The Identity Theft Resource Center (ITRC) predicts that during the next 12 months identity theft protection services will primarily focus on data breaches, data abuse and data privacy. ITRC also predicts that consumers will become more knowledgeable about how data breaches work and expect companies to provide more information about the specific types of data breached and demand more transparency in general in data breach reports.
Cyberattacks are more ambitious
According to a 2019 Internet Security Threat Report by Symantec, cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud. Cybercrime groups like Mealybug, Gallmaker and Necurs are opting for off-the-shelf tools and operating system features such as PowerShell to attack targets.
- Supply chain attacks are up 78%
- Malicious PowerShell scripts have increased by 1,000%
- Microsoft Office files make up 48% of malicious email attachments
Internet of Things threats on the rise
Cybercriminals attack IoT devices an average of 5,233 times per month. Routers and connected cameras were the main targets of IoT attacks in 2018, accounting for about 90% of activity. IoT attacks involving connected cameras increased by about 12% in the last year as well. According to Symantec, cybercriminals most often access IoT devices by using the passwords: 123456, [BLANK], system, sh, shell, admin, 1234, password, enable and 12345.
Formjacking is up 117%
More than 57,600 unique websites were compromised by formjacking in 2018, and cybercriminals continue to take in millions each month by hijacking credit card data from online payment forms.
Ransomware activity is down 20%
Ransomware attacks decreased last year for the first time since 2013 — identity theft experts suspect this is because ransomware attacks target Windows-based applications and more people are storing and sharing data using the cloud. Ransomware threats remain a risk for businesses, as enterprise ransomware has increased by 12%.
New account fraud is up 13%
In 2018, new account fraud accounted for $3.4 billion in losses, up from $3 billion in 2017, according to Javelin Strategy. The most common targets for new account fraud are mortgages, student loans, car loans and credit cards.
Account takeovers are up 79%
The number of account takeovers also increased, rising from 380,000 in 2017 to 679,000 in 2018. Both individuals and enterprises are at risk for account takeovers.
Increased effort to solve the year 2038 problem
Similar to the Y2K problem, the 2038 problem is a bug that will affect the way computers store time-stamps. Computer logic defines time-stamps with the current date and time, minus the number of seconds that have passed since January 1, 1970, when computers originated. In 2038, the number of elapsed seconds will exceed the information that can be stored in a four-byte data type, meaning most computers will need an extra byte to preserve their timing systems. The 2038 problem will be a logistical nightmare to solve and could affect databases and make private information public. Without a resolution, hackers will likely search for ways to exploit this bug.
Who is most likely at risk? Most identity thefts are crimes of opportunity. Identity thieves often target those who don’t regularly check for identity theft warning signs and are unlikely to report irregular activity on their credit reports.
Children and seniors: Everyone with a Social Security number is at risk for identity theft, but two demographics are targeted aggressively and often: the very young and the very old.Children are targeted because identity thieves can use a child’s Social Security numbers to establish a fraudulent “clean slate.” Identity theft experts recommend parents monitor their children’s credit reports to check for identity theft as often as their own.Seniors are targeted most often over the telephone and through internet phishing scams. Some studies suggest that people become more trusting as they age, which explains why it’s more difficult for older adults to detect fraudsters.
Members of the military: While deployed, active duty members of the armed services are particularly vulnerable to identity theft because they may not notice mistakes on their credit reports or receive calls from debt collectors regarding a fraudulent charge. According to FTC reports, military consumers are most affected by credit card and bank fraud.
- All military consumer credit card fraud reports: 10,590
- 2019 total military consumer bank fraud reports: 5,723
Military consumers’ reports of employment or tax-related fraud increased by 85% between 2017 and 2018. Military members are also increasingly affected by loan or lease fraud.
Social media users: It’s relatively easy for cybercriminals to discover a person’s name, date of birth, phone number, hometown and other sensitive information through social media and networking sites. With this information, an identity thief can target victims for phishing and imposter scams. Last year, the FTC processed 9,439 email or social media identity theft reports, a 23% increase from 2017.
Repeat victims: People who have previously been affected by identity theft are at a greater risk for future identity theft and fraud. According to the Center for Victim Research, 7-10% of the U.S. population are victims of identity fraud each year, and 21% of those experience multiple incidents of identity fraud. For more information about how victims of identity theft can protect themselves from future fraud, read about the identity theft recovery process.
The deceased: Identity thieves can target the recently departed with information gleaned from public obituaries and access the deceased Social Security number through the Social Security Administration’s Master Death File. Stealing a dead person’s identity is commonly referred to as “ghosting.” Ghosting often goes unnoticed by surviving family for months or years. Deceased identities stolen per year: 2.5 million