In a world flooded with information accessible on the internet and seamless communication, safeguarding oneself from the rapidly occurring cybercrimes is imperative. The explosion of websites and social media applications has compromised security, making online identity theft a pressing concern in the cyber realm. Internet security encompasses protection of one’s online activities and personal data from unauthorized access, theft, or damage. Online identity theft, the illicit use of someone’s personal information for fraudulent activities, has become a prominent issue. To delve deeper, we will explore different manifestations of online identity theft, such as phishing, social engineering, data breaches, and account takeovers.
Identity theft manifests in various forms, each presenting distinct challenges in the realm of cyber security. Examining these forms with the support of statistics provides a comprehensive understanding of the prevalent threats.
Phishing
Phishing attacks involve deceptive strategies aimed at acquiring sensitive information like usernames, passwords, and credit card details by posing as a trustworthy entity. These tactics encompass various techniques, including vishing (voice phishing), smishing (fraudulent text or social media messages) and BEC (business email compromise). According to the Anti-Phishing Working Group (APWG) report, the first quarter of 2023 alone witnessed a staggering 245,771 unique phishing attacks. The second quarter continued this trend, with APWG recording 1,286,208 phishing attacks – the third-highest quarterly total on record. Notably, the financial sector bore the brunt of these attacks, accounting for 23.5% of all phishing incidents.
Matthew Harris, Senior Product Manager of Fraud at OpSec Security highlighted a notable surge in mobile phone-based fraud, particularly in voice phishing (vishing). The statistics reveal a consistent 10% increase in the number of companies falling victim to vishing attempts. In tandem, the FBI’s Internet Crime Complaint Center disclosed that BEC was responsible for significant financial losses, amounting to $50.8 billion between October 2013 and December 2022. Within a BEC attack, the perpetrator assumes the identity of an employee, vendor, or other trusted entity in email communications, aiming to deceive employees into divulging personal information or making unauthorized financial transactions.
Social Engineering
Social engineering relies on manipulating individuals into disclosing confidential information that can compromise security. The fraudulent agents use fake email addresses and email messages that trick recipients into disclosing financial data such as usernames and passwords. In 2022, the Federal Trade Commission (FTC) reported a significant rise in social engineering attacks, accounting for 23% of all identity theft cases.
Technical Subterfuge
It involves planting devices and malware onto computers, ATM cards or card readers to steal credentials directly. It employs systems that can either replicate consumer’s sensitive information or misguide consumers to counterfeit websites.
Data Breaches
Data breaches involve unauthorized access to and exposure of sensitive data. Data breaches arise when unlawful entities gain access to the services you use, pilfering stored information. This can encompass details such as your name, email address, passwords, credit card numbers, and even your Social Security number (SSN).
In 2023, the Identity Theft Resource Center recorded a staggering 1,862 reported data breaches, exposing over 268 million records. These breaches often result in the compromise of personal information, fueling identity theft incidents.
The Dark Web encompasses an extensive array of websites and forums inaccessible through regular web browsers, offering enhanced anonymity to users. Cybercriminals utilize the Dark Web as a platform to trade and exchange information pilfered during data breaches. For instance, leaked details like credit card information or bank account logins typically fetch an average price of $120 or less on the Dark Web.
Change of Account Ownership
Unauthorized individuals gain control and take ownership of accounts by infiltrating legitimate user credentials, exploiting them for various purposes. According to a Cyber security Insiders report, there was a 37% increase in account takeover incidents in 2023, with financial institutions being prime targets.
By delving into these statistics, it becomes evident that online identity theft is a pervasive and evolving threat. The repetitive occurrence of these attacks emphasizes the need for robust cyber security measures to protect individuals and organizations from the potentially devastating consequences of identity theft.
How to prevent Identity Theft
Below are various methods you can employ to thwart identity theft and reduce the likelihood of compromising your security.
Use Strong Passwords
Employ robust passwords by generating intricate and distinct combinations for each account, avoiding password reuse. Refrain from depending solely on security questions for account protection. Exercise caution on social media platforms, refraining from providing hints that could be used to answer security questions. Consider incorporating an authenticator app if deemed necessary.
Protect Your Social Security Number
Make a concerted effort to avoid disclosing your Social Security Number (SSN), as it serves as the master key to all your personal data. Dispose of documents containing personal information that are no longer needed.
Enable Two-factor Authentication (2FA)
Enhance security by mandating a second form of verification e.g. security questions or sending OTP (one-time password).
Beware of Phishing and Spoofing
Exercise caution if you receive phone calls or emails from individuals claiming to represent government entities, as scammers often use these tactics. Refrain from sharing personal information with anyone in response to such calls or emails. Be vigilant about avoiding clicks on suspicious links, and verify the legitimacy of websites and sources, as some links or attachments may harbor malware.
Check Credit Reports Regularly
Regularly cross-check all transactions listed on your bank statements or credit card reports to promptly identify any suspicious activity indicative of fraud or identity theft. If you come across any unfamiliar items, report them to the relevant authorities. Ensure that you consistently enroll in transaction alerts or messages provided by your bank.
Secure Your Devices
Steer clear of public Wi-Fi networks, especially when traveling. If you find it necessary to use public networks, consider employing a virtual private network (VPN) for added security. Ensure that all your devices are password-protected, and install up-to-date antivirus software on your computer. This precautionary measure aids in detecting any attempts by scammers to access your personal information.
Remaining watchful and putting these precautionary measures into action can substantially reduce the chances of becoming a target of online identity theft.
Sources:
1) Anti-Phishing Working Group https://apwg.org/
2) Federal Trade Commission. https://www.ftc.gov/
3) Identity Theft Resource Center Q3 2022 Data Breach Report https://www.identitytheft.gov/#/