6.3 Best Practices to Prevent Identity Theft | Impacts Of Computing | Computer Science 12

What is Identity Theft?

Identity theft is a crime in which an attacker illegally obtains and uses another person's personal data — such as CNIC number, passwords, credit card numbers, or bank account details — for fraudulent purposes such as financial gain, impersonation, or accessing restricted services.

Common Types of Personal Data Targeted

Data Type	Examples
Financial	Credit/debit card numbers, bank account details
Identity	CNIC, passport number, date of birth
Credentials	Usernames, passwords, PINs
Contact	Email address, phone number, home address

How Identity Theft Happens

1. Phishing

Phishing is a social engineering technique where attackers send deceptive emails or create fake websites that mimic legitimate organisations (banks, government portals) to trick users into entering their personal information.

Example: You receive an email claiming to be from your bank saying "Your account will be suspended — click here to verify." The link leads to a fake site that captures your login credentials.

Red flags of phishing:

Urgent or threatening language
Misspelled domain names (e.g., paypa1.com)
Requests for passwords or OTPs via email
Generic greetings like "Dear Customer"

2. Dumpster Diving

Attackers physically search through discarded documents (bank statements, utility bills, medical records) to find personal information.

3. Data Breaches

Hackers compromise databases of companies or services, exposing millions of users' personal records at once.

4. Shoulder Surfing

Observing someone entering a PIN or password in a public place.

5. Malware & Keyloggers

Malicious software installed on a device records keystrokes or captures screenshots to steal credentials.

Best Practices to Prevent Identity Theft

1. Strong Password Management

Use complex, unique passwords for every account (mix of uppercase, lowercase, numbers, symbols).
Never use Personally Identifiable Information (PII) like your name or birthday in passwords.
Use a reputable Password Manager (e.g., Bitwarden, LastPass) to generate and store passwords securely.
Change passwords regularly, especially after a suspected breach.

2. Enable Multi-Factor Authentication (MFA)

MFA requires users to verify identity through two or more factors:

Something you know — password or PIN
Something you have — OTP sent to phone, hardware token
Something you are — fingerprint, face scan (biometrics)

Trade-off: MFA significantly increases security but reduces usability by adding extra steps to the login process. This is a classic usability vs. security trade-off.

3. Use Encryption

Encryption converts data into a coded format (ciphertext) that is unreadable to unauthorised users. Even if data is intercepted, it cannot be understood without the decryption key.

Always use websites with HTTPS (indicated by a padlock icon in the browser). HTTPS uses SSL/TLS to encrypt data in transit between your browser and the server.
Avoid entering sensitive information on HTTP sites.

4. Secure Disposal of Physical Documents

Shred all documents containing personal information (bank statements, medical records, utility bills) before disposal.
Simply throwing documents in the trash enables dumpster diving attacks.

5. Monitor Financial Accounts Regularly

Check bank and credit card statements frequently for unfamiliar transactions.
Set up transaction alerts via SMS or email.
Unexplained charges are a primary indicator that your financial identity has been stolen.

6. Be Cautious on Public Wi-Fi

Avoid accessing sensitive accounts (banking, email) on public Wi-Fi networks.
If necessary, use a VPN (Virtual Private Network) to encrypt your connection.

7. Keep Software Updated

Regularly update operating systems, browsers, and applications to patch security vulnerabilities that attackers exploit.

Avoid oversharing on social media (birthdate, phone number, home address).
Review privacy settings on all platforms.
Be sceptical of online forms or apps requesting excessive personal data.

Usability vs. Security Trade-off

Many identity theft prevention measures introduce friction into the user experience:

Security Measure	Security Gain	Usability Cost
MFA	High	Extra login steps
Complex passwords	High	Harder to remember
Password Manager	High	Initial setup effort
HTTPS enforcement	High	Minimal
Regular monitoring	Medium	Time investment

Organisations and individuals must balance efficiency, cost, privacy, and ethics when choosing cybersecurity measures. A highly secure system that users find too cumbersome may lead to workarounds that reduce overall security.

