Sign up to our newsletter
Private data such as addresses and social security numbers can be just as valuable to cybercriminals intent on identity theft as valid credit card details can be to thieves – if not more so.
Knowing the name, address history and social security numbers of someone with good credit allows a thief to steal not just once – but many times.
What is shocking is how freely many people hand out data which forms the building blocks of identity theft.
A Microsoft survey of 10,000 consumers in 2014 found that the worldwide annual cost of identity theft and phishing could be as high as $5 billion – and the cost of repairing damage to people’s reputation online could be even higher: up to $6 billion, with the 10,000 consumers polled by Microsoft losing an average of $632.
The survey found that out of more than 10,000 consumers surveyed, 15% said that they had been a victim of phishing, losing an average of $158, a further 13% said their professional reputation had been compromised, costing on average $535 to repair, and 9% said they had suffered identity theft at an average cost of $218.
Thankfully, there are steps you can take both to check that your data is not already available in ‘the wild’ – but also to lock it down so that cybercriminals will (hopefully) ignore you in favour of easier targets.
Signs that your identity details are being used for fraud include letters from your bank appearing to drop in frequency (identity thieves frequently change your banking address so that letters don’t reach you), and letters from financial institutions you don’t recognize.
Keep track on the dates that you normally receive bills and call your institution if you don’t. And always read anything from financial institutions you DON’T recognize.
It’s very easy to dismiss such letters as junk mail – but if you receive a letter from a loan company or credit card company, it’s worth reading to check that someone is not taking loans in your name.
ESET’s Lysa Myers recommends extra steps to prevent fraudsters misusing this facility themselves for identity theft.
Myers says, ‘The FTC has a helpful website for those looking for tips on how to (safely) get a free credit report, including contact information for the three credit reporting agencies. You may also want to look into setting up a fraud alert or a credit freeze if you want additional protection against fraudsters trying to get credit in your name. Be aware that these steps will also mean you have to go through additional verification if you wish get credit, for the duration of the alert or freeze.’
If you are applying for a credit card, or sending a tax return, you’re sending enough information for a cybercriminal to make money from identity theft.
Don’t send it via a mailbox where it could be stolen (i.e via an employer’s internal mail system). Go directly to a post office, and put it into the box yourself.
Your bank and credit card company passwords are among the most important ones you have when it comes to protecting yourself against identity theft – but if you’ve been using the same service for years, it’s easy to keep using the same old, weak password.
Change it. For an ESET guide to making passwords as strong as possible, click here.
If your site forces you to change your password periodically, do so using strong passwords.
Users often respond to such requests by adding the required special characters to the end of passwords, or adding numbers there instead. If your password leaks, this is among the first things a password cracker will try.
ESET Senior Research Fellow David Harley says, “This also applies where the site requires you to change your password periodically but allows you to do so by appending a number. Password cracking 101.”
Common identity theft scams often rely on you handing over the information willingly – in response to a call or email from your bank or another institution.
In these situations, remember that banks do not usually operate this way. It’s your right to hang up if you are suspicious that a call is an identity theft scam.
Most importantly of all, it is THEIR job to prove that they are calling from a bank, not your job to prove who you are. Emergency fraud alerts from a bank will not require you to hand over personally identifying informatio – that’s a clear sign that the fraud has yet to happen, and you are facilitating it.
Many of us will invite tradesmen and cleaners into our homes without a second thought, and check only for outright thefts of cash or jewellery – despite the fact that personally identifying information can be just as valuable if not more so.
If you invite people you do not know into your home, make sure that documents such as tax returns, credit card details and government identity certificates are kept under lock and key.
If your home has been burgled, be alert for identity theft frauds following steps one and two above.
It pays to be wary of oversharing on social networks generally – but anyone security conscious should also pay attention to the sort of content they click on.
Some people thought that Facebook quizzes might have peaked when Slate made the spoof, ‘What kind of Buzzfeed quiz are you?’ But some of these quizzes are not just boring – they’re risky.
As ESET Senior Research Fellow David Harley notes here, some of these quizzes appear to harvest data which might be extremely useful for criminals – and some quiz companies have previously been caught selling data to advertisers such as drug companies from health-related quizzes.
The same applies double to any raffle, money-off offer or freebie offered through Facebook – if you find yourself handing out the same data you’d enter when applying for a credit card, do not hit Enter.
Leave the page, close your browser, and walk away.
Twin Design / Shutterstock.com
Author Rob Waugh, We Live Security