Data from the Federal Trade Commission (FTC) shows that consumers reported losing more than $10 billion to fraud in 2023. This marks the first time fraud losses have reached that benchmark, with a 14% increase over reported losses in 2022.
The tactics of fraudsters are continuously evolving to keep up with the latest trends and technology. While low-tech methods like stealing your wallet or mail from your mailbox or digging for paper records in the trash still exist at some level, most fraud now occurs online. Here are the most common methods of identity theft:
-
Phishing, Smishing, and Vishing
Scammers are utilizing emails, text messages, and fraudulent phone calls to target victims and mislead them into providing personal or financial information. Hackers may also use these tactics against your staff or help desk to try to obtain information regarding your employees or customers.
-
Capitalizing on Data Breaches
Large-scale data breaches are increasingly common, and batches of stolen personal information from those impacted will often end up for sale on the dark web. Criminals can purchase these records and use the information for identity theft.
-
Taking Advantage of Oversharing on Social Media
What was your first pet’s name? Where were you born? Can these details be found within your social media accounts? Personal information can be harvested from social media profiles and exploited by identity thieves to gather data for phishing scams or to access your accounts. When targeting organizations, hackers may review LinkedIn profiles or other social media sites to collect information about executive teams and phish employees with carefully planned campaigns posing as an executive within the organization.
-
Targeting Peer-to-Peer Payment Platforms (P2P)
Apple Pay, Google Pay, CashApp, Zelle, and Venmo offer a fast and convenient way to share costs with friends and send money. Unfortunately, they are also becoming a popular payment method targeted by scammers as they often lack the fraud protections implemented by traditional banks and card brands.
-
Harvesting Biometric Data
As more and more organizations utilize biometric authorization, the risk of data like fingerprints or facial recognition scans being stolen and misused increases.
-
Exploiting Internet of Things (IoT) Devices
Smart devices like security cameras, personal assistants, fitness trackers, etc. are often overlooked as potential targets for data theft. Criminals can leverage vulnerabilities in IoT devices to gain access to personal information stored within the devices or associated accounts. Vulnerabilities in unpatched or outdated devices may also lead to hackers compromising a device, gaining control over it, and compiling personal information from connected accounts or devices within the same network.
-
Utilizing Advanced AI Tools
Artificial Intelligence (AI) technology can allow criminals to create fake IDs with convincing, computer-generated headshots and nearly undetectable documentation. Some perpetrators may even create what are called synthetic identities where they combine some real information with fake information to make detection and prevention even more challenging.
-
Impersonating Individuals
Perhaps the most concerning use of AI is deepfake technology in which criminals can recreate highly realistic fake videos, images, and recordings to impersonate an individual and manipulate colleagues into revealing personal information or approving requests.
In February 2024, a finance worker at a multinational firm in Hong Kong was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call. The worker thought he was on a video call with several other members of staff, but all other participants were in fact deepfake recreations.
Identity theft can lead to significant financial losses (both personally and for your organization) through unauthorized transactions like the above example, fraudulent loans, or drained bank accounts. An identity thief can ruin not only reputations but also credit scores and the ability to obtain loans or aid in the future. If your organization is responsible for leaking data or failing to identify potential red flags when protecting covered accounts, customers will develop distrust for the organization and may refuse to work with you or purchase services in the future.
It is important to be aware of not only how you are protecting your personal information, but also how your organization is protecting the sensitive customer data stored within systems and applications, and accessed by you and other employees. Exercise due diligence in your daily operations and adhere to organizational processes and procedures. Always report suspected or confirmed fraud immediately to protect both your customers and your institution from unnecessary costs and reputational damage.
To help ensure your staff understands their responsibilities for protecting covered accounts and preventing identity theft, request a demo of CampusGuard’s updated 2024 FACTA Red Flags training. This course can be purchased as a single compliance course or as part of CampusGuard’s Compliance Package (to include training for PCI DSS, GLBA, FERPA, HIPAA, and FACTA Red Flags).
