The New Normal? Stealing Your Identity One Piece At A Time
Published: November 24, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Little by little, bit by bit, cybercriminals are stealing our identities. Although identity theft is nothing new, a change in the way cybercriminals are improving identity fraud is. Compiling files on consumers is now trending with hackers as more pieces of our identities become available. The coronavirus pandemic is providing an avalanche of PII (personally identifiable information) and increased opportunities for identity theft. Hackers love taking advantage of a crisis situation and fraudsters know the pandemic translates to larger and more devastating opportunities for identity abuse. As the world continues to struggle with the pandemic and as bad actors continue to exploit the explosion in online commerce, many believe the trend of creating PII files will become part of our “new normal.”
Looking at the results of online purchases, a report by Kount found that from April 2019 to April 2020, same and next day shipping increased by 305%. A study by Forter shows that in January 2020, the growth rate of new accounts for food service sites was 7.5%. Three months later in March 2020, new food service account rates surged to 36%. The explosion in online transactions is a side effect of the pandemic, and each purchase or new account collects parts of our digital identity. When combined with stolen PII available on the dark web, fraudsters can improve their crimes. For example, adding a stolen Social Security or bank account number to an already compromised email address greatly increases the options for attack. In other words, the more comprehensive the PII file, the more intrusive the attack.
Despite the changing landscape of digital fraud, the most common methods for data theft have largely stayed the same. The usual suspects such as phishing, account takeovers (ATOs), and ransomware are all active, along with “carding” which uses stolen credentials for unauthorized purchases. Email phishing subject lines and content exploit our fears, concerns, and hopes. ATOs give a criminal complete access to an account where they can change the victim’s PII to their advantage. Ransomware can arrive as a “harmless” attachment in a phishing email. Once the attachment is opened, ransomware is let loose and all data on a device is locked (encrypted) and unless a good backup is at the ready, that data can’t be accessed until the ransom is paid.
The Way to Go
Using a commonsense approach to data privacy goes a long way helping thwart identity fraud.
Be mindful of how many apps and accounts you have and create in the future, as each one stores your PII. A check of the apps and accounts you have is recommended as there may be those you don’t need or use anymore, and deleting them is always a smart move.
Cybersecurity professionals advise keeping your data exposure to a minimum always helps limit identity fraud, despite what the current trends may be. If they site doesn’t need some bit of information, don’t provide it.
Always keep your awareness level high with regard to trending and evolving threats.
Finally, stay on top of your credit and payment card information. Resolve any issues right away.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org