Per a recent study released by Javelin Strategy & Research, identity fraud hit a record high in 2016 targeting 15.4 Million U.S. Victims and with hacker/fraudsters netting around $16 billion dollars. Those findings are not so shocking, as breaches from companies, government, and untold individual accounts are becoming an unfortunate norm.
The reason for the increased rate of identity fraud is clear. As we become more and more connected, the more visible and vulnerable we become to those who want to hack our accounts and steal our identities. The surface threat landscape has expanded exponentially with smartphones, wearables, and the Internet of Things. Moreover, those mobile devices, social media applications, laptops & notebooks are not easy to secure. With all the targets available it is a truly a hacker’s world. A Clark School study at the University of Maryland quantified the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average. This means that identities are perpetually at risk.
The means for hackers and fraudsters are varied across the levels of sophistication and depending upon the actors. But identity theft does not have to be rocket science, particularly withal the low hanging fruit available to criminals. Phishing is one preferred way of gaining access to personal data. It usually done by employing a fake website which is designed to look almost like the actual website. The idea of this attack is to trick the user into entering their username and password into the fake login form which serves the purpose of stealing the identity of the victim. Hackers can easily mimic known brand websites, banks, and even people you may know. The old days of foreign emails with crammed with misspellings saying that you have inherited money are mostly by the wayside.
Another growing method of reaping financial gain has been the growing trend of Ransomware. That is used by hackers to hold computers and even entire networks hostage for electronic cash payments. Ransomware has been around for more than a decade, but attacks have exploded in the past few years. Hospitals, businesses, and educational institutions have been seeing a rise in cyber-attacks with ransomware, botnets and malware because of their more distributed and less protected networks. Individuals are also easy targets. Microsoft estimates that by 2020 over 4 billion people will be online, many in remote work environments. That is a large array of targets and digital currencies such as bitcoin make it easier for hackers to extort payments for return of individuals and company’s computer operations.
Another contributing factor in identity threat has been the growing use of social media. Our work histories, friends, locations, and interests are public. It is an avenue to gather information for phishing or placing malware. Personally, I have had my Facebook, LinkedIn and Twitter accounts copied and used by others pretending to be me. Luckily, I caught the fraud early. The fact is that no one is invulnerable if they are on the internet. The Javelin Strategy found that “Social Networkers share their social life in digital platforms (like Facebook, Instagram, Snapchat and other networks, but do very little e- or m-commerce, face the risks associated with having their personal information widely available to fraudsters who can use it to overcome security measures or socially engineer victims. This manifests in a 46 percent higher risk of account takeover fraud.”
E-commerce is another target area where identity theft is quite prevalent. Anytime a digitally connected consumer does a transaction online they have to rely on the retail vendor’s security. Consumers also must rely on the security of their own devices that may be already compromised from malware or a malicious download of an application. Mobile devices and mobile wallets are particularly susceptible to breach and payments made via mobile devices in the US are expected to total $90 billion by 2017 according to Forrester Research. Viruses are becoming more and more difficult to detect and mitigate as it is hard to keep up with the constant discovery of new software vulnerabilities and patches. Also, there are new kinds of spyware being openly shared by hacker’s algorithms that can guess accounts and passwords. Consumers can also be victimized by a rogue employee who steals data and shares it across the Dark Web. Unless you monitor your transactions and banking regularly, it is easy to be an identity theft victim.
Perhaps the coup de grace of both connectivity and vulnerability with be with the evolving Internet of Things (IoT). Estimates vary on the expansiveness of IoT. Intel believes that up to 200 billion IoT devices will need securing by 2020. Cisco and Microsoft have both predicted 50 billion devices will be connected to the Internet by 2020. Market researcher IDC predicts global wearable devices (i.e. smartwatches, electronic fitness trackers) will grow to more than 213.6 million by 2020, adding more breach targets directly to individuals. The number of devices may come down to how sensors are defined in IoT. In any event, there will be a lot of connected devices providing a massive attack surface with a multitude of opportunities for cyber breaching and penetrating accounts in the very near future.
The statistics and accelerated pace of identity theft presents a somber picture. It is arising threat and difficult to prosecute as the bad actors are often hidden in other countries. Frank Abagnale, one of the world's most respected authorities on the subjects of forgery, embezzlement, cybercrime, and secure documents succinctly states the troubling environment. “The police can't protect consumers. People need to be more aware and educated about identity theft. You need to be a little bit wiser, a little bit smarter and there's nothing wrong with being skeptical. We live in a time when if you make it easy for someone to steal from you, someone will.”
There are no complete remedies to identity theft but there are actions that can enable people and companies to help deter the threats. Below is a quick list of what you can to help protect your accounts, privacy, and reputation:
- Use strong passwords. Hackers are quite adept at guessing passwords especially when they have insights into where you lived in the past (street names), birthdays and favorite phrases. Changing your password regularly can also complicate their tasks.
- Maintain a separate computer to do your financial transactions and use it for nothing else. Also, if you are a person on the go, consider hardware separated devices that provide security for separate business and personal use such as WorkPlay technologies
- Consider using encryption software for valuable data that needs to be secured. Also, set up Virtual Private Networks for an added layer of security when using mobile smartphones.
- Very important; monitor your credit scores, your bank statements, and your social accounts on a regular basis. Life Lock and other reputable monitoring organizations provide account alerts that are very helpful in that awareness quest. The quicker you detect fraud the easier it is to handle the issues associated with identity theft.
- If you get breached, if it is especially serious, do contact enforcement authorities as it might be part of a larger criminal enterprise that they should know about. In any severe breach circumstance consider looking for legal assistance on liability issues with creditors. Also, consider hiring outside reputation management if necessary.
- Be alert and vigilant! Cybercrime is the modern-day scourge that affects all connected.