Society’s growing reliance on technology to transfer private information has created more opportunities for identity thieves to access and misuse personal data. Cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud.
There are three types of identity crimes we should know about:
- Lost or stolen personal information: when your information has been compromised through a company data breach or by obtaining a person’s checkbook or cell phone.
- Identity fraud: when someone uses an account fraudulently and often happens when your ATM, debit card, credit card or checks are stolen and used for unauthorized withdrawals or other transactions.
- Assumption of your identity: when someone takes your information and creates a whole new identity in your name. Details like your Social Security number, date of birth, and other personal information are stolen and used without your permission.
What is identity theft?
Identity theft is the criminal act of stealing personal, private, or financial information with the intent of using it to assume another person’s identity. Most often, the stolen identity is used to make fraudulent purchases or to open credit card and bank accounts.
10 Ways Identity Theft Can Happen
- Phishing: Fraudsters send an email that appears to be from a trusted company, getting you to click a link or download an attachment which would deliver a virus to your computer, allowing them to access your details.
Smishing: Scammers may also target victims via text message—a crime called smishing. Similar to phishing attacks, criminals may impersonate trusted organizations or even friends to trick victims into divulging information. Smishing may be increasing as more people trust text messages over phone calls and emails.
Cold calling (also known as Vishing): Fraudsters can also use phone calls, also known as voice phishing or vishing, to target potential victims. Phone scammers sometimes use promises, like the offer of a prize, or threats, such as the risk of not getting a tax refund, to prompt victims into giving up personal information. Scammers will also use spoofing to send falsified information to a caller ID. A spoofed call looks like it’s coming from a local number or a trusted organization when it could be originating anywhere in the world.
Skimming: Skimming occurs when a criminal steals information as the debit or credit card is swiped. Scammers may tamper with the electronic card reader so that it captures card data, place a recording device at an ATM, or recruit a crooked salesperson to steal customers’ card data.
Data breach: Many companies store your data, from your health care provider to your internet service provider. For example, you may save payment details for your favorite shopping site. If hackers target those companies in a data breach, they can leak or access your sensitive information.
Social media snooping: Criminals may look to your social media to get information, like your birthdate and home address. Even seemingly innocent details, like the names of your children or pets, can be of interest to an identity thief. Why? People often use these details in their passwords.
Simple theft: Not all identity thieves use advanced methods to get your information. In fact, a person can steal your phone and access any personal data you have on it if they can unlock it. Since many people save passwords to sensitive accounts on their devices, they are easy to hack.
Public Wi-Fi and USB Charging Stations: Many public Wi-Fi networks are vulnerable to threats from hackers, making it possible for thieves to eavesdrop on users’ private information. Scammers may also employ a USB charging scam, called juice jacking, in which malware infects the user’s device when connected to an airport USB charging station or hotel USB port.
Dumpster diving: This is another example of a less tech-savvy approach to identity theft. If you throw away documents with sensitive data, thieves may get the information they want from your garbage. For example, bank account statements contain your account numbers, while pay stubs may include Social Security numbers. You should always shred paperwork before tossing it.
Purchase of Information on the Dark Web: The dark web, or dark net, is a part of the internet that serves as a highly profitable marketplace where criminals can purchase stolen personal information. Private photos, medical records, and financial information have all reportedly been stolen and shared on the dark web.
There are many ways thieves can get their hands on your data. Luckily, there are ways you can protect yourself against these methods. For example, you can protect your computer, tablet, or mobile device against hackers by equipping it with a strong password and safeguarding against phishing by adding a firewall and utilizing a virtual private network (VPN)
What is identity fraud?
If identity theft is the act of stealing personal, private, or financial information, then identity fraud is the use of this stolen information. This crime affects both the individuals whose identity has been stolen and the businesses where the stolen identity has been used to make fraudulent transactions.
How Identity Fraud Happens
While the list of identity fraud crimes is a long one, major five major categories are:
Credit card fraud: This type of scam occurs when a fraudster uses stolen information to open a new line of credit or simply max out an existing one for their own gain For example, the criminal may purchase different things online or send money to unknown bank accounts. Unfortunately, this issue has become especially prevalent thanks to online shopping during the COVID-19 pandemic.
Account takeover: Account takeover is when an unauthorized individual gains complete access to a person’s financial accounts. They lock the original user out by changing the login details then steal money and leak recorded information. Scammers can also apply for fake ATM cards and make multiple withdrawals over time.
Government benefits fraud: Criminals may use an individual’s personal information to claim their government benefits. In some cases, fraudsters may even take out a loan.
Fake IDs: Criminals may create a fake ID using an individual’s personal information. Apart from reputational damage, victims may become liable for crimes they did not commit. Stolen social security numbers can be used to generate synthetic identities, something that children are particularly vulnerable to due to lack of attention to their credit score or accounts.
Home title fraud: This occurs when a scammer gains possession of a person’s property title. Once they get a hold of other sensitive information such as your personal and financial details, they can transfer ownership to themselves and conduct malicious transactions. Since they can use your home equity as collateral, scammers are able to take out big loans under your name.
What are the signs of identity fraud?
By regularly checking your financial records, you can stop fraudsters in their tracks. If you’ve become a victim of identity fraud, you’ll likely notice that:
- There’s something inaccurate on your credit report
- There’s suspicious activity on your credit card and bank statements
- You’re receiving unexpected mail or some of your expected mail is missing
- Your personal documents have been lost or stolen
- You’re receiving suspicious phone calls, voicemails, texts, or emails
- Unfamiliar devices have gained access to your online accounts
How to prevent identity theft and fraud attacks?
There are several ways that customers can keep their information safe. Steps you can take for identity fraud prevention purposes include:
- Never responding to cold calls or emails
- Not sharing personal information on social media
- Regularly checking your credit report
- Destroying and shredding mail
- Securing your home Wi-Fi
- Being careful on public Wi-Fi
- Using complex, unique, and individual passwords for all accounts
Keep a sharp eye out
While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.
Both identity theft and fraud should be a great cause for concern amongst organizations. Since falling victim to an attack can threaten your company’s stability, the consequences they pose greatly emphasize the importance of identity proofing.
Alia Noor (FCMA, CIMA, MBA, GCC VAT Comp Dip, Oxford fintech programme, COSO Framework)Associate Partner
Ahmad Alagbari Chartered Accountants