Identity theft is a form of information crime in which the user’s identity of a corporate web application or information system is stolen and used to represent the legitimate user of the application in a usage scenario where they are not present. Someone that wants to modify their information in a database that requires credentials to access, for instance, might be tempted to carry out an identity theft on one of the employees that has access to the information system or database that holds the information.
They will do this to steal the passwords and usernames that the user uses and access the system to make the changes to their information. Identity theft is not always about user names and passwords. There are certain scenarios in which the user steals an identity to modify the passwords and reset their access credentials to the information system. The administrators might get deceived by someone with a stolen identity and reset the login details while thinking that it is the actual genuine users of the information system.
In reality, it is an impersonation attempt aimed to gain illegal access to the information. The identity theft of online applications is also used to force the administrators to reset the passwords or provide new passwords for the users of the information systems or web applications and can be used to enable an illegal user to gain entry into the web application where the information that is of interest to them is located. Typically, the identity theft begins with a series of emails to the administrators from an email address that has been cloned and made to look almost similar to what is being used at the organization.
The attacker or thief of the identity will make the email originate from an identity within the organization. The email scanners will be unable to notice anything suspicious about the email messages. In this way, they can trick the information system administrators into resetting their credentials or revealing private and confidential information such as the IP addresses where they can access the information system from when they are not within the corporate network. This information is beneficial for hackers.
A stolen identity can be used in a social engineering attack to gain access into an information system and gives the hacker access to information and applications that they are not authorized to use. The theft of identities on the web has been a common and continuous trend in recent days, with more and more attackers taking advantage of the social nature of the system administrators to gain access into information systems, steal information or carry out transactions, then clear out all the traces of them ever having been in the system. Any traces will get back to the genuine owner of the identity, who will not know what has been done with their identity.