

A Dense Neural Network Approach for Detecting Clone ID Attacks on the RPL Protocol of the IoT.

Abstract: At present, new data sharing technologies, such as those used in the Internet of Things (IoT) paradigm, are being extensively adopted. For this reason, intelligent security controls have become imperative. According to good practices and security information standards, particularly those regarding security in depth, several defensive layers are required to protect information assets. Within the context of IoT cyber-attacks, it is fundamental to continuously adapt new detection mechanisms for growing IoT threats, specifically for those becoming more sophisticated within mesh networks, such as identity theft and cloning. Therefore, current applications, such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), and Security Information and Event Management Systems (SIEM), are becoming inadequate for accurately handling novel security incidents, due to their signature-based detection procedures using the matching and flagging of anomalous patterns. This project focuses on a seldom-investigated identity attack—the Clone ID attack—directed at the Routing Protocol for Low Power and Lossy Networks (RPL), the underlying technology for most IoT devices. Hence, a robust Artificial Intelligence-based protection framework is proposed, in order to tackle major identity impersonation attacks, which classical applications are prone to misidentifying. On this basis, unsupervised pre-training techniques are employed to select key characteristics from RPL network samples. Then, a Dense Neural Network (DNN) is trained to maximize deep feature engineering, with the aim of improving classification results to protect against malicious counterfeiting attempts.

An Innovative and Decentralized Identity Framework Based on Blockchain Technology

Abstract: Network users usually need a third party validation to prove that they are who they claim to be. Authentication systems mostly assume the existence of a Trusted Third Party (TTP) in the form of a Certificate Authority (CA) or as an authentication server. However, relying on a TTP implies that users do not directly manage their identities, but delegate this role to a third party. This intrinsic issue can generate trust concerns (e.g., identity theft), as well as privacy concerns towards the third party. The main objective of this research is to present an autonomous and independent solution where users can store their self created credentials without depending on TTPs. To this aim, the use of an TTP autonomous and independent network is needed, where users can manage and assess their identities themselves. In this paper, we propose the framework called Three Blockchains Identity Management with Elliptic Curve Cryptography (3BI-ECC). With our proposed framework, the users’ identities are self-generated and validated by their owners. Moreover, it allows the users to customize the information they want to share with third parties.

Cybercrime: Thieves, Swindlers, Bandits and Privateers in Cyberspace

Abstract: This chapter describes the definitions and scope of cybercrime including an outline of the history of hackers and the role of criminal networks and markets in the dissemination of malicious software and other contraband such as illicit drugs, stolen credit cards and personal identification, firearms, and criminal services. Different cybercrime types and methods are described, including the widespread use of ‘social engineering’ or deception in computer misuse and identity theft. The challenges facing law enforcement in the suppression of cybercrime and the important role of private and public partnerships, as well as cross-national cooperation in the suppression of cybercrime is illustrated.

The impact of the COVID-19 pandemic on cybercrime

Abstract: The COVID-19 pandemic is accompanied by a cyber pandemic, involving changes in the modi operandi of perpetrators of various crimes, and an infodemic, associated with the spread of disinformation. The article analyses the impact of the COVID-19 pandemic on cybercrime and presents the latest research on the number of cybercrime cases in Poland and their growth dynamics. It determines the factors that contribute to the commission of a crime and prevent easy identification of criminals. It also suggests the legal and organisational changes that could reduce the number and effects of the most frequently recorded cyberattacks at a time of COVID-19. Particular attention is paid to legal problems of the growing phenomenon of identity theft, and the need to ensure better protection of users from phishing, including through education and proactive security measures consisting in blocking Internet domains used for fraudulent attempts to obtain data and financial resources. © 2021 The Author(s).

Overcoming Trusting Barriers in Inter-organizational Identity Theft Prevention in Knowledge Sharing: A Case of UK Retailing Industry

Abstract: Inter-organizational knowledge sharing basically connects two or more firms with one another in exchange relationship for skills, expertise and knowledgeable personnel. Knowledge plays a key role in organizational performance but it is given a very little attention in terms of information security and requires addressing security concerns due to following reasons: First, because retailing is the most victimized channel due to online trade. Second, if organizational criminal wings can compromise the information system of one firm, they can attack other firms too. Hence, identity theft is a collective problem. A security breach is among the top three business stories and identity theft is the key reason why it occurs in online retailing. Identity theft is a serious issue of society at a large and its prevention requires knowledge sharing by several actors. Through different case studies, interviews and theoretical and empirical analysis, this study highlights some unknown side of prevention collaboration in the retail industry in the United Kingdom (UK) which is of theoretical and practical importance. This paper theoretically furthers our understanding of how communication of organizations with comparable goals is handled differently in information security management. Practically, it evaluates relationships of retailing firms, online fraud forums and law enforcement departments in the fraud prevention process. Our research outlines how retailers' partnerships with different stakeholders will help them solve and reduce identity theft by presenting a structure for inter-organizational fraud prevention in retailing organizations.

