Identity fraud reached a record high in 2017 with 16.7 million U.S. victims (an increase of 8 percent over 2016) and $16.8 billion dollars stolen. So, it should come as no surprise that your personally identifiable information (PII) and login credentials to online accounts are under constant threat from identity thieves.  What can you do to safeguard your PII in 2018?  Let’s take a look at three methods criminals are using to steal identities.

Phishing for Apples 
Did you know that Apple IDs are the #1 target for credential theft emails?  If you are one of the estimated 85.8 million Americans who are iPhone owners, thieves have you in their sights. When you consider that most Apple IDs are connected to a credit or debit card, keeping them secure is as important as protecting your wallet. With a stolen Apple ID  a criminal can access the linked iCloud account with the potential for identity theft.  This phishing email for Apple IDs was seen making the rounds in February, 2018. 

Stolen PII and Data Breaches 
Nearly half of all Americans had their PII exposed in the 2017 Equifax breach making them easy targets for identity theft and fraud.  Anyone who has ever had credit was affected by this breach. The PII that was stolen, Social Security numbers, date of birth, credit card numbers, driver’s license numbers, and telephones numbers, is precisely the type of information needed to confirm identity for various types of applications.  Unfortunately, financial damage has already started for some of the data breach victims. In a recently filed class action suit, thieves have allegedly used the stolen PII to apply for mortgages, student loans, and credit cards. 

Pilfering Social Networks 
It’s estimated that globally there are 2.62 billion social media users. Criminals quickly jumped into the world of online identity theft on social networks (social identity theft). Stolen identities; names, photos, and personal information provide the raw material for bots or automated accounts, blurring the lines between what’s real and fake.  As reported by The New York Times, an American company named Devumi, collected millions of dollars in a murky global marketplace for social media fraud by selling Twitter followers and retweets to celebrities and businesses.  

Social identity theft is also making headlines in the world of politics. French President, Emmanuel Macron, allegedly had his online identity stolen during the 2017 presidential election. Cyber espionage groups and state sponsored hackers are also deeply involved in social identity theft for the purpose of reconnaissance and phishing.  However, social identity theft is not just limited to the world of spies, espionage, politicians and celebrities. Consider what happen to Alexandre Martinez, a man living in France, who fell victim to an intricate identity theft scheme.  Personal information and photos were stolen from his social media account and then used for fake online identities. Alexandre Martinez became well-known in Bulgaria as ‘Alexandre Nicolov’, a “rich and successful manager, landing top jobs at multinational corporations including Airbus”. He had a large online following that included journalists and politicians.  Why would a criminal steal Alexandre Martinez’s online identity? The short answer is money. After waiting years for trust to develop with “Alexandre Nicolov’s” online followers the alleged identity thief, initiated a ponzi scheme, offering discounted flights through Facebook. 

Safeguard Your PII 
Unfortunately, identity theft and fraud are a fact of life. It’s no longer a question of If but of when. However, there are steps we can take to minimize the risk. The Federal Trade Commission has provided some very useful advice. It really comes down to being vigilant and observant.    

Vigilantly guard your information:   

• Know who you share your information with, 
• Store and dispose of your information securely, especially your Social Security number, 
• Ask questions before deciding to share your personal information, and  
• Maintain appropriate security on your computers and other electronic devices.
   

Be observant for these clues: 

• You don’t get your bills or other mail, 
• You get notice that your information was compromised by a data breach, 
• Medical providers bill you for services you didn’t use,

• You find unfamiliar accounts or charges on your credit report, and
• The IRS notifies you that more than one tax return was filed in your name, or that you have income from an employer you don’t work for.
   

If you use social networks, it is time-consuming to read and understand privacy settings, as well as how your information can be used. As an example, Facebook’s terms and conditions comprises 14,000 words. But, if you are serious about safeguarding your information, it’s absolutely necessary to become a privacy settings expert. The Identity Theft Resource Center has an excellent fact sheet that explains how social identity theft can happen and how to protect yourself.  

Being vigilant and observant requires time and effort. However, it’s easier and less stressful than trying to recover from identity theft and fraud.  

“An investment in knowledge, pays the best interest”  – Benjamin Franklin 

Sources: 
2018 Identity Fraud: Fraud Enters a New Era of Complexity
Proofpoint: Human Factor Report 2017
iPhone Ownership Reaches All-Time High in United States
Criminals pay just $15 for Apple iCloud account IDs, report claims
Warning – “Unauthorized Transactions from your AppleID” is a Phishing Scam
Stay Safe in the Tax Season after Equifax
Data breach at Equifax prompts a national class-action suit
Number of social network users worldwide from 2010 to 2021 (in billions)
The Follower Factory
2 Frenchmen on Trial for Stealing Macron’s Online Identity
Social Media – Don’t Get Burned By Overexposure
He fooled an entire nation with a fake Facebook profile. Then I tracked him down
Con Men
How to Keep Your Personal Information Secure
Warning Signs of Identity Theft
These Are All The Facebook Terms And Conditions You Agreed To When You Opened An Account
ITRC Fact Sheet 138
 Social Networking and Identity Theft

The post Identity Thieves – Phishing and Pilfering Your PII appeared first on Security Through Education.

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by SEORG. Read the original post at: https://www.social-engineer.org/general-blog/identity-thieves-phishing-and-pilfering-your-pii/