A new report by Experian has revealed that nearly a quarter of all identity fraud victims in the UK last year were tech savvy mobile and social media users. The group, which represented 8% of the population, also experienced a 17% rise in victims when compared to 2014. Robert Capps, VP of Business Development at NuData Security, an award winning behavioural biometrics company commented below.
Robert Capps, VP of Business Development at NuData Security:
“This is yet another reminder for those of us who spend a significant amount of time online, that we can’t become complacent when it comes to our online habits. We all need to practice good password management, and be extra rigorous with our social media information. The little bits of data, effectively electronic cookie crumbs, that we leave around in our day to day interactions online, are very useful to those with ill intent. When combined together, it’s quite simple for the bad guys to connect the dots between these data points, and the credentials that protect our banking, brokerage, and retail accounts, giving them easy access to more sensitive information and financial assets. When we’re making this info freely available in social media and then using it as keys in our online environments, we have to realise that thieves are using more and more sophisticated tools to search and find these common linkages.
When it comes to breaches we don’t really think about what happens to the data after the initial theft, but this data doesn’t just disappear. It’s collected and combined by the bad guys into a vast data set of consumer data, which is extremely useful to today’s fraudsters to thwart existing online security and identify verification systems. Data thieves sell this information, including social security numbers, addresses, dates of birth etc., to aggregators, who cross-reference and compile full identities to be traded and sold on the data black market. This increases the value and usefulness of the data, which may have been gathered from multiple data breaches, malware, phishing attacks, or social media scrapping.
Eventually, there will be widespread adoption of better authentication tools that companies can use to determine if it’s really you logging in. Meanwhile, make sure you have adjusted your social media privacy settings and only accept connections from those you personally know. A good password manager can help store and encrypt your passwords, and make sure you rotate your passwords frequently. If you have a choice, choose the least obvious two-factor authentication answers, for example: “What’s your paternal Grandmother’s name?”, the answer could be the “Philadelphia Eagles” (which only you would know was her favorite football team). Check your bank statements and credit report frequently to ensure there is no unusual activity.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.