CNC - Identity Theft (Lesson)

Identity Theft

Introduction

As businesses continually depend on electronic data and networked computers to conduct daily business, more and more individuals are exposed to privacy violations and businesses are exposed to data security breaches. When a security breach happens, individuals are at risk. One of the leading cybercrimes is Identity Theft.  According to the United States Bureau of Justice Statistics, "in 2021, about 23.9 million people (9% of U.S. residents age 16 or older) had been victims of identity theft during the prior 12 months".   

Identity Theft is defined as the deliberate and intentional use of someone else’s personal identification.

Personal identification, also called Personal Identifiable Information (PII) is information about an individual that identifies, links, relates, or describes them. An example of PII is your social security number, age, race, phone number(s), medical information, financial information, and biometric data.  If someone obtains this information, financial loss can occur.  With parts of your PII, criminals can obtain loans such as credit card, car or personal loans, lease vehicles, equipment, etc., obtain cell phone accounts, to name a few.  In the old days, identity theft was done by going through garbage and physically locating personal information. With the digital world, we sometimes unknowingly provide our PII to criminals or criminals find vulnerabilities into various digital equipment such as servers, databases, etc.

Some examples, according to Insurance Information Institute, (iii.org), 577 data breaches occurred in 2019 affecting 15.3 million records being exposed.  These breaches were a result of intrusion methods.  Intrusion methods are phishing, ransomware, malware, and skimming.   Skimming devices are hidden devices designed to steal credit card information.  These can be physical devices located on an ATM, or gas pump or e-skimming which is a type of malware. With your personal data, cyber criminals can use your personal information to commit fraud.  Examples are applying for credit, file taxes or get medical services to name a few.

Another type of cybercrime is employee error or negligence. Examples of employee error or negligence are unlocked, unattended and stolen computers or laptops. In 2019 161 breaches with 2.9 million records were recorded due to human error. Other examples are using public or insecure wi-fi.  Cybercriminals can intercept your login credentials stealing usernames and passwords.  How many people use the same login and passwords for their social media, email, and work logins?  With more and more people working remotely, individual or home routers become an issue with default names and passwords and multiple devices being connected.

Another way cybercriminals gain your PII is by email in what is called a phishing scam. Phishing – malicious emails that cybercriminals use to try to get money or gain access to important documents, data, and systems.  Phishing emails can be received in any email account – business or personal.  According to the Federal Trade Commission Consumer Information site, $57 million was paid to phishing schemes in one year.

How do cybercriminals get you to bite?  Cybercriminals use lures or baits in order to trap you into making a decision. They manipulate your emotions.  These emotions can be fear, intimidation, curiosity, enticement, or excitement.  Scammers want you to act quickly, without thinking, that is when they strike.

Phishing can come from what appears to be a legitimate source, or appears to be an authentic request.  How does it work?  Usually a scammer will send an initial email verifying that your email is valid, if you respond, more emails will follow and these emails will contain fraudulent and valid websites.  As you click on these links and enter information, the scammer is retrieving this information.  Sometimes scammers download software which can take over your computer or record your keystrokes. 

These links can be actual links, images, or buttons, anything that takes you to another site.  Here is an example of a phishing attack.  Here is an example of a phishing attack from the Department of Homeland Security.  This email was sent to various government employees during the time of the COVID-19 Relief Plan. If you clicked on the link, the link took you to this page:

Let’s take a minute to look at the email itself.  The email itself contained the following:

  • A subject line,SBA Application Review and Proceed
  • A sender, marked as disastercustomerservice@sba[.]gov
  • Text in the email body urging the recipient to click on a hyperlink to address:
    hxxps://leanproconsulting[.]com.br/gov/covid19relief/sba.gov
  • The domain resolves to IP address:214.104[.]246

What do you notice that is wrong?

  • How about the subject line? The subject line looks legitimate.  The SBA is the Small Business Association which is a legitimate agency.  This appears ok.
  • How about the sender? What do you notice?  Do you notice the @sba[.]govDoes that look normal?  This part of the email address is the domain name.  Only government agencies can use the “gov” extension but the [.]gov means the extension is ]gov.  That is not the same as .gov.  This should be your first warning sign but do not stop here.
  • In the text of the email, you are referenced to the url hxxps://leanproconsulting[.]br/gov/covid19relief/sba.gov. Notice a few issues
    • The hxxps is not the standard protocol. The standard protocol is This is a concern.
    • This url has two extensions - .com and .gov. Where is this site taking you — this is a concern.
    • Notice the [.]com. That is not a standard domain extension. — this is a concern.
  • Last, let’s look at the IP address - 214.104[.]246 — we learned in the Internet unit the standard IPv4 addresses were all numbers and in the format of xxx.xxx.xxx.xxx — this has a 3-3-4-4 set of character/numbers and two of the characters/ numbers are not numbers — this is a concern.

Any one of these issues alone would probably not raise a concern but when you begin to evaluate them the site, you notice several things that are inconsistent with a legitimate email.

Watch the movie Internet IP/DNS

Question for Thought

What emotion is the sender illicit?  Fear? Desperation? Hope?  Business are struggling and our government did provide a COVID relief package.  This cybercriminal was hoping to use someone’s desperation during a pandemic to gain their personal data.

Now let us look at the website itself

  • Let’s look at the URL: https://leanproconsulting.com.br/gov/covid19relief/sba.gov — the domain is the leanproconsulting.com.br.br is not one of the normal domain extensions.  The url does have the .com in there but with the .br, this should be suspicious.
  • Now the site is asking for your personal information. Remember, when the cybercriminal has your user name and/or password,  access to your information becomes available.

Overview of an URL

https://www.apple.com/iphone-11-pro/

  • https:// tells the server what protocol to use. (https is a secure protocol meaning the data is encrypted.)
  • www - defines the world wide web. 
  • apple.com - the domain name and indicates the targeted host
  • phone-11-pro - page location for the iPhone 11 Pro.

The domain name is key.  If you were to view appple.com  or apple.net or any other combination of apple.com, the URL would not be a true apple.com site.

IMAGE CREATED BY GAVS AND USED ACCORDING TO TERMS OF USE.