- Security TWENTY
- Women in Security Awards
Tech-savvy people are at more risk of becoming victims of identity fraud compared to those who only use digital technology on a practical, day to day basis, according to a credit checking company.
Research from Experian found that the most prolific users of mobile and social technology who make up 7.7 per cent of the UK population, accounted for almost a quarter (23 per cent) of all ID fraud victims in 2015. This group saw the biggest increase in ID theft, rising by 16.7 per cent over the previous 12 months suggesting a lack of protection against identity theft. In contrast, the research based on 2015 Experian fraud data found that the next biggest rise came from those at the other end of the scale – older and retired households, predominantly living in rural communities, with limited interest in technology and slower broadband. This group of people makes up 1.6 per cent of the UK population, but saw fraud rise by a worrying 15.4 per cent year-on-year.
Nick Mothershaw, UK and Ireland Director of Identity and Fraud at Experian, said: “It is vital that those embracing technology also embrace protecting themselves online. Using the latest device doesn’t necessarily mean full protection and being complacent about the risk of ID theft makes for a tempting target for ID fraudsters.
“At the other extreme, those using more traditional channels are not immune to fraud. These people are being targeted through phone and email scams by fraudsters trying to steal their details. They tend to be less aware of the types of scams fraudsters undertake, who can be very manipulative and sound trustworthy on the phone. The sole rule is to never give out personal details, passwords or PINS to anyone, whether it is on the phone or by email.”
Robert Capps, VP of Business Development at NuData Security, a behavioural biometrics company, said: “This is yet another reminder for those of us who spend a significant amount of time online, that we can’t become complacent when it comes to our online habits. We all need to practice good password management, and be extra rigorous with our social media information. The little bits of data, effectively electronic cookie crumbs, that we leave around in our day to day interactions online, are very useful to those with ill intent. When combined together, it’s quite simple for the bad guys to connect the dots between these data points, and the credentials that protect our banking, brokerage, and retail accounts, giving them easy access to more sensitive information and financial assets. When we’re making this info freely available in social media and then using it as keys in our online environments, we have to realise that thieves are using more and more sophisticated tools to search and find these common linkages.
“When it comes to breaches we don’t really think about what happens to the data after the initial theft, but this data doesn’t just disappear. It’s collected and combined by the bad guys into a vast data set of consumer data, which is extremely useful to today’s fraudsters to thwart existing online security and identify verification systems. Data thieves sell this information, including social security numbers, addresses, dates of birth etc., to aggregators, who cross-reference and compile full identities to be traded and sold on the data black market. This increases the value and usefulness of the data, which may have been gathered from multiple data breaches, malware, phishing attacks, or social media scrapping.
“Eventually, there will be widespread adoption of better authentication tools that companies can use to determine if it’s really you logging in. Meanwhile, make sure you have adjusted your social media privacy settings and only accept connections from those you personally know. A good password manager can help store and encrypt your passwords, and make sure you rotate your passwords frequently. If you have a choice, choose the least obvious two-factor authentication answers, for example: “What’s your paternal Grandmother’s name?”, the answer could be the “Philadelphia Eagles” (which only you would know was her favorite football team). Check your bank statements and credit report frequently to ensure there is no unusual activity.”
Experian offers steps against fraud; for example:
Online passwords: While it may be easier – and alot less time consuming – to have the same password for all online accounts, there’s nothing more attractive for ID thieves. A person wouldn’t use one key for all the doors in their home. The same applies for all digital security measures. It is crucial to have unique, secure passwords for each online account. People should consider the strength of their password; always use a combination of upper and lower case letters, numbers and symbols.
Keep up-to-date: Installing the latest antivirus on all devices that are connected to the internet will help to protect from spyware and malware. Updating apps as and when new versions are released will ensure access to the latest features, but will also improve app security and stability.
Be social savvy: As open as people may like to be on their social profiles, they must remember that often the information shared is in the public domain and could be easily traceable. People should be cautious about the information they post, such as their email address, date of birth and family pet names – especially if they may be used as passwords. People should also think twice before adding someone they don’t know to their network.
Passcode protect: A lot of personal information is stored on devices that are not password protected. That’s emails, apps, messages – a vast amount of information that could be a goldmine for fraudsters if the device is lost or stolen. People should always lock their mobile device, whether it is with a passcode or a gesture, to prevent access to such information, should the worse happen.
Check the post: Receiving unexpected, irrelevant mail, could be a sign of ID fraud – particularly mail that is outside of the usual purchasing sphere. For example, if a person doesn’t own a car, but suddenly starts receiving copies of CAR Magazine, this could be an indication that something is awry and that a car has been purchased in their name.
Be credit wise: Should personal information fall into the wrong hands, it’s good to know where those details go. People should check their credit report to see if credit has been applied for under false pretences. Web monitoring tools are also useful as they scour the web for stolen details – sending people an instant notification if their information appears somewhere new online.
Mothershaw added: “Everyone has a responsibility to keep their identities safe. While we and other organisations work hard to protect people’s identities from fraudsters, by sharing this research we hope to make people more aware of the role they can play when it comes to keeping their own information safe.”