Unit 3

• Tools and Methods used in Cyber crime

• Phishing
• Password Cracking
• Keyloggers and Spywares
• Virus and Worm
• Steganography
• DoS and DDoS Attacks
• SQL Injection
• Buffer Overflow
• Attacks on Wireless Networks
• Phishing
• Identity Theft (ID Theft)
Stages of cyber attack
• Initial uncovering
• Network probe
• Crossing line toward electronic crime
• Capturing the network traffic
• Grab the data
• Covering tracks
Tools and methods used in cybercrime
• Scareware is a type of malware attack that claims to have detected a virus
or other issue on a device and directs the user to download or buy
malicious software to resolve the problem.
• Scareware attacks often begin with a pop up ad that appears to be from a
legitimate security software provider or the computer’s operating system.
• If clicked, the scareware ad will direct the user to an infected website
where they are given additional instructions to solve their so-called
problem.
• This may include installing a new tool or program, running a computer
scan, entering log-in credentials for more information or uploading their
credit card information to continue the recovery process.
• This will often result in the user inadvertently and unknowingly
downloading malicious programs,
suchas malware, ransomware, spyware, a virus or a Trojan onto their
device.
Malvertising
Tools and methods used in cybercrime
• Malvertising is an attack in which perpetrators inject malicious
code into legitimate online advertising networks. The code
typically redirects users to malicious websites.
• The attack allows perpetrators to target users on highly
reputable websites, e.g., The New York Times Online, The
London Stock Exchange, Spotify and The Atlantic, all of which
have been exposed to malvertising.
• The online advertising ecosystem is a complex network that
involves publisher sites, ad exchanges, ad servers, retargeting
networks and content delivery networks (CDNs). Multiple
redirections between different servers occur after a user clicks
on an ad. Attackers exploit this complexity to place malicious
content in places that publishers and ad networks would least
expect.
Differences between malvertising and ad malware include:

• Malvertising involves malicious code which is initially

deployed on a publisher’s web page. Adware, however, is
only used to target individual users.

• Malvertising only affects users viewing an infected

webpage. Adware, once installed, operates continuously on
a user’s computer.
• Clickjacking is an attack that tricks a user into clicking a
webpage element which is invisible or disguised as another
element.
• This can cause users to unwittingly download malware, visit
malicious web pages, provide credentials or sensitive
information, transfer money, or purchase products online.
What is Ransomware Attack?
• Ransomware is a type of malware attack in which the
attacker locks and encrypts the victim’s data, important
files and then demands a payment to unlock and decrypt
the data.
• This type of attack takes advantage of human, system,
network, and software vulnerabilities to infect the victim’s
device—which can be a computer, printer, smartphone,
wearable, point-of-sale (POS) terminal, or other endpoint.
 Ransomware seven-stage attack
1. Infection—Ransomware is covertly downloaded and installed on the device.
2. Execution—Ransomware scans and maps locations for targeted file types,
including locally stored files, and mapped and unmapped network-accessible
systems. Some ransomware attacks also delete or encrypt any backup files
and folders.
3. Encryption—Ransomware performs a key exchange with the Command and
Control Server, using the encryption key to scramble all files discovered
during the Execution step. It also locks access to the data. (See Figure 2.)
4. User Notification—Ransomware adds instruction files detailing the
pay-for-decryption process, then uses those files to display a ransom note to
the user.
5. Cleanup—Ransomware usually terminates and deletes itself, leaving only the
payment instruction files.
6. Payment—Victim clicks a link in the payment instructions, which takes the
victim to a web page with additional information on how to make the required
ransom payment. Hidden TOR services are often used to encapsulate and
obfuscate these communications to avoid detection by network traffic
monitoring.
7. Decryption—After the victim pays the ransom, usually via the attacker’s
Bitcoin address, the victim may receive the decryption key. However, there is
no guarantee the decryption key will be delivered as promised.
Proxy server and anonymizer
Proxy Server
• It is a server (a computer system or an application) that
acts as an intermediary for requests from clients seeking
resources from other servers.
• A client connects to the proxy server, requesting some
service, such as a file, connection, web page, or other
resource available from a different server and the proxy
server evaluates the request as a way to simplify and
control its complexity.
• Proxies were invented to add structure and encapsulation to
distributed systems.
• Today, most proxies are web proxies, facilitating access to
content on the World Wide Web and providing anonymity.
 What is a Proxy Server?
• A proxy server is a system or router that provides a gateway
between users and the internet.
• The attacker machine connects
through the proxy to access
services provided by other
computers (targets) on the network.

