How does Online Identity Theft occur?
The phenomenon of Online identity theft occurs through various methods: phishing emails, malware attacks, data breaches. Phishing emails trick users into providing personal information by posing as legitimate entities. Malware infects devices and steals sensitive data directly from the user’s system. Data breaches involve hackers gaining unauthorized access to databases containing personal information, which they can exploit for identity theft purposes. Through these methods cybercriminals access and misuse individuals’ personal information for fraudulent activities.
What personal information identity theft fraudsters and criminals usually target?
Perpetrators access and misuse individuals’ personal information for fraudulent activities. Identity theft fraudsters and criminals typically target a range of personal information, including social security numbers, credit card details, bank account information, login credentials (such as usernames and passwords), full names, addresses, and dates of birth.
I’ve been a victim of online identity theft, what should I do?
If you’ve been a victim of online identity theft, it’s important to take immediate action to minimize further damage. Contact your bank, financial institutions and credit card companies to report any unauthorized transactions and freeze your cards and accounts if necessary. Change your passwords for all your online accounts, set two-factor authentication for added security. Contact your local law enforcement agency (Cybercrime division for example) for further assistance and guidance.
Can online payments/shopping put me at risk of identity theft?
There is a high risk if you shop on insecure websites or use unsecured Wi-Fi networks. Always look for “https” in the web address and avoid entering payment information on sites that don’t seem legitimate. Sites for example that do not have an SSL certificate are deemed suspicious and your internet browser will show you a notification for security if you want to proceed at your own risk or not. Last but not least, always check the official domain name as fraudsters clone official websites of banks, companies, organizations, and alter the domain name and official email accounts.
Is it safe to use public Wi-Fi?
Public Wi-Fi can be risky. Avoid accessing sensitive accounts or making transactions on public networks. If necessary, use a virtual private network (VPN) to encrypt your internet connection.
What measures can I perform to prevent being a victim of OIDT?
– Keep your personal information secure.
– Use different and strong password credentials for each of your accounts and try to change them from time to time.
– Do not share personal sensitive or financial information over the phone, email or internet, unless you have a trusted relationship with the requestor, and you initiated the contact.
– Have a specific credit card for online purchases and do not buy on ecommerce websites that you do not know.
– If you buy/sell a product, always use the official and trusted ecommerce platform channel and do not make the transaction out of it.
– Monitor your bank statements often and report any unauthorized activity.
– Be proactive and if you receive a suspicious message asking you to provide some information, call or contact the company that is requesting this, by an official way, to confirm it.
– Try not to connect to a public and unsecure Wi-Fi network, as hackers can easily connect to your connected device and stole your information (images, videos, audios).
How can I be sure that the video/image/voice I am watching is real and has not been altered to replace someone’s identity?
There are some details you can pay attention to that can make you suspicious of a possible deep fake:
– If you watch a video of a celebrity or politician doing/saying something they should not do or unusual.
– Unnatural eye movement.
– Unnatural facial expressions.
– Unnatural body movement.
– Unnatural colouring.
– Awkward facial-feature positioning.
– Awkward body posture. Lack of emotion.
– Hair that does not look real.
– Teeth that do not look real.
– Blurring or misalignment.
– Inconsistent audio and noise.
– Images that look unnatural when slowed down.
– Hashtag discrepancies.
– Digital fingerprints.
– Reverse image searches.
– Video is not being reported on by trustworthy news sources.
What can I do to confirm that an email/text message received has a legitimate origin?
If you receive a suspicious email/text message asking you to provide some personal/financial/sensitive information, first at all, do not click on any link and then try to contact the company that is requesting this information, by an official way, for example, looking for its email, phone online, to confirm that the information requested is real.
I have sent compromising audiovisual content to someone hiding behind a false identity, what can I do?
– If you are receiving threats of any kind so that these contents are not published, remember that sextortion can result on multiple criminal behaviours, and you should report them to the Police.
– If the content has been published without your permission, you should report it to the Police so that it can be removed from the website as soon as possible. There are other agencies responsible for ensuring the security of your data. In this regard, in Spain, the Spanish Data Protection Agency (AEPD) has at your disposal the “priority channel”, where citizens can request the immediate removal of images, video or audio of sexual or violent content whose unlawful dissemination would put at serious risk the rights and freedoms, or the physical or mental health of the people affected.
