Sam plans to establish mobile phone service using the personal information he has stolen from his former boss. What type of identity theft is this?

A.
Phishing

B.
True name

C.
Pharming

D.
Account takeover

Explanation:
B: Identity theft refers to a situation where someone obtains key pieces of personal information such as a driver’s license number, bank account number, credentials, or Social
Security number, and then uses that information to impersonate someone else. Typically, identity thieves will use the personal information to obtain credit, merchandise, or services in
the name of the victim. This can result in such things as ruining the victim’s credit rating, generating false criminal records, and issuing arrest warrants for the wrong individuals. Identity
theft is categorized in two ways: true name and account takeover. True name identity theft means the thief uses personal information to open new accounts. The thief might open a
new credit card account, establish mobile phone service like Sam, or open a new checking account in order to obtain blank checks.
A is incorrect because phishing is a type of social engineering attack with the goal of obtaining personal information, credentials, credit card number, or financial data. The attackers
lure, or fish, for sensitive data through various methods. While the goal of phishing is to dupe a victim into handing over his personal information, the goal of identity theft is to use that
personal information for personal or financial gain. An attacker can employ a phishing attack as a means to carry out identity theft.
C is incorrect because pharming is a technical attack that is carried out to trick victims into sending their personal information to an attacker via an illegitimate Web site. The victim
types in a Web address, such as www.nicebank.com, into his browser. The victim’s system sends a request to a poisoned DNS server, which points the victim to a Web site that is
under the attacker’s control. Because the site looks and feels like the requested Web site, the user enters his personal information, which the attacker can then use to commit identity
theft.
D is incorrect because account takeover identity theft means the imposter uses personal information to gain access to the person’s existing accounts, rather than opening a new
account. Typically, the thief will change the mailing address on an account and run up a huge bill before the person, whose identity has been stolen, realizes there is a problem. The
Internet has made it easier for an identity thief to use the information they’ve stolen because transactions can be made without any personal interaction.