
Online identity theft (OIDT) has evolved significantly in recent years, with criminal methods becoming more complex. What began with phishing attacks has grown into more sophisticated tactics, including the rise of deepfakes. This article explores how identity theft methods have changed over time and the legal responses to these emerging threats.
Phishing and Its Expansion
Phishing, which emerged in the 1990s, involves deceiving users through fake emails, messages, or websites that appear to be from trusted institutions like banks or government agencies. Despite increased awareness and the use of spam filters, phishing remains one of the most common and dangerous data theft techniques due to the continuous evolution of attack methods by cybercriminals.
From Phishing to Malware and Social Engineering
As phishing attacks became widespread, cybercriminals began using more advanced tools, such as malware (e.g., keyloggers and spyware), while social engineering techniques like spear phishing now target specific individuals or organizations. The internet and social media provide perpetrators with rich material to customize their attacks.
The Rise of Deepfakes
The most concerning development is the rise of deepfakes—technology that uses artificial intelligence to create hyper-realistic fake videos, images, and audio recordings. Cybercriminals can use deepfakes to create fake identities or impersonate individuals for fraudulent purposes, blackmail, or defamation, making traditional identity verification methods like facial recognition or voice authentication unreliable.
Legal Responses to Identity Theft
Legal approaches to identity theft have evolved over time:
1. Data Protection Laws: The EU’s General Data Protection Regulation (GDPR) and similar laws in other countries, such as the California Consumer Privacy Act (CCPA), grant citizens more rights over their
personal data and impose stricter obligations on businesses to protect it.
2. Anti-Phishing Laws: The EU Cybersecurity Act and the NIS2 Directive focus on improving cybersecurity measures across the European Union, which indirectly helps in combating phishing by enhancing overall cybersecurity resilience and cooperation among member states. Additionally, international agreements like the Budapest Convention on Cybercrime strengthen cross-border cooperation.
3. Deepfake Legislation: Addressing deepfakes is more challenging due to the rapid pace of technological advancements and the difficulty of detecting them. The EU AI Act aims to regulate the use of artificial intelligence, including deepfakes, to ensure transparency and accountability.
Conclusion
Online identity theft continues to evolve, with deepfakes emerging as the next major threat. Legal responses are attempting to adapt to new technologies and threats, but the rapid development of the internet makes full protection difficult. Cooperation between governments, tech companies, and users remains critical in effectively addressing these risks.
Hellenic Police