– Block the person on your social networks, collect all the evidence you have and make it available to the Police when you go to file the complaint.
How can I prevent my children from being tricked by phishing techniques when using internet-connected devices?
There is no 100% secure method to prevent a person from becoming a victim of identity theft, however:
– Encourage communication with your children so that if they have any problems, they don’t hesitate to tell you about them.
– Try to ensure that they use Internet-connected devices in common areas of the home, it will be easier for you to maintain control over their Internet use.
– There are plenty of parental control tools, both free and paid, that can help you control some forms of identity theft.
– Encourage responsible and critical use of the Internet through digital education.
Someone else is impersonating me on social networks and now people are accusing me of his actions, what can I do?
– Passing yourself off as someone else (identity theft) is a crime, so you should report it to the Police providing all the evidence you have.
– All social networks have a reporting option through which you can inform the social network that another person is impersonating you. The social network can take various measures, including blocking or deleting the fraudulent profile.
How do we know if we are dealing with a fake account on social networks?
When detecting a fake account, we should look at the following characteristics:
– Suspicious photos: especially the user’s profile photo, it is possible that it is an image taken from the internet and does not correspond to the real identity of the person. Check whether the image comes from the internet or not.
– Check the followers: even if they have many followers, it is possible that cybercriminals are using applications that generate fake profiles and massive followers. They don’t usually have friends in common, but if they do, the fake profile may be using connections to real people to appear authentic.
– Little personal information and strange behaviour: fake profiles tend to be sparse on personal details to avoid being found out. Check if the number of likes is proportional to the number of followers. If they ask strange questions or ask for personal information or multimedia content, always be suspicious, block and report the profile, as all social networks have a section that allows this, preventing this profile from reaching more people.
– Lack of synergy with other social networks.
– They usually focus on a specific topic (money, politics, sports), and do not interact on a friend, activity or content that may demonstrate minimal activity.
– Its content in terms of images is also usually striking. Sometimes they will use attractive or sexual photos of the impersonated people that will serve as an attention hook, in this case, they have started to use AI to generate images that seems real, so be careful.
– They use unreliable, incomplete, or copied personal data.
What should I do if I am in front of a fake account?
As mentioned above, the option to report the fake profile is available on all social networks. In addition, the profile should be blocked to stop them from interacting with us.
If we have been victims of any crime (grooming, stalking, phishing, etc.), we should gather all the evidence and multimedia content we have (screenshots, conversations, images, details of the fake profile, phone number), and go to police stations to make the corresponding report, so that the police can investigate what happened.
I received an invoice for a purchase that I did not order by myself. I think my contact details have been used by someone else. What can I do?
It seems that you have been a victim of card fraud. You should immediately report the crime to the police. The easiest way is to make a police report online. Don’t forget to contact your bank to block your bankcard and to get help to stop any ongoing transfer you have not ordered.
Things to consider when reporting card fraud to the police:
– Get your bank statement so you can see which points of sale the fraud has taken place at.
– Think about whether there was a surveillance camera nearby when the crime was committed and how you were dressed. It can help the police identify those who were near you. One of them may have been the impostor.
– You need to have blocked the card before making your police report. You block your card with the bank or company that issued the card.
– Just use the web notification to report a card fraud. Card fraud means that someone has come across your card details and used them to pay for goods and services, usually on the internet.
– For other forms of fraud, you need to call or visit a police station. For example, if you gave your card details to a fraudster, or paid for services you did not receive.
I’m worried about being exposed to scammers when I do shop online. How can I do?
When you shop with cards online keep this in mind:
– Do not shop on unsafe websites. Search for reviews and warnings before a purchase on a page that is new to you.
– Do not save your card details on web pages when shopping. It is much safer to enter the card number every time.
– Use a card that is not linked to your salary account when shopping on the internet.
Tips and advice on how to protect yourself against card fraud
– Keep in mind that in order to manage your card securely
– Use the bank’s security solution for your bank cards. Block the card for internet purchases and open it when you want to shop online.
