Identity Fraud – Easier Than Ever

12th August 2019

Identity fraud has been prevalent since the dawn of time, but it’s reached an alarmingly high rate and only seems to be getting worse, but why is this?

Well the answer to that is pretty simple. Our lives are digital and everything about us in terms of personal information is held on multiple databases for various organisations. Anything from Facebook & Amazon, to the DVLA or Passport office. A data breach can mean our details are stolen and then sold to cyber criminals – date of birth, name, address, credit/debit card details etc etc. It’s a tall order for a hacker to obtain this information and more often than not, the information is encrypted, meaning even if they do get hold of it they can’t read it.

Unfortunately though, there are easier ways for them to obtain this data and usually it’s our own human nature that allows us to unwittingly fall into this trap. Whether it’s clicking a seemingly real phishing email, or falling for a telephone scam. Most of us might be sitting there and thinking ‘that will never happen to me, i’m too smart’ and you would be forgiven for thinking this way, but what if they caught you at the right/wrong moment? They rely on our busy agenda’s and trusting nature in order to execute and by the time you realise what’s happening, its too late. Remember, all it takes is one click on a phishing email and that action can’t be reversed without going to extreme lengths.

Let’s take social media as another route of activity. There was a recent report of a woman who had her bank account emptied, after sending an innocent tweet, to who she thought was her broadband providers twitter account – it wasn’t and was simply a criminal pretending to be them with a similar name. Long story short, she gave all of her personal information to them online in a matter of minutes and had no idea who she was talking to. The trouble is, we all know that you have to be extra careful these days, but depending on our need for contacting these organisations, we might be vulnerable. This is what they hope for and its what they prey on.

‘Smishing’ is a common modern day type of identity fraud attack at the moment and it simply stands for ‘SMS Phishing’. Its surprisingly easy for someone to mimic an organisation/person and there are websites/tools freely available on the internet that can allow this particular activity to happen. They top up a call/text credit bank, this might be £10 worth for example, enter the name and number they want to be represented as (very important part of the scam) and then the number they want to contact. The most vicious use of this attack is most probably where they pretend to be your bank. You’ll get a text message that physically says it’s from <your banks name> and it will have a link to click, or you might need to reply to it with sensitive information. This might sound basic to many people but its surprisingly effective when sent out to thousands of numbers at once and they know statistically a certain percentage will likely fall into the trap. This type of scam becomes even more effective if they know something about you that’s of use to them. Let’s say for example they know your partners mobile number through having obtained both of your details from a list… this is the number they would tell the system to represent and then send a message to you as normal. When that message lands your end, the phone will think it’s actually from your partner and even place the message into an existing conversation thread you have with them! Suddenly they have vast amounts of power, because you don’t stop to question it.

There are so many ways that criminals can obtain our person details, we just simply have to stay alert and vigilant. It’s not just business owners or heads of department that need to be aware though, our staff are equally – if not more important. They are the ‘human firewall’ to your organisation and the first line of defence, so regular training and awareness sessions are crucial to protecting your business.