We’re all spending more of our time online. Last year, US adults spent one hour more per day on digital activities across all of their devices than they did in 2019. By the end of 2022, we may be spending more than eight hours in the digital world each day. An unfortunate consequence of this behavioral change is that we’re sharing more of our personal data and login credentials with the companies we do business with than ever before. And cybercriminals, in turn, are stealing that data from these organizations, as well as directly from us.
In the US this year, by the third quarter there had already been nearly 1,300 publicly reported breaches of this kind in 2021, more than for the whole of 2020. Hundreds of millions of victims were put at risk of identity theft as a result. So how do you know if you’ve been affected by one of these incidents? By spotting the early warning signs, there are ways to minimize the impact on you and your family.
How does identity theft happen?
The cybercrime economy is worth trillions of dollars annually today. There are many constituent parts and participants. The criminals who breached data from an organization in the first place are unlikely to be the same ones who attempt follow-on identity fraud, for example. Typically, the stolen data is sold on specialized dark web forums. Then it is bought en masse and tested by identity fraudsters. They may sell the pre-tested data onwards again, or use it themselves.
RELATED READING: ‘My bank account was in a shambles’: The ordeal of an identity theft victim
Depending on the type of identity data, it could be used to:
- Hijack retail accounts pre-loaded with your cards, and use this access to complete fraudulent transactions
- Make fraudulent payments outright (e.g., if card data was stolen)
- Socially engineer bank/telco staff into resetting accounts for the scammer to takeover
- Take out lines of credit in your name
- Commit health insurance/tax refund fraud
What are some common warning signs of identity theft?
Given the large number of possible identity theft scenarios, it pays to stay alert. Of course, the biggest warning sign that your identity data could be in danger is if you receive a breach notification letter. It goes without saying that you should read it carefully to understand the possible implications. Other telltale signs include:
- Unusual bank statement/card activity
Even small discrepancies can sometimes indicate fraud, as scammers often check the validity of stolen cards with innocuous-seeming purchases before ramping up their activity. If something doesn’t look right, put a freeze on the card/account. This can often be done via your mobile banking app. Then immediately contact your banking/card provider.
- Your phone/online accounts stop working
If attackers get hold of your logins, the first thing they’ll do is change the passwords in order to lock you out. Alternatively, if they’ve managed to trick your mobile operator, they will get them to port your number to a device under their control. This is known as SIM swapping and is particularly dangerous as it means they’ll be able to intercept any one-time SMS passcodes often used by banks to validate your identity.
- You have problem filing taxes
Another common strategy is to use stolen Social Security numbers and other personal details to file personal taxes early, impersonating the victim. The hacker is then able to fraudulently claim any tax refunds due. If you find you’re unable to file your taxes, this could be the reason.
- There’s a problem with your medical bill/claim
If you get a medical bill for services you never received, or try to submit a claim but it’s rejected because you’ve already reached the limit pre-assigned by your provider, identity thieves could be to blame. Especially in countries with private healthcare systems, such scams can be highly lucrative.
- The debt collectors call
If an identity thief has racked up a huge credit card bill or similar debt in your name and then vanished, it’s only a matter of time before the lender asks a collection agency to investigate.
What to consider if your identity has been stolen
The first step is not to panic. Inform your bank/card provider/insurer immediately, and report any suspected crime to the authorities. In the US, report an incident and receive a recovery plan at: IdentityTheft.gov. See below for authorities in other countries:
UK: CIFAS and Action Fraud.
Canada: Canadian Anti-Fraud Centre
New Zealand: Contact the police or one of these specialist organizations.
Australia: ReportCyber
How to stay safe in the future
There’s only so much you can do to prevent breaches if they’re targeted at the organizations you do business with. But there are some preventative steps you can also take in case fraudsters try to target you directly. Consider the following:
- Switch on multi-factor authentication (MFA) for all accounts you have online
- Use strong, long and unique passwords, stored in a password manager, for all accounts
- Ensure that you have up-to-date AV on all your devices from a reputable provider
- Read up on identity theft and protection
- Regularly patch or switch on automatic updates for all devices
- Avoid unofficial app stores
- Avoid logging on at public Wi-Fi hotspots
- Only use HTTPS (green padlock) websites
- Shred or destroy old documents so no personal details are showing
- Minimize the amount of information you share with businesses online
We’re all likely to experience some form of identity theft in our lifetime. The key is to do as much as possible to minimize the chances of it happening. And to stay alert, so that when the bad guys do get hold of your data, you can shut down any scams ASAP.
Be sure to also watch these tips from ESET Chief Security Evangelist Tony Anscombe: