Reveals a 1,044% Increase in Social Media Account Hijacking; 88% Increase in Unemployment Benefits Identity Fraud
By Roy Urrico
Finopotamus aims to highlight white papers, surveys, analyses and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
The Identity Theft Resource Center (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, published the “ITRC’s 2021 Trends in Identity Report,” its first-ever report that looks at identity crimes committed against individuals as reported by the victims of those crimes.
In the report, the ITRC reveals the identity scams reported in 2021 and how criminals convinced people to willingly share personally identifiable information (PII). The report also identifies how thieves use stolen information to open new accounts, as well as provides tips on what people can do to protect themselves and their information.
“When we look back on 2021, it was a record-breaking year in so many different areas,” said Eva Velasquez, president and CEO of the ITRC. She emphasized they saw many different forms of identity crimes reach levels not seen since ITRC’s founding in 1999. “With high water marks for identity fraud, compromises, and misuse, it is important to take protective measures like freezing your credit, using strong 12-plus character unique passphrases on all of your accounts and ignoring suspicious messages.”
Breaking Down ID Crime
In 2021, the ITRC received the highest number of contacts in its history about identity crimes and requests for assistance to prevent identity misuse (14,947). The report held the primary cause of the identity scams (7,412) was PII sharing with criminals. Google Voice scams were the most reported identity-related scams at 53%. (“Hey ITRC, how many Google Voice scams were there?” — 4,168).
ITRC Chief Victims Officer Mona Terry, said, “The inaugural trends in identity report look at the wide range of identity crimes committed against individuals as reported to the ITRC in 2022 by the victims themselves. Historically, the ITRC has not shared this information."
Terry added, "However, over time, we have learned that a key to helping individuals, businesses, government agencies and institution leaders is sharing our knowledge of what crimes are being committed and how.”
In 2021, The ITRC saw increases in reports from victims of non-financial account takeover (235% increase over 2020); social media account takeover (1,044% increase over 2020), identity misuse involving government credentials or accounts (154% increase from 2019-2020 and 7% percent increase from 2020-2021).
Terry provided some other major takeaways from the report:
· The highest number of PII exposures/compromises or attempted compromises was due to scams on social media platforms based on social engineering techniques.
· Government benefits/accounts related to the pandemic (unemployment insurance benefits, Small Business Administration and Paycheck Protection Program loans, cash benefits) made up the highest number of accounts reported as misused.
· Fifty-five (55) percent of reported identity misuse was due to fraudulently opened/accessed government accounts/benefits.
FIs Still a Target
The ITRC report also found that there was an overall decrease in the number of identity misuse cases involving financial accounts from 2020 to 2021. However, there were more new financial accounts opened in a victim’s name versus thieves accessing existing financial accounts.
Forty percent of reported identity misuse was due to financial accounts. There was a total of 1,681 victims of financial account misuse; 64% involved new account fraud (credit cards 36%, banking 14%); and 36% were existing account takeovers (36% banking, 28% credit cards)
What can financial institutions such as credit unions learn from the report?
“Identity thieves are attempting to go around digital security measures by targeting people (customers) through scams to give up their personal information (account information, identification, Social Security numbers, etc.), primarily on social media platforms,” Terry told Finopotamus. “Account takeover (ATO) was the primary method of misuse for bank accounts, whereas new account fraud was the primary method of misuse for credit cards.” Terry added many new account fraud victims first learned of the ATO from a financial institution alert.
Tipping the Scales in Potential Victims Favor
“In the 12 months ending on December 31, 2021, there were more data breaches reported in a single year since all 50 states and U.S. territories adopted data breach notice laws, the last two states in 2018,” said Velasquez. She explained, “Identity-related unemployment benefits fraud, never much of a problem prior to the pandemic, shot to the top of the list for most reported – and most costly – government benefits fraud. Rather than take control of existing financial accounts as in years past, identity criminals preferred to open new accounts using personal information stolen in data breaches or collected from individuals tricked into sharing information with criminals.”
The ITRC also strongly believes in the connection between data breaches and identity crimes. “Starting in 2005, our annual Data Breach Report documented that link even as the nature of data breaches and the people who commit them changed,” emphasized Velasquez.
The ITRC “Trends in Identity Report” offers tips on how to stay vigilant:
· To reduce the risk of a social media scam that leads to an account takeover, watch out for a direct message from “friends” and followers that say you can win or earn easy money. If it seems too good to be true, it probably is. Do not click on any links in a message you are not expecting. Instead, go directly to the source to verify the validity of the message. Do not share PII.
· To reduce the risk of identity fraud tied to pandemic assistance, freeze your credit, guard your PII, and use strong and unique passcodes. Take the same steps to stay vigilant against new account fraud.