SentiLink talks with the ITRC in the newest Fraudian Slip podcast about the unprecedented levels of identity fraud as people have applied for government benefits during COVID-19 

  • For the first time since the reports of unemployment identity fraud began to spike in March 2020, the number of cases has steadily declined. So have the number of fraudulent stimulus cases linked to identity fraud. 
  • However, June was the month the Identity Theft Resource Center (ITRC) saw 2021’s unemployment identity fraud numbers surpass all of 2020.  
  • The ITRC sat down with supporter SentiLink, a company that helps businesses reduce identity-related fraud, to discuss COVID-19 fraud, what we learned, emerging threats and much more. Listen to this week’s episode of The Fraudian Slip
  • You can learn more about unemployment identity fraud and other topics discussed in the podcast, and how to protect yourself from identity crimes by visiting the ITRC’s website
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voicemail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started.   

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, or Podsite now.

This month, July, we will look deeper into an issue that has dominated news headlines – unemployment identity fraud – and frustrated hundreds of thousands of identity crime victims. We are talking about the unprecedented levels of identity fraud that we have seen during the pandemic as people applied for various government benefits – ranging from unemployment benefits to small business loans.  

Let’s start with some good news. For the first time since reports of unemployment identity fraud emerged in early 2020, the number of fraud cases began a steady decline in May. The number of fraudulent stimulus cases linked to identity fraud and small business administration loans also drops a little each month. Ironically, June was the month when the number of unemployment identity fraud cases reported to the ITRC in 2021 surpassed all of 2020. 

The ITRC has talked a lot on earlier episodes of this podcast about how the unemployment identity fraud occurred and the impact on people denied benefits as a result. However, we have not focused much on what we have learned about what happened after the money was stolen. Where did it go? What other actions can we take now to prevent more fraud in the future based on what we have learned? 

Helping us explore the murky world of identity fraud is Eva Velasquez, president and CEO of the ITRC, and Naftali Harris, Co-Founder and CEO of SentiLink, a company that helps businesses reduce identity-related fraud.   

We talked with Naftali Harris about the following: 

  • What SentiLink does. 
  • What happened to the money lost, and what we have learned from the pandemic fraud. 
  • Friction in transactions – positive and negative.  
  • Any potential emerging threats. 

We talked with Eva Velasquez about the following: 

  • The impacts of identity fraud and the denial of benefits. 
  • Friction in transactions – positive and negative. 
  • What consumers can do to prevent/mitigate identity fraud now. 

You can learn more about unemployment identity fraud as well as get help if you have been the victim of an identity crime by visiting the ITRC’s website at www.idtheftcenter.org. While you are there, sign up for our emails that alert you to the latest scamsmonthly data breach updatesand tips to protect your identity.  

Be sure and join us next week for our Weekly Breach Breakdown podcast and next month for another episode of The Fraudian Slip.  

ITRC thanks SentiLink for supporting our podcast.

  • If you have a Venmo account, you may have been asked recently to re-verify your identity on Venmo. The payment app asks  users to do so as part of compliance with government regulations. Anyone who does not take part in the identity verification process will not be able to store money on the app. Instead, money will have to go to and from a bank account or credit card.
  • While there is always a risk in providing sensitive information to a company, identity verification is necessary to reduce the number of identity crimes. Venmo also made changes to its privacy settings. Users can now select a “public,” “friends” or “private” setting for their friends list. They can also opt-out of being seen on the friends lists of other Venmo users.
  • To learn more, or if you believe you were the victim of a payment app identity crime, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

Have you recently received a message asking you to verify your identity on Venmo? Has the payment app asked you to verify information like your Social Security number (SSN), address and other personal information? If so, it’s not a scam. Venmo is in the middle of making some changes, including updating its privacy settings and doing identity verification with all of its users. The payment app is reaching out to users asking them to re-verify their identity as required by government regulations.

What the Changes Mean

If you are asked to verify your identity on Venmo, you have to do it, or else you will not be able to store money on the app. You can still use it, but money would have to go to and from a bank account or credit card, according to Venmo’s rules. While some are skeptical about the messages they are receiving, and about providing their personal information, the goal of identity verification is to avoid phishing attacks and other scams.

