Reports of identity thefts skyrocketed in 2020 with 1.4 million cases reported to the Federal Trade Commission – more than double the number in 2019. The grim numbers were a possible result of the global pandemic that provided cybercriminals and identity thieves an opportunity to develop new mechanisms to commit online fraud.
Identity theft occurs when criminals obtain unauthorized access to personally identifiable information (PII) and use it to commit fraud or other crimes. The victim usually faces devastating effects potentially lasting for years including financial loss, impact on credit score, legal fees, and loss of employment opportunities, which can eventually impact emotional and physical health.
COVID-19 and Identity Thefts
As healthcare and educational organizations, businesses and governments transitioned to digital processes considering the pandemic, many were unprepared and lacked essential identity verification systems; or used outdated security methods. Hence, they became new targets for cybercriminals.
Unemployment benefits fraud was rampant last year. Some states eased authentication and verification practices as they rushed to issue COVID-19 relief benefits. In many cases, organized groups of cybercriminals used stolen PII to apply for unemployment benefits on state websites which contributed to $36 billion in improperly issued unemployment benefits.
To avoid being a victim of identity theft, one must follow security practices to avoid inadvertent exposure of personal information. For instance, the Better Business Bureau has warned that posting pictures of vaccination cards on social media may put people at risk for identity theft. Incidentally, research has shown that fake vaccine passports and vaccines for sale are proliferating the dark web.
It is important to understand that the effort to prevent identity theft is worth it considering the level of resources and time that is associated with recovering from it.
Security Best Practices
- Stake claim to critical accounts such as Social Security, financial institutions, and credit cards.
- Use strong, unique passwords/passphrases. Do not use the same password on multiple accounts. Store them safely.
- Enable multi-factor authentication whenever available.
- Activate transaction alerts on credit cards and financial accounts.
- Regularly monitor account activity and statements.
- Immediately contact providers if there is any unauthorized activity.
- Verify that your home wireless network is secure, and access accounts from home. Change default passwords for both Wi-Fi and the admin account. Do not include your name or identify your home in the wireless network name.
- Pay attention to website addresses when logging into accounts. Consider using a designated device solely for accessing financial accounts – this means not using the device for emails, gaming, shopping or surfing the internet. Keep a watch on minors when they use a device.
- Consider closing all open but unused financial accounts and credit cards.
- Install antivirus software, keep it up-to-date, and set it to run automatically.
- Keep personal information secure – at home, in your car and at work. Shred financial documents, and do not carry your Social Security Card.
- Be cautious of phishing, SMiShing, and vishing scams. Do not click on links in emails or texts. Instead, open a browser and type the website address. If a financial institution or someone claiming to be the Internal Revenue Service or Social Security Administration calls, do not provide any information and hang up. If you wish to call them back, obtain the telephone number from the official website.
- Always limit the amount of personal data you share.
- Monitor your credit reports – anything you don’t recognize could be a sign of fraud. The three major credit bureaus are offering free weekly credit reports until April 20, 2022.
- Consider credit freezes, which are free and block access to your credit reports without your permission.
If you are ever a victim of identity theft, visit IdentityTheft.gov to report the theft and to formulate a recovery plan.
The National Cyber Security Alliance and the Identity Defined Security Alliance are collaborating to generate awareness about the importance of identity management and securing digital identities. Beginning this year, Identity Management Day will be annually recognized on the second Tuesday of April. For more information about Identity Management Day including resources, click here.