Online identity theft
Online identity theft occurs when an unauthorized party acquires personal identifying data about someone such as credit card or bank account information through the internet and uses such information to commit fraud or other criminal activities. Factors that promotes online identity theft can be political, economic, social or technological in nature (Hedayati, 2012). Political factors include instability and civil wars that cause massive illegal immigration to other countries where immigrants steal identities in order to secure employment. Economic factors include unemployment and poverty that force people to engage in criminal acts. Social factors include the uninhibited communication within social networks where people share personal identifying information that others can use to commit identity theft. Technological factors include the sprouting of electronic and mobile devices that access the internet.
Fraudulent acts that result from online identity theft span fields such as tax, medical, immigration and finance (Hedayati, 2012). Tax fraud involves filing tax forms to receive the victim’s tax refunds. Medical fraud involves using the victim’s medical information to obtain medical services or insurance payments. Immigration fraud occurs when fraudsters fake passports to gain entry into other countries where they may commit criminal acts such as terrorism. Financial fraud occurs when fraudsters use credit card and bank account information to file for loans, shop online, open new bank accounts and lines of credit, and withdraw the victim’s money.
Most organizations use authentication techniques to prevent online identity theft. These techniques can be token-based, knowledge-based, transaction-based or biometrics-based (Anderson, Durbin & Salinger, 2008). Token-based verification refers to physical objects that users have such as a credit card code. Knowledge-based authentication refers to some information that users possess such as secret questions and addresses. Transaction-based verification tracks the purchase patterns of users or calling users to confirm online purchases. Biometrics refers to the use of certain physical characteristics of users such as unique signatures.
Phishing menace
A common type of online identity theft is phishing. Phishing is the use of “both social engineering and technical subterfuge” to steal sensitive personal information from unsuspecting customers (Manning, 2009). Social engineering techniques use emails claiming to be from legitimate organizations that lead recipients to phony websites designed to deceive them into revealing personal information. Technical subterfuge schemes, however, involve planting malware onto personal computers to steal personal information directly (Kirda & Kruegel, 2005). This software intercepts passwords and s or takes a snapshot of users’ login screens and delivers the information to the fraudster’s server. Cases of phishing have increased rapidly over the years. The latest report by the APWG indicates that phishing incidences have increased by 20 percent, and mainly targets online payment services and currency sites. The second quarter of “2014 recorded the second-highest number ever observed in a quarter since the APWG began its monitoring activity”, with an “average of 42,793 new phishing attacks” detected each month (APWG, 2014). The United States still leads in the number of phishing scams.
Phishing symptoms include misspellings, bad grammar, generic greeting in emails, account closure threats requiring immediate action, money deals requiring little effort, and suspicious links within emails that are unusually longer and contain the ‘@’ symbol (microsoft.com). Prevention methods for phishing comprise firewalls and secure browsers. Firewalls are programs within a network system that screen incoming data for malware and block those from suspicious sources. Some web browsers such as Mozilla and Internet Explorer incorporate anti-phishing plug-ins to monitor users’ sensitive information and prevent them from being delivered to untrusted websites. Other prevention methods include avoiding downloading files from unknown sources and practicing safe email protocol such as avoiding emails concerning money deals or rewards for competitions one did not enter.
The UAE and cyber crime
The rise in cyber-crime worldwide and the severity of its outcomes have forced countries to implement strict cyber laws to curb this trend. Cyber-crime organizations employ IT professionals such as programmers, hackers and technicians (Broadhurst, Grabosky, Alazab & Chon, 2014). A lab study of data conducted by the Kaspersky indicated that financial cyber threats were about 38.8 percent of phishing attacks in the Middle East region in 2013 were from UAE (Emirates247.com, 2014). The UAE has adopted strict cyber-crime laws that accord high penalties for cyber criminals. It enacted the Federal Law number 5, containing 29 articles, in 2012 to combat IT crimes. The articles can be categorized as “IT security, state security and political stability, morality and proper conduct, financial and commercial issues, and miscellaneous” (O’Connel, 2013).
IT security includes deals with hacking, unauthorized changes in websites and distributing viruses among others. State security and political stability articles deal with unauthorized access to government information, online posts that trigger sedition, civil unrest and terrorism. Morality and proper conduct articles handle online pornography, gambling, and prostitution among others. Financial and commercial issues cover forgery of electronic documents, unauthorized access to bank accounts and credit card information, and obtaining online goods fraudulently. Finally, miscellaneous articles cover traditional issues such as blackmail, weapons trading and narcotics trafficking. The Telecommunications Regulatory Authority (TRA) in the UAE coordinates internet surveillance and censorship (Masadeh, n.d.). It makes regular reports to the cabinet on matters arising in the IT sector. In addition, a cyber-police force exists that monitors internet use and screens posts made by users. The police force also has a mandate to seize and destroy equipment used to commit cyber offences. Other penalties for lawbreakers include huge fines, imprisonment and deportation of convicted foreigners.
References
Anderson, K. B., Durbin, E., & Salinger, M. A. (2008). Identity Theft. Journal of Economic Perspectives 22(2): 171-192. Retrieved from http://pubs.aeaweb.org/doi/pdfplus/10.1257/jep.22.2.171
APWG. (2014). Phishing Activity Trends. Quarterly Phishing Activity Trends Report: 1-11. Retrieved from http://docs.apwg.org/reports/apwg_trends_report_q2_2014.pdf
Broadhurst, R., Grabosky, P., Alazab, M., & Chon, S. (2014). Organizations and Cyber Crime: An Analysis of the Nature of Groups Engaged in Cyber Crime. International Journal of Cyber Criminology 8(1): 1-20. Retrieved from http://www.cybercrimejournal.com/broadhurstetalijcc2014vol8issue1.pdf
Emirtes247.com. (2014). Phishing Attacks: UAE a Key Regional Target. http://www.emirates247.com/news/emirates/phishing-attacks-uae-a-key-regional-target-2014-04-06-1.544364
Hedayati, Ali. (2012). An Analysis of Identity Theft: Motives, Related Frauds, Techniques and Prevention. Journal of Law and Conflict Resolution 4(1): 1-12. Retrieved from http://www.academicjournals.org/article/article1379859409_Hedayati.pdf
Kirda, E., & Kruegel, C. (2005). Protecting Users Against Phishing Attacks. The Computer Journal: 1-8. Retrieved from https://www.cs.ucsb.edu/~chris/research/doc/cj06_phish.pdf
Manning, Ronnie. (2009). Phishing Activity Trends. Quarterly Phishing Activity Trends Report: 1-11. Retrieved from http://docs.apwg.org/reports/apwg_report_Q4_2009.pdf
Masadeh, Anwar A. S. (n.d.). Combating Cyber Crimes – Legislative Approach – A Comparative Study (Qatar, UAE, UK). Retrieved from http://www.almeezan.qa/ReferenceFiles.aspx?id=54&type=doc&language=en
Microsoft.com. (n.d.). Email and Web Scams: How to Help Protect Yourself. Retrieved from http://www.microsoft.com/security/online-privacy/phishing-scams.aspx
O’Connel, Nick. (2013). Developments in the UAE Cyber Crimes Law. Retrieved from http://www.tamimi.com/en/magazine/law-update/section-5/may-5/developments-in-the-uae-cyber-crimes-law.html