Assessing and Managing the Risks of Online Identity Theft
Jillian Samchao, Odyson Santos, Jireh Sinsano, Mark Christian Suba | BSCE 3-1 | Engineering Utilities 1
College of Engineering, Isabela State University – Campus, Echague, Isabela
ABSTRACT – The increased dependence on the
internet creates vulnerabilities and security hazards
for individuals engaging in e-commerce, businesses
and other transactions over the Web. Users are
much more vulnerable to hackers and social
engineering attacks because the majority of people
now sign up for accounts with personal information
for online transactions. This usually includes credit
card/debit card numbers, phone numbers, home
addresses, and even birth dates on company
websites. All of these security flaws increase the
risk of identity theft. The objective of this paper is
to provide risk assessment for internet users in order
to protect personal information and be aware of the
different online frauds in order to prevent identity
theft.
I. INTRODUCTION
Identity theft has been described as the
newest form of theft. Using only a name and
personal information of the victim, an identity thief
can steal money, acquire credit, obtain employment,
or even attain a criminal record (Lutkevich, 2021).
Almost everyone has a social media account, but
sharing too much personal information can
endanger a user. People will use a person's personal
information or photos from their social media
accounts to harm them. When someone uses
personal information and photographs on social
media to create fake profiles that can be used to
deceive others, this is referred to as "social media
identity theft." Social media identity theft can gain
access to people's lives by using public profiles on
sites such as Facebook, Twitter, Instagram, and
other social media platforms. (Ben-Joseph, 2018)
Online identity thieves imitate someone for
a variety of reasons using the information accessible
to them. They may wish to harass or slander
someone, disseminate a message or a belief through
a large number of accounts, swindle someone's
friends for monetary gain, obtain personal
information in order to obtain credit or loans
illegally, or use someone's identification to create a
false identity for someone else.
Victims are frequently unaware that they are
being victimized. Collection agency calls and loan
denials are frequently the first signs of trouble.
Victims of identity theft must deal with the
frustration of having their privacy invaded, their
financial well-being jeopardized, and an astonishing
lack of resources to turn to for help (Federal Trade
Commission, 2013).
Thieves can create believable social media
accounts in someone name using a variety of
methods.   Some thieves may take the easy method
and grab someone photo from the internet, then add
whatever personal photos or information they
found. Scammers can make a fake social media
account look realistic enough to fool even someone
closest friends and family members by adding these
features.
The more personal information these
scammers can gather about someone online, the
more realistic the fake social media accounts they
make would be. Scammers, for example, may
simply discover where someone attended high
school and when you graduated. Others may use
malicious email to deceive people into providing
their personal information. These cybercriminals
may send user an email posing as one of their
friends. Scammers can then use this data to create a
believable social media profile in one’s name.
From 2013 to 2015, over 1,200 cybercrimes
were reported to the Philippine National Police
Page 1 of 6
Anti-Cybercrime Group (PNP ACG). Of these, 127
(or around 10%) were complaints about cyber
identity theft. Cyber identity theft happens when a
victim’s personal information is collected and used
for malicious purposes online, such as fraud.
Culprits acquire details about a potential victim to
gain access to their online accounts by posing as
them. Online identities are compromised once
cybercriminals get their full names, addresses,
birthdates, and so on, as these can be sold on the
Dark Web. Fraud is one of the most frequently
committed crimes using stolen identities. Scammers
and fraudsters may take pieces of an actual person
and pose as them, or create a different identity
altogether.
This paper investigates risk assessment for
user security. It will help the user to be careful of
what they share. There are things users can do to
help protect themselves from these identity thieves.
Users should be cautious about the personal
information they share online, manage their social
media privacy settings, and report any fake social
media accounts they come across.
II. OBJECTIVES
The objective of this study is simply to
provide a risk assessment that will help every
people in making their social media or business
accounts safe and secured, and in this way, they will
not experience Identity theft. The risk assessment
aims to help them evaluate if their personal
information in their accounts is safe, and it will also
provide them tips for them to learn how to be
careful in sharing their personal information so that
they can be able to protect themselves from online
identity thieves. The goal of the paper is to:
1. Examine the methods that cybercriminals use to
steal identities online.
2. Provide the necessary security measures to
protect users from online identity theft.
III. STATEMENT OF THE PROBLEM
The internet has opened up a world of
instant access to information, entertainment, and
other services. However, everyone is at risk of
having their personal information stolen by online
identity thieves because of this online portal.
Despite the increase in identity theft crimes, users
must be cautious about what they share on their
personal accounts to prevent being victimized.
IV. METHODOLOGY
The data in this academic paper is obtained
through conducting analysis of informative
resources such as various research and statistical
data from available and previous reliable sources
from 10 years ago. This discussion will, therefore,
encompass the theoretical concepts that further
provide information about the methods selection
and application. It may also help readers to be
aware and be alert if they encounter this Identity
theft issue.
V. RESULTS AND DISCUSSION
Figure 1.0 Identity Theft Report by Age
The graph above shows the data of those
people whom experienced Identity theft, it is
classify by their age, where under the age 19 below
there are 23,651 cases, in 20-29 there 190,916
cases, 30-39 there are 306,090, 40-49 there are
302,678, 50-59 there are 244,183, 60-69 there are
123,112 cases, 70-79 there are 39,009 and lastly 80
and above there are 9915 cases. Whereas the
highest rate of identity theft reports are in between
ages 30-59 years old. In these ages some of people
Page 2 of 6
can easily be a victim because they are not aware of
it, they are most likely the people whom opening
some unprotected link where their identity can be
record.
Methods that cybercriminals use to steal
identities online.
Phishing – Phishing emails are frequently
