Identity theft

[citation needed] An October 2010 article entitled "Cyber Crime Made Easy" explained the level to which hackers are using malicious software.

There are cases of identity cloning to attack payment systems, including online credit card processing and medical insurance.

In some cases, criminals have previously obtained state-issued identity documents using credentials stolen from others, or have simply presented a fake ID.

Victims might only learn of such incidents by chance, for example by receiving a court summons, discovering their driver's licenses are suspended when stopped for minor traffic violations, or through background checks performed for employment purposes.

[14] This is just one example of the kinds of impact that may continue to affect the victims of identity theft for some months or even years after the crime, aside from the psychological trauma that being 'cloned' typically engenders.

Individual victims can be affected if their names become confused with the synthetic identities, or if negative information in their subfiles impacts their credit ratings.

Inaccurate information in the victim's records is difficult to correct and may affect future insurability or cause doctors to rely on misinformation to deliver inappropriate care.

[19][20] Data collected and stored by hospitals and other organizations such as medical aid schemes is up to 10 times more valuable to cybercriminals than credit card information.

[21] The Federal Trade Commission (FTC) estimates that about nine million people will be victims of identity theft in the United States per year.

Young people in foster care who are victims of this crime are usually left alone to struggle and figure out how to fix their newly formed bad credit.

The most common method is to use a person's authentic name, address, and Social Security Number to file a tax return with false information, and have the resulting refund direct-deposited into a bank account controlled by the thief.

This form will put the IRS on alert and someone who believed they have been a victim of tax-related theft will be given an Identity Protection Personal Identification Number (IP PIN), which is a 6 digit code used in replacing an SSN for filing tax returns.

For consumers, this is usually a result of them naively providing their personal information or login credentials to the identity thieves (e.g., in a phishing attack) but identity-related documents such as credit cards, bank statements, utility bills, checkbooks, etc.

Guardianship of personal identifiers by consumers is the most common intervention strategy recommended by the US Federal Trade Commission, Canadian Phone Busters and most sites that address identity theft.

Identity theft can be partially mitigated by not identifying oneself unnecessarily (a form of information security control known as risk avoidance).

Committing personal identifiers to memory is a sound practice that can reduce the risks of a would-be identity thief from obtaining these records.

Victims of identity theft may face years of effort proving to the legal system that they are the true person,[34] leading to emotional strain and financial losses.

Most identity theft is perpetrated by a family member of the victim, and some may not be able to obtain new credit cards or open new bank accounts or loans.

[34] In their May 1998 testimony before the United States Senate, the Federal Trade Commission (FTC) discussed the sale of Social Security numbers and other personal identifiers by credit-raters and data miners.

[37] Using various types of biometric information, such as fingerprints, for identification and authentication has been cited as a way to thwart identity thieves, however, there are technological limitations and privacy concerns associated with these methods as well.

[43]Social networking sites are one of the most famous spreaders of posers in the online community, giving the users the freedom to post any information they want without any verification that the account is being used by the real person.

[clarification needed] The Philippines, which ranks eighth in the numbers of users of Facebook and other social networking sites (such as Twitter, Multiply and Tumblr), has been known as a source of various identity theft problems.

Section 2 of this act states that it recognizes the importance of communication and multimedia for the development, exploitation, and dissemination of information[clarification needed], but violators will be punished by the law through imprisonment or a fine upwards of ₱200,000, but not exceeding ₱1,000,000, or (depending on the damage caused) both.

The Act covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, and telephone numbers.

The Identity Theft Deterrence Act (2003)[ITADA] amended U.S. Code Title 18, § 1028 ("Fraud related to activity in connection with identification documents, authentication features, and information").

In addition, punishments for the unlawful use of a "means of identification" were strengthened in § 1028A ("Aggravated Identity Theft"), allowing for a consecutive sentence under specific enumerated felony violations as defined in § 1028A(c)(1) through (11).

The FTC has determined that most medical practices are considered creditors and are subject to requirements to develop a plan to prevent and respond to patient identity theft.

[62] At least two states, California[63] and Wisconsin[64] have created an Office of Privacy Protection to assist their citizens in avoiding and recovering from identity theft.

A Microsoft report shows that this drop is due to statistical problems with the methodology, that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude.

[77] In the United Kingdom, the Home Office reported that identity fraud costs the UK economy £1.2 billion annually[78] (experts believe that the real figure could be much higher)[79] although privacy groups object to the validity of these numbers, arguing that they are being used by the government to push for introduction of national ID cards.

Example of an identity theft crime: 1. The fraudster files tax return paperwork in the victim's name, claiming a refund. 2. The IRS issues a refund to the fraudster. 3. The victim submits their legitimate tax return. 4. The IRS rejects the return as a duplicate.
US Government Accountability Office diagram showing the identity theft risk associated with social security numbers on Medicare cards