• The proxy server performs the

requests on behalf of the attacker
machine.

• The target machines on the

network, on receiving the request,
can see that the request is coming
from a proxy machine but cannot
see the actual identity of the
attacker machine. Generally,
attackers use proxies to hide their
identity.
Proxy servers and anonymizers uses
• To hide company servers or systems
• Caching
• Filter unwanted contents , websites
• IP address multiplexer (Network address translation)
Anonymizer
• Anonymizer is an anonymous proxy which allows the user to browse
internet anonymously
• Generally used by crackers to cover their tracks.
Password cracking -purpose
• To recover forgotten password
• As a preventive measure by system adminstrators to check for easily
crackable passwords
• To gain unauthorized access to the system
Manual password cracking
• Find a valid user account
• Create a list of possible passwords
• Rank the passwords from high to low probability
• Key in each password
• Try again until a successful password is found.
Guessable password characteristics
• General passwords like …
• Series of letters like qwerty
• User name or login name
• Name of user friend/ relative/ pet name
• Users birth date /place
• Vehicle number, residence
• Name of celebrity
• Combination of above
Classification of password cracking attacks
• Online attacks
• Offline attacks
• Non electronic attacks (Social Engineering, shoulder surfing, dumpster
diving etc)
Keylogger
• A keylogger or keystroke logger/keyboard capturing is a
form of malware or hardware that keeps track of and
records your keystrokes as you type.
• It takes the information and sends it to a hacker using
a command-and-control (C&C) server.
• The hacker then analyzes the keystrokes to locate
usernames and passwords and uses them to hack into
otherwise secure systems.
Software Keyloggers
• Software keyloggers consist of applications that have to be installed
on a computer to steal keystroke data. They are the most common
method hackers use to access a user’s keystrokes.
• A software keylogger is put on a computer when the user downloads
an infected application. Once installed, the keylogger monitors the
keystrokes on the operating system you are using, checking the paths
each keystroke goes through. In this way, a software keylogger can
keep track of your keystrokes and record each one.
• After the keystrokes have been recorded, they are then automatically
transferred to the hacker that set up the keylogger. This is done using
a remote server that both the keylogger software and the hacker are
connected to. The hacker retrieves the data gathered by the
keylogger and then uses it to figure out the unsuspecting user’s
passwords.
• The passwords stolen using the key logger may include email
accounts, bank or investment accounts, or those that the target uses
to access websites where their personal information can be seen.
Therefore, the hacker's end goal may not be to get into the account
for which the password is used. Rather, gaining access to one or more
accounts may pave the way for the theft of other data.
Hardware Keylogger
• A hardware keylogger works much like its software counterpart.
The biggest difference is hardware keyloggers have to be
physically connected to the target computer to record the user's
keystrokes. For this reason, it is important for an organization to
carefully monitor who has access to the network and the
devices connected to it.
• If an unauthorized individual is allowed to use a device on the
network, they could install a hardware keylogger that may run
undetected until it has already collected sensitive information.
After hardware keystroke loggers have finished keylogging, they
store the data, which the hacker has to download from the
device.
• The downloading has to be performed only after the keylogger
has finished logging keystrokes. This is because it is not possible
for the hacker to get the data while the key logger is working. In
some cases, the hacker may make the keylogging device
accessible via Wi-Fi. This way, they do not have to physically
walk up to the hacked computer to get the device and retrieve
the data.
Mode of infection
Detecting keylogger activity
How do attackers use keylogger data
Preventive measures
How does spyware work?
• Spyware can make its way onto a device without the end user's knowledge
via an app install package, file attachment or malicious website.
• In its least damaging form, spyware exists as an application that starts up
as soon as the device is turned on and continues to run in the background.
Its presence will steal random access memory and processor power and
could generate infinite pop-up ads, effectively slowing down the web
browser until it becomes unusable.
• At its most damaging, spyware will track web browsing history, passwords
and other private information, such as email addresses, credit card
numbers, personal identification numbers or banking records.
• Spyware can also secretly make changes to a device’s firewall settings,
reconfiguring the security settings to allow in even more malware.
How to prevent spyware?
• only downloading software from trusted sources;
• reading all disclosures when installing software;
• avoiding interactions with pop-up ads;
• staying current with updates and patches for browser, operating
system (OS) and application software;
• not opening email attachments or clicking on links from
unknown senders;
• using only trusted antivirus software and reputable spyware
tools; and
• enabling two-factor authentication whenever possible.
 Antispyware tools
• Malwarebytes is an antimalware and spyware tool that can remove spyware
from Windows, macOS, Chrome OS, Android and iOS. Malwarebytes can scan
through registry files, running programs, HDs and individual files. Once a
spyware program is detected, a user can quarantine and delete it. However,
users cannot set up automatic scanning schedules.

