Keeping your identity and data secure in 2023 is like playing a never-ending game of Whack-a-mole. You can’t open an email or answer a call from an unknown contact without the possibility that it’s a phishing scam. And identity thieves never stop evolving. They’re going to keep coming up with new ways to steal personal data from individuals and businesses, so knowing how to prevent identity theft is largely about knowing what new scams are most likely to be used on you and your employees.
It’s easier to spot and stop an attempted theft when you know what you’re looking for. Here’s what businesses need to know about the state of identity theft right now, and how to protect their sensitive data from the scammers who want to steal it.
Identity Theft Has Doubled Since 2019
According to the most recent data from the Consumer Sentinel Network (a tool used by the Federal Trade Commission to share fraud data with law enforcement agencies), identity theft is affecting more and more people every year. In 2019, the FTC received about 650,000 reports of identity theft. In 2021, they received 1.4 million reports.
That spike is largely due to scammers applying for pandemic-related government benefits during 2020 and 2021 using stolen identities from both individuals and businesses. However, credit card fraud and loan fraud have both dramatically increased over the last few years too.
How to Prevent Identity Theft in 2023: Three Trends to Know
Credit card and bank fraud: Identity thieves committing financial fraud is obviously not a new problem, but business leaders should know that it continues to trend upward. Per the Consumer Sentinel Network’s 2022 report, there were more than 363,000 reports of fraudulent new credit card accounts opened in 2021. There’s also been a significant increase in the number of new bank accounts and securities accounts opened using stolen data.
Both individuals and small businesses are often targeted for these crimes. By the time you realize someone has opened a credit card or other account in your business’s name, they could have racked up tens of thousands of dollars in charges.
How to prevent financial identity fraud:
- Follow a strict data destruction policy for any physical and digital records containing information that fraudsters could use to open new accounts. Personal data associated with your business, your employees and your customers all have to be protected. Use locked containers to hold sensitive documents until they can be destroyed by your shredding service. Always use shredding to dispose of old credit cards and other payment cards.
- Contact the major credit bureaus to put a fraud alert on your business credit reports, which tells lenders to verify your identity before approving any credit applications.
Hiring scams: Job seekers are often exposed to identity theft, being required to share a large amount of personal data during the application and hiring processes. But businesses can also be victims of identity theft when hiring. A spike in complaints about a new kind of identity theft scam prompted the FBI to issue a public service announcement in 2022, warning hiring companies about the alarming trend.
Per the FBI, complaints have reported “the use of deepfakes and stolen Personally Identifiable Information (PII) to apply for a variety of remote work and work-at-home positions. Deepfakes include a video, an image, or recording convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.”
This trend seems to primarily involve companies hiring for remote positions related to IT/computer programming, where the person in the job would have access to sensitive company data including customer PII. Perpetrators use stolen PII from unknowing victims to apply for these positions. When hiring companies arrange online interviews with these fake candidates, deepfake technology alters the image or sound presented onscreen so interviewers aren’t able to tell they’re not speaking with the real person whose PII was used.
How to prevent hiring scams:
- Cross-check applicant information, call references and do background checks to make sure applicants really are who they say they are.
- If you do video interviews, look for signs that something’s “off.” MIT has a guide for recognizing deepfakes that could be helpful.
Data breach notices lacking information: One troubling recent identity theft trend isn’t about the theft itself, but instead about what’s been happening in the aftermath of these incidents.
Every state has data breach notice laws requiring companies to inform consumers when their PII has been exposed in a data security breach. These state laws typically require that notification is made within a certain period of time but don’t have clear requirements about how much detail companies have to give about what happened.
According to the Identity Theft Research Center’s 2022 Data Breach Report, there’s been a dramatic decrease in transparency in data breach notices over the last five years. Just 34 percent of notices included details about both whose data was compromised and how it happened. Three years ago, 72 percent of notices included both victim and attack details.
That information is important for assessing your risk and deciding next steps. If hackers broke into your vendor’s database and accessed all customers’ payment information, you’ll probably want to cancel the business credit cards and take other steps to protect identity. But a data breach notice could also be required because an employee accidentally sent out an email that contained customers’ driver’s license numbers, which might not require any response from you.
How to respond to vague data breach notices:
- Ask the sender for more information about what happened.
- Shore up your data protections, just in case. Require employees to change all passwords. Reiterate your data security and data destruction policies. Review your credit reports and make sure you have fraud alerts in place.
Northeast Data Destruction’s central mission is to help our customers keep their data secure. Want to learn more about how to prevent identity theft and the role that data destruction plays in protecting your privacy? Contact us today.