Question

Can you please list diverse ways people may become victims of identity theft?

Do you think companies can do more to protect their customers from?

Answer 1

In today's world, identity theft is very common and somewhat inevitable at individual level.

It is usually done by people for financial gains and sometimes for other malicious purposes.

Following are the diverse ways by which people may become victims of identity theft:

1) Breach of data with companies:

Hackers/Theives target companies like Amazon (Just an example) because these kind of organizations have alot of customer information all over the globe. Such a breach can be attained by a sophisticated technical attack where the hackers target such organization's network in order to steal the Personally Identifiable Information (PII) of thousands of people OR they can get it done easily by tricking an employee of the organization to click on a link. Either way, it ends up leaking PII of millions of people.

2) Phishing:

We mentioned above the act of tricking someone within an organization into clicking on a link. This is often the basis of a phishing attack. Criminals will send emails to folks inside the entity they want to attack. They want a recipient to click on a link or open an attachment that could give the criminals access to the organization’s network, providing access to PII.

Why target employees? One industry official says criminals consider employees the low-hanging fruit that attackers can try to manipulate to get into the system. But be aware that phishing attacks can also target individuals outside a business or government agency.

3) Unsafe Internet connection

Here’s one means of identity theft you may not think about. If you’re in an airport, coffee shop or other location that offers free public Wi-Fi, a criminal might be on that same network, watching what you’re doing online. And don’t think that a password-protected Wi-Fi network is much safer. The criminal could easily have that same coffee-shop password, as well.

1. Mail theft

   Even in this digital era, identity thieves stick with what works. And grabbing mail from an unsecured mailbox is a tried-and-true method to steal someone’s PII. It’s one thing if they’re grabbing only junk mail, but they could also grab bank or credit card statements or, worse yet, tax forms that include your Social Security number.
   

2. Dumpster diving

   Like mail theft, dumpster diving is a time-tested way criminals can put their hands on PII. Identity thieves are not above digging through your trash to find financial statements, tax documents or other information that might help them steal your identity.
   

3. Lost Social Security card

   Imagine losing your wallet with your Social Security card and driver’s license. An identity thief who found it would have your full name, address, birthdate and, of course, Social Security number. You might as well have tied a ribbon around it with a card that said, “Please steal my identity!”
   

4. Weak data protection

   Data protection may sound like a strictly digital term, but it has an analog counterpart. If you invite strangers—or near-strangers—into your home, you should keep this in mind. Could an appliance repair person, housecleaner or dog walker come across information that you prefer to keep secret?

How businesses can fulfil their responsibility to protect their customers:

1. Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types.

2. Train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behaviour to IT.

3. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed.

4. Install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.

5. Crooks want to capture more than just one user’s password and confidential files – they want access to your back-end databases, your PoS network and your testing network. Consider segregating your networks with next-generation firewalls that treat your internal departments as potentially hostile to each other, rather than having one big “inside” fenced off from the even bigger “outside”.

6. Put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in, with data loss prevention DLP, but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out.

7. Implement full disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.

8. Use application control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit.

9. Implement a data protection policy which guides employees on how to keep personal data secure

10. If you move to the cloud make sure that the ability to encrypt the data – both in the cloud and also when being transferred – is on your core requirements list.