Close
Cyber Security Awareness Month – Week Four (Part Two)
By Daniela Cooper, on 29 October 2024
Here is Part Two of Week Four’s content for Cyber Security Awareness Month, this is the very last one for this year! This short security related story is all about Preventing identity theft. If you haven’t already entered the Week Four (and Week One, Week Two and Week Three) quizzes to win a £25 Amazon voucher, see the details on how to enter at the bottom of the post.
Preventing identity theft
How to steal an identity
It’s as easy as…
Most of the data needed to steal a person’s identity can be found online. Data can be bought (illegally) from the dark web, or found using free online tools and publicly available information.
Armed with a full set of personal details, a criminal is able to:
- Purchase products or services using the details of the victim.
- Apply for credit cards using the details of the victim.
- Create false identity documents for use in further criminal offences, such as employment fraud, benefit fraud and mortgage fraud.
- Access or open bank accounts to steal money directly or to commit money laundering offences.
Social media
Personal accounts
Social media profiles are an important part of our personal and professional identities (and an important part of staying up till 3am watching YouTube videos).
Unfortunately, criminals also use social media to ‘fill in the gaps’ when researching victims. They look for full names, dates of birth, addresses, education histories, pet names and family members.
This doesn’t mean we shouldn’t use social media. It just means we need to keep a few things in mind. Things like:
- Are you uploading photos to social media?
- Do they contain sensitive information (like details of debit cards or flight tickets)?
- Have you geotagged yourself?
- Geotagging doesn’t just let people know where you are – it lets them know where you’re not!
Professional accounts
Information posted to professional social media accounts can be used by criminals to orchestrate social engineering attacks. Before posting, consider if and how your post might be used by a criminal, either in isolation or when combined with other information.
Pro Tip
Use Google’s Manage your reputation tool to see exactly what personal information is publicly available and remove any unwanted content or associated search results.
Mobile phones
SIM swapping
Mobile phones are often used by companies as a means of authentication. You’ll be sent a code by text message as part of the login process. You need to enter the code along with your username and password to authenticate your login.
Because mobile phones are being used more and more frequently for authentication, they’re now being targeted by criminals in a process known as SIM swapping.
How’s it done?
SIM swapping sees criminals gain access to your phone by requesting a new SIM card from your network provider.
This is how:
- First, criminals contact your phone company pretending to be you.
- Next, they answer a series of security questions. If successful, they amend your address.
- Then, they request a new SIM card.
- Finally, they activate the new SIM card. Your SIM stops working and all phone calls and text messages are diverted to the criminal.
Once a criminal has access to your mobile phone, they can use it to reset passwords, log in to accounts and treat it as a means of verification when contacting companies.
Pro Tip
Protect yourself from SIM swapping by contacting your network provider and setting a password on your account. In the future, they’ll ask you for your password instead of security questions.
Bulletproof your identity
Know the signs!
The following may indicate theft:
- Unauthorised transactions made from your bank account.
- Letters or emails about products or services you do not recognise.
- Letters or emails failing to arrive.
- Phone calls and text messages suddenly cease.
- Goods delivered without being ordered.
- Credit or debit cards being declined, or refusal for credit related services.
Act fast!
If you think you are a victim of identity theft, take immediate action. Criminals will act quickly to exploit your details for maximum gain; you need to act quicker.
- If you notice unauthorised transactions or a credit/debit card is declined, contact your bank or card provider.
- If phone calls or text messages suddenly cease, contact your network provider.
- If you receive letters, emails or goods you weren’t expecting; or letters, emails or goods you were expecting fail to arrive, contact the company or provider concerned.
Long-term protection
Sign up to free credit-scoring services
Before committing identity related offences, it’s common for criminals to open free credit scoring services using their victim’s details and an illicit email address. This allows criminals to monitor their victim and know when a new credit service has been granted.
By signing up to a service first, you prevent criminals from opening shadow accounts in your name. Signing up also allows you to monitor your credit history and check for suspicious spending. In the UK, consider Equifax, Experian, and TransUnion.
Register to vote at your current address
Doing so prevents criminals from registering your details at their address so they can redirect and intercept your mail.
Remove yourself from the open voters register
Next time you vote, be sure to tick the box requesting your information be removed from the public electoral register.
Secure your mail
All the information needed to commit identity theft lies in a single bank statement. So, stealing mail is a highly effective way of committing identity theft.
Make sure your mail is secure. Shred any documents containing personal details before disposing of them.
Consider protective registration
Protective registration is a service offered in the UK by CIFAS, a non-profit fraud prevention organisation. Protective registration places a marker next to your name and personal details in the secure National Fraud Database. Companies signed up to the database take extra steps to protect details, making it harder for criminals to apply for products and services in your name.
The one downside to protective registration is it can take longer to gain approval for credit. The service costs £25 and lasts for 2 years.
Summary
1. Identity theft is the most prevalent form of cybercrime. Be vigilant. Regularly check bank statements and free credit scoring accounts.
2. Review security settings on your social media accounts. Be mindful of what you post. The internet never forgets.
3. Call your network provider and secure your mobile phone account with a password.
Week Four Quiz
For the chance to win a £25 Amazon voucher answer the following question:
Q: What are the 3 steps needed to protect your devices?
Hint: The answer can be found in the Week Four (Part One) blog post – see below.
Please send your answers to ISG via https://myservices.ucl.ac.uk/self-service/requests/new/provide_description?from=wizard&service_id=1296&service_instance_id=3679&support_domain=myservices-isg – use the subject line Cyber Security Awareness Month Quiz Entry – Week Four.
If you haven’t entered the Week One quiz yet, you can find that here: https://blogs.ucl.ac.uk/infosec/2024/10/03/cyber-security-awareness-month-week-one-part-1/
If you haven’t entered the Week Two quiz yet, you can find that here: https://blogs.ucl.ac.uk/infosec/2024/10/10/cyber-security-awareness-month-week-two-part-one/
If you haven’t entered the Week Three quiz yet, you can find that here: https://blogs.ucl.ac.uk/infosec/2024/10/18/cyber-security-awareness-month-week-three-part-one/
Cyber Security Awareness Month – Week Four (Part One)
If you haven’t already read Week Four (Part One), you can find that here: https://blogs.ucl.ac.uk/infosec/2024/10/29/cyber-security-awareness-month-week-four-part-one/