• Trend Micro HouseCall is another antispyware tool that does not require user
installation, so it uses minimal processor and memory resources and disk space.
However, like Malwarebytes, users cannot set automatic scans.

• Windows Defender is a Microsoft antimalware product that is included in the

Windows 10 OS under Windows Defender Security Center. The software is a
lightweight antimalware tool that protects against threats such as spyware,
adware and viruses. Windows Defender includes features such as protection
against phishing sites, real-time threat detection and parental controls.
Virus and worms
• Program that can infect legitimate programs by modifying them to
include possibly evolved copy of itself.
• Spread themselves without the knowledge of the users.
• May contain malicious instructions that cause damage or annoyance.
• A virus can start on event driven effects, time driven effects or can
occur at random
How do Viruses Travel?

Pirated Software, Shareware, and Public Domain Software are

common sources of viruses. This seems to be particularly true for
games. People tend to share these among many users and the
likelihood of a computer virus download infection increases accordingly.
Try to steer clear of this type of software, or be sure to follow
recommended anti-virus procedures.
E-mail letters, chain or other, especially with attachments containing
.exe files, are very high on the likelihood scale of containing and
spreading viruses. Don't open these, especially if from an unknown
source.
Your Technical Support and Service Engineers can provide an
effective medium for the spread of viruses. Diagnostic diskettes / CD's,
used in resolving a problem on a customer's PC, can become infected
and in turn infect other PCs.
Personal computers at home can also be sources of infection. When
work is brought home, the USB sticks can become infected, and then
one takes back the infection to the workplace.
Types of viruses
• Boot sector viruses – infects the storage media on which OS is stored.
• Program viruses – becomes active when program files (.exe, .bin,
.com..) executed
• Multipartite viruses- hybrid of boot sector and program viruses.
• Stealth viruses – camouflages itself that detecting becomes very
difficult
• Polymorphic viruses – acts like chameleon that changes its virus
signature
• Macroviruses – infects the macros of Microsoft document or excel
Trojan horses
• In computing, a Trojan horse is a program downloaded and installed on a computer
that appears harmless, but is, in fact, malicious.
• Unexpected changes to computer settings and unusual activity, even when the computer
should be idle, are strong indications that a Trojan is residing on a computer.
• Typically, the Trojan horse is hidden in an innocent-looking email attachment or free
download.
• When the user clicks on the email attachment or downloads the free program, the
malware hidden inside is transferred to the user's computing device.
• Once inside, the malicious code can execute whatever task the attacker designed it to
carry out.
How Trojan horse works
• Before a Trojan horse can infect a machine, the user must download the server side of the
malicious application.
• The Trojan horse cannot manifest by itself. The executable file (.exe file) must be implemented
and the program must be installed in order for the attack to be unleashed on the system.
• Social engineering tactics are often used to convince end users to download the malicious
application. The download trap may be found in banner ads, website links or pop-up
advertisements
• As soon as the email has been opened and the attachment has been downloaded, the Trojan
server will be installed and will run automatically each time the computer turns on.
• It is also possible for an infected computer to continue spreading the Trojan horse to other
computers, creating a botnet.
• Hackers use these zombie computers to continue dispersing additional malware to create a whole
network of zombie computers.
Backdoors
What a backdoor does?
• Allows attacker to change system settings
• Allow attacker to control hardware devices
• Steals sensitive personal information
• Records keystrokes
• Sends all gathered data through predefined Email
• Infects files, corrupts installed applications
• Degrades internet connection speed and overall system performance
Ex- Back Orifice
Bifrost
SAP backdoors
What is Steganography?
Steganography is the art and science of embedding secret
messages in a cover message in such a way that no one, apart
from the sender and intended recipient, suspects the
existence of the message.
Steganalysis is the art of detecting the hidden message
Features Steganography Cryptography
Meaning The term steganography contains Greek The term cryptography means "hidden writing".
influences, which mean "covered writing".

