For cybercriminals, the chaos and disorder caused by the coronavirus has created the perfect climate in which to carry out new and heightened attacks. According to recent figures from Action Fraud, there have been over 2,000 recorded victims of identity fraud in the UK since the pandemic began, with a total of over £7 million taken through coronavirus related scams.
However, this is hardly a revelation, but merely the latest episode of a crisis which is set only to worsen as cybercriminals develop new ways to deprive people of their money. The latest figures from CIFAS show that 2019 brought the highest ever number of identity fraud cases – a staggering 223,000 – an 18% increase on the year before.
While all types of fraud pose serious challenges, identity fraud is one of the most potent, and one that consumers need to take extra care to detect and avoid. People need to educate themselves on how to protect their personal information, but many might feel like they don’t know where to begin. There are five main steps which can be taken to guard against identity fraud and stop fraudsters and scammers from obtaining personal information or accessing accounts.
About the author
David White is Global Head of Operations, Cyber Risk at Kroll
Beware of phishing
Phishing emails are a key tactic for scammers and have developed beyond the clumsy, poorly-written efforts of the past, but many still contain tell-tale signs of a scam, such as bad formatting and unofficial email addresses. Phishing emails are designed to convince consumers to click on a malicious link, so consumers should avoid following any links they do not recognise. Pay extra attention to an email that calls for immediate action such as requiring a payment to keep your energy on; scammers know that consumers are more likely to make a mistake if there’s urgency.
The best way to root out the fakes is to independently check the information by logging into personal accounts on the company website—companies will often post a warning on their website if they are aware of the scam email. Smishing, where phishing is conducted via a text message, isn’t a new threat, but is one which has evolved during the COVID-19 pandemic and represents another avenue where consumers need to be hyper vigilant.
Activate two-factor authentication
Many online accounts offer two-factor authentication which can help to prevent online account takeover. Text messaging is the most popular second factor, but this is also vulnerable to takeover, so individuals should choose an alternative factor if one is available.
Sign up for activity alerts from financial institutions
Signing up for activity alerts with bank or credit card companies can alert consumers to any suspicious activity associated with their accounts. People are notified straight away and can prevent any further fraudulent charges or withdrawals. Do not delay in reporting suspected fraud to your bank, and ask about the possibility of closing the account in question.
Set up identity and credit monitoring
People can register with an identity and credit monitoring service that will provide a warning if their personal data is under threat. Personal data is often traded on the dark web, and monitoring services focus on places where data is known to be bought and sold and send alerts if personal data is identified. Credit monitoring services alert individuals if there has been a change to their credit profile such as new trade lines or hard credit enquiries. If individuals are concerned their information has been used fraudulently, a professional can determine the depth of fraud and assist with identity restoration.
Follow password security best practices
There is a lot of advice available about creating strong, unique passwords for each account, but with the average person having 70-80 accounts, it’s difficult to remember them all and many individuals reuse passwords. Installing a password manager can help you generate and store passwords for all your accounts, on all your devices. While it won’t make it safe to use common passwords like QWERTY or your dog’s name, it can suggest an alternative that’s nearly impossible to guess.
The greatest takeaway from this should be that, when it comes to avoiding identity fraud, there is no silver bullet to ensure complete protection. The best thing consumers can do is stay vigilant and use caution. Adopting the layers of security discussed in the list above will give individuals the greatest level of protection from a threat which is only certain to become more and more destructive in the future.