Internet Security Threats Articles | Kaspersky Lab US

Identity theft is on the rise. According to Digital Journal, Americans now spend more than $3.5 billion per year on identity protection services—yet many are still victimized. How are attackers getting this information? Who's at risk? More importantly, how can you protect yourself? Here's everything you need to know.

What Is ID Theft?

According to the FBI, "identity theft occurs when someone unlawfully obtains another's personal information and uses it to commit theft or fraud." The type of personal information could be anything from general data, like your name or address, to more specific data like hospital records, tax return details or banking information. There are several common ways identity theft can occur.

Deep (Dark) Web
  • Data Breaches: You provide health care agencies or social website some measure of personal data, their network is hacked, and criminals either use your data or sell it to the highest bidder on the Dark Web. One of the most damaging ID theft attacks occurred when an automated IRS service was breached and millions of tax records went missing. Fraudulent returns could be filed for years after the fact. The security breach on the Office of Personnel Management in 2015 exposed the personally identifiable information of 21.5 million Americans, including 4.2 million federal employees.
  • Unsafe Social Media Use: If some of your "friends" aren't so friendly, they could leverage your personal information that you or your family members have posted on popular social media websites for profit by attempting to apply for credit cards online or access your bank account.
  • Email Hacks: If you don't periodically change your email password, there's a good chance you'll be hacked. And if you use the same password for multiple sites, such as banking or shopping sites, hackers could obtain access to all your accounts, then lock you out and go on a spending spree.
  • Physical Compromise: Though not as prevalent as it once was, interested parties can still find out a great deal about you by going through your trash. Always keep financial and other personal documents for at least seven years, and shred all personally identifiable information before throwing it away.

How Prevalent Is ID Theft?

The Bureau of Justice Statistics reports that 17.6 million Americans experienced identity theft in 2014. And as noted by the Identity Theft Resource Center, ID theft has been the number one consumer complaint to the FTC for 15 years. More data is available online to steal than ever, and criminals have easy access to Dark Web marketplaces and buyers willing to purchase this stolen information. The trend is evident in many sectors. According to Forbes, the number of patients affected by medical identity theft rose 22 percent over the last year. Although most victims don't suffer substantial monetary losses, as noted by Investopedia, theft victims spend at least nine hours on average fixing the problem—this jumps to 30 hours or more if criminals opened a new account in your name.

In large measure, the rise in identity theft is tied to the willingness of users to share personal data online, either over social sites or by "securely" communicating this information to banks or online retailers. Scammers are now looking at a virtually limitless pool of information, and in many cases, victims don't even realize they've been taken advantage of until well after the fact.

Who's Stealing Your Identity?

ID thieves are a diverse group, and many come from some quite unexpected places. Privacy Matters points out that over half of victims know their attackers. It could be a coworker, friend, employee, neighbor or even a family member. Tech-savvy children may see benefits in stealing Mom or Dad's credit card and Amazon login to buy a few items, assuming there's no real "victim" if they eventually come clean and apologize. Work acquaintances may see an opportunity too good to pass up if you leave your computer unlocked, or your wallet sitting out.

Petty criminals are getting in on the action since it's possible to download turnkey malware programs for little or no cost. Organized crime gangs making use of trained computer science graduates are also out looking for large quantities of personal data. These groups are often responsible for big retail attacks and health care breaches. The sheer volume of this data is worth a great deal on the black market.

What Do Thieves Do With Your Identity?

There are two tracks here: immediate use and holding for sale. Criminals who want to use your data right now will try everything, all at once. They'll try to hack email, smartphones and retail sites to access bank accounts—all while calling credit card companies to create new user profiles. These attacks are short-lived, however they can be financially ruinous. Other criminals will hold on to your data and either try to sell it or open a single new credit card that they'll use until the limit is reached and you start getting calls from the collection agency. These attacks are harder to detect and can add up to greater losses over time.

Who's The Target?

The short answer here is: everyone. If any of your data is online—personal info, credit card data, address, phone number—you're at risk of being compromised. Criminals don't discriminate.

How Are You Vulnerable?

The more information you have online, the greater your risk.

While many sites have taken steps to safeguard personal information, all it takes is one data breach, and you're looking at possible credit card fraud or worse. Anything you do online could potentially be made public, as victims of the 2015 Ashley Madison hack learned the hard way. In addition to facing the threat having of their names exposed to a worldwide audience, many victims of the Ashley Madison hack also faced extortion threats from opportunists who acquired the data. Regardless of social media privacy settings or the assurances of websites, one network breach or email hack can make what you believe is private public, potentially leading to both financial and emotional disrepair.

How Can You Protect Yourself?

You've got a few options when it comes to protection.

  • Keep Things to a Minimum: Use social media sparingly. Don't use your real name, never post any personal information and don't share any personal data via social messaging services.
  • Pay a Service: You can pay for a service to keep an eye out for any odd activity using your personal information.
  • Keep Your Computer Up to Date: Many hackers now use malware to steal your information. Keeping your computer up to date with security patches and antivirus software helps protect against existing vulnerabilities and detect new attacks.
  • Browse Safely: To limit the chance of a malware infection, don't open unknown email attachments or browse suspicious websites.
  • Be Self-Aware: Take the time to check your credit card statements for any strange charges, and contact credit monitoring companies like TransUnion or Equifax the minute you notice that something's awry.

ID fraud isn't going away. Any information you have online puts you at risk. Safeguard yourself by limiting the data you share and taking ownership of your online identity.