Information center – Lietuvos vartotojų institutas

Lt En

Main Information Centre Identity Theft True Stories Interesting Statistics Competition Survey
Comics Publications Events About the project Good practice

Identify | Avoid| Report| Ask| Legal aspekts

Information Centre

This information centre provides information how to identify identity thefts in daily life and in the cyberspace; advice is given how to avoid ID thefts and whom to contact in one or another specific case. Here you will also find answers to frequently asked questions and a brief overview of the legal aspects of identity theft in Lithuania.

Identify

Identity thefts count many centuries of their history – they happened even in the Middle Ages. For example, for a fraudulent use of a seal under the presence of someone else, persons were sentenced to death by burning. Similar practices also existed in Lithuania. Even in those times, the public was aware how important it was to know who was the other party in communication and contracts, whether the other party used his/her own rather than someone else’s name.

Today it is also equally important to know whether our name is not used by somebody else to make contracts, do shopping, carry out any other actions with negative financial, legal, social and other consequences to us.

It should be noted that in fact ID thieves collect information not only about alive but also about dead persons!

Identity thefts in the cyberspace are more complicated. Most importantly, they take place in front of your eyes and you do not even suspect that. Statistically, identity thefts are more often in the cyberspace – they are less risky to ID thieves as it is difficult to trace them; besides, criminal offences are committed without any physical participation, e.g., with criminals sitting comfortably at home.

In daily life, your confidential information can be taken hold of in these traditional ways:

Collected in garbage dumps. Sometimes private companies, state institutions and also consumers themselves do not destroy documents with personal data in a proper manner or destroy them inadequately (documents are ripped manually, reliable document shredders are not used) and, in the worst case, simply throw them away into garbage bins. Persons are even hired in some states to collect such documents. Later such data are used for criminal purposes.

Wallets, letters and any other information with private data get stolen.
Persons can be spied in order to shoulder surf the PIN codes they enter manually.
Personal data are conned out by phone. Criminals pretend they are a survey company, introduce themselves as representatives of banks or any other financial institutions and con out the personal data they need from consumers.

Most prevalent offences committed using modern technologies:

Hacking. Most often fraudsters exploit system passwords, security means and get into the system. It is, in particular, sought to exploit security flaws, wireless and intranet networks without security protection, systems with most security functions disabled [1].

Spyware. It is malicious software which collects and sends personal data to a specific address without the knowledge of the person concerned. Most often the set privacy levels are breached. Personal browsing habits, addresses of frequently visited websites are collected and recorded. Marketing companies spend millions dollars each year in order to have the spending habits of users disclosed. Data on browsing habits are usually sent to advertising companies that deliver commercials to meet such habits in the future [1].

Password phishing.Phishing scams or fake websites try to trick out passwords to log into information systems and other personal data. Such fraud most often targets banking clients as victims – it is sought to find out their passwords to access electronic banking systems or credit card details. The information obtained can later be used for profiteering through criminal activities, for unauthorised access to information systems, money thefts from accounts or online payments for goods using payment cards of other persons. There is also smishing, vishing, scams. This list of scams is not finite and there are other ways and methods highly similar to those discussed [1].

Trojans.Software which appears to be benign but in reality serves other purposes. It destroys or damages computer data or applications. Trojans most often are classified into programs close to worms which spread their copies in computer networks. Another type is remote control programs. These are common programs used by predators for the remote administration of systems. Most dangerous programs get hold of information, send it to third persons, often using even ordinary e-mail or websites [1].

Pharming. Redirecting the traffic of one website to another. It can be done by changing the host’s settings or by taking advantage of the vulnerability in domain name servers (DNS). Compromised DNS servers are referred to as DNS cache poisoning [1].

Malware. Where malware programs are installed in the user’s computer, they collect and send the data necessary on their own. Usually the internet user’s computer gets contaminated when the user visits the websites designated for that purpose. Links redirecting to these websites get to the user together with spam, via messaging programs, etc. Malware can also be distributed together with some free software or applications meant to crack secure paid programs. Some of them watch and log key strokes, more sophisticated ones intercept information that the user enters into online forms or they even modify such data input forms on their own [1].

Replay attack. Attempts to access the computer network in order to transmit the user’s information repeatedly. Where information is encrypted, the same data transmission can be repeated expecting that the server will believe that it is the same consumer. [2].

Spam. Unsolicited e-mails sent in large quantities. For the consumer, they simply mean the letters they are unwilling to see in their inboxes. Most of such e-mails consist of e-mails sent for commercial or advertising purposes, i.e. direct marketing messages. Most precautions need to be taken against malicious e-mails with malware attachments: computer viruses, the so-called internet worms, Trojans, etc. These are often computer programs scanning the memory of a virus infected computer and looking for e-mails to send the virus further to another potential victim. [1].

Skimming. The magnetic strip used in payment or other cards makes it possible to easily record the card holder’s name and programme it for specific functions, however, such data are likewise easily readable. Skimmers are used for this purpose. They are masked (made as small as possible, matching colour) and affixed to ATMs. After using such ATM, the card data and PIN code get siphoned though the ATM itself operates as normally. Similar devices may be also placed in other card payment points. [1].

Many other methods exist worldwide, but all of them function similarly taking advantage of network, system security or technological flaws.

Sources

1. Vaidas Kalpokas, Renata Marcinauskaitė, Tapatybės vagystė elektroninėje erdvėje: technologiniai aspektai ir baudžiamasis teisinis vertinimas, Teisės problemos, 2012, Nr. 3(77)

2. Dr. Darius Štitilis, Marius Laurinaitis, Tapatybė ir identifikavimas: grėsmės elektroninėje erdvėje