Anyone who has read the book ‘Catch Me If You Can’ by Frank Abagnale Jr. or watched the Martin Scorsese classic knows that identity theft is no new phenomenon. It’s been used by conmen since at least the early ‘60s, or at least that’s when the term was coined. In truth, people have been scamming others for as long as there has been a reason to do so. And stealing others’ identities gives criminals access to credit cards, insurance details and so much more to commit fraud.
But, while identity theft is nothing new, the huge amounts of data that businesses store and process have made it a significantly easier and more lucrative crime for criminals to commit. Suddenly, gaining access to the right person’s login credentials can see an attacker accessing thousands of employee, client, and vendor details.
Let’s take a look at what identity theft is, how it happens, and how you can protect yourself, your colleagues, and your clients’ information.
What Is Identity Theft?
ID theft or identity fraud is when an individual uses another person’s identity to commit a crime. The types of crimes that get committed can range from credit card and email scams to insurance fraud, to the stealing or corruption of data.
The result for the person whose identity has been stolen can be harrowing. Where credit cards are applied for and used fraudulently, as was extremely popular in the 1990s, the person whose name they were applied for will see their credit rating quickly tank. After all, the criminal isn’t intending to pay those cards back, and since the victim likely doesn’t even know that the cards exist, they suddenly find themselves blacklisted or unable to make purchases for themselves.
Where an online identity is ‘stolen’ or fraudulently accessed, however, the scenario becomes even more dangerous. A cybercriminal taking on your name can see your colleagues and contacts falling prey to phishing and malware attacks, thinking that the mails are coming directly from you. This can, in turn, see data being compromised across your company, across your contact base, and even across your parent or partner companies. Suddenly it’s not just one person’s identity that an attacker has access to, but thousands of them, especially since it’s not uncommon for businesses to store details like ID or social security numbers, and even payment details, on their systems.
This is why identity and access management solutions are essential for any business.
How Common Is Identity Theft?
Because identity theft was particularly popular in the ‘90s, with plenty of criminals finding ways to either apply for credit cards under other people’s names or use their existing cards to make fraudulent purchases, there’s a bit of a misconception doing the rounds that identity theft is no longer a big problem. The fact is that the way identities are stolen has changed, and the result is worse than ever, making it essential for you to keep your personal details under wraps.
Direct phishing attacks cost Americans $43 billion in 2020.
What we’re talking about here are one-on-one email attacks, where cybercriminals target individuals. You may have heard of spear phishing or whaling, and these are the kinds of attacks that we’re talking about here – targeted at specific individuals with the help of social engineering. And remember that’s 43 billion DOLLARS – the equivalent of R625 billion.
Learn more about how you can avoid social engineering attacks.
South Africa is a target for these kinds of attacks
You may be sitting there going, “But that’s America. Those stats don’t really apply to me.” But let me tell you this – according to a study conducted by Interpol at the start of last year, South Africa has the third-highest number of cybercrime victims worldwide. While there are more statistics about how identity theft affects those in the US and UK, don’t think that South Africans aren’t impacted by these types of cybercrimes as well.
Social media plays a vital role in identity theft
Social media channels are some of the main platforms that attackers use to gain information about their targets. All those cutesy posts that you may be commenting on when you’re bored – the “Tell us about yourself” and “What would your enter fandom here name be” posts that you reply to or comment on or share without thinking – are often sources that attackers can use, both to gain your trust and to take on your identity. In fact, people who are active on social media are 30% more likely to have their details stolen than those who don’t use social platforms.
How Does Identity Theft Happen?
When it comes to cyberattacks, identity theft is often part of a larger scheme to compromise businesses and hold information for ransom. And it’s not just ID and credit card numbers that can become compromised. Attackers often try to gain access to online identities and login credentials as well. There are three main online types of identity theft out there:
Whether it’s getting you to click on a malicious link and login to a fake website, or getting you to download an attachment that installs malware on your machine, a phishing mail is all about getting you to compromise your identity. From there, attackers can:
- Use your login details and credit card information directly.
- Hold your accounts ransom by changing your passwords.