Signs Your Identity May Have Been Stolen

Unfamiliar transactions on bank or credit card statements
Receiving bills or collection notices for accounts you did not open
Being denied credit unexpectedly
Unfamiliar accounts appearing in your name
Receiving OTPs or password reset emails you did not request

What is Identity Theft?

Common Types of Personal Data Targeted

Data Type	Examples
Financial	Credit/debit card numbers, bank account details
Identity	CNIC, passport number, date of birth
Credentials	Usernames, passwords, PINs
Contact	Email address, phone number, home address

How Identity Theft Happens

1. Phishing

Example: You receive an email claiming to be from your bank saying "Your account will be suspended — click here to verify." The link leads to a fake site that captures your login credentials.

Red flags of phishing:

Urgent or threatening language
Misspelled domain names (e.g., paypa1.com)
Requests for passwords or OTPs via email
Generic greetings like "Dear Customer"

2. Dumpster Diving

Attackers physically search through discarded documents (bank statements, utility bills, medical records) to find personal information.

3. Data Breaches

Hackers compromise databases of companies or services, exposing millions of users' personal records at once.

4. Shoulder Surfing

Observing someone entering a PIN or password in a public place.

5. Malware & Keyloggers

Malicious software installed on a device records keystrokes or captures screenshots to steal credentials.

Best Practices to Prevent Identity Theft

1. Strong Password Management

Use complex, unique passwords for every account (mix of uppercase, lowercase, numbers, symbols).
Never use Personally Identifiable Information (PII) like your name or birthday in passwords.
Use a reputable Password Manager (e.g., Bitwarden, LastPass) to generate and store passwords securely.
Change passwords regularly, especially after a suspected breach.

2. Enable Multi-Factor Authentication (MFA)

MFA requires users to verify identity through two or more factors:

Something you know — password or PIN
Something you have — OTP sent to phone, hardware token
Something you are — fingerprint, face scan (biometrics)

Trade-off: MFA significantly increases security but reduces usability by adding extra steps to the login process. This is a classic usability vs. security trade-off.

3. Use Encryption

Encryption converts data into a coded format (ciphertext) that is unreadable to unauthorised users. Even if data is intercepted, it cannot be understood without the decryption key.

Always use websites with HTTPS (indicated by a padlock icon in the browser). HTTPS uses SSL/TLS to encrypt data in transit between your browser and the server.
Avoid entering sensitive information on HTTP sites.

4. Secure Disposal of Physical Documents

Shred all documents containing personal information (bank statements, medical records, utility bills) before disposal.
Simply throwing documents in the trash enables dumpster diving attacks.

5. Monitor Financial Accounts Regularly

Check bank and credit card statements frequently for unfamiliar transactions.
Set up transaction alerts via SMS or email.
Unexplained charges are a primary indicator that your financial identity has been stolen.

6. Be Cautious on Public Wi-Fi

Avoid accessing sensitive accounts (banking, email) on public Wi-Fi networks.
If necessary, use a VPN (Virtual Private Network) to encrypt your connection.

7. Keep Software Updated

Regularly update operating systems, browsers, and applications to patch security vulnerabilities that attackers exploit.

Avoid oversharing on social media (birthdate, phone number, home address).
Review privacy settings on all platforms.
Be sceptical of online forms or apps requesting excessive personal data.

Usability vs. Security Trade-off

Many identity theft prevention measures introduce friction into the user experience:

Security Measure	Security Gain	Usability Cost
MFA	High	Extra login steps
Complex passwords	High	Harder to remember
Password Manager	High	Initial setup effort
HTTPS enforcement	High	Minimal
Regular monitoring	Medium	Time investment

Signs Your Identity May Have Been Stolen

Unfamiliar transactions on bank or credit card statements
Receiving bills or collection notices for accounts you did not open
Being denied credit unexpectedly
Unfamiliar accounts appearing in your name
Receiving OTPs or password reset emails you did not request