ID scammers are taking advantage of newer technology!
Technology is helping stamp out some forms of identity theft, and it continues to improve. In addition, consumers are becoming savvier. Every day, would-be identity thieves are stymied by anti-theft technology, savvy consumers or both.
Unfortunately, ID scammers also take advantage of newer technology, constantly changing how they get people’s information and use it. Twenty years ago, people worried about thieves stealing blank paper checks from their mailbox.
- Shopping cart viruses
You go to an online store and enter your credit card information. You may be “formjacked.” The program Magecart attaches itself to online shopping carts.
“It’s like credit card skimmers you might see on an ATM, but it attaches itself to a shopping cart and gathers information as you’re typing it in,” says Robert Siciliano, cybersecurity market expert at ETFMG.com.
What to do: You can’t prevent shopping cart viruses 100% if you shop online.
Siciliano says, “What they can do to mitigate risk is to set up push notifications. These are alerts you set up with your credit card or bank. If the bad guy skims information with the Magecart, you get a notification.”
You should also limit your online shopping, especially at smaller sites.
“Your smaller mom and pop stores, that’s where you can run into trouble,” he says.
See related: Formjacking: The biggest credit card cybertheft you’ve never heard of
- New account fraud
Using your Social Security number, thieves can open new accounts. Siciliano sees this type of fraud rising because so much information is readily available online.
“There’s been some 20 billion data breaches in the last 4-5 years,” he says. “Our records have been compromised in a number of ways and places. Your email may have been compromised a dozen times, your passwords, credit card numbers, account numbers, names, addresses, phone numbers, all multiple times.”
What to do: Freeze your credit report. Without a credit freeze, it’s too easy for someone to open an account in your name. Siciliano also recommends identity theft protection.
“They’re not going to protect you from everything, but their insurance protection kicks in,” he says.
- Apps that share data
“We’ve probably all got a dozen different apps on our phones which share our information,” says Simon Marchand, chief fraud prevention officer at Nuance.
What to do: Limit the number of apps you download and data you share. Be aware of how much of your information is out there, and that fraudsters may only need one more piece of the puzzle to commit identity theft.
- Phishing and whaling
When you get an email trying to persuade you to divulge personal information supposedly to your bank, credit card company or even employer, it’s called “phishing.” If you’re a big “fish,” such as a high-ranking banker or executive, you’re referred to as a “whale” in the identity theft world. Scammers use whaling to hack into business and government systems.
What to do: Continue being vigilant about phishing and whaling in 2020, according to Daniel R. Hill, president of investment advisory firm D.R. Hill Wealth Strategies. Hill says he reiterates to his clients the need to question all emails – especially those containing links from unknown sources.
“I discuss with them if they have any hesitation or suspicion regarding an email or phone call, immediately delete the email or terminate the call,” Hill said. “Then, call the main number associated with the company attempting to do business with you to verify the source.”
Your credit card company won’t call and ask for your PIN. If someone claiming to be your bank calls and asks for your PIN or anything else suspicious, hang up and call the number on the back of the credit card.
“I remind my clients they are not required to share every piece of information about themselves,” says Hill.
Avoid phishing scams by not mindlessly opening everything in your inbox. If you don’t know who sent an attachment, or if you aren’t sure it’s from the person it says it is, don’t open it.
- Identity theft through social media
Oversharing on social media makes it easy for crooks to steal your identity.
What to do: Hill advises clients to only use their first and last name on social media sites – not their full name with middle name or initial they would use on their credit cards – to make it harder for identity thieves to open or use your credit card.
Hill also recommends you be a little more cagey about personal details you share on social media.
“For example, instead of placing the exact city where you live, I advise my clients to list the closest major city to help broaden the locality of one’s personal identity.”
See related: How to report and protect yourself from credit card fraud and identity theft
- Child identity theft
“2020 will be another big year for child ID theft,” says Siciliano.
Parents may not even know crooks have opened accounts in their children’s names and trashed their credit until years later, when the kids try to buy a car or apply for credit.
What to do: Every child should have a credit freeze on their file. Since September 2018, you can get a credit freeze for free from each major credit bureau. Parents can freeze the credit of children under the age of 16.
Tip: The major credit bureaus – Equifax, Experian and TransUnion – are not required to provide an online option for freezing your child’s credit. To do so, you must mail in your credit freeze requests. Read more in “Despite free credit freezes, consumer complaints continue.”
- Stolen passwords and PINs
Biometrics are being used by the biggest financial institutions in the world. They change security from verifying what you know and what you own, to what you are.