– Never give out your codes or card details to anyone who asks for them in e-mail, SMS, phone or web pages you shop on.
– Never allow the website or app you shop on to save your personal and card details.
– Do not save your card details on a device that can be connected to the internet, such as a phone, computer, or watch. Then use a credit card or other payment card that is not linked to your salary account.
– Always keep your card in a closed bag or in a closed pocket!
How can I protect my children from becoming victims online?
Unfortunately, using the internet aren’t risk-free. Children risk being exposed to various types of crime. E.g. bullying, sexual exploitation or fraud. Protecting your children from online can be a challenge, but there are several measures you could take to increase their safety:
– Parental controls: if your children are small, you could use features and tools that allow you to manage their internet use and safety online. This can include blocking inappropriate content, setting communication limits, and gaining insight into your child’s internet activity.
– Open conversations: talk to your children about the internet and its risks. Besides, encourage them to be critical of information or offers, especially if it seems unbelievable or comes from an unknown source.
Information and awareness: provide your children with knowledge. Explain the importance of not sharing personal information online and being careful about who they interact with. Also, inform them about safe internet habits, e.g. not clicking on unknown links or downloading files from unreliable sources.
– Update Software: ensure all devices your children use have the latest software, as updates often include security improvements.
– Strong Passwords: talk with your children about the importance of using strong passwords and not sharing them with others.
– Contact the police: if you suspect that someone exploited your child in any way you should to contact the police immediately.
Remember to spend time online with your children sometimes. It’s fun to do some online activities together or playing games. That could create an opportunity to get closer to each other and strengthen the trust between you and them. In this case, they would feel more comfortable to get back to you when they need guidance or support.
How can I be sure that an ATM is secure to use and not rigged by fraudster?
If the machine looks different or if the keypad or card reader can be wiggled, you should choose another machine.
If your card gets stuck in the machine, contact the bank immediately. Do not leave the place. Also, don’t let someone behind you in the queue help you get a card stuck in the machine. In this way, the fraudster can get across the code to the card.
Consider this:
– Protect your code. Hide the keypad and fingers when entering the code.
– Do not keep the ATM card code with the card.
– Check what is happening on your accounts from time to time. Then you can discover purchases or withdrawals that you have not made.
How do I protect myself from phone scams?
– If someone you don’t know calls and you’re unsure, hang up or ask to be called back at a number you find out yourself. This applies regardless of whether the person claims to be a close relative or from the bank, a company or an authority.
– Never give out card details, codes or other sensitive information to anyone. Card details and codes are keys to your money.
– Never use your digital-ID at the request of someone who contacts you. Remember that no serious operator would ask you for that over the phone.
– Be critical if someone calls and pretends to be a relative or a distant acquaintance who wants to borrow money.
– Do not trust the person who contacts you just because they have personal information about you. Fraudsters can find information about you online to trick you.
I saw on the Instagram a video of myself that I never did. It is deepfaked. What should I do?
Discovering a deepfake video of yourself can be distressing and shocking.
Here are some steps you can take in this situation:
– Gather evidence by documenting the content: take screenshots or save copies of the video, the URL, and any other relevant information.
– Issue takedown notices to platforms where the content appears: most social media platforms have policies against deepfakes and will remove the content when notified.
– Contact the police to report the incident.
Remember, it’s important to act quickly when you discover a deepfake of yourself. The faster you act, the less time the video has to spread.
What main practical consequences can Online Identity Theft have?
In general, online identity theft can have:
– Economic consequences, such as the embezzlement and misappropriation of money.
– Reputational (moral/psychological) damage aimed at undermining the credibility and respectability of the account and/or individual.
What psycho-social consequences can Online Identity Theft have?
The feelings that a victim of Online Identity Theft associates with the lived experience can be many: the emotional distress caused by the feeling of helplessness, which in turn generates anger and fear, for example, but also sadness, anguish, shame, guiltiness; or a combination of emotions; or emotional anaesthesia, that is, the absence of emotions or their denial.
In addition, there are several social harms associated with digital identity theft, such as the time and energy required to solve problems, exposure to judgment, stigma, and fear of risk.