- Track the websites that you visit, the keys that you type in, and more to gain further access.
- Use your identity to con your colleagues, associates, friends, and family into compromising themselves.
This last case is where social engineering comes in. The more the attacker knows about you, the better they will be at both targeting you with their emails and impersonating you when trying to gain other people’s information.
Sometimes you can do absolutely everything right, and still, become a victim of identity theft. You can be as careful as possible with your email security. You can stay off social media. You can pretty much be an online recluse! All it takes is for a company that you use to become compromised, and suddenly your details are exposed.
Public WiFi Hacking
Wireless data can be a godsend. It can mean the difference between being disconnected from the world and managing to answer that urgent email in a timely manner. But public WiFi is also incredibly insecure. Data that is transferred over public networks is so easy to intercept, and attackers often use this to capture login credentials or redirect users to fraudulent sites.
How Can You Avoid Identity Theft?
Just because ID theft is so prevalent doesn’t mean that you have to be vulnerable to it. There are identity theft prevention steps that you can take to avoid becoming a victim, and while they may not be foolproof, they will go a long way towards ensuring your (and your company’s) security.
Be more mindful when checking your mail
With the number of emails that come through on a daily basis, it’s easy to click on links without really paying attention to what you’re doing. But it’s important to actually set aside time for reading emails, and being careful about the links and attachments that you click. We’d also recommend using a solution like Microsoft Outlook when checking your emails – it will warn you when a link or attachment seems suspicious, and that extra couple of seconds that it takes to confirm that you do want to open the link can prevent you from being caught unawares.
Use two-factor authentication
I really cannot recommend this highly enough. It is the number one way online identity protection method. Between identity theft and brute-force password attacks, there is a good chance that one of your passwords will become compromised at some point. But if you’re using two- or multi-factor authentication, it won’t matter if someone has your login details. They still won’t be able to log in to your account without either your cellphone or access to another email address.
Keep your social media private
If you want to share details about your life over social media, be sure to share them privately, with only your friends and family. And be careful about who you add as friends as well – if you don’t really know a person, don’t add them to your social media. By only sharing information with your inner circle, you restrict the details that are available to the public and reduce the risk of falling victim to social engineering scams.
Do a bit of research
When it comes to working with companies that you’re unfamiliar with, do a bit of research. Find out what their data protection policies are like. If they’re based in South Africa, they will need to be POPI compliant, but it’s worth checking them out and seeing if they’ve had any previous data breaches, or how they use the information that you’re sharing with them. The same applies when visiting websites. They’ll all ask you for cookies so that they can track you through their website and provide personalised experiences – but it’s worth reading through their cookie and privacy policies to make sure that you understand what data is being stored, and what is being done with it. That way, if a company does experience a data breach, you can ensure that the information an attacker can gain about you is as limited as possible.
Be careful about storing your credit card details online
In the same way that you should be careful about the personal information that you provide to companies and websites, you should also be smart about who you share your credit card details with. It’s important to check that a site is valid before entering your card details online, and even with valid sites like Takealot, it may be worth entering your details every time rather than storing them through the website. That way, you can rest assured that even if a legitimate site becomes compromised, your payment details won’t be.
Use a VPN
If you want to use public WiFi, make sure that you have a VPN enabled to encrypt the information that you send across the network. This way, a man-in-the-middle still won’t be able to gain access to your login credentials or force you to visit a site of their choosing. This is the only way you should be accessing public WiFi – without a VPN, you are just asking for trouble.
Work with a Managed IT Services Provider
As a business, if you are wanting to keep your own identity secure as well as those of every staff member, if you want to protect yourself against data breaches, if you want to make every possible effort to keep your people, your information, and your reputation safe, the best possible way is to work with a trusted IT Support partner.
When you work with a company like Solid Systems, we don’t just implement identity theft protection and security protocols and leave it at that. We help you to use Identity and Access Management (IAM) services and train your teams in how to recognise and respond to email and cyber attacks. We put world-class technology to use for your business for identity theft monitoring so that you are alerted to any unauthorised access before an attacker has the chance to compromise your data. We work with you every step of the way to secure your business and see you stepping confidently into the future.