The term online refers to the Internet and what transpires as people interact with websites and the data stored on them. Identity theft refers to a collection of criminal activities in which one or more elements of a victim’s identity is stolen and/or used without his or her permission or for uses he or she did not expect. Online identity theft is identity theft that somehow involves online activities.
Online identity theft can be divided into two categories: identity theft that takes place solely online and identity theft in which the online aspect is simply one component. Identity theft in general can be divided into several categories, including, at one end of the spectrum, a brief spree in which a theft uses a credit card, ranging all the way up to full-blown “true name” theft, in which the thief completely takes over the identity with new accounts, a new address, etc. Online identity theft can fall anywhere in this range.
Then online identity theft takes place completely online, the initial hook may be a spoofed website or a banner ad, for example. The site that the victim ends up on may have one of two goals: either to get the victim to divulge personal information or to get the victim to download malware that will steal personal information, including keyloggers, screenloggers, and session hijackers. Malware can also be programmed for data theft or to reconfigure the victim’s system.
Even though a phishing email may spend a small part of its life cycle in an offline environment on the victim’s computer, it works similarly, using the Internet to arrive in the user’s mailbox and — if the victim cooperates by clicking on the link provided — to accept the personal information or the means of downloading the malware. In addition, new methods of online identity theft continue to develop. For example, worms that target social networking sites and post messages for all one’s friends, may have a spoofed site link hidden in the message, or could, alternatively, have a site link that’s profile will be boosted by a sudden large increase in click-throughs.
Phone calls can be an offline first step in online identity theft. In this case, there is typically a warning that an account is in arrears or has been reconfigured or may have been compromised. The victim is asked to log-in to a particular web address to update information, assert his or her ownership, or secure the account.