Popularity It is less popular than cryptography. It is more popular and commonly used than
steganography.
Dependability It relies on the key. It doesn't have any parameters.
Goal Its main goal is to offer secure communication. Its main goal is to provide data protection.

Structure of data The structure of data is not frequently altered. The structure of data is allowed to alter while
encrypting.
Attacks name The attack's name in the steganography The attack's name in cryptography is
technique is steganalysis. cryptanalysis.
Supported Security Principles It offers only confidentiality and authentication. It provides security principles, including
integrity, secrecy, authentication, and
non-repudiation.
Implementation It may be utilized on any medium, including It is mainly utilized on text files.
text files, audio-video files, and images.

Mathematical It does not entail many mathematical It involves the use of number theory,
Transformations transformations mathematics, and other tools to manipulate
data.
Techniques Some of the techniques used in steganography It employs techniques such as stream,
are transformed domain embedding, spatial substitution, transpositional, and block ciphers.
domain, and model-based.
 DoS and DDoS Attack
• A Denial-of-Service (DoS) attack is an attack meant to shut down a
machine or network, making it inaccessible to its intended users.
• DoS attacks accomplish this by flooding the target with traffic, or sending
it information that triggers a crash.
• Victims of DoS attacks often target web servers of high-profile
organizations such as banking, commerce, and media companies, or
government and trade organizations.
• Though DoS attacks do not typically result in the theft or loss of
significant information or other assets, they can cost the victim a great
deal of time and money to handle.
Classification of DoS attack
• Bandwidth Attack – tries to exhaust the network bandwidth (Ex- UDP
and TCP floods)
• Logic attack – can exploit the vulnerabilities in network software such
as webserver.
• Protocol attacks – exploits the vulnerabilities in communication
protocols.
• Unintentional DoS attack – Sudden increase in genuine traffic of
clients.
Levels of DoS attack
• Flood attack - attackers send a very high volume of traffic to a
system so that it cannot examine and allow permitted
network traffic. For example, an ICMP flood attack occurs
when a system receives too many ICMP ping commands and
must use all its resources to send reply commands.
• Ping of death attack -an attacker crashes, destabilizes, or
freezes computers or services by targeting them with
oversized data packets. This form of DoS attack typically
targets and exploits legacy weaknesses that organizations
may have patched.
Levels of DoS attack
• A SYN flood (half-open attack) is a type of denial-of-service
(DDoS) attack which aims to make a server unavailable to
legitimate traffic by consuming all available server resources. By
repeatedly sending initial connection request (SYN) packets, the
attacker is able to overwhelm all available ports on a targeted
server machine, causing the targeted device to respond to
legitimate traffic sluggishly or not at all.
Levels of DoS attack
Teardrop attack –
A teardrop attack is a denial-of-service (DoS) attack that involves
sending fragmented packets to a target machine. Since the machine
receiving such packets cannot reassemble them due to a bug in TCP/IP
fragmentation reassembly, the packets overlap one another, crashing the
target network device.

