Welcome to the July 2022 issue of Incognito, a monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.
Here’s what we’re talking about this month:
Identity theft. With identity theft cases rising, the odds of having your identity stolen are, unfortunately, not in your favor. Here’s everything you need to know about this crime—and how to avoid it.
Recommended reads, including “More Than 1.5 Million Customers Affected In Flagstar Data Breach.”
Q&A: Is Chrome really as bad for privacy as everyone makes it out to be?
If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter.
Google searches for “avoid ID theft” are up by a whopping 1,600% since last year, says a recent McAfee report.
42 million. That’s how many Americans were impacted by identity theft in 2021, according to a recent survey by Javelin Strategy & Research.
Of these, 15 million experienced what can be described as “traditional identity fraud,” i.e., most individuals had no clue how or where thieves got their personal information. The rest fell prey to “identity fraud scams,” i.e., criminals tricked victims into sharing their personal details with them via phone calls, text messages, emails, and other fraudulent communications.
Financial Identity Theft Remains Popular
When it comes to stealing someone’s identity, there are multiple reasons why a criminal may choose to do so. Nevertheless, the most popular motive for identity theft is money.
Fraud on existing credit cards increased by 69% in 2021, whereas fraud on existing non-card accounts such as checking, insurance, utilities, and savings rose by 73%.
New account fraud grew by 109%. This is when criminals possessing your personal information open up new accounts (credit cards, merchant accounts, etc.) in your name.
However, the volume of account takeovers,where threat actors steal your login credentials and then change them so you can’t log back in, also rose last year. In fact, losses associated with this particular category of identity theft jumped by 90%.
From Ruined Credit to Loss of Freedom: The Many Consequences of Identity Theft
Ask the average person what they associate ID theft with, and their answer is likely to include things like “stolen money,” “bad credit,” and “hours and hours of paperwork.”
This isn’t far off the mark. Going back to the Javelin Strategy & Research study, the average victim in a traditional ID theft crime last year lost $1,551.
But your bank balance and credit score are not the only things that may get hurt by identity theft. The consequences of ID theft can be varied and far-ranging and may also include medical misdiagnosis/inability to get urgent medical care (in the case of medical ID theft), missed job opportunities (employment ID theft), a criminal record (criminal identity theft), and foreclosure (real estate fraud).
One person in the US spent more than 20 years trying to clear his name after his identity was stolen by a thief who committed a series of crimes.
While anyone can fall victim to identity theft, certain factors can increase the likelihood of having your identity stolen. If you meet the following criteria, you may want to take serious steps to protect your identity:
Generation: Gen X, followed by Millennials and baby boomers. Gen Z have the lowest likelihood of becoming victims of identity theft, found McAfee—or at least of filing a report.
Education: College degree or postgraduate qualification.
According to McAfee, certain generations are also more likely to fall for specific types of ID theft. For instance, since baby boomers are more likely to benefit from government programs, they tend to be an easy target for benefits fraud scams. In contrast, generations that have grown up with the internet and online shopping are more vulnerable to credit card fraud.
How Identity Theft Happens
Identity theft happens when 1) criminals find/steal your personal information and 2) use it to pretend to be you.
Unfortunately, in today’s world, acquiring someone else’s personal data couldn’t be simpler. Some thieves find personal data through data breaches or the dark web. Others resort to phishing campaigns, trickery, and even physical theft (for example, digging through your trash). But most of the time, malicious actors can get all the information they need to commit identity theft with a simple Google search.
Because data brokers and people search sites have detailed profiles on millions of Americans, anyone can access your personal information for a small fee/free and then use it to impersonate you. Although this usually happens in the shadows without anyone knowing, there have been reported cases of identity thieves using data broker services.
In the past, the FTC has charged a data broker that sold sensitive personal information, including bank account numbers and Social Security numbers, with facilitating the theft of millions of dollars from consumer accounts.
Criminals may also hack data brokers for access to their databases. For example, an identity theft service was once reported as having used a botnet to steal data from data brokers like LexisNexis and Kroll Background America.
Even seemingly benign information, like the city you were born in or your partner’s name, can make it easier for criminals to pretend to be you when they interact with official institutions or break into your accounts (via security questions). Having access to a few choice pieces of information can even help fraudsters trick you into handing them missing pieces of data they need to successfully carry out their scheme.
