Identity fraud cost Americans a total of about $ 56 billion last year, and about 49 million consumers were victims.
That’s according to Javelin Strategy & Research’s 2021 Identity Fraud Study released Tuesday. Approximately $ 13 billion in losses were due to what Javelin calls “traditional identity fraud,” where cybercriminals steal personally identifiable information and use it for their own gain, such as through data breaches.
But most of last year’s losses, $ 43 billion, were due to identity theft scams in which criminals interact directly with consumers to steal their information through methods such as robocalls and phishing emails. . Victims of these scams lost $ 1,100 on average, according to Javelin.
“Identity fraud has evolved and now reflects how long it will take criminals to directly target consumers in order to steal their personally identifiable information,” says John Buzzard, senior fraud and security analyst at Javelin Strategy & Research.
Because the Covid-19 pandemic changed the way people bought and transferred money, many criminals targeted the digital wallet and peer-to-peer payment methods like Apple Pay and Zelle. About 18 million victims were victims of scams through these digital payment methods last year, Javelin discovered.
“The culture of fraud is clearly changing. The pandemic has created many more points of vulnerability for families and businesses,” says Paige Schaffer, executive director of global identity services and cyber protection at Generali Global Assistance.
Here are three common red flags to watch out for when it comes to identity theft scams and how to handle them.
1. Unsolicited calls or emails
Phishing technology has made it easier than ever for scammers to impersonate anyone from government agencies like the IRS to your favorite retailer. To protect themselves, most experts recommend that consumers avoid answering calls from unknown phone numbers. Instead, let them go to voicemail for further scrutiny.
If you receive a message that you think is legitimate from a government agency, please give them a call or email them using the contact information listed on their website. Do not reply directly.
If you answer a call, be aware that US government agencies will not ask you to pay for information or services in advance. Also, government agencies generally won’t call, text, email, or contact you on social media to request your Social Security number, bank account, or credit card. If you receive messages requesting this information, it is likely a scam.
2. High pressure tactics
Another great indication that a call or message is from a scammer is if you say you need confidential information right away. It is usually a red flag if something needs to be done immediately or if there are threats that you will lose money if immediate action is not taken.
But don’t be rushed into buying something or revealing information. “Take a break,” recommends Ron Schlecht, managing partner at cybersecurity firm BTB Security.
And be sure to stay up-to-date on the latest scam tactics and data breaches. The FTC stays on top of fraud trends and issues consumer alerts on what they find. You can sign up for email updates or visit the FTC’s coronavirus scams page.
3. Outdated passwords
Many identity theft scams are carried out by scammers who have obtained login information from data breaches that have occurred in recent years.
This is why it is important to periodically check your passwords to see if they have been compromised. Google offers a free password checking tool that shows you which accounts have compromised or vulnerable passwords. Additionally, sites like HaveIBeenPwned.com can help you find out if your email has been involved in a data breach.
Regularly updating passwords can help shut down unauthorized access to your accounts, says James Lee, director of operations for the Identity Theft Resource Center.
“It’s inconvenient. It’s a hassle, but you have to do it,” Lee says. And don’t use a new password across the board. Lee recommends creating a unique password for each account, such as the name of a song or the title of a book. “It’s easy to remember,” he says.
The longer and more complex you can do it, the more secure your password will be. A scammer who uses encryption tools to hack his way into your account can probably discover a six-character password that only uses letters in a matter of seconds, Lee says. But it will take decades to crack a 12-character passphrase that uses letters and numbers.
Even if you are using a strong passphrase as your login, Lee also recommends enabling two-factor authentication on your accounts if available. This generally requires that you not only enter a password, but also confirm your identity by logging in on your phone or by entering a code sent via text or email.
Check out: Use this calculator to see exactly how much your third coronavirus stimulus check could be worth
Do not miss: 5 ways to protect yourself from tax scams this year