A security definition: Identity Theft
Identity Theft: “The transfer of your Personally Identifying Information (PII) from corporations that want to exploit it to hackers who want to exploit it.”
Identity theft in the UK rose by 57% in 2017 according to research by UK fraud prevention organisation CIFAS, whilst the Office for National Statistics‘ crime survey reveals that nearly six million fraud and cyber crimes took place in England and Wales last year – making these the most common crime type. It’s a global trend, in the US there are more than 17 million victims of identity theft each year.
We all know that corporations share and trade information they have on consumers with other corporations, that’ why you’ll find yourself receiving email and other communications that you are not a customer of, all because you didn’t tick or un-tick a particular box, or because you didn’t read the terms and conditions of the latest mobile app you installed on your smartphone. The definition above, suggesting that corporations as well as hackers want to exploit your PII is clearly intended to be tongue-in-cheek, however given the ever growing list of headline-busting data breaches (the largest one of note at the time of writing being Yahoo’s estimated 500 Million compromised accounts), how vulnerable are we really to Identity Theft?
It’s a rapidly growing crime due to the financial gains seen by the criminals. A report out earlier this year estimated the annual cost of fraud in the UK was £193bn – equal to nearly £3,000 per head of population. Business fraud accounted for £144bn, the study said, while fraud against individuals was estimated at £9.7bn. At the same time PII on the dark web is valued more than Credit Card information. Earlier this year it was reported that stolen Uber accounts were worth more than Credit Cards.
Types of Identity Theft
1. Account Takeover
This relates to the fraudulent use of existing account information. For example if someone stole your credit card information and began making fraudulent purchases, or if a hacker installed malware on your mobile phone, logged into your banking app and initiated a money transfer.
This type accounts for over 85% of cases of identity theft and the good news is that it is also the easiest to detect and usually costs you nothing. Visa has a Zero Liability Policy, which means “you’re protected if your Visa credit or debit card is lost, stolen or fraudulently used, offline or online.” MasterCard has a similar policy.
So long as you report account takeover quickly, resolution should be easy.
2. Identity Takeover
This is when a thief steals your PII and uses your data to open a brand new credit account without your knowledge. This can be really scary, and thankfully cases of identity takeover don’t appear very often.
Protecting yourself from Identity Theft
1. Fraud Detection Strategy
Create a strategy that detects fraud as soon as possible. At a minimum get a copy of your credit report annually. Or pay for more frequent credit monitoring.
2. Multi-Factor Authentication (MFA)
With two-factor authentication, a second device is required to authorise transactions, for example your mobile phone which will receive a code sent via text message. Multo factor authentication is now a standard for most banks, but you shouldn’t stop there – take advantage of the MFA that your online email provider has e.g. Gmail, Microsoft Office 365 and Yahoo if you haven’t already.
3. Alerts from your bank
You can set the frequency, but ideally, you would be alerted by email or text message after every transaction.
4. Basic security
Ensure that you have the basics covered. Do not use the same password or PIN for more than one account. Use strong passwords for your accounts and devices e.g. your home broadband router. Deploy a firewall at home, or at the very least have up-to date anti-malware and security software on your computers and mobile devices.
5. Be careful online
Be wary of publishing any identifying information about yourself – either in your profile or in your posts – such as phone numbers, pictures of your home, workplace or school, your address or birthday. Use the privacy features to restrict strangers’ access to your profile. Be on your guard against “phishing” scams, including fake friend requests and posts from individuals or companies inviting you to visit other pages or sites.
We can help
Concerned that your organisation isn’t prepared for a breach or worried that you might have been breached? We can help. From stress testing your security strategy and working with board level and executive leaders to strengthen the Cyber Culture of your organisation, to hands on the ground support in preparing your security ecosystem and responding to incidents. Infosec Partners are proven experts in full-spectrum cybersecurity and a team you can trust.
For your free consultation, complete the adjacent form or to speak with trusted advisor immediately call us on +44 (0)1256 893662.