If I am a person close to an Online Identity Theft victim, what can I do to help him/her?
If you are someone close to a victim of online identity theft, you can play an important supportive role through these simple actions to keep in mind:
– Listen carefully and take seriously what is being told to you.
– Spend time with the victim.
– Take a supportive attitude about the incident by offering to help.
– Infuse a sense of protection.
Furthermore:
– Don’t be afraid to ask questions and delve into the dynamics of the experience suffered.
– Do not take the outburst of even conflicting emotions personally.
– Do not minimize.
– Do not blame.
– Infuse calmness and patience. People handle and recover to negative experiences at different rates.
From a personal point of view, Should I report if I have experienced Online Identity Theft?
The choice of whether to report this type of crime is up to the victim. Certainly, reporting online identity theft to the authorities allows the victim to begin to accept the negative experience he or she has gone through – neither to minimize it nor to deny it as might happen – , to bring the problem to the forefront of society as well, and to try to solve a situation that has caused material and/or immaterial damage.
What kind of psycho-social organization can I find if I am a victim of Online Identity Theft?
Currently, there are no organizations that focus on this specific type of victim, but many offer generic assistance to all victims including those related to the digital crime regardless of type. There are many generic victim organizations throughout the European Union that provide psychological, legal, and sometimes financial assistance. They may also provide help online, through text or video chat platforms.
At the same time, psychosocial support can also come from personal network (family members, friends, acquaintances) who can listen, understand and support even at the complaint stage and/or from a professional network of psychotherapists whose can help in the most complex and sensitive cases to process emotions.
How can I identify if an audio recording is genuine or fake?
It mainly depends on the generative artificial intelligence used to generate the audio deepfake. We must closely listen to the audio and try to identify possible artifacts such as robotic voice, unnatural changes in the prosodic, pauses, breathings, tones or other sounds artifacts, noise background, etc. It is also easier to detect these artifacts in long audios as it is most probable the algorithm generates them. The last advances in audio generation makes more difficult to identify fake samples from the public, so in case of doubt it could be useful to rely on second opinions by automatic audio deepfake detection algorithms designed to detect the most common types of deepfakes.
Which are the common attacks malicious users can use to spoof a person voice against an automatic speaker verification system?
The attacks are commonly classified as impersonation attacks (a user tries to emulate another voice), logical attacks (created by using text-to-speech synthesis or voice conversion algorithms) and physical attacks (replaying a recording voice from a person). In addition, we can also include adversarial attacks, where the objective is to fool the system by adding perturbations in the input audio that deceive the correct verification by the system.
What are the differences between speech synthesis and voice conversion audio deepfake generation algorithms?
Speech synthesis algorithms (also known as text-to-speech) takes as input text and, using the voice from a target person, creates a synthetic audio signal with the voice of that person saying the text content. On the other hand, voice conversion approaches take as input a source voice from another person and change the voice to that of a target person without modifying the original linguistic content.
How many audios are needed from a person to replicate its voice using audio generative artificial intelligences?
The quality of the artificial voice generated for a target person is directly related to the amount and quality of the audio speech samples available from that person, that must be ideally recorded in good quality conditions with clean background and includes variety in the linguistic content. Thus, commercial voices used for companies should be created using at least about 20-30 hours of voice to train the generative AI and produce high-quality synthetic voices. Recent advances on audio deepfakes are producing novel systems which are trained on a large amount of audio samples from different people, languaqges, conditions, etc. These systems can create audio deepfakes using few seconds from the target voice, from 6 to 12 seconds, with a good enough quality. Although most quantity and variety still produce better voices, these novel systems are reducing the gap in the creation of realistic synthetic voices.
What are the main differences between the Deep and the Dark Web?
The Deep Web includes the different web content that it is not indexed by common search engines like Google, Bing, Yahoo, etc, commonly known as “surface web”. For example, private content in the cloud like Dropbox, private corporate networks. On the other hand, the Dark Web is indeed part of the Deep Web, but it is used for keeping internet activity anonymous and private, being helpful in both legal and illegal activities. The access to the Dark Web requires the use of specialized web browsers such as Tor.