used by scammers to trick victims into providing
personal or financial information. Phishing emails
can be deceptive because they may appear to come
from a known or trusted company, such as a bank or
an online retailer, and use a variety of tactics to
persuade the victim to click a link or open an
attachment. (Federal Trade Commission, 2019).
Smishing – Scammers may also target
victims via text message, which is known as
smishing. Criminals may impersonate trusted
organizations or even friends in order to trick
victims into disclosing personal information, similar
to phishing attacks. Smishing may be on the rise as
people increasingly prefer text messages to phone
calls and emails. (Kaspersky, 2020).
Vishing – Phone calls, also known as voice
phishing or vishing, can be used by fraudsters to
target potential victims. Phone scammers may use
promises, such as the offer of a prize, or threats,
such as the risk of not receiving a tax refund, to
entice victims to provide personal information.
Spoofing is also used by scammers to send false
information to a caller ID. A spoofed call appears to
be coming from a local number or a trusted
organization, but it could be coming from anywhere
in the world. (Panda Security, 2021).
Fake Websites – Fake websites frequently
appear to be legitimate and trustworthy in order to
entice people to provide personal information.
Some online shopping scams employ a phony
website or mobile app that resembles a well-known
retailer, complete with a familiar logo and a similar
URL. Purchases made on these fraudulent sites are
unlikely to be delivered, and scammers may seed
the website with malware that infects the victim's
device and steals personal or financial information.
(Johansen, 2019).
Impersonation Scams or Confidence
Fraud – Confidence fraud occurs when a criminal
deceives a victim into believing they have a trusted
relationship with the criminal—as a family member,
friend, or romantic interest—in order to persuade
the victim to send money, provide information,
make purchases, or even launder money. IRS
impersonation scams are one method by which
thieves obtain taxpayer information. Scammers call
their victims and pretend to be from the IRS, or they
send fraudulent emails that appear to be official
communications (EquiFax, 2022).
Data Breaches – A data breach is defined as
the intentional or unintentional release or theft of
information, whether as a result of a cyberattack or
simply the improper disposal of physical
documents. If a person receives notification of a
breach, their financial or personal information may
have been compromised. The theft of usernames
and passwords as a result of data breaches may also
fuel credential stuffing attacks, in which criminals
use stolen username and password combinations to
gain access to other accounts (Seh, et al., 2020).
Public Wi-Fi and USB Charging Stations
– Many public Wi-Fi networks are vulnerable to
threats from hackers, making it possible for thieves
to eavesdrop on users’ private information.
Scammers may also employ a USB charging scam,
called juice jacking, in which malware infects the
user’s device when connected to an airport USB
charging station or hotel USB port (Chugh, 2020).
Regardless of how a thief obtains the
victim’s Personal information, once cybercriminals
have the information, they may use it to commit
Page 3 of 6
fraud. This could include draining bank
accounts and racking up credit card charges, getting
medical treatment using the victim’s health
insurance, stealing their tax refund, or selling the
information to other criminals.
In some extreme cases, a thief might even
give the victim’s name during an arrest and prompt
a false criminal record. Identity theft victims may
be unaware of the crimes until there is already
substantial damage to their financial assets, credit,
and reputation.
Security measures to protect users from online
identity theft.
Put credit on hold. – In the event of a
suspicion, a victim should contact their respective
banks immediately to place a hold on their bank
accounts. If someone's credit report is on hold, no
one can look at it or request it. As a result, no one
can open a new account, apply for a loan, or receive
a new credit card while their personal credit is
frozen. Credit freezes are completely free of charge
and have no impact on the victim's credit score.
Parents should seriously consider freezing
their children’s credit files. A 2021 study by Javelin
Strategy & Research found that child identity fraud
costs U.S. families nearly $1 billion annually.
About 1 in 50 U.S. children were victims of ID
fraud, and 1 in 45 had personal information that was
exposed in a data breach. This can cost the average
family more than $1,000.
Collect mail on a daily basis – Identity thieves can
steal someone's identity in a variety of ways, some
of which are extremely low-tech. They can easily
remove bank or credit card statements, utility bills,
health-care or tax documents, or pre-approved
credit card offers from someone's mailbox. Keep
track of any mail that is expected but does not
arrive, as thieves can redirect one's mail by
submitting change-of-address requests in their
name. (Hampshire, 2021). 
Review credit card and bank statements
regularly – It's important to examine personal
credit card and bank records on a frequent basis
because someone with your credit card number or
bank account information might try to make modest
transactions to see whether they can get away with
it. These transactions can easily sneak between the
cracks without one's knowledge or the knowledge
of one banking institution. Know the statement
cycles, and if users don't receive statements on time,
contact the credit card companies and banking
institutions. Credit card fraud is the most
widespread sort of identity theft. (White, 2021)
Create different passwords for each of the
accounts – A secure password is one that is long,
difficult to guess, and one-of-a-kind. Make a unique
password for each account. Personal identification
information, such as the last four digits of a Social
Security number, a birthday, initials, or parts of a
name, should be used with caution.
Passwords provide the first line of defense
against unauthorized access to your computer and
personal information. The stronger the password,
the more protected the individual’s computer will
be from hackers and malicious software. Internet
users should maintain strong passwords for all
accounts on your computer (University of Ottawa,
2022).
Anti-Spyware and Anti-Hacker
Protection – Antivirus Software is a data security
utility which is installed in a computer system with
a purpose of protection from viruses, spyware,
malware, rootkits, Trojans, phishing attacks, spam
attack, and other online cyber threats. In addition, it
detects or recognizes the virus, and then after
detecting the presence of the virus, it works on
removing it from the computer system. Antivirus
Page 4 of 6
software works as a prophylactic so that it not only
eliminates a virus but also prevents any potential
virus from infecting your computer in the future
(Gupta, 2021).

