Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Social engineering in social networking sites: how good becomes evil

Abstract: Social Engineering (ES) is now considered the great security threat to people and organizations Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks However, the literature shows a lack of information about what types of social engineering threats exist on SNSs This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs

How terrorists exploit gaps in US anti‐money laundering laws to secrete plunder

Abstract: Shows how terrorists finance their operations from crimes like immigration benefit fraud, cigarette smuggling, kidnapping and drug trafficking, and also petty crimes like benefit card theft, identity theft and welfare benefit fraud; this is especially easy if they avoid the banking system and use a cheque cashing business. Concludes that legislators and regulators need to plug gaps in existing anti‐money laundering legislation, by regulating cheque cashers more aggressively and enlisting help from traditional banks; banks should identify individuals making cash deposits into bank accounts, identify money transmitter clients, and close accounts of clients who are not licensed; and law enforcement agencies should look more strategically at Suspicious Activity Reports filed by banks.

The Impact of Google Hacking on Identity and Application Fraud

Abstract: In the last several years, identity theft has been on the rise. The Internet represents an appealing place for fraudsters to collect a host of personal and financial data related to many innocent users. Using the collected data they can impersonate the users and commit different fraudulent activities including application fraud. Mining Internet data for fraudulent purposes is commonly referred to as (black hat) Google hacking. We discuss in this paper the impact of Google hacking on identity fraud, with an emphasis on fraudulent applications for identity certificates such as credit cards, passports, and so on. The discussion is based on the results of an experiment performed over the Internet by conducting some (white hat) Google hacking and collecting sensitive identity information for living as well as dead persons. We also outline the architecture of a security tool for detecting application fraud that is currently under development.

Direct authentication system and method via trusted authenticators

Abstract: Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim's personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer's identity utilizing customer's trusted authenticator. A customer's trusted authenticator can be found within the financial services community; in particular, a bank or other financial institution with whom the customer has a trusted relationship, such as a bank account.

Is This Phishing? Older Age Is Associated With Greater Difficulty Discriminating Between Safe and Malicious Emails

Abstract: OBJECTIVES As our social worlds become increasingly digitally connected, so too has concern about older adults falling victim to "phishing" emails, which attempt to deceive a person into identity theft and fraud. In the present study, we investigated whether older age is associated with differences in perceived suspiciousness of phishing emails. METHODS Sixty-five cognitively normal middle-aged to older adults rated a series of genuine and phishing emails on a scale from definitely safe to definitely suspicious. RESULTS Although older age was not related to a shift in overall perception of email safety, older age was related to worse discrimination between genuine and phishing emails, according to perceived suspiciousness. DISCUSSION These findings suggest that cognitively normal older adults may be at particular risk for online fraud because of an age-associated reduction in their sensitivity to the credibility of emails.