TransUnion surveyed consumers in six countries and found that phishing was the preferred method of attack 27% of the time.
Credit agency TransUnion has found that COVID-19 related scams have targeted 32% of people around the world, and phishing is the method of choice, accounting for 27% of those attacks.
TransUnion conducted the research as part of its Consumer Financial Hardship studies, which are in turn part of its larger COVID-19 support plan for individuals who have lost a job or otherwise had financial issues due to the pandemic.
The survey was performed in six countries: Canada, Colombia, Hong Kong, South Africa, the United Kingdom, and the United States, and while TransUnion found that the top COVID-19 fraud methods were consistent in four of the six countries, where phishing accounted for over 30% of fraud attempts.
Only two countries, Colombia and South Africa, were led by different methods: Third-party seller scams on legitimate websites and unemployment scams, respectively.
SEE: COVID-19 workplace policy (TechRepublic Premium)
Phishing leads as the most common type of fraud largely because it's simple compared to other methods. All an attacker has to do is cast a wide net and find one compliant victim to begin a process of identity theft that can lead to stolen bank accounts, fraudulent purchases, and ruined credit.
"Identity fraud is a primary way fraudsters leverage stolen consumer data from phishing and other social engineering schemes. It can have long-term impacts for consumers such as the compromise of multiple online accounts and bringing down credit scores, which we anticipate will increase during pandemic reconstruction," said TransUnion's SVP of global fraud and identity solutions, Shai Cohen.
Alongside this news, TransUnion also announced a new document verification solution to help combat fraud, which it said is able to verify identity with as little as a selfie that is compared to an electronic copy of a photo ID.
Leaving your online security to one method of ID verification isn't enough to be safe, though; individuals and businesses should do everything they can to protect personally identifying information, which is often as easy to steal as scrolling through a social media feed.
The IRS has several suggestions for preventing phishing, which are an excellent way to start protecting your identity:
- Be skeptical of communications from unverified sources: Validate phone calls, physical mail, email, text messages, and any other form of communication if it's in the least bit suspicious or comes from a source you don't recognize.
- Never give PINs, passwords, or other security data to third parties. "Genuine organizations or institutions do not need your secret data for ordinary business transactions."
- Never click on a link in an email: Open your web browser and navigate directly to the site you were contacted about. If it's the IRS, go to www.irs.gov and log in. Malicious redirects are a common phishing method.
- Never open attachments from unfamiliar sources, and if an email comes from a friend or coworker that looks suspicious contact them to verify its legitimacy before opening it.
- Shred documents containing sensitive information.
Additional steps to take to prevent a successful phishing attempt include regularly changing your passwords, using multifactor identification, and not taking social media quizzes that ask for personal info.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)