Tweet-scan-post: a system for analysis of sensitive private data disclosure in online social media

Abstract: The social media technologies are open to users who are intended in creating a community and publishing their opinions of recent incidents. The participants of the online social networking sites remain ignorant of the criticality of disclosing personal data to the public audience. The private data of users are at high risk leading to many adverse effects like cyberbullying, identity theft, and job loss. This research work aims to define the user entities or data like phone number, email address, family details, health-related information as user’s sensitive private data (SPD) in a social media platform. The proposed system, Tweet-Scan-Post (TSP), is mainly focused on identifying the presence of SPD in user’s posts under personal, professional, and health domains. The TSP framework is built based on the standards and privacy regulations established by social networking sites and organizations like NIST, DHS, GDPR. The proposed approach of TSP addresses the prevailing challenges in determining the presence of sensitive PII, user privacy within the bounds of confidentiality and trustworthiness. A novel layered classification approach with various state-of-art machine learning models is used by the TSP framework to classify tweets as sensitive and insensitive. The findings of TSP systems include 201 Sensitive Privacy Keywords using a boosting strategy, sensitivity scaling that measures the degree of sensitivity allied with a tweet. The experimental results revealed that personal tweets were highly related to mother and children, professional tweets with apology, and health tweets with concern over the father’s health condition.

MailTrout: a machine learning browser extension for detecting phishing emails

Abstract: The onset of the COVID-19 pandemic has given rise to an increase in cyberattacks and cybercrime, particularly with respect to phishing attempts. Cybercrime associated with phishing emails can significantly impact victims, who may be subjected to monetary loss and identity theft. Existing anti-phishing tools do not always catch all phishing emails, leaving the user to decide the legitimacy of an email. The ability of machine learning technology to identify reoccurring patterns yet cope with overall changes complements the nature of anti-phishing techniques, as phishing attacks may vary in wording but often follow similar patterns. This paper presents a browser extension called MailTrout, which incorporates machine learning within a usable security tool to assist users in detecting phishing emails. MailTrout demonstrated high levels of accuracy when detecting phishing emails and high levels of usability for end-users.

CallChain: Identity Authentication Based on Blockchain for Telephony Networks

Abstract: Telephony networks serve as a reliable communication channel, and phone numbers are usually used to authenticate users' identities in telephony networks. However, modern telephony networks does not provide end-to-end authentication for phone numbers, making it difficult for a receiver to confirm a caller's real identity. Moreover, due to the lack of effective authentication solutions for users, phone numbers are usually exploited to commit identity theft, credit card fraud, or telecom harassment by phone number spoofing a ttacks. I n t his paper, we propose a blockchain-based identity authentication system for telephony networks, CallChain. CallChain issues verifiable digital identities to users which bound a user to his/her phone number. Based on the digital identity, CallChain provides end-to-end identity authentication between the caller and receiver in the data channel without modifying the core technologies in telephony networks. In the proposed system, users first register decentralized identities (DIDs) and store them in the blockchain distributed ledger. Then Call Center issues verifiable PhoneNumber Credentials to users. And finally users conduct end-to-end identity authentication based on these PhoneNumber Credentials before the call is established. We implement a prototype as an App for Android-based phones based on an open source blockchain platform Hyperledger Indy. Moreover, we detect that CallChain only adds a worst-case 2.1 seconds call establishment overhead and can resist DDoS attacks effectively.

Fundamental Limits of Data Utility: A Case Study for Data-Driven Identity Authentication

Abstract: Big data can help with providing valuable perceptions into business activities and disclosing the potential benefits. Advances in machine learning and deep learning technologies make it easier to achieve significant performance in a wide range of domains from city planning and marketing analysis to credit evaluation and identity theft detection. However, it still requires great efforts in selecting efficient learning algorithms and precise model parameters that are deemed confidential in the light of experience. Also worth noting is that there is a fundamental gap between impracticable business requirements and the available value of data reflected. The data holder or data service provider may not have a clear understanding of data interference. The solution to these two problems depends on the capability of predicting the data utility in advance, which raises a fundamental question: to what degree is the data utility predictable? In this work, we present a primary analytical framework for information-theoretic bounds of data utility and utilize the current state-of-the-art and representative algorithms to obtain the achievable lower bounds on a real-world data set. The gap between theoretical upper bounds and achievable lower bounds indicates that the achievable lower bounds can still be optimized for performance.

Turbo: Fraud Detection in Deposit-free Leasing Service via Real-Time Behavior Network Mining

Abstract: Online deposit-free leasing service has witnessed rapid growth in China and shows a promising market in the future. While eliminating the requirement of a deposit does attract more users to the service, it also lowers the cost for fraudsters. Since the emergence of this service is relatively new, there are few works in literature focusing on detecting fraud transactions in it. Existing efforts mainly fall into hard-coded solutions such as block-listing or scorecard methods, which can be impotent in the face of the diverse fraud tactics, e.g., identity theft, or even suffering concept drift problem as the tactics evolve. In this paper, we contribute Turbo, an efficient graph-based anti-fraud system, to fully exploit the abundant user behavior logs in a real-time manner. Turbo is able to additionally make use of the implicit user relationships beyond the user features in the logs. To capture the user relationships, we first propose a novel algorithm to construct a time-evolving user behavior network called BN. Empirical analysis demonstrates that fraudsters in BN exhibit unique temporal aggregation and homophilic patterns, which inspires us to develop a novel heterogeneous adaptive graph neural network algorithm called HAG. Specifically, in HAG two graph operators are presented to mitigate the over-smoothing problem and make better use of the heterogeneous behavior relations in BN. Extensive experiments on a real-world dataset show that our method outperforms state-of-the-art methods significantly and can give a response in seconds for each detection request.