Smurf Attack –
A smurf attack is a type of distributed denial of service (DDoS) attack where
an attacker sends an avalanche of ping data packets to its target. It does
this by spoofing the source IP address of the ping to be the victim's, and
sending it to a network broadcast IP address.
Tools for performing DoS Attack
How to prevent from DoS and DDoS attacks
• Implement router filters.
• Install patches to guard against TCP SYN flooding
• Disable any unused network services
• Observe system’s performance
• Routinely examine system security
• Establish and maintain regular backup schedules and policies.
 SQL injection
• A SQL injection (SQLi) is a technique that attackers use to gain
unauthorized access to a web application database by adding a
string of malicious code to a database query.
• A SQL injection manipulates Structured Query Language code to
provide access to protected resources, such as sensitive data, or
execute malicious SQL statements. When executed correctly, a
SQL injection can expose intellectual property, customer data or
the administrative credentials of a private business.
• SQL injection attacks can be used to target any application that
uses a SQL database, with websites being the most common
prey.
What an attacker can do?
• Bypassing Logins : by obtaining username and passwords
• Accessing secret data : reconnaissance
• Adding new data or Modifying contents of website:
INSERT/UPDATE
• Shutting down the My SQL server
Steps for SQL Injection attack
1. Search for pages that contains a HTML form like login page,
search page, registration page etc.
2. Identify the suitable form fields like text box, combo box, etc.
3. Inserted crafted code (like a single quote) into the selected form
field and check whether the database is parsing SQL syntax or
not.
4. If the database server is parsing SQL input, then use other SQL
commands to retrieve or insert data in the database
SQL injection example
How to prevent SQL injection attacks
• Input validation: This involves replacing single quote with two single
quotes or a double quote, sanitizing the user input by removing
unnecessary special characters, detecting and removing unnecessary
numeric data and making all the input fields as short as possible to limit
the length of the user input.
• Modify error reports: SQL errors must not be displayed to the users.
Website administrator should change the default settings for displaying
detailed SQL errors including the database software name, version, and
stack trace. Instead of a detailed message they can display a
simple message which doesn’t provide any useful information.
• Other preventions:
• Default system accounts for SQL server should never be used
• Isolate database server and web server
• If there are any unused additional stored procedures in the database, they should
be removed
Buffer overflow
Attacks on wireless network
• Sniffing – eavesdropping on network.
Attacker installs sniffers remotely on victim’s system.
gathers required information about active wifi n/w
detection of SSID
Collecting MAC address
collecting frames to crack WEP
Attacks on wireless network
• Spoofing - act of impersonating legitimate entities or devices to
gain unauthorized access or perform malicious activities. It
involves manipulating network protocols and techniques to
deceive network users, administrators, or security systems.
MAC Address Spoofing:
IP Spoofing
• DoS
• MiTM
• Encryption cracking
How to secure wireless networks
• Change the default settings of all the equipments
• Enable WPA/WEP Encryption
• Change the default SSID
• Enable MAC address filtering
• Disable SSID broadcast
• Avoid providing the network a name which can be easily identified
• Connect to only secured wireless network
• Assign static IP address to devices
• Enable firewalls
• Turn off network when not in use for extended period of time
• Periodic and regular monitor of wireless network security
Phishing
• Phishing is a fraudulent practice in which an attacker
masquerades as a reputable entity or person in an email or
other form of communication.
• Attackers commonly use phishing emails to distribute malicious
links or attachments that can extract login credentials, account
numbers and other personal information from victims.
• Deceptive phishing is a popular cybercrime, as it's far easier to
trick someone into clicking on a malicious link in a seemingly
legitimate phishing email than it is to break through a
computer's defenses.
 How phishing works
• Phishers can use public sources of information, such as LinkedIn, Facebook and
Twitter, to gather the victim's personal details, work history, interests and
activities.
• These resources are often used to uncover information such as names, job titles
and email addresses of potential victims.
• An attacker can then use information to craft a believable phishing email.
• A victim receives a message that appears to have been sent by a known contact
or organization.
• The attack is then carried out either when the victim clicks on a malicious file
attachment or clicks on a hyperlink connecting them to a malicious website.
• In either case, the attacker's objective is to install malware on the user's device
or direct them to a fake website.
• Fake websites are set up to trick victims into divulging personal and financial
information, such as passwords, account IDs or credit card details.
• Many phishing emails are poorly written and clearly fake, cybercriminals are
using Chatbots to make phishing attacks more real
Types of phishing
Spear phishing attacks are directed at specific individuals or companies.
• These attacks usually employ gathered information specific to the victim to more
successfully represent the message as being authentic.
• Spear phishing emails might include references to co-workers or executives at the victim's
organization, as well as the use of the victim's name, location or other personal
information.

