Cyber Threats, Identity Theft

Three Best Practices to Prevent Identity Fraud

Identity Management Blog Post

A recent study from Javelin Strategy & Research found that identity fraud losses totaled $56 billion in 2020, and that such incidents are only becoming more commonplace. In fact, the Federal Trade Commission reported a 113% increase in identity theft incidents from 2019 to 2020; while 79% of respondents to an Identity Defined Security Alliance study said that their organization has experienced an identity-related breach.

Individuals who have fallen victim to identity fraud know how painful remediation can be. Not only can identity theft cost you money, but it can also cost you a lot of time and stress. It can even take hundreds of hours to undo the consequences of identity theft, which is quite a long stretch of time to worry. 

Luckily, you can take steps right now to protect yourself from identity theft. In conjunction with Identity Management Day 2022, here are three best practices to  shield your digital identity from cybercriminals, scammers and fraudsters. 

Why Cybercriminals Need Your Data for Identity Fraud Schemes

Cybercriminals are constantly trying to breach online systems and accounts as each contains a treasure trove of sensitive data tied to your identity. If they get ahold of any private information, then it makes committing identity theft much easier.

Let’s say, for example, that a cybercriminal has managed to break into your Amazon account. At a minimum they now have access to your full name, home address, email address, phone number, and your credit card information.

These are data points cybercriminals can use to jumpstart their efforts to commit identity theft. It’s information that can be used to open credit cards and file taxes in your name. If they can get into your email address, and you reuse a password for both your email and Amazon accounts, then they can  gather even more details for them to target other accounts. 

Further, if identity thieves can obtain information about your medical records, they can then steal data and use it to get treatments in your name. And if they can somehow grab your Social Security number, then a lot of doors will open for them that you will wish were kept closed.

Password security and dual factor authentication: Protecting the front lines

To protect online accounts, and your digital identity, ensure that all of your passwords are lengthy, complicated, do not contain any common phrases and are unique for each service you sign up for. You should also consider storing them in a password vault for extra protection.

But even the best password security cannot fully guard against a data breach. A report from Forbes cited a study where a research team found 15 billion passwords on the dark web that were stolen from 100,000 data breaches. You may create that lengthy, complex password, but still have it fall into the hands of cybercriminals.

But that doesn’t mean all is lost. Dual factor authentication can add an extra layer of security to your online accounts. While you can have a code sent to your email, it’s highly recommended that you have any verification codes sent to an authenticator app, such as Google Authenticator or Authy. Since cybercriminals can also target email accounts, having a code sent to a device in your physical possession will ensure that only you can login into your account, even if your password is compromised.

Social media: Watch what you post

The Javelin study also found active social media users are 30% more likely to become victims of identity fraud. For those on Snapchat, Facebook and Instagram, the risk jumps up to 46%. You may not think so at first, but social media profiles can provide all of the most valuable data points cybercriminals need to compromise your digital identity.

For example, you may have tagged your home location in several Instagram posts or you may have your birthday listed on your Facebook profile. Now, let’s look at how your birthday can play an integral role in a hacker’s plan to commit identity fraud.

Chances are, your name and other information is already available for cybercriminals to find. Perhaps they can glean it from a Google search, or maybe they can grab it from an online data broker. Your information may also have been previously compromised in a data breach.

By leaving your birthday out in the open on social media, you are making it easier for cybercriminals to create a more in-depth profile of you. As a result, identity thieves can now potentially open credit cards and apply for loans in your name. Your birthday could also be the personal information needed to reset your PINs and security questions, locking you out of your own accounts.

This is why limiting what you post on social media platforms is so important. Additionally, it’s also wise to keep your social media accounts private. You should only accept friend requests from people you know, and make sure to sign in with MFA.

If you keep your accounts public, or accept friend requests from online strangers, you run the risk of leaving important data open for anyone to gather. Cybercriminals may use some of that information to create profiles in your name, or to gather certain clues to help bypass security questions for your online accounts.

None of this is to say that you shouldn’t share anything on social media at all, but it’s not a bad idea to think before you post.

Phishing & social engineering: Watch what you click

Phishing is a common social engineering cyberattack where hackers send messages to victims containing malicious links or webpages. These messages are often sent under the guise of something either good or bad.

For example, a phishing email may say you’ve won a contest, and to claim your prize, you need to click on a link. Other examples including messages claiming that there’s an issue with an account, and the only way to fix it is to go to the company’s “website.”

These malicious links may ask you to enter in valuable pieces of information, or may trigger a malware download. Either way, the goal is to trick you into turning over information tied to your digital identity. As outlined by the examples above, cybercriminals want these data points to fill out forms and use services in your name. By falling for a phishing scheme, you are unknowingly giving them all the information they need. 

But there are ways to spot fakes. If you see a message that conveys an unusual sense of urgency, or includes plenty of misspellings, you are likely facing a hacker. 

The best course of action is to ignore any emails, texts, or social media messages that come from senders who you don’t recognize. You can’t click on a bad link if you delete the message in the first place.

Protect your identity everyday

It’s important to practice good cyber hygiene. If you do so, you’ll limit your risk of falling victim to identity theft, data breach and financial fraud. And by staying safe online, you’ll save yourself money, time and a lot of headaches.

Your digital identity will thank you for it.