In its latest trend report, the Identity Theft Resource Center (ITRC) says that for victims of identity crimes and compromises, fraud and scams have reached levels that haven’t been seen in the last 20 years.
The ITRC said the biggest increases in the last year shook out like this:
Reports from victims of non-financial account takeover (235% increase over 2020)
Social media account takeover (1,044% increase over 2020)
Identity misuse involving government credentials or accounts (154% increase from 2019-2020 and 7% increase from 2020 to 2021)
When it comes to the targets identity thieves are looking for, the three largest are public agency information such as unemployment, SBA/PPP Loan, IRS info; financial info like checking/savings accounts, credit cards; and, thirdly, medical accounts.
“When we look back on 2021, it was a record-breaking year in so many different areas,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “We saw many different forms of identity crimes reach levels we have not seen since we were founded in 1999. With high water marks for identity fraud, compromises, and misuse, it’s important to take protective measures.”
The sad but true adventures of an identity thief
The stories that the ITRC told in its report are pretty sad. One tale of woe came from a victim who said someone tried to apply for a credit card with his child’s personal information.
Another said they received a letter from the unemployment office under her deceased husband’s name – and her husband had passed away nine years earlier.
And ID thieves know no limits, either. An example of that, the ITRC said, came from a representative of a homeless shelter who called on a client’s behalf – a client who was applying for food stamps but was denied because the unemployment office said they had received $10,000 in unemployment funds.
Experts weigh in on how consumers can protect themselves against identity theft
With all that people have to do in their daily lives, the last thing they probably want to spend time on is being vigilant. To help readers focus on a manageable list of items, ConsumerAffairs reached out to identity experts. To start, we asked ITRC Chief Victims Officer Mona Terry for her number one recommendation.
Keep your personal info to yourself. “Do not share your personal information, particularly with someone you do not know well,” Terry said. “Personal information includes your username and password, debit/credit card numbers, identification documents, and even one-time passcodes.”
Be careful about public wi-fi. “Be careful utilizing public Wi-Fi at coffee shops and public places, utilize a Virtual Private Network (VPN) on all your devices to make you a harder target,” suggested Christopher Sanders, president of the Palatin Group, a global intelligence and security firm.
Use multi-factor authentication. “The single most important way to protect against cyber threats is to use multi-factor authentication (MFA),” Daniel J. Siegel, secretary in the Law Practice Division at the American Bar Association, said.
“By requiring users to not only login, but also verify their identity by a second separate method, such as a texted code number, you will eliminate the overwhelming majority of threats. Many businesses, such as banks, will allow customers to create a code word for access. Studies show that MFA is the most effective means to protect your information.”
Monitor your credit score frequently. Daniel Markuson, digital privacy expert at NordVPN, gave ConsumerAffairs this tip: “Monitor your credit score and use services that allow you to track different factors that influence your score over time. For example, when a scammer steals your identity to open new cards or loans in your name, and there is lack of payment, your credit score will likely drop even when you have not made any credit errors yourself."
Consider opting out of most prescreened credit offers. ConsumerAffairs credits Texas’ Attorney General Ken Paxton for this. He suggests consumers who are tired of getting unsolicited credit or insurance offers – some of which may be identity thieves who steal mail – they can opt out of those mailings by calling 1-888-567-8688 or going to OptOutPreScreen, the official Consumer Credit Reporting Industry website to accept and process those requests.
Keep an eye out for Google Voice/Insta account takeover scams. “Don't give verifications codes out to anyone, unless you specifically requested it through a login or other action,” Joshua Pardhe, a cybersecurity researcher at Arizona State University, said. “If anyone sends you a code from their side and asks you to read/send it back, it is an immediate scam.”
Don’t be shy about freezing your credit reports. Hari Ravichandran, founder and CEO at Aura, an online privacy safety service, offered this nugget when it came to credit reports: “One of the best ways to protect against this form of identity theft and protect your financial stability is to lock your credit to prevent criminals from using your stolen personal information against you,” Ravichandran said.
“This is offered through all three major credit bureaus and certain software and can conveniently be switched on and off in order to allow approved third-parties to access reports when needed. If you suspect that your personal information has been compromised in a data breach or otherwise, seriously consider freezing your credit in order to prevent bad actors from opening accounts or taking out loans in your name.”
Stop using weak passwords – like your dog’s name! Naftali Harris, Founder & CEO at SentiLink, said that “Even though a lot of the responsibility for preventing account takeovers and financial crimes lies with financial institutions, the public has to pull its share of the load, too. Using strong, unique passwords for all important services online such as bank accounts, email, and social media, ideally using a password manager.” The Federal Trade Commission (FTC) offers an excellent primer on how to create good passwords.
Don’t just focus on money-related accounts. “In addition to considering financial implications, you may want to review other types of accounts for misuse or misappropriation,” suggested Jenn Behrens, partner and executive vice president of Privacy and Security at Kuma LLC. “This can include government identities like Social Security numbers, drivers’ license numbers, phone accounts, and benefits. Medical identity theft and child identity theft are different types of fraud that can occur when your identity is stolen and require additional consideration for how to reduce potential negative impacts.”
Resist the click. "When you receive a suspicious email, text, or call, you may be the target of fraud," suggests Carey O'Connor Kolaja is the CEO of AU10TIX, a provider of fully automated identity verification technology. "Don’t click, respond to or share the message. Screen for inconsistencies such as inaccurate or false information. Instead, reach out to the company or individual that contacted you to confirm their legitimacy."
Act quickly if your accounts are compromised. Finally, this suggestion from Jim Van Dyke, senior vice president of Innovation at Sontiq, a TransUnion Company: "One of the most important things consumers can do to protect themselves against financial fraud is to take appropriate action when their information is compromised in a data breach. As someone uniquely interested in data breaches, I monitor newly reported data breaches and trends. Recent observation shows the number, and severity, of data breaches has spiked. Previously the average was 5-7 breaches today, and more recently it’s over 30.”
“In light of recent trends, one uncommon piece of advice for consumers who have had their medical account or patient data exposed is to review the safety of their medical information with the Medical Insurance Bureau. Similar to a credit report, consumers can verify the veracity of medical services provided, which may reveal medical ID crimes,” he said.
The ITRC offers both consumers and victims free support and guidance from a knowledgeable live advisor. That assistance is available by calling 888.400.5530 or visiting its live chat page.