Identity fraud has continued to rise at record levels in the first six months of 2017, according to the counter-fraud trade body Cifas. A record 89,000 identity frauds were recorded, up 5pc from last year. Most, 83pc of identity frauds were done online.
Cifas points to a sharp rise in identity fraudsters applying for loans, online retail, telecoms and (sharpest rise of all) insurance products. Although the number of identity fraud attempts against bank accounts and plastic cards has fallen these still account for more than half of all identity fraud cases. Plastic cards are the largest single financial product to feature in identity fraud cases; next come bank accounts, although those two categories each saw falls in numbers compared with the year before.
The chart shows the main five financial products; 2016 total cases in blue, 2017 in red.
Who are the victims of impersonation? Few are under 21, but that arguably is because they haven’t much online financial footprint to be hacked or exploited. The largest single cohort of victims of impersonation is people in their 30s, closely followed by those in their 40s. The number of victims of impersonation aged over 60 actually fell, the only group by age to see a fall; although not all victims of impersonation are recorded with a valid UK address or date of birth, so not all cases can be given a regional or age breakdown.
As Cifas says, most identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often victims do not even realise that they have been the target, until a bill arrives for something they did not buy, or they suffer problems with their credit rating. To carry out this kind of fraud, fraudsters need access to their victim’s personal information such as name, date of birth, address, their bank and who they hold accounts with. Fraudsters get hold of this in a variety of ways, whether stealing physical mail, or hacking; obtaining data on the ‘dark web’; exploiting personal information on social media, or though ‘social engineering’ where innocent parties are persuaded to give up personal details to someone pretending to be from their bank, the police or a retailer.
Simon Dukes, Chief Executive at Cifas said: “We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day. These frauds are taking place almost exclusively online. The vast amounts of personal data that is available either online or through data breaches is only making it easier for the fraudster.
“Criminals are relentlessly targeting consumers and businesses and we must all be alert to the threat and do more to protect personal information. For smaller and medium-sized businesses in particular, they must focus on educating staff on good cyber security behaviours and raise awareness of the social engineering techniques employed by fraudsters. Relying solely on new fraud prevention technology is not enough.”
And Head of the City of London Police’s Economic Crime Directorate, Detective Superintendent Glenn Maleary said the new figures came as no surprise. “The more our lives move online the easier it becomes for fraudsters to steal our identity. It has become normal for people to publish personal details about themselves on social media and on other online platforms which makes it easier than ever for a fraudster to steal someone’s identity.
“The figures show that both businesses and consumers are targeted and it is therefore important that people commit to protecting themselves in all aspects of their lives. Be careful who you give your information to, always consider whether it is necessary to part with those details. Cyber security is becoming increasingly important and we urge everyone both at home and at work to ensure that they have the right security settings on all of their devices.
“We urge consumers and businesses to be conscious of identify fraudsters and to use our protection advice to help stop them in their tracks. We continue to work with banks, retailers and other members of industry to disrupt fraudsters activity however we also realise it is our responsibility to help advise consumers and businesses around these types of issues. We urge anyone who is interested in finding out about the latest fraud trends to sign up to our Action Fraud alerts.”
For more advice visit the Action Fraud website.
About Cifas
A membership body, its members are typically banks and insurance companies. Cifas offers Protective Registration for those whose identities are at risk of being used fraudulently, for instance after a burglary; and run a Protecting the Vulnerable scheme offered free to councils to protect those under the care of Court Deputies who are unable to access financial products and whose identities may be at risk.
Some advice
Set your privacy settings across all the social media channels you use. Think twice before you share details – in particular your full date of birth, your address, contacts details – all can be useful to fraudsters.
Password protect your devices. Keep your passwords complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals.
Install anti-virus software on your laptop and any other personal devices; some can be free.
Take care on public wi-fi – fraudsters hack them or mimic them.
Comments
Rob Wilkinson, Corporate Security Specialist at Smoothwall, a web filtering product company, said: “Cyber-crime comes in all shapes and sizes, with today’s figures highlighting the epidemic levels identity fraud alone has reached. It is an issue that we are all responsible for, and need to play our part in making it as difficult as possible for cyber criminals and fraudsters to gain access to our information. The onus lies chiefly with companies to ensure they are protecting their customers and their data from fraud and identity theft, and with more and more data being collected by more and more companies, securing this data has never been more important. Companies need to also look at their suppliers and partners to ensure they don’t open themselves up as a target; in a digital world where companies are interconnected, hackers will look to find their weak spots and vulnerable points of entry.
“All companies must protect their data and that of their partners and suppliers. They need to comply with regulation and build a layered security defence which spans encryption, firewalls, web filtering and ongoing threat monitoring as well as a proactive stance. But the public have a role to play too; they need to be incredibly careful about the information they share online. It can be very easy to pool this information and use it to build a profile which can be used for social engineering – the building up of a profile of someone over time. Even something as simple as an email address and password can be all they need to cause financial and reputational damage.
“With the right measures and contingency plans in place, both companies and consumers can ensure they are doing all they can to combat the never-ending threat of cyber-crime and fraudulent activity.”
Matt Peachey, GM International at an anti-phone fraud product company, Pindrop, said: “If you think about how online security has matured in the last decade, this line of defence has grown stronger as attacks have become more sophisticated. Phone security to date however, has lacked the innovation, education and sophistication needed to protect customers and subsequently has become the weakest line of defence. Fraudsters are proving successful as they use cross channel tactics to commit these attacks. Without the right authentication and fraud detection in place, consumers and organisations will continue to get duped, particularly as the boundaries between phone and online continue to blur.”
And Paco Garcia, CTO at digital identity product company Yoti said: “While peoples’ desire for convenience often trumps security concerns, it’s clear that individuals need greater support to operate both conveniently and securely in an increasingly digital world.
“Websites need to protect customers by giving them a better, safer way to create and access online accounts. Once websites overcome this secure login challenge, we’ll be on the way to overcoming the threat of ID fraud. In future, far more websites will use biometric authentication – a selfie, fingerprint or heartbeat – to verify the identity of users. Biometrics introduce better fraud detection, better identity management, better audit trails, better internal controls and, as a result of all of that, more trust from consumers.”