“It provides a frictionless option for consumers and it’s the most secure way to authenticate a person who is trying to make a payment,” says Marchand.
Relying on passwords, PINs, and pets’ names is old school.
“That information is often known better by the dark web than by the legitimate users,” he says.
Biometrics may use your voice, facial recognition, fingerprints and more.
“Voice biometrics is basically how you sound, regardless of the words you choose or the language you speak,” says Marchand. “There’s also lesser-known biometrics that are behavioral, such as how you use your computer, how you use your mouse, how you hold your phone. We can also track how you structure sentences, how you hesitate.”
Biometrics can even be used in email and texting conversations.
“You have a way you write that is your own,” says Marchand.
What to do: You should always know when an institution is using biometrics to secure your account because they should ask your permission.
“The key to proper use of biometrics is consent, and everybody should consent to it being used,” says Marchand.
If a business isn’t using biometrics, Marchand says the consumer should ask them why they aren’t.
“Asking questions is how we can drive change as consumers,” he says.
- Wire fraud
Some thieves look for big transfers of money — and intercept it for themselves.
“Wire fraud has always been around,” says Siciliano. “It’s no smarter now, it’s just more effective.”
According to Siciliano, identity thieves know who is looking for and about to buy a house, and probably who their real estate agents and escrow companies are. There’s a high probability your email address has been compromised, as has been the email address of your real estate and escrow professionals.
All crooks have to do is tell you where to wire your down payment. These types of wire fraud are very successful.
What to do: Double-verify wiring instructions in person or by phone. Never wire money according to email instructions, regardless of who you think sent you the instructions.
- Romance scams
When you sign in to an online dating site, chances are high that almost every person who responds has bad intentions. People fall in love very quickly, and then, what do you know? They need money.
“This is so successful not because we are stupid, not because we are suckers,” says Siciliano. “We just want to be loved, and there’s nothing wrong with that. People experience loneliness, and it’s such an empty, devastating feeling that they make bad decisions.”
Next thing you know, Siciliano says, “The other person says, ‘I miss you, I want to be with you, I just want to walk on the beach with you,’ and all the other BS. People eat that stuff up, and the criminal knows it.”
What to do: Don’t fall in love too fast. Don’t send money, credit card information or gift cards.
“If somebody’s really serious, they can buy their own plane ticket to come see you,” says Siciliano.
- Tax-related identity theft
Every year, people file their taxes expecting a big refund, only to discover that someone has already filed under their name and gotten a check. The IRS has taken steps to try to prevent this scam, but it’s still a huge problem.
What to do: Don’t over-withhold from your pay in the first place, so it’s available for someone to steal. And file early — they can’t file for you if you’ve beaten them to it.
Siciliano also recommends you file IRS Form 14039, which tells the IRS you may have been a victim of identity theft. No one will then be able to file a tax return in your name without a PIN.
See related: What to do if your personal information lands on the dark web
What’s less of a worry in 2020?
RFID protection
Should you buy credit card protective sleeves to keep people from wirelessly skimming your credit card information? The proliferation of contactless credit cards has given rise to fears that thieves can use RFID-equipped card readers to steal your tap-and-go card’s data while standing right next to you.
However, experts say because contactless transactions are encrypted, a thief with an RFID card reader can’t get your card number or your billing information — just a token they can use only once. So a protective sleeve or an RFID-blocking wallet may be an unnecessary investment.
See related: As credit cards go contactless, can RFID-blocking wallets protect your data?
Fraudulent credit card charges
If you report a lost credit card, in the U.S. you generally can’t be charged more than $50. And most credit card companies waive the $50.
Lost wallets
It’s not the end of the world if you lose your wallet.
“If your wallet gets lost or stolen, immediately contact your financial lender and all credit card companies to shut down the credit card and then request a new card,“ says Hill.
“Can you hear me?” calls
You’ve probably heard that when you answer the phone, scammers want to record your voice saying “yes.”
According to Marchand, they can’t do much with it. They’d have to make you read more than 30 scripts to have enough of your voice to create your voice stamp, and even then it would sound robotic.
“They’re going through sequences of millions of phone numbers to see if it’s active, but it doesn’t lead to anything risky except being bothered by more calls,” he says.
Never surrender to the threat of identity theft
We’re far from helpless in the fight against identity theft.
“I am not of the attitude that one should become a fatalist,” says Siciliano. “Throwing up your hands is fatalism. While you really shouldn’t worry about any of this stuff, you really should do something about it.”
This story was originally published on CreditCards.com.
