The Changing Face Of Identity Theft
As we get smarter, crooks shift tactics
Posted on 04-24-2019, Read Time: Min
Share:
Credit card fraud is declining. The number of identity theft victims has dropped. And employers offering identity protection is set to double by 2021.
This is amazing news, and it wouldn’t have been possible without HR professionals like you.
Unfortunately, identity thieves aren’t going to give up so easily.
As organizations and employees get smarter, crooks get wilier. In this article, we’ll take a closer look at how cybercriminals have been shifting tactics and what these trends could mean for employers and employees.
A New Form of Identity Theft
Identity theft was once relatively straightforward.
A crook would obtain a victim’s personally identifiable information, exploit existing lines of credit and open new accounts with the stolen data. Eventually, the victim would discover the crime and begin to rebuild his or her life.
Today, things are far more complicated.
Identity thieves are increasingly engaging in synthetic identity fraud, a form of identity theft that is far more difficult to identify and can be even harder to stop. Unlike traditional identity theft, synthetic identity fraud involves creating an entirely new persona.
Here’s how it works.
Criminals attach a fake profile to a victim’s real Social Security number. By blending real and fictitious elements, thieves make it incredibly difficult for a victim to discover fraud. This often allows criminals to exploit the fake persona for years.
This tactic is incredibly effective. In fact, synthetic identity theft may account for 5 percent of all uncollected debt. This includes as much as 20 percent of total credit losses.
A crook would obtain a victim’s personally identifiable information, exploit existing lines of credit and open new accounts with the stolen data. Eventually, the victim would discover the crime and begin to rebuild his or her life.
Today, things are far more complicated.
Identity thieves are increasingly engaging in synthetic identity fraud, a form of identity theft that is far more difficult to identify and can be even harder to stop. Unlike traditional identity theft, synthetic identity fraud involves creating an entirely new persona.
Here’s how it works.
Criminals attach a fake profile to a victim’s real Social Security number. By blending real and fictitious elements, thieves make it incredibly difficult for a victim to discover fraud. This often allows criminals to exploit the fake persona for years.
This tactic is incredibly effective. In fact, synthetic identity theft may account for 5 percent of all uncollected debt. This includes as much as 20 percent of total credit losses.
New Account Fraud and Account Takeover Are Also on the Rise
While credit card fraud declined in 2018, new account fraud increased significantly.
This is particularly bad news for consumers. When it comes to fraudulent credit and debit charges, victims are offered many protections. However, they possess very few when it comes to new account fraud. Often, this means paying out of pocket.
Account takeover has also skyrocketed – tripling in recent years. Sometimes, this involves a thief using a victim’s non-financial accounts, like a hotel rewards program, to fraudulently order services and products on the victim’s behalf.
These attacks aren’t limited to loyalty and rewards programs either. If a cybercriminal can compromise one or more of a victim’s accounts, they can then use that information to open a PayPal or Amazon account in the victim’s name. The thief can then use these “intermediary accounts” to make major purchases.
This is particularly bad news for consumers. When it comes to fraudulent credit and debit charges, victims are offered many protections. However, they possess very few when it comes to new account fraud. Often, this means paying out of pocket.
Account takeover has also skyrocketed – tripling in recent years. Sometimes, this involves a thief using a victim’s non-financial accounts, like a hotel rewards program, to fraudulently order services and products on the victim’s behalf.
These attacks aren’t limited to loyalty and rewards programs either. If a cybercriminal can compromise one or more of a victim’s accounts, they can then use that information to open a PayPal or Amazon account in the victim’s name. The thief can then use these “intermediary accounts” to make major purchases.
The Dangers of Medical Identity Theft
Not all instances of identity theft are committed with the intention of financial gain. Many times, cybercriminals will use compromised credentials for other purposes, like providing falsified documentation to police. Or, even worse, obtaining medical care using the victim’s insurance.
