We’re all spending more of our time online. Last year, US adults spent one hour more per day on digital activities across all of their devices than they did in 2019. By the end of 2022, we may be spending more than eight hours in the digital world each day. An unfortunate consequence of this behavioral change is that we’re sharing more of our personal data and login credentials with the companies we do business with than ever before. And cybercriminals, in turn, are stealing that data from these organizations, as well as directly from us.
In the US this year, by the third quarter there had already been nearly 1,300 publicly reported breaches of this kind in 2021, more than for the whole of 2020. Hundreds of millions of victims were put at risk of identity theft as a result. So how do you know if you’ve been affected by one of these incidents? By spotting the early warning signs, there are ways to minimize the impact on you and your family.
How does identity theft happen?
The cybercrime economy is worth trillions of dollars annually today. There are many constituent parts and participants. The criminals who breached data from an organization in the first place are unlikely to be the same ones who attempt follow-on identity fraud, for example. Typically, the stolen data is sold on specialized dark web forums. Then it is bought en masse and tested by identity fraudsters. They may sell the pre-tested data onwards again, or use it themselves.
Depending on the type of identity data, it could be used to:
- Hijack retail accounts pre-loaded with your cards, and use this access to complete fraudulent transactions
- Make fraudulent payments outright (e.g., if card data was stolen)
Socially engineer bank/telco staff into resetting accounts for the scammer to takeover
- Take out lines of credit in your name
- Commit health insurance/tax refund fraud
What are some common warning signs of identity theft?
Given the large number of possible identity theft scenarios, it pays to stay alert. Of course, the biggest warning sign that your identity data could be in danger is if you receive a breach notification letter. It goes without saying that you should read it carefully to understand the possible implications. Other telltale signs include:
- Unusual bank statement/card activity
Even small discrepancies can sometimes indicate fraud, as scammers often check the validity of stolen cards with innocuous-seeming purchases before ramping up their activity. If something doesn’t look right, put a freeze on the card/account. This can often be done via your mobile banking app. Then immediately contact your banking/card provider.
- Your phone/online accounts stop working
If attackers get hold of your logins, the first thing they’ll do is change the passwords in order to lock you out. Alternatively, if they’ve managed to trick your mobile operator, they will get them to port your number to a device under their control. This is known as SIM swapping and is particularly dangerous as it means they’ll be able to intercept any one-time SMS passcodes often used by banks to validate your identity.
- You have problem filing taxes
Another common strategy is to use stolen Social Security numbers and other personal details to file personal taxes early, impersonating the victim. The hacker is then able to fraudulently claim any tax refunds due. If you find you’re unable to file your taxes, this could be the reason.
- There’s a problem with your medical bill/claim
If you get a medical bill for services you never received, or try to submit a claim but it’s rejected because you’ve already reached the limit pre-assigned by your provider, identity thieves could be to blame. Especially in countries with private healthcare systems, such scams can be highly lucrative.
- The debt collectors call
If an identity thief has racked up a huge credit card bill or similar debt in your name and then vanished, it’s only a matter of time before the lender asks a collection agency to investigate.
What to consider if your identity has been stolen
The first step is not to panic. Inform your bank/card provider/insurer immediately, and report any suspected crime to the authorities. In the US, report an incident and receive a recovery plan at: IdentityTheft.gov. See below for authorities in other countries:
How to stay safe in the future
There’s only so much you can do to prevent breaches if they’re targeted at the organizations you do business with. But there are some preventative steps you can also take in case fraudsters try to target you directly. Consider the following:
Switch on multi-factor authentication (MFA) for all accounts you have online
Use strong, long and unique passwords, stored in a password manager, for all accounts
Ensure that you have up-to-date AV on all your devices from a reputable provider
Read up on identity theft and protection
Regularly patch or switch on automatic updates for all devices
Avoid unofficial app stores
Avoid logging on at public Wi-Fi hotspots
Only use HTTPS (green padlock) websites
Shred or destroy old documents so no personal details are showing
Minimize the amount of information you share with businesses online
We’re all likely to experience some form of identity theft in our lifetime. The key is to do as much as possible to minimize the chances of it happening. And to stay alert, so that when the bad guys do get hold of your data, you can shut down any scams ASAP.
Be sure to also watch these tips from ESET Chief Security Evangelist Tony Anscombe:
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.