Online Identity Theft

Online Identity Theft

Online identity theft is a growing problem. For many of us the Internet is now a part of everyday life; to others it is still the Wild West, populated by bandits out to rob us and worse. In fact, contrary to popular opinion, most of us are still more at risk of identity theft in real life than we are of becoming victims of online identity theft.

However, the electronic environment does provide a number of opportunities for the identity thieves, some merely computerized versions of traditional scams and others entirely new. Criminals have developed a number of common tactics to perpetrate online identity theft.

Phishing is a common scam used in online identity theft but that is covered in another article. Another online identity theft scam is disguising the source of the email. This is actually easier than it appears. All emails consist of two parts. The part we see when we read an email is called the body. This is whatever is typed in as the text of the email, together with any attached files, such as pictures, spreadsheets, etc.

Immediately preceding the body is a part of the email we usually don't look at called the header. The header contains information about the email, such as to whom it is addressed, the sender, the subject line, the date, and other information such as the computers it passed through on its way from the sender to the recipient. Much of this information is used by law enforcement agencies as part of the forensic analysis process when building a case.

Here we are concerned with the header showing the sender's details, the "from" field. While much of the header information is fixed, the contents of the "from" field can be set in the email program. This online identity theft technique is called 'spoofing the From address.' The details of the technique are different for each email program, but the process is very easy.

The second part of this online identity theft scam disguising the destination website which is a little more complicated. The link in the email will appear to point to a genuine website belonging to a legitimate company. In fact, however, analysis of the code from which the email is made up shows that the link will actually take you to an entirely different bogus website. This is actually a relatively simple example to find out. Were you to position your mouse over a similar link, your email software will probably show you the real address, giving you some warning that the link is bogus.

There are other more sophisticated way for con artists to commit this common online identity theft scam including using IP addresses instead of words. The link will go to the same page but an IP address hides the URL. Other methods used are the '@' symbol and numeric codes.