The Identity Theft Resource Center (ITRC), a San Diego-based nonprofit organization that has provided assistance to victims of identity theft since 1999, is sounding the warning of a significant increase in certain types of identity theft. personal data as well as more complex attacks and scams.
The most striking element of the group’s 2022 annual consumer impact report is a 1,000% increase in social media account takeover attacks in 2021. The criminals who are coming back for more money are also a growing problem following a compromise, as they seem to be focusing on identities from which they were initially able to steal a significant amount. And there’s an overall increased likelihood of personal information being misused if it’s lost in a data breach.
Personal data theft issues take longer to resolve
The ITRC interviewed a total of approximately 1,600 victims of personal data theft. 40% of these victims declare that their personal data was stolen, compromised or misappropriated during the period from April 2021 to March 2022.
There is some good news from the survey: the number of repeat victims of personal data theft appears to be down somewhat, as does the average amount of money lost in incidents for most victims (less than 500 $). However, approximately 50% of survey respondents say they have been victimized more than once. And criminals appear to be focusing on the most lucrative targets, as the number of people who lost at least $10,000 to personal data theft rose from 9% of respondents in 2020 to 30% in 2021.
Victims also report more complex attacks that take longer to solve. The majority (55%) say their personal data theft incident was not resolved in the previous year, a substantial increase from the 37% who reported it in 2020. This complexity and the lengthy remediation process appear to be accompanied by an increase in stress, with 24% more reporting some kind of impact on physical health as a result of the incident. Just over two-thirds of victims now report experiencing a physical or mental health problem as a result of the theft.
The overall reduction in average financial impact can be attributed to increased victim awareness of defensive measures and rapid response to notification of personal data theft; there has been an increase in the number of those freezing their credit after hearing of a breach and obtaining an Internal Revenue Service (IRS) Identity Protection PIN for tax purposes.
Sharp increase in criminal activity on social networks
The ITRC report adds more evidence to a growing body of evidence that cybercriminals are running amok on social media platforms, with a 1,000% increase in account takeovers in just one year.
Surprisingly, victims of this survey overwhelmingly said they were targeted on Instagram. 85% said their Insta account had been compromised during the survey period. This is interesting because there have been no recent major Instagram breaches involving leaked credentials, indicating that scammers are very active in individually targeting people on the platform. Facebook and Twitter have also seen documented increases in this type of activity recently, and 25% of respondents said they had a compromised Facebook account during the period.
48% of social media victims said they followed an attack link that appeared to be from a friend on the platform. 22% said they had been tricked by a crypto scam, another area of cybercrime that really intensified during the pandemic period as people confined to their homes started to enter the markets for the first time. And while social media account takeovers are often viewed more as a nuisance or an attempt to perpetuate scams than a means of theft, 51% of respondents said they lost either personal money, or sales revenue when the account was hacked.
Social media platforms (and general ‘free’ cloud-based services) have also gained a general reputation for being unresponsive to customer issues, something survey participants echoed. 70% say they get stuck on a lost social media account, and 67% say the attacker has continued to post under their name since taking over.
Social media activity is contrasted with only a slight increase in personal data theft from government credentials and accounts; this category saw a huge jump of 154% in 2021, but only a 7% increase in the previous year. Criminals may increasingly see social media as a low hanging fruit that can be used for profit in a variety of creative ways, from transmitting malware to trusted friends to publishing crypto schemes. -currency and trust to account subscribers.
The study didn’t delve into personal security measures or specific reasons for data theft, but Melissa Bischoping, director of Tanium, adds some general tips for protection against common attempts on personal accounts and social networks: “Often, personal information theft and identity theft results from a breach of a site or service a consumer is doing business with and not the direct result of information targeting. It can be even more distressing when the consumer has done all the right things to protect themselves with secure password management, multi-factor authentication, and education to avoid falling victim to scams. breach enough, consumers can find themselves victims of financial fraud that has long-term consequences, including the loss of their home or job. personal s will continue to happen as long as it is profitable and successful for criminals. I recommend that consumers treat personal data as they would other valuables: prevent access when you can, and monitor access when those preventions fail. Locking your credit report, setting up an IRS PIN, and freezing credit cards you aren’t actively using is a great first step for free.