Whaling attacks are a type of spear phishing attack that specifically target senior
executives within an organization with the objective of stealing large sums of sensitive data.
• Attackers research their victims in detail to create a more genuine message, as using
information relevant or specific to a target increases the chances of the attack being
successful.
• A typical Whaling attack targets an employee who can authorize payments, the phishing
message often appears to be a command from an executive to authorize a large payment
to a vendor
Types of phishing..
Pharming is a type of phishing attack that uses domain name system cache poisoning to
redirect users from a legitimate website to a fraudulent one.
• Pharming attempts to trick users into logging in to the fake website using their personal
credentials.
Clone phishing attacks use previously delivered but legitimate emails that contain either
a link or an attachment.
• Attackers make a copy -- or clone -- of the legitimate email and replace links or attached
files with malicious ones.
• Victims are often tricked into clicking on the malicious link or opening the malicious
attachment.
This technique is often used by attackers who have taken control of another victim's
system
• Evil twin attacks occur when hackers try to trick users into connecting to a fake Wi-Fi
network that looks like a legitimate access point.
• The attackers create a duplicate hotspot that sends out its own radio signal and uses
the same name as the real network.
• When the victim connects to the evil twin network, attackers gain access to all
transmissions to or from the victim's devices, including user IDs and passwords.
Types of phishing..
• Voice phishing is a form of phishing that occurs over voice-based media,
including voice over IP -- also called vishing -- or plain old telephone service. This
type of scam uses speech synthesis software to leave voicemails notifying the
victim of suspicious activity in a bank account or credit account.
• SMS phishing, or smishing, is a mobile device-oriented phishing attack that uses
text messaging to convince victims to disclose account credentials or install
malware.
• Page hijack attacks redirect the victim to a compromised website that's the
duplicate of the page they intended to visit. The attacker uses a cross-site
scripting attack to insert malware on the duplicate website and redirects the victim
to that site.
Phishing techniques
• URL spoofing. Attackers use JavaScript to place a picture of a legitimate
URL over a browser's address bar. The URL is revealed by hovering over
an embedded link and can also be changed using JavaScript.
• Link manipulation. Often referred to as URL hiding, this technique is used
in many common types of phishing. Attackers create a malicious URL
that's displayed as if it were linking to a legitimate site or webpage, but the
actual link points to a malicious web resource.
• Link shortening. Attackers can use link shortening services, like Bitly, to
hide the link destination. Victims have no way of knowing if the shortened
URL points to a legitimate website or to a malicious website.
• Homograph spoofing. This type of attack depends on URLs that were
created using different characters to read exactly like a trusted domain
name. For example, attackers can register domains that use slightly
different character sets that are close enough to established, well-known
domains.
Phishing techniques…
• Graphical rendering. Rendering all or part of a message as a graphical image
sometimes enables attackers to bypass phishing defenses. Some security
software products scan emails for particular phrases or terms common in phishing
emails. Rendering the message as an image bypasses this.
• Covert redirect. Attackers trick victims into providing personal information by
redirecting them to a supposed trusted source that asks them for authorization to