VI. CONCLUSION AND RECOMMENDATION

As a rapidly growing social issue, online
identity theft is a major crime that is threatening
individuals and organizations worldwide,
necessitating an understanding of relevant issues
and a focus on information security in order to find
constructive solutions and overcome the problem.
Thieves, fraudsters, and criminals use various
methods to obtain personal information.

Furthermore, the introduction of new

technologies and people's lack of knowledge about
how to protect their personal information are
motivating fraudsters. As a result, increasing
people's awareness of how to protect themselves in
online networks through media education is critical.
As a result, it is critical to have effective
strategies, policies, and actions in place to protect
them from mass identity theft. Strong defensive
strategies should incorporate security knowledge,
training, technical control, and an effective
information-handling strategy.

The researchers also recommend a thorough

study on health, social, legal and economic
outcomes of fraud victimization to better understand
the harms acquired by the victims and provide
necessary assistance.

VII. REFERENCES
Ben-Joseph, E. P. (2018, April). kidshealth.org. Retrieved from Cyber Bullying: https://kidshealth.org/en/teens/cyberbullying.html
Chugh, R. (2020, February 5). theconversation.com. Retrieved from Charging your phone using a public USB port? Beware of ‘juice
jacking’: https://theconversation.com/charging-your-phone-using-a-public-usb-port-beware-of-juice-jacking-130947
EquiFax. (2022). www.idwatchdog.com. Retrieved from https://www.idwatchdog.com/11-ways-identity-theft-happens/
Federal Trade Commission. (2013, September). Consumer.ftc.gov. Retrieved from Guide for Assisting Identity Theft Victims:
https://www.consumer.ftc.gov/articles/pdf-0119-guide-assisting-id-theft-victims.pdf
Federal Trade Commission. (2019, May). consumer.ftc.gov. Retrieved from How To Recognize and Avoid Phishing Scams:
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams

Page 5 of 6
Gupta, H. (2021, February 29). Geekflare. Retrieved from What are the Advantages of Using Antivirus Software?:
https://geekflare.com/advantages-using-antivirus/
Hampshire, K. (2021, December 16). www.usnews.com. Retrieved from 10 Ways to Prevent Identity Theft:
https://www.usnews.com/360-reviews/privacy/identity-theft-protection/10-ways-to-prevent-identity-theft
Johansen, A. G. (2019, June 27). us.norton.com. Retrieved from nternet scams: What they are and how to avoid them:
https://us.norton.com/internetsecurity-online-scams-internet-scams.html
Kaspersky. (2020). kaspersky.com. Retrieved from What is Smishing and How to Defend Against it:
https://www.kaspersky.com/resource-center/threats/what-is-smishing-and-how-to-defend-against-it
Lutkevich, B. (2021, September). TechTarget. Retrieved from identity theft:
https://www.techtarget.com/searchsecurity/definition/identity-theft
Panda Security. (2021, Juen 18). pandasecurity.com. Retrieved from What is Vishing? Voice Phishing Scams Explained:
https://www.pandasecurity.com/en/mediacenter/mobile-security/what-is-vishing/
Seh, A., Zarour, M., Alenezi, M., Sarkar, A., Agrawal, A., Kumar, R., & Khan, R. (2020, May 13). www.ncbi.nlm.nih.gov. Retrieved
from Healthcare Data Breaches: Insights and Implications: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7349636/
University of Ottawa. (2022, Janaury 11). uOttawa. Retrieved from Information Technology: https://it.uottawa.ca/security/identity-
authentication-theft#:~:text=Passwords%20provide%20the%20first%20line,all%20accounts%20on%20your%20computer.
White, A. (2021, July 8). Select. Retrieved from 8 common credit card fees and how to avoid them: https://www.cnbc.com/select/how-
to-avoid-common-credit-card-fees/

Page 6 of 6