By Emptor Identity theft and identity fraud - Emptor
With the growth of technology and an increasingly greater challenge of having identities on various sites at the same time, new challenges arise for data protection and care of our personal data through so many accounts, forms and sites in which we register. Our identity is composed of our browsing habits, verification of our consumption habits and algorithms that are increasingly exposed to the public and can represent a risk if too much data is shared.
An example of this are social networks in which date of birth, place of study, names of some family members and pets, consumption habits and frequently visited places are shared. Sharing too much on social networks can expose your security to cybercriminals who are waiting to gather personal information and financial records to breach your accounts and thereby commit identity fraud.
Identity fraud affects more and more people and it is estimated that millions of users are impersonated annually, carrying out transactions worth millions of dollars in various countries. Faced with this concern, we tell you what the most common situations or practices are in which your data can be exposed so that you take the necessary precautions and protect your information.
Commonly Used Fraud Methods
Mail Theft
One of the main ways for those who practice these frauds to obtain information is to steal the mail. Cybercriminals can find information in the trash, when discarding letters and printed mail with personal data. By intercepting credit card statements, bank emails, pre-approved card offers and account statements, they can access your data. The recommended practice is to keep these documents and, if you want to discard them, shred them to make the information inaccessible.
Email Hacking
When you keep the same password for a long time or use passwords that are very easy to predict, you open the door for your important data and communications to be compromised. Usually, email is used to establish conversations with banking institutions, website accounts, referenced payments, even tax payments, which is why it is important to maximize protection to secure your account. One of the most recommended practices is to change your password regularly to prevent email theft. It is recommended to use two-factor authentication on email accounts to validate on another device of your own that it is you who wants to access your account.
Unsafe Browsing
When using well-known sites that have SSL security certificates, we know that we have an updated certificate to browse the site securely. Care must be taken when accessing a website that has the relevant, current certificates, and avoid providing sensitive data if one is not available. Avoid making card transactions on sites that only use http; they must have https encryption and a Secure Sockets Layer security certificate.
Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client, usually a web server (website) and a browser, or an email server and an email client.
Public Wifi
In airports, cafes and even in coworking spaces, on open networks we are exposed. When making transactions with digital banking, credit cards or entering sensitive data, there is a risk that our information could be intercepted and used for other purposes.
Mobile Phone Theft
Nowadays, the mobile phone and the use of smartphones has become so popular that we log in through authentication apps on the mobile to almost all applications. It is especially dangerous if someone manages to breach the security and enter your device, because they could access applications, notes, emails and voice messages. It is important that biometric passwords are activated so that only the owner can access the device and, after a few attempts, it is locked for security reasons.
Smishing
Smishing is one of the SMS practices that affects identity theft by putting pressure to take urgent action, usually to install malware on the device. Smishing can install applications like keyloggers that will later steal the user’s identities and passwords.
Vishing
Usually used by VoIP, vishing is a fraud technique through calls that aims to obtain user data. Through vocal pressure, users are pushed to reveal account data or personal data to later impersonate the identity.
Phishing
Phishing is one of the most common practices in impersonating sites through URL domains that impersonate banking sites. The common denominator is to pose as a banking institution requesting that access data to their platform be changed. Appearing to be a legitimate communication, users, through unverified sites, provide their data, reveal their passwords and subsequently their accounts are affected.
Spoofing
Impersonation of web pages, IP addresses and even emails are used in this complex technique in which cybercriminals use “legitimate” communications of data and password vulnerability to impersonate a user’s identity. The fake web page aims to use a domain and web page design very similar to the original entity to capture data and impersonate the identity.
Ways to Protect Users
With fraud and scams becoming more and more constant, and users becoming increasingly aware of their privacy and the processing of their data, people are increasingly interested in informing themselves and taking responsibility for their digital identity. Rules, regulations and governments have made changes and modifications such as GDPR in Europe and there are fines for non-compliance with violations or failures in the Protection of Personally Identifiable Information (PII).
Common Practices to Protect Yourself
The general recommendations to avoid impersonation or fraud with your passwords are:
- Do not provide personal data by electronic means, such as your passwords.
- Constantly change your passwords, make them secure and use two-factor authentication.
- Never access your mobile banking data or sensitive data on public wifi.
