Scenario #12
THE IDENTITY THEFT
Personal Data Compromise
The credit monitoring app notification stops you mid-sip of your morning coffee: "ALERT: New credit card opened in your name."
Minutes later, your bank calls about suspicious activity. By the time you finish that call, you've received an email from a crypto exchange you use: "Password reset successful."
IDENTITY STATUS: COMPROMISED
Over the next hour, the situation rapidly deteriorates. Your personal information has been thoroughly compromised. Someone has:
- Obtained your social security number, date of birth, and address history
- Accessed your credit report and opened multiple financial accounts
- Changed the email recovery addresses on several of your accounts
- Gathered enough personal information to pass basic security questions
- Contacted customer support at various services claiming to be you
- Attempted to reset passwords across your digital footprint
- Specifically targeted accounts related to cryptocurrency
Your Situation
You frantically begin damage assessment:
- Your primary email shows login attempts from unknown locations
- One of your crypto exchanges reports successful password changes
- Your phone has notification spam, seemingly to distract you from critical alerts
- Account recovery processes have been initiated for your wallet software
- Customer service at your bank reports someone called earlier authenticating as you
- Your social media accounts show evidence of scraping for personal information
- A crypto transaction you didn't authorize is pending approval
Immediate Assessment
Security Challenge: Identity Firewall
- How have you separated your identity from your crypto access?
- What authentication methods remain secure when personal data is compromised?
- How compartmentalized are your financial systems from your identity?
- What security measures don't rely on personal identification?
- How quickly can you revoke and replace compromised credentials?
Complications
As you respond to the identity breach:
- The attackers have enough information to convince some support staff they are you
- Your phone carrier reports an attempt to transfer your phone number
- Recovery emails are going to potentially compromised email accounts
- Some services require 24-48 hours for security freezes to take effect
- The attackers seem to be prioritizing cryptocurrency-related accounts
- Traditional financial institutions have fraud protection, but your crypto does not
Your Mission
Protect your cryptocurrency holdings from an attacker who has comprehensive access to your personal identification information. You must prevent unauthorized access while establishing a new secure identity perimeter.
How effectively have you separated your true identity from your crypto security?
Your phone rings. It's another financial institution calling to verify a change request. "We received your call earlier asking to update your contact information and security questions," the representative explains. "I'm calling to confirm these changes."
You realize you made no such call.
ATTACK STATUS: Ongoing Identity Impersonation
How will your crypto security withstand an attacker who can convincingly claim to be you?