This can create significant problems for the victims, who often find their medical records have become intertwined with those of the thief. In fact, about 20 percent of medical identity fraud victims report receiving the wrong diagnosis or treatment as a result.
This can create significant problems for the victims, who often find their medical records have become intertwined with those of the thief. In fact, about 20 percent of medical identity fraud victims report receiving the wrong diagnosis or treatment as a result.
Combatting an Evolving Wave of Threats
With thieves changing tactics so quickly, how can any company protect itself and its employees? Here are a few tips.
#1 Stay Informed
One of the most significant steps you can take to safeguard your employees is to educate yourself on new and evolving threats, especially when it comes to phishing techniques.
If your organization has an IT/security department, ask to receive routine briefs about security issues and emerging risks that could impact your employees. Additionally, you might consider working with a team of experts who alert your organization to cybersecurity threats.
#2 Offer Ongoing Security Training
Most organizations only offer security training during onboarding. This one-and-done approach simply isn’t effective. You should provide guidance on an ongoing basis.
#3 Keep Personal and Work-Related Accounts Secure
When possible, use two-factor authentication for online accounts. This requires users to not only enter their password, but also a unique code sent via text or email. Keep in mind, many employees use the same passwords for both their personal and work-related accounts. So, it would be wise to encourage them to use two-factor authentication for even personal accounts.
#4 Offer an Employee Identity Protection Benefit
If there’s one thing you can count on, it’s that cybercriminals and identity thieves will figure out creative ways to con your employees and their families.
However, by providing a quality identity protection benefit to your employees, you can rest assured knowing a team of dedicated professionals are monitoring and protecting them 24/7 – no matter what new, clever tactics cybercriminals might be using.
#5 Stay Vigilant
Although this seems straightforward enough, staying vigilant in today’s digital era can be incredibly challenging. With data breaches occurring in record numbers, it’s easy to become fatigued. However, you must remain focused and vigilant at all times to protect your employees.
#1 Stay Informed
One of the most significant steps you can take to safeguard your employees is to educate yourself on new and evolving threats, especially when it comes to phishing techniques.
If your organization has an IT/security department, ask to receive routine briefs about security issues and emerging risks that could impact your employees. Additionally, you might consider working with a team of experts who alert your organization to cybersecurity threats.
#2 Offer Ongoing Security Training
Most organizations only offer security training during onboarding. This one-and-done approach simply isn’t effective. You should provide guidance on an ongoing basis.
#3 Keep Personal and Work-Related Accounts Secure
When possible, use two-factor authentication for online accounts. This requires users to not only enter their password, but also a unique code sent via text or email. Keep in mind, many employees use the same passwords for both their personal and work-related accounts. So, it would be wise to encourage them to use two-factor authentication for even personal accounts.
#4 Offer an Employee Identity Protection Benefit
If there’s one thing you can count on, it’s that cybercriminals and identity thieves will figure out creative ways to con your employees and their families.
However, by providing a quality identity protection benefit to your employees, you can rest assured knowing a team of dedicated professionals are monitoring and protecting them 24/7 – no matter what new, clever tactics cybercriminals might be using.
#5 Stay Vigilant
Although this seems straightforward enough, staying vigilant in today’s digital era can be incredibly challenging. With data breaches occurring in record numbers, it’s easy to become fatigued. However, you must remain focused and vigilant at all times to protect your employees.
A Brighter Tomorrow
Protecting employees in the digital era requires HR professionals to embrace their inner superhero. Although you may not realize it, this is what you’ve been doing the entire time – going above and beyond to protect your company, its employees, and their families.
Hackers, identity thieves, and cybercriminals will never give up. And that’s okay, because neither will you.
Hackers, identity thieves, and cybercriminals will never give up. And that’s okay, because neither will you.
Author Bio
| Ammon Curtis is the Executive Vice President of Product, Marketing, and Design at InfoArmor. Visit www.infoarmor.com Connect Ammon Curtis Follow @InfoArmor |
Error: No such template "/CustomCode/topleader/category"!