- Be very attentive to sites without
httpsor with warnings of being unsafe.
Identity theft is not only limited to committing fraud in economic matters; it has a broader connotation and scope, since personal data can be used by criminals to impersonate the identity of the person and commit illegal acts of greater or lesser impact.
Identity Theft Statistics
- Identity fraud cost Americans nearly $56 billion in 2020, and 49 million were reported as victims.
- About $13 billion is reported in losses according to Javelin, which calls traditional fraud, where cybercriminals take information from a data breach.
- $43 billion comes from transactions where the fraudsters interact directly with users through various methods such as automated calls, phishing and emails. Victims average a loss of $1,100.
- As a result of the pandemic, due to changes in habits and payment methods, criminals are specializing more in wallets or payment wallets like Apple Pay and Zelle; about 18 million users report having been victims of this scam method.
Tactics and Triggering Factors of Criminal Scams by Generation
| Age | Most Common Tactic | Triggers |
|---|---|---|
| 11-24 | Social media requests, chat bots | P2P payments, messaging, social friend requests |
| 24-40 | Automated calls, text | Rewards, package tracking, P2P transfer confirmations |
| 41-65 | Email, automated calls, text messages | Financial information, interest rates, package tracking |
| 57-75 | Automated calls | IRS, tax payments, Healthcare, Social Security |
Number of identity theft complaints filed with the United States Federal Trade Commission in 2021, by age of victims.
How Can You Protect Yourself from Identity Theft?
Only Provide the Necessary Data
When providing sensitive data, if someone requires personal data, ask yourself:
- What do they need it for?
- How will they store that data?
- What security measures will that person implement to protect the information?
Once those points are covered, make sure it is an authorized person from the institution and that the procedures you are trying to carry out require those specific documents.
Use Social Media in Moderation
Being up to date with the basic configuration of social networks and knowing what information is shared is important for privacy protection. Constantly review the terms and conditions to know how, what information and with whom it is shared when published.
Keep Your Computer Equipment Up to Date
Being up to date with security updates for antivirus, VPN or virtual private network is a practice that allows you to install security patches and antivirus software that protects you from Trojans and malware that could install trackers and keyloggers that send everything you type in text processors and in general on your computer.
Destroy Bank Statements
Make sure to destroy documents containing private financial information or other confidential information before discarding them.
Don’t Lose Sight of the Credit Card
Watching the card when making the payment is a practice that allows you to always be aware that your data and card are protected. It is very easy to memorize and clone the data of a card, as well as its expiration dates and security codes.
Review Account Statements Carefully
Make sure you recognize the transactions, direct debits and charges. Various frauds take advantage by making small recurring charges that go unnoticed.
What to Do if Your Identity is Stolen?
Detect the likely source of the attack. Usually, identity theft or identity theft comes from websites, e-commerce or social networks. If you have detected that new credit accounts have been opened in your name or purchases have been made without your knowledge, the first steps are to follow your recent online activity to discover at what point a vulnerability could have occurred.
The next step is to notify the appropriate authority that you have been a victim of identity theft and that you will follow the relevant measures to file a complaint.
Identity Theft or Impersonation at Work
Just as there is identity theft or identity theft to commit various types of fraud, there is also identity theft and credentials to obtain a job. Human resources departments report candidates who lie on their applications when seeking to be placed in a job.
Various risks arise when exposing clients and/or suppliers to having contact with a person within your company who has committed this type of practice. Possibly to personally benefit from the situation; in the best case, to get the job, but in more serious cases, to defraud the clients of that company. Due to this, the proper investigations should be taken into account before hiring a potential collaborator or employee.
There are background checks and identity validation that allow you to have full certainty and verification in more than 500 reliable, state and federal sources in various Latin American countries, to be sure that who you are hiring is who they say they are and presents the necessary identifications and credentials.
At Emptor, we validate through an automated process through an API and an executive dashboard that allows you to perform the validations in minutes. Artificial intelligence processes the results and then passes through a human filter with legal experts who review in detail with manual reviews to rule out homonyms.
In this way, the process is equitable and reviewed in detail to select potential collaborators that you can trust, with the assurance that you are hiring the right people for the job.
We invite you to schedule a free demo by clicking on the image to discover how Emptor works.