How to Minimize Your Chances of Identity Theft
The surest way to decrease your chances of falling prey to identity theft is to reduce the amount of your personal information findable online. Most identity thieves go for easy targets. The harder it is for them to find out anything about you, the less likely they are to steal your identity.
At a basic level, this means opting out of data brokers and people search sites. However, you should also be wary of the type of information you share about yourself elsewhere on the web, be it on social media, forums, or a personal blog.
Other steps you should take include:
Enabling multi-factor authentication. Even if thieves can bypass your security questions with information they find on data broker sites, they still won’t be able to log into your accounts (at least, not easily).
Watching your post box and shredding your mail. If you’re going to be out of town, have your mail held, and always shred mail that contains your personal data before you throw it out.
Use masked cards to pay online. That way, data breaches, even those that expose your credit card information, won’t affect you as much.
Be vigilant and never give out personal information. Be wary of phone calls or emails asking you for personal information, especially during tax time.
Monitor your accounts following a data breach. Data breaches are inevitable. When you find out that you’ve been affected, determine what data was taken and monitor your accounts for fraudulent charges. You may also want to place a credit freeze on your files.
Our recent favorites to keep you up to date in today’s digital privacy landscape.
More Than 1.5 Million Customers Affected In Flagstar Data Breach
One of the largest mortgage lenders in the US, Flagstar Bank, suffered a data breach late last year that impacted over 1.5 million users. The breach was not discovered until June 2022, which is when the bank notified its customers. Attackers accessed sensitive user data, including their Social Security numbers. This is Flagstar’s second cyber incident in two years.
Beware New Voicemail Phishing Email Scam
Scammers are sending out fake voicemail email notifications to employees at US-based organizations. Their aim? To steal employees’ Outlook and Office365 login details. To make the email appear more believable, cybercriminals mention the name of the company their victim works for in the sender’s email address. Targeted sectors include the military, healthcare, software security, and manufacturing (among others).
Privacy-Conscious Users Switching Between Period Tracking Apps
Following Wade v. Roe ruling, which removes abortion rights in some states, users are ditching their current period tracking apps for ones they think have better data security and privacy practices. For example, period tracker app Stardust recently experienced a 6,000% increase in installs, whereas Clue downloads shot up by 2,200%. However, some of these apps are not as private as consumers may believe.
FTC Warns LGBTQ+ Community of Dating App Extortion Scams
The US Federal Trade Commission (FTC) advised users of LGBTQ+ dating apps, like Grindr and FeelD, to be on the alert for extortion scams. The scam involves criminals pretending to be potential romantic partners, sending explicit photos, and asking the recipient to reciprocate. If they do, the fraudster attempts to extort them by threatening to expose their photos to their family, employer, or friends.
You Asked, We Answered
Here are some of the questions our readers asked us last month.
Q: I read that browser extensions can make you more “trackable.” Is that true?
To see how identifiable you are on the web, you can use Cover Your Tracks, a tool built by the Electronic Frontier Foundation to help users understand what information about what they do online is visible to trackers.
Q: Is Chrome really as bad for privacy as everyone makes it out to be?
A: Yes. Even though Chrome is by far the most popular browser (used by nearly 65% of people browsing the internet) and gets regular security updates, it is pretty terrible from a privacy perspective.
Chrome collects information like your location, user identifiers, search and browsing history, and product interaction. This is done for “personalization” purposes, for example, so that you can link your bookmarks to your Google Account. This data is then connected to individuals and devices, which means that Google can build up a detailed and accurate profile about you. If you use other Google products, like Google Maps or an Android phone, this profile becomes even more elaborate.
While there are certain things you can do to make Chrome more private, for instance, blocking third-party cookies, you’re probably better off switching to a different, more privacy-focused browser, like Brave or Firefox.
Back to You
We’d love to hear your thoughts about all things data privacy.
Get in touch with us. We love getting emails from our readers (or tweet us @Abine or @DeleteMe).
Share with friends! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.
Let us know. Have you ever been a victim of ID theft? Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito?
That’s it for this issue of Incognito! Stay safe and we’ll see you in your inbox next month.
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it.
Since joining DeleteMe in 2020, Laura has done exactly that.
Creating some of the internet’s most popular privacy content on DeleteMe’s blog, writing the leading privacy newsletter Incognito, and helping DeleteMe plan and craft its messaging across different channels, Laura drives DeleteMe’s content.
Laura has a degree from University College Cork.