"When it comes to avoiding identity fraud, the best thing consumers can do is employ caution and a critical eye."
David White, Associate Managing Director at Kroll
Identity fraud is a serious and surging threat to consumers, according to Kroll, a division of Duff & Phelps, a global leader in risk mitigation, investigations, compliance, cyber resilience, security and incident response solutions.
Research released today by Which? shows that overall fraud levels are soaring following a 12% increase in the last year. All types of fraud pose serious challenges, and identity fraud is one of the most potent threats. Recent figures from Cifas show an 8% rise in identity fraud from 2017 to 2018, and points to consumers increasingly falling victim to a variety of identity fraud tactics, including misusing the identity of an innocent victim, exploiting bank account details, or obtaining personal information through phishing or extortion.
Fraudsters can gain the information needed to commit identity fraud from several sources, with the internet and the individual themselves the most likely as more services are moving online and data breaches become more common. Consumers must be vigilant and need to be able to spot the signs of a scam.
To help those at risk, global investigations firm Kroll has put together tips to help consumers guard against identity fraud and stop fraudsters and scammers from obtaining their personal information or accessing their accounts:
1. Beware of phishing
Phishing attempts generally work well for scammers, and though they have progressed beyond the clumsy, poorly-written efforts of the past, many still contain tell-tale signs of a scam such as poor formatting and unofficial email addresses. Phishing emails are designed to convince consumers to click on a malicious link, so people should avoid following any links about which they aren’t certain. The best way to root out the fakes is to independently check the information by logging into personal accounts on the company website – companies will often post a warning on their website if they are aware of the scam email.
2. Activate two-factor authentication
Many online accounts offer two-factor authentication and enabling this service can help prevent online account takeover. Text messaging is the most popular second factor, but this is also vulnerable to takeover, so consumers should choose an alternative factor if one is available.
3. Sign up for activity alerts
Signing up for activity alerts with bank or credit card companies can alert consumers to any suspicious activity associated with their accounts. People are notified straight away and can prevent any further fraudulent charges or withdrawals.
4. Set up identity monitoring
Consumers can register their payment cards with an identity monitoring service to receive a warning if their personal data is under threat. Personal data is often traded on the dark web, but monitoring services focus on places where it is known to be bought and sold and alert individuals if their card data is identified, allowing them to contact their bank and cancel their cards.
5. Stay calm if someone attempts extortion
Extortion emails are gaining increasing traction. Scammers will contact consumers and threaten to release information of supposed online activity, backed up by sensitive information like a username, unless they receive payment. The best thing consumers can do if they receive such an email is to stay calm – these threats are often associated with information obtained from a large pool of data exposed in a recent data breach, and emails are speculative attempts to ‘get a bite.’ Consumers should never provide personal information via email and shouldn’t communicate with the scammer. Ensuring that social media security settings are at the highest possible level is a good way to limit the information scammers might be able to access.
David White, Associate Managing Director at Kroll, a division of Duff and Phelps comments:
“When it comes to avoiding identity fraud, the best thing consumers can do is employ caution and a critical eye. Identity monitoring services and activity alerts are excellent ways to look out for threats in progress, and two-factor authentication can help to keep personal data secure.”
“But it’s also important that people think carefully about supposedly official emails they receive. They should look out for tell-tale signs of fakery and double check any information by logging into online accounts before doing anything.”