By Syed Ahnaf Bakht
You receive an email from a Nigerian Prince asserting false imprisonment by his government and who is desperately seeking aid to smuggle wealth out of his country. Your part in this scheme is merely to provide your bank account number to which the prince’s immense riches could be transferred to for safekeeping and also make a small payment upfront so that the prince could have his bail granted. In return for your services, you would be given a part of the prince’s fortune.
Surely you would never fall for the oldest trick in the book of internet scams. However, the “Nigerian Prince” moniker still persists, raking in upwards of USD 700,000 in the past year in America alone. In fact, the Nigerian Prince Scam (also known as the 419 scams) is a branch of the Advance-Fee Scam – where you are lured in by a “Payless, Get more” scheme. Millions of people fall prey to these scammers and in the process lose not only their money but also give up their personal information.
The aforementioned instance is only a tiny drop in the ocean of financial frauds in the digital age that is costing the global economy an estimated £3.2 trillion a year. A substantial portion of these costs can be traced back to data breaches that happen on a daily basis. This is why governments around the world are bringing laws to ensure that organizations collecting significant user information for any number of purposes have the required security measures in place for the protection of data and prevention of data breaches. One example of such strict laws is the GDPR, requiring companies’ compliance to their wide-ranging data protection policies. The details of such laws can be challenging to understand and implement, but it comes as a necessary step to prevent hackers and other malicious entities from gaining access to private user information. The overarching theme behind most breaches? Identity theft. According to Gemalto’s 2018 Breach Level Index, identity theft accounts for 65% of all data breaches and over 3.9 billion of the compromised data records. Recent research from Cifas, UK’s leading cross-sector fraud sharing organization, suggests that identity theft will only get worse in the near future as the number of identity theft victims has risen by 57% in the last year alone. The use of Managed IT Services, for example, is just one preventative measure that some companies may opt to implement, in the hopes of securing their network. Additionally, there are many more steps that businesses can take to avoid having their reputation damaged by fraudsters using fake accounts or committing payment fraud such as deploy software solutions like those offered by SIFT for improved digital trust and safety for its customers.
GRASPING THE CONCEPT OF IDENTITY THEFT
The first question that needs to be raised is how can the “Identity” part of the term “Identity Theft” be defined and identified? The answer is critical in understanding the object of this specific kind of “theft”.
In modern times, identity can no longer be linked solely to the notion of a person. This is because a greater number of material and immaterial information carry an individual’s personal data, creating a social mask which is susceptible to theft. Today, the concept of “identity” includes a lot of personal information – ranging from your name to more private data such as your credit card number or your bank account number. Based on this kind of information an individual can be identified i.e. society can verify that the person is someone who he/she claims to be. This inherent quality of personal information is what makes it useful. However, with an increasingly globalizing world, it is becoming harder to protect personal data and individuals with malicious intent are using someone else’s personal information to commit fraud and other crimes.
In this part of the world, we live in a false sense of security. We assume that technology, capable of causing massive data breaches, is at the disposal of criminals in developed countries and that their territory of terror is limited to that part of the world. Except, criminals choose to target countries that are the most vulnerable in terms of weak or underdeveloped technological infrastructure because it is easier to cause a data breach and vanish without leaving a trace before higher authorities are notified. A prime example is the Bangladesh Bank cyber heist that took place in 2016. Just in the past week, a group of 6 Ukrainian nationals was arrested in relation to an ATM fraud.
HOW DIGITALLY COMPROMISED IS A FINANCIAL INSTITUTION
Both the prior examples involve a breach of financial institutions and research reiterates that financial institutions like banks are infiltrated by cybercriminals 300 times as often as companies in other industries.
Cybercriminals make off with illicitly obtained funds often by using a ransomware. A ransomware is typically delivered to an unsuspecting victim’s personal computer by phishing emails. A phishing email is designed to appear like a typical correspondence from companies or acquaintances. Once the receiver of the email opens it and downloads any attachment sent with the email, the ransomware is also downloaded. The ransomware then locks the victim out at the admin level and demands payment in exchange for restored access to their files and operating system.
Ransomware is only one type of malware with other malware variants being even more powerful. It’s estimated that 90% of financial institutions were targeted by malware-wielding cybercriminals in 2017. The malware simply takes advantage of unpatched security exploits left open by out-of-date software.
With every passing day, financial institutions are sanctioning fail-safes to prevent cybercriminals from getting their way. But how do you protect your personal information online?
SAFEGUARDING PERSONAL INFORMATION ON AN INDIVIDUAL LEVEL
- USE HARD TO CRACK PASSWORDS
Long gone are the days when you used to use “1234” or “QWERTY” or your name as your password; because passwords act as the first line of defense against identity theft. When you use an easy-to-guess password, you are simply serving your personal and financial information on a silver platter to cybercriminals.
A strong password should be between 8-15 characters long, a mix of uppercase and lowercase letters and include numbers or symbols. You can also enable two-factor authentication to bolster the security of your account. Third-party password managing apps like LastPass stores encrypted passwords to all your accounts and even helps with creating new passwords.
- AVOID PHISHING EMAILS
Phishing emails might appear legitimate. However, there are some telltale signs that are sure to raise red flags of a phishing scam attempt. These include a mismatched URL, poor spelling and grammar, requests for sensitive information, unexpected correspondence and the use of threatening or urgent language. Check if any link attached starts with ‘http’ or ‘https’.
- INSTALL ANTI-VIRUS SOFTWARE
Anti-Virus software will keep your activities and the health of your computer in check by helping detect threats and blocking unauthorized users from gaining access. Also, update all your software when updates are available to prevent cybercriminals from gaining access to your computer through vulnerabilities in older and outdated systems.
Even if your ironclad defense fails, there are signs of a breach that will prompt you to take action.
RED FLAGS OF IDENTITY THEFT
Faulty bank or credit card statements – Statements must be meticulously inspected each month to ensure the legitimacy of all charges.
Errors on your credit report – Look for accounts you didn’t open or inquiries you didn’t initiate.
Unexpected or missing mail – Bills, statements or collection notices for accounts that aren’t yours may indicate a problem. On the other hand, if you stopped receiving mail you expect, identity thieves have probably changed your mail address. It should raise a red flag either way.
Identity theft is here to stay and the best way consumers can protect themselves against identity theft is to continuously screen their accounts and credit reports. Large corporations are churning out new tools every day to tackle identity theft, but consumers can be the first line of defense by protecting their own personal information.