Identity theft is an ongoing problem for both companies and consumers. According to Javelin’s 2019 Identity Fraud Study, 23% of fraud victims had unreimbursed personal expenses in 2018, which is significantly higher than in 2016 at 7% that year. Javelin attributes this shift to a new emphasis on account fraud, where criminals open new accounts in someone else’s name. (Account fraud includes mortgages, student loans, car loans, and credit cards, for example.) 
These losses rose from $3 billion in 2017 to $3.4 billion in 2018. 

SEE: Identity theft protection policy (TechRepublic Premium)

Criminals have a significant profit motive for identity theft. A report from shared the cost for a variety of personal information:

  • Bank account details        $259.56
  • Debit card numbers          $250.05
  • PayPal account                   $42.38
  • Credit card                          $33.88
  • Driver’s license                    $27.62
  • Passport number                 $18.45

Top types of identity theft

The Insurance Information Institute (III) reported the top five types of identity theft as:

  1. Credit card fraud–opening new accounts
  2. Online shopping and payment account fraud
  3. Mobile phone–opening new accounts
  4. Business or personal loan
  5. Auto loan or lease

Mobile phone account fraud has increased in popularity going up to 679,000 cases in 2018 as compared to 380,000 in 2017, according to the Javelin report.

Coronavirus inspires new scams

Since the start of the coronavirus pandemic, hackers are taking advantage of consumer’s fear of contracting the virus to test new hooks for scams. IdentityForce issued a list of common COVID-19 fraud topics:

  • Fraudulent e-commerce vendors for masks, sanitizers and test kits
  • Fraudulent investment sites
  • Phishing and vishing through update emails, texts and voicemails
  • Spoofed government and health organization communications
  • Fake vaccines or “miracle cures”
  • Scam employment posts
  • Phony charity donation offers

SEE: Identity theft protection policy (TechRepublic Premium)

Eva Velasquez, CEO of the Identity Theft Resource Center, said that hackers are now copying the format of Google alerts to trick people into downloading malware.

“It’s really important when you get any type of notification, including a data breach notification, that you go to the source, don’t click on any links and certainly don’t download any documents from that incoming communication,” she said in an interview with TechRepublic’s Karen Roby.

How companies can combat threats

With the risk of identity theft on the rise, companies are tasked with creating a strong defense which can change with shifting attack vectors and an action plan for responding if there is a breach. Companies need to take steps to protect against identity theft in the first place as well as have a response plan if a breach occurs.

TechRepublic Premium’s Identity Theft Protection Policy has recommendations about how to protect customer information as well as employee information. This includes procedural suggestions, advice on how to interact with customers, and tips on how to spot social engineering scams.