Digital identity theft is one of the issues that concerns experts and users alike because of the ease that the Internet offers criminals to commit fraudulent acts.
This crime involves impersonating another person and assuming their identity with the information obtained for financial gain or in order to damage the reputation of the person concerned.
In this post, we will explain this digital identity violation that is catching on and how advanced electronic signatures help protect it.
This post is also available in Spanish.
What is digital identity?
A person's digital identity is made up of the same data that distinguishes them in the offline world - personal data such as name, telephone, address, photographs, bank account numbers, etc. - but on the net. Basically, any data that makes it possible to identify a person in the online environment.
The theft consists of impersonating a person, assuming their identity in the digital world to access bank accounts, social profiles or hire products and services.
Corporate digital identity
A company, like a person, has a digital identity because it spreads its image on the Internet by means of a corporate website, business blog, and profiles on social networks.
INCIBE Cybersecurity guide to digital identity and online reputation. (In Spanish).
Digital identity theft, a growing crime
Over the past few years, the digital world has seen digital theft as one of the most recurrent types of theft, more frequent than we believe.
Spain, in fact, is the European Union country with the highest number of victims of identity theft, according to figures from the European Statistical Office (Eurostat). Specifically, 7% of Spanish Internet users have been victims of this crime in the past 12 months, 3% more than the Community average of 4%.
It can be complicated but just sharing a photo on Instagram from the airport cafeteria with a flight ticket can be enough to attract criminal attention. Anyone can read the ticket codes with a simple application and access the traveller's personal data. A simple photograph that seems unimportant can become a real problem.
In addition, it is important to highlight the fact that identity theft not only affects users whose data has been misused, but also has negative consequences for businesses, as they devote resources to actions that ultimately do not materialise.
The main reason behind identity fraud is often to hire services or products by posing as someone else through e-commerce. Therefore, the companies themselves that offer the possibility of entering into contracts online are the first ones interested in fighting this type of fraud.
It takes on average 5.4 months for a user to realise
that they have been a victim of identity theft.
Frequent harm from digital identity theft
Among the most frequent damages in cases of digital identity theft are the following:
Through a new profile or by modifying the access password, attackers generate different content on behalf of the victim with the intention of provoking a negative reaction from other users.
In these cyberbullying actions, phishing seeks to cause credibility problems and affect the reputation of the injured party. There are also cases of cyberbullying in which the legitimate user is blackmailed and also suffers financial damage if they want to recover the account.
This type of digital identity theft severely harms the online reputation of the victim and it is often necessary to exercise the right to be forgotten, outlined in the European Data Protection Regulations, which removes data published on the Internet.
One of the most common ways that thieves have to access personal data is via the loss of smartphones, tablets, computers, etc., as they are usually devices that have passwords linked to accounts. This can also happen when you use unsecured connections due to no antivirus program being installed or when a company suffers an accident or attack and releases its customers' data, leaving them vulnerable to anyone.
In this way, a criminal can use someone's bank account details to contract a service, for example: telephone, ADSL, utilities, or to make purchases and debit the victim's account.
One of the most significant hacked digital identities last year was the CEO of Securitas in Switzerland, Alf Göransson. The hacker who stole the Swedish executive's identity used it to request a loan. Immediately afterwards, Göransson was declared bankrupt by the Court of Stockholm and subsequently learned of what had happened after receiving a notice from that judicial body.
According to protocols of the Swedish Business Registration Office, Göransson was immediately removed from office as chairman of the board of Loomis and member of the board of Hexpol, both companies of the Group.
Although the executive will recover his posts as soon as the "misunderstanding" with the Court has been resolve, this situation has left a bitter aftertaste, both for Göransson and for Securitas, who were obliged to issue a press release to report what had happened.
Electronic signature as a method of identification
The first question we ask ourselves when we hear about cases like these is what failed at the Swedish bank for the loan to be granted to the hacker. Obviously, the bank did not have a reliable system that objectively determined the identity of the signatory when contracting the financial product.
That is why the most diligent entities encourage the use of an advanced digital signature for this type of financial operation, since it compiles a range of biometric data on the signatory, which, along with the electronic evidence in the context of the signing, allows the identity of the signatory to be ensured. This reinforces identity 2.0 above offline identity, as the biometric data collected is virtually impossible to falsify.
Related Post >>
How to verify your customers´digital identify?
The theft of a digital identity represents a problem both for users who may be injured in terms of their reputation or suffer financial damage, and for companies that allow their products or services to be contracted online. They are both exposed to cyber-crime fraud and it is their responsibility to take preventive measures to avoid these dangers.
If you need more information or would like to receive advice regarding our various authentication systems, please do not hesitate to contact us. You can send us an email to firstname.lastname@example.org, call us o 93 551 14 80 or fill in this form.
If you prefer, you can opt for a trial of our services by registering with Signaturit for free for 14 days.
This post is also available in Spanish.