Identity theft is on the rise. According to Digital Journal, Americans now spend more than $3.5 billion per year on identity protection services—yet many are still victimised. How are attackers getting this information? Who's at risk? More importantly, how can you protect yourself? Here's everything you need to know.
According to the FBI, "identity theft occurs when someone unlawfully obtains another's personal information and uses it to commit theft or fraud." The type of personal information could be anything from general data, like your name or address, to more specific data like hospital records, tax return details or banking information. There are several common ways identity theft can occur.
The Bureau of Justice Statistics reports that 17.6 million Americans experienced identity theft in 2014. And as noted by the Identity Theft Resource Center, ID theft has been the number one consumer complaint to the FTC for 15 years. More data is available online to steal than ever, and criminals have easy access to Dark Web marketplaces and buyers willing to purchase this stolen information. The trend is evident in many sectors. According to Forbes, the number of patients affected by medical identity theft rose 22 percent over the last year. Although most victims don't suffer substantial monetary losses, as noted by Investopedia, theft victims spend at least nine hours on average fixing the problem—this jumps to 30 hours or more if criminals opened a new account in your name.
In large measure, the rise in identity theft is tied to the willingness of users to share personal data online, either over social sites or by "securely" communicating this information to banks or online retailers. Scammers are now looking at a virtually limitless pool of information, and in many cases, victims don't even realize they've been taken advantage of until well after the fact.
ID thieves are a diverse group, and many come from some quite unexpected places. Privacy Matters points out that over half of victims know their attackers. It could be a coworker, friend, employee, neighbour or even a family member. Tech-savvy children may see benefits in stealing Mom or Dad's credit card and Amazon login to buy a few items, assuming there's no real "victim" if they eventually come clean and apologise. Work acquaintances may see an opportunity too good to pass up if you leave your computer unlocked, or your wallet sitting out.
Petty criminals are getting in on the action since it's possible to download turnkey malware programs for little or no cost. Organised crime gangs making use of trained computer science graduates are also out looking for large quantities of personal data. These groups are often responsible for big retail attacks and health care breaches. The sheer volume of this data is worth a great deal on the black market.
There are two tracks here: immediate use and holding for sale. Criminals who want to use your data right now will try everything, all at once. They'll try to hack email, smartphones and retail sites to access bank accounts—all while calling credit card companies to create new user profiles. These attacks are short-lived, however they can be financially ruinous. Other criminals will hold on to your data and either try to sell it or open a single new credit card that they'll use until the limit is reached and you start getting calls from the collection agency. These attacks are harder to detect and can add up to greater losses over time.
The short answer here is: everyone. If any of your data is online—personal info, credit card data, address, phone number—you're at risk of being compromised. Criminals don't discriminate.
The more information you have online, the greater your risk.
While many sites have taken steps to safeguard personal information, all it takes is one data breach, and you're looking at possible credit card fraud or worse. Anything you do online could potentially be made public, as victims of the 2015 Ashley Madison hack learned the hard way. In addition to facing the threat having of their names exposed to a worldwide audience, many victims of the Ashley Madison hack also faced extortion threats from opportunists who acquired the data. Regardless of social media privacy settings or the assurances of websites, one network breach or email hack can make what you believe is private public, potentially leading to both financial and emotional disrepair.
You've got a few options when it comes to protection.
ID fraud isn't going away. Any information you have online puts you at risk. Safeguard yourself by limiting the data you share and taking ownership of your online identity.
Other helpful reads and links related to Identity Theft