Fraud prevention service Cifas revealed that identity fraud has increased by 57% since last year. This comes as thieves and fraudsters have begun to “hunt” for targets on social media. Robert Capps, VP at fraud mitigation company, NuData Security commented below.
Robert Capps, VP at Fraud Mitigation Company, NuData Security:
“We hear about data breaches all the time, but we rarely hear about what happens to the stolen data afterward the initial theft. We may not think much of losing one username and password combo or having to cancel a credit card, but when seemingly innocuous data is stolen, it doesn’t just disappear. Stolen data is collected and combined by the bad guys, in to a vast data set of consumer data, which is extremely useful to today’s fraudsters to thwart existing online security and identify verification systems used so often by online organizations. With 86% of all identity fraud happening online, organizations have to deploy the very best layers of security available to them; while not getting in the way of their good customers. With so much rich consumer data available to anyone with money to spend, the challenge of securing good consumer access is becoming more difficult by the day.
Since 2005, more than 675 million data records have been involved in data breaches in the U.S. alone, according to the Identity Theft Resource Center. These records include incredibly personal data such as a person’s Social Security number, name, address, phone number, date of birth, credit card number, email address, name of local bank branch and so on. Data thieves sell this information to aggregators, who cross-reference and compile full identities – called “fullz” on the data black market. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches.
With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name. They can even access a consumer’s legitimate accounts, impersonating the real consumer. When these actions take place, they cannot be traced back to the fraudster and can cause serious and lasting harm to the fraud victim, for years down the road.
When it comes to social media, consumers need to be careful what is posted on social network profiles. Your status updates — about your whereabouts (are you at work? heading out to watch a game?) and upcoming travel plans — may expose your lives to criminals who will take advantage of your absence. If you provide personal information, like your phone number, birthday, or where you went to school, they can take this private information and use it to steal your identity because banks and other agencies use precisely this information to verify that you are you. By looking at your photos or videos, they can also figure out where you live and work. They can find your spouse’s name and who you socialise with – even the name of your pet that you may use as an answer to stronger security questions – even your mother’s maiden name, a favorite data point used by creditors and financial institutions to verify your identity.
Tips to avoid identity theft via social media:
- Think about who is receiving your status updates. Make sure you are comfortable with everyone who has access to your personal page, and if you aren’t —remove them or filter them from specific posts.
- Make it a habit to clean up your profile from time to time. Always think twice about what you are posting, we tend to think about our personal sites as private, but in reality, many can be seen by just about anyone.
- Choose the highest and most restrictive security setting available. Privacy and security settings on social networks help you control who can and can’t see your profile.
- Keep personal information, personal — do not provide information like your birthday, full name, phone number or address. Use less than obvious answers for second level security questions such as your pet’s name.
- Be mindful of what you post. Is there information someone could use to steal your identity, rob your home or put you in danger? For example, if you provide information about your daily routines, criminals will have an easier time figuring out the best time your home will be empty.
- Subscribe to a credit reporting service that notifies you when there are changes to your credit score and be sure to check your bank and credit statements to make sure there no unforeseen charges.
If you’re a victim of identity theft, make sure you tell your financial institutions, credit issuers and local police of the theft as soon as you can.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.