There’s a high chance that you or someone you know has been impacted by email fraud or identity theft. At the very least, you’ve likely received a variety of spam emails and text messages asking to provide a payment or confirm your identity.
The good news is that cybersecurity protection is constantly evolving and improving, with cybersecurity education programs preparing skilled professionals to enter the front lines against cybercrime. The less-than-good news: as cybersecurity protection evolves, so do the attack methods used to steal your personal information. Companies and organizations are often doing their best to protect customers and employees, but the threat is very real.
In fact, two-thirds of Fortune 500 companies “remain vulnerable to getting impersonated in phishing scams targeting their customers, partners, inventors, and the general public.”
Keep these alarming statistics in mind from PurpleSec:
- 92% of malware is delivered by email.
- Nearly 60 million people in the U.S. have been impacted by identity theft.
So, what are some of the latest trends in online deception, and how are cybercriminals adapting when it comes to email fraud and identity theft? Let’s find out.
Email Fraud & Identity Deception Trends
Personalized email scams
Have you ever received a suspicious email from a family member, co-worker, or friend asking for help? Or maybe you found a note in your inbox from the United States Postal Service asking you to submit payment for a package they’re holding for you. The Conversation, an independent news organization, explains that we’re more likely to respond to personal requests — and that social media has made it easier than ever for scammers to glean bits of personal information that can be used to create targeted “spear phishing” attacks, which are more persuasive than general phishing emails.
Within the first three months of 2022, the popular job networking site LinkedIn accounted for 52% of all global phishing scams.
Social media identity theft
There’s a high probability you have an account on at least one of the popular social networking platforms, and that puts you at greater risk for identity theft. “Digitally connected consumers have an account on around five different platforms,” which puts them at a 30% higher risk of fraud,” explains Cloudwards.
You put yourself at even greater risk by sharing any type of personal information publicly, such as your birthday, phone number, or specific location. Weak passwords on social media sites are also a problem, as cybercriminals can easily infiltrate your platforms and either use your information, or impersonate you directly through the specific platform.
Buy now, pay later
Buy now, pay later allows consumers to purchase items immediately, but pay for them later, typically on an installment plan. There are two main types of BNPL fraud:
- Your account is used to make unauthorized purchases.
- Your personal information is used to create a new account.
“New digital payment options offer effortless account creation and fast access to credit, opening the door for abuse by fraudsters using stolen credentials,” according to LexisNexis.
Medical identity theft
It’s often true that identity theft involves stealing personal information for financial gain, but there’s another type of crime on the rise — medical identity theft. This occurs when someone steals your personal information in order to obtain medical care or a health-related service, submit fraudulent claims, or procure prescription medication.
Just how common is this type of crime? Cases of medical identity theft jumped from 6,800 in 2017 to almost 43,000 in 2021.
Synthetic identity theft
Synthetic identity theft is when a malicious actor creates a fake identity using your personal information. For example, someone could use your birthday, social security number and banking information to apply for a loan. Your identity could also be used to sign up for a new credit card. In some synthetic identity theft cases, both authentic, and fake information are combined — for example, a real social security number and a fabricated name and birthday.
Have you ever received an out-of-the-blue phone call from a business or organization wanting to verify your personal information, or asking you to confirm a payment? Business impersonation is just that — a person, (or machine) pretending to be from a legitimate business asks someone to either send money or disclose personal information.
According to Kaseware, “many attackers use bots to complete this process by contacting employees or impersonating places like banks or hospitals.”
Child identity fraud
In 2021, 1 in 50 children were identity theft targets, and 1 in 45 were affected by a data breach. This type of fraud is when a person steals a child’s personal information to make purchases or open credit card accounts. According to AARP, “such crimes can go undetected for years because kids aren’t filing taxes or applying for loans, which would typically flag ID fraud.”
The rise in child identity fraud is partly due to social media, time people spend online, and an overall increase in digital transactions.
Even though these types of email and identity theft crimes are on the rise, there are important steps people can take to protect themselves, such as using strong passwords, regularly reviewing credit card and bank statements, and being vigilant and careful on social media platforms. Above all, some of the best protection is a healthy dose of skepticism and common sense. If something sounds too good to be true — for example, a payment or special offer that just needs your personal information to claim — it probably is.
About the Author: Michelle Moore, Ph.D., is an academic director and professor of practice for the University of San Diego’s innovative online Master of Science in Cyber Security Operations and Leadership program. She is also a researcher and author with over two decades of private-sector and government experience as a cybersecurity expert.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.