Identity theft has emerged as a significant threat within Information Security today. The action of gathering and manipulating personal information for criminal purposes is a disturbing trend that is growing in South Africa.

To date most organizations and individuals have focused their attention on protecting the environment against a variety of threats. And for good reason, writes Christo van Staden, director at Carrick.

Many of these virtual threats, which are designed to take advantage of vulnerabilities within networks and systems, are sophisticated and potentially devastating. The information security market is now more aware of the dangers lurking within data. Effective protection involves a lot more than simply avoiding spam.

Digital communication is being held to ransom by blended threats. This is an umbrella term for a cyber attack based on a multiple-method approach and leveraging off characteristics from viruses, worms and Trojan Horses. It calls for a proactive approach to investing in managed security services, ensuring policy framework application and compliance.

But threats are no longer confined to the desktop or mobile device. The fact that information and communication technology is accessible, affordable and pervasive makes it an ideal mechanism through which criminals can orchestrate their movements.

Take into consideration the issue of phishing, especially as it pertains to online or cellphone banking.  As a practical example, a hacker will persist with efforts to gain entry into sites or acquire personal information of his or her target, and use a number of methods to bypass security. Should their attempts fail, they could use ‘phishing’, a last-ditch, but very effective, means of attack.

One of the more disturbing trends within the security market is that perpetrators are running out of methods to by pass advance security solutions. As a result they are reverting back to the age old tradition of social engineering in the form of phishing attacks.

Findings within the Symantec Internet Security Threat Report covering trends in 2005 showed that phishing activity in the latter half of the year was nine percent higher than the first half.

In the last six months of 2005 Symantec blocked 1.5 billion phishing attempts, representing a 44% increase over the 1.04 billion phishing attempts detected in the first half of the year.

More than a year later we can safely deduce that phishing is on the rise and is, at present, a popular method of social engineering.

The hacker could send an e-mail or SMS a message which would be identical in look and feel of the financial institution. An unsuspecting user would follow instructions and offer up information, under the false impression that this is a bone fide message or contact from his or her bank. Once the information is fed into the ‘website’, returned via e-mail or by SMS, it is lost and free to be used by the hacker at will.

What does the cyber criminal use this information for? In most cases the primary objective of identity theft or identify fraud is to use the information for gain. Perpetrators use details to engage in white collar crime like fraud and espionage, but could also take it a step further and commit offences such as kidnapping and extortion. The size of threat does vary and can be committed by individuals or syndicates.

It is best to adopt a vigilant attitude towards digital communication and social interaction.  In a virtual environment, users must avoid the inclination to provide information at will. Never give out passwords, personal information or details about the infrastructure without first clarifying and checking the request. Do not open unsolicited e-mail or those with attachments that cannot be immediately identified.

This will go a long way in assisting the user to adopt a security-conscious frame of mind, especially with regard to physical and logistic security.