connect to another website. The redirected URL is an intermediate, malicious page
that solicits authentication information from the victim. This happens before
forwarding the victim's browser to the legitimate site.
• Chatbots. Attackers use AI-enabled chatbots to remove obvious grammatical and
spelling errors that commonly appear in phishing emails. Phishing emails using an
AI chatbot might make the phishing message sound more complex and real,
making it harder to detect.
• AI voice generators. Attackers use AI voice generator tools to sound like a
personal authority or family figure over a phone call. This further personalizes the
phishing attempt, increasing its likeliness to work. Attackers just need a voice
sample using a small audio clip of the victim's manager or family member.
Types of phishing scams
• Deceptive phishing
• Malware based phishing
• Keyloggers
• Session hijacking
• Web trojans
• System reconfiguration attacks
• Man in the middle phishing
• Search engine phishing
Phishing Countermeasures
• Keep antivirus up to-date
• Do not click on hyperlinks in Emails
• Take advantage of anti-spam software
• Verify https
• Use anti-spyware software
• Get educated
• Firewall
• Use backup system images
• Do not enter sensitive financial information in pop up windows
Identity theft
• Identity theft is the crime of obtaining the personal or financial
information of another person to use their identity to commit
fraud, such as making unauthorized transactions or purchases.
• Identity theft is committed in many different ways and its victims
are typically left with damage to their credit, finances, and
reputation.
• True name identity theft means attacker uses the victim’s
personal information to open a fake new account in the victim’s
name
• Account takeover identity theft means attacker uses the victim’s
personal information to gain access to existing account
Types of Identity Theft
• Financial Identity Theft
In financial identity theft, someone uses another person's identity
or information to obtain credit, goods, services, or benefits.
• Criminal identity theft
In criminal identity theft, a criminal poses as another person
during an arrest to try to avoid a summons, prevent the discovery
of a warrant issued in their real name or avoid an arrest or
conviction record
Medical Identity Theft
Someone poses as another person to obtain free medical care.
Types..
• Tax Identity Theft
Tax identity theft occurs when someone uses your personal
information, including your Social Security Number, to file a
bogus state or federal tax return in your name and collect a
refund.
• Child Identity Theft
In child identity theft, someone uses a child's identity for various
forms of personal gain.
The fraudster may use the child's name and Social Security
Number to obtain a residence, find employment, obtain loans, or
avoid arrest on outstanding warrants.
Techniques
• Dumpster diving
• Shoulder surfing
• Phishing and spam e-mail
• Data breaches
• Credit card theft
• Wi fi hacking
• ATM Skimmers
• Mobile phone theft
Warning Signs of Identity Theft
• Some clear indicators of identity theft include bills for items that you
didn't buy. These can be seen on your credit card or received via
email or other means.
• Calls from debt collectors regarding accounts that you didn't open,
and your loan applications being denied when you believed your
credit is in good standing.
• Other warning signs include bounced checks,
• unexplainable medical bills,
• utilities being shut off,
• inability to sign into accounts,
• hard inquiries into your credit report not caused by your actions,
• new credit cards in your name that you didn't apply for.
Steps to prevent identity theft
• Check your credit card statement periodically
• Shred unsolicited credit card applications
• Monitor your account statements for any unauthorised transactions
• Follow up with creditors in case there are fraudulent transactions
• Do not respond to spam E-mails.