Identity fraud
Identity fraud is the use of someone else's personal information such as their name, address, date of birth or financial details without their permission, usually to commit a crime or obtain goods, services or credit fraudulently.
Examples of identity fraud include:
- Opening bank accounts or applying for loans and finance agreements in someone else’s name.
- Taking over existing accounts by impersonating the account holder.
- Using stolen ID documents (like passports or driving licences).
- Claiming benefits or healthcare using another person's details.
- The emergence of Synthetic ID Fraud. Creating a new, fake identity by combining real and fabricated information (e.g. a real social security number with a fake name).
Identity fraud can be committed using data stolen through phishing, data breaches, physical theft or social engineering. It often leads to long-term financial and reputational damage for the victim, and is commonly a gateway to other types of fraud such as authorised push payment ("APP") scams.
Social engineering
Social engineering relies on deception and manipulation to bypass security measures, rather than relying on technical vulnerabilities. Attackers often impersonate trusted entities or create scenarios that pressure victims into making hasty decisions.
Encouraging a consumer to visit a malicious website through email or by visiting fake/malicious websites with the sole intention of fraudulently obtaining their personal (often secure) data.
Attempt to manipulate a consumer into divulging their personal (often secure) data by sending a text message pretending to be from a bona fide source. Links in messages lead to malicious web sites.
Voice phishing: Manipulation of the consumer over the phone or face to face with a view to obtaining personal (often secure) information that can be used to commit fraud.
Encouraging consumers to visit malicious sites after scanning QR codes.
Encouraging a consumer to visit malicious sites by offering a tempting lure (like a free download or gift). This tricks users into revealing information or installing malware.
This is where a fraudster creates a fabricated scenario and assumes a false identity with the purpose of gaining sensitive information or access to systems.