Select Page

How are phishing attacks used in identity theft?

CYBSAFE-SebDB Webinar-preblog-221011MS-36

29 November 2018

Nudges webinar homepage banner

Webinar: The new science of security nudges

Increase engagement and improve security behaviors, with this revolutionary new approach.

People are more likely to be a victim of identity theft than any other type of cybercrime… and phishing can be a precursor

In order to steal your identity, criminals need to get hold of your personal information. That’s all it really takes to begin opening bank accounts, applying for credit cards and even obtaining false identity documents in your name.

Cyber criminals use a number of techniques to steal personal information – but among the most common is phishing.


How phishing is used in identity theft

Phishing campaigns can help criminals harvest the information they need to steal multiple identities.

In the most common scenarios, criminals send fraudulent emails to targets purporting to be from a legitimate company, such as your bank or building society. The emails are often rudimentary… but they use psychological concepts to lure you in nonetheless.

The emails might claim criminals are attempting to access your bank account, for example, eliciting panic. And once your emotions take over, criminals offer you a simple resolution:

Click a fraudulent link. Land on a fraudulent website. Verify your name, email address, date of birth, national insurance number and perhaps even a PIN. Do so and you can immediately let go of your worries.

But of course, the entire tale is fabricated. As opposed to securing your account, “verifying” your details actually hands them over to criminals. And, armed with your personal information, criminals can steal your identity.

Phishing in identity theft: a true story

After falling for a phishing scam recently, businessman Jack Todey became a victim of identity theft.

Jack received a fraudulent phishing email that, in his words, “looked absolutely genuine. It came from my bank and said that there had been some unfamiliar activity on my account.”  The email asked Jack to verify his personal details via a fraudulent website… and Jack complied.

“A nightmare began”, Jack recalls. Criminals quickly withdrew £1000 from Jack’s personal account.

Fortunately, Jack spotted the transaction early and contacted his bank. It soon became clear criminals had applied for a credit card in Jack’s name.

Some swift action limited the damage and, while Jack’s credit report now marks him as vulnerable to identity theft, things could have been a great deal worse: Dave Crouse, a fellow victim, reportedly lost $987,000.


Preventing phishing intelligently

To highlight the dangers of phishing, advanced security awareness campaigns typically include some form of simulated phishing attacks. Those who “fail” the simulations are usually redirected back to awareness training but, at CybSafe, we’re venturing beyond the usual.

CybSafe simulated attacks will soon highlight not only which individuals, teams and departments are susceptible to phishing but why they’re susceptible, allowing CISOs and security professionals to address root causes.

Is a particular department, for example, more likely to respond to a request from a manager or from a colleague? Does anger illicit a greater response than curiosity? It’s pioneering technology from the world’s first truly intelligent unified cyber awareness platform.

And, as with all our advancements, the breakthrough further reduces your human cyber risk and ensures your people can spot more attacks and counter threats. It helps make sure your people are your ultimate defence.