Despite the threat of digital identity theft being a very real one, it is usually the final step in a process, which begins with cyber criminals first stealing your personal information (such as your name, email, phone number and date of birth).
I think it’s fair to say that most of us have an idea of what identity theft means. And there’s a lot of fear and anxiety involved, explained Olli Bliss, Business Development Manager at F‑Secure.
And while this is a massively uptrending threat, and we’re seeing these cases every single day, we actually have to recognize the fact that typically these scenarios are the result of something that’s happened earlier on in the timeline, such as account takeover.
Based on reported cases to the Federal Trade Commission in the United States, there were 1.1 million cases of identity theft in 2022, which made up 22% of the 5.2 million fraud reports in the same period. And while this number is high — and there may be many more reports that don’t get recorded — it is still a low percentage of the overall population (0.3%) that’s affected by identity theft each year.
We have to take a step back and put ourselves in the shoes of the attackers, Bliss explained.
What they’re predominantly interested in is getting their hands on some sort of data, things like credentials, usernames and passwords. They can get that data through a data dump, or a data leak, or a data breach. Or they could get that data through various phishing scams or malware.
F‑Secure research has shown that 60% of people suffered a data breach during a 12-month period, with half of them continuing to use exposed passwords on other accounts, even after getting security notifications. However, despite the large number of breached accounts, identity theft is much less prevalent. And the focus should be on securing your details before identity theft becomes an option.
Unique passwords play a massive role in actually lowering your risk of falling victim to account takeover. It can’t be said enough, Bliss explained.
And protect those end devices. Because we see things like malware designed to steal your credentials and different types of data, which lead to identity theft.
So, to minimize your risk of a data breach, you should ensure that your password is not just strong, but also unique for every account, using a tool like F‑Secure’s strong password generator to create them. And make sure that you use internet security to protect against phishing and malware.
Again, we come down to those core principles that, if we can tick those boxes, we’re going to lower our risk, Bliss explained.
We still can’t totally remove from the equation that a service provider won’t be hacked themselves and compromised, which then leads to information being stolen. But that’s out of our hands.
One of the core principles of avoiding identity theft is that you use the tools and services at your disposal to break as many of the possible connections between your online accounts. By doing this, not only do you improve your overall cyber security, but you also stop potential identity thieves being able to build up a larger portfolio of information on you, which is required for things such as credit card applications.
It’s not uncommon for us to have as many as 80 different accounts that we’ve created over the years, said Bliss.
Account takeover is most successful when it can latch onto as many services as it can. Because the more services it can latch onto, the more potential information it can gather on you as an individual. So, if an attacker can get into your Netflix account, there’s a chance that they can get into other of your accounts, especially if you’ve reused your password. And the more information they have on you as an individual is when they can start creating new personas in your name, and start filing for new credit cards.
Alongside internet security and strong and unique passwords, two-factor authentication (also known as 2FA) is also a key defense against your information being compromised, providing an extra layer of security that goes beyond your username and password and requires an extra login credential (such as a one-time passcode). And even if someone acquires your username and password, with 2FA enabled, they still need to get through a second layer of security, which — according to Microsoft research — will prevent 99.9% of automated attacks.
All you need to do is add your email address to the free F‑Secure Identity Theft Checker tool and we’ll let you know if your details have appeared in any known data breaches.
Check for data breaches with this free tool.
F‑Secure scans the dark web and generates a free report.
It’s anonymous and none of your data is stored.