Identity theft is the use of someone's personal information to perform an unauthorized action. Malicious actors can launch a variety of attacks against insecure networks and systems in order to steal sensitive data such as personally identifiable information (PII). Identify theft can occur when sensitive information such as credit card information or PII, such as name and Social Security numbers, are compromised.
Hackers steal information such as credit cards and banking information through many methods. Hackers can use social engineering techniques, ransomware, and targeted phishing attacks to collect data. In other cases, they set up "evil twin" websites—sites that look familiar, but are actually redirects from common user typographical errors (i.e., CaptolOne instead of CapitalOne). Unsuspecting users enter passwords and banking information, which is collected and stored. Hackers can also target companies and organizations to collect data on employees and customers.
Stolen information can be used in many ways. Hackers have become smarter and more organized. Criminal enterprises across the globe set up data shares where information is sold to the highest bidder. There are sites that act as black markets for this type of data.
Identity theft is a common form of cybercrime committed by both individuals and organizations. It is important for users and enterprises to be aware of the issue to take better steps to be protected. User awareness is key. However, users of home and enterprise networks also need to employ various defense-in-depth strategies to be better protected.