Venmo is also now giving people an option to select a “public,” “private” or “friends” setting for their friends list and to opt-out of being seen on the friends lists of other Venmo users.

The Rise in Cash App Scams

Cash app scams have seen a rise since COVID-19. Over the last year and a half, scammers have been out in full force targeting cash app users on social media, via email and through texts in hopes to steal user’s money and identities. Asking you and others to verify your identity on Venmo and offering more privacy settings could slow down the pace of cash app scams by limiting the use of fraudulent accounts, especially when more people are using payment apps.

Why You Should Verify Your Identity on Venmo

If a company stores sensitive information, the user is always at risk if the company is ever breached. However, as Identity Theft Resource Center (ITRC) president and CEO Eva Velasquez told Slate Magazine in a recent interview, identity authentication and verification is still a really important step that has to be taken to stem  identity crimes. It is why the ITRC encourages people, if it is legitimate, to participate in the identity verification process. It is an important way for you to protect yourself and it creates more barriers criminals must try to successfully evade to commit payment app scams.

If you decide you want to verify your identity with Venmo, you can do so by going to your Venmo app, opening up your settings, and tapping “identity verification.” Prompts will then guide you throughout the process. You can only do this on the Venmo app and not the website.

How to Stay Safe on Venmo

While you are better protected if you verify your identity on Venmo, scams and identity crimes can still happen. Here are some tips to keep you safe:

  • Enable all the security features like screen lock/biometric lock and Find my Phone to keep hackers from accessing your payment app and stealing login credentials or money.
  • Use a strong and unique password to reduce the risk of hacking. The ITRC recommends a passphrase that is at least 12 characters long.
  • Beware of phishing attacks and avoid unsolicited emails or text messages that ask you to send money directly through Venmo. Never click on any links or attachments in messages you aren’t expecting. Criminals may send people an unsolicited payment request through a mobile app.
  • Look for red flags like payments you did not make using Venmo. If you are victimized, you should report it to Venmo, change your account password and consider scanning your device with antivirus software.
  • Consider other cyber-hygiene practices like multifactor authentication using an app on your phone. Also, consider taking advantage of Venmo’s new privacy settings and limit the number of people who can see your account by going to “Settings” and then “Privacy” in the Venmo app. Additional layers of protection will keep your account more secure.

Contact the ITRC

If you want to learn more about how to verify your identity on Venmo, have questions or concerns about the process, or believe you are the victim of a cash app identity crime, contact the ITRC. You can speak with an advisor toll-free by phone (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.

LexisNexis talks with the ITRC in the newest Fraudian Slip podcast about the impact of identity fraud in the government & business sectors and how you can prevent identity fraud 

  • This month’s Fraudian Slip podcast talks about the steady growth of cybercriminals using stolen information to commit identity fraud.  
  • In the final ten months of 2020, the Identity Theft Resource Center (ITRC) helped about 750 individuals who were the victims of unemployment identity fraud. On June 2, the ITRC surpassed the number of identity-related unemployment fraud victims for 2020 in only six months.  
  • The ITRC sat down with LexisNexis, a leading provider of information used to mitigate risks, to discuss identity crimes, how you can prevent identity fraud and much more. Listen to this week’s episode of The Fraudian Slip
  • You can also learn more about identity fraud in government and business, other topics discussed in the podcast, and how to protect yourself from identity fraud and compromises by visiting the ITRC’s website
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voicemail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started.  

Below is a transcript of our podcast with special guest Haywood J. “Woody” Talcove, CEO of LexisNexis Special Services 

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses.   

This month, June, we’re going to dig into a trend impacting consumers, businesses, government agencies and other institutions. That trend is the steady growth of cybercriminals using stolen information to commit identity crimes. How can you prevent identity fraud? 

Identity theft occurs when a person’s or business’s information is stolen. Identity fraud is when that information is misused, and there is a lot of misuse going on these days. At the ITRC, in the final ten months of 2020, we helped about 750 individuals who were the victims of unemployment identity fraud – which is to say a criminal used their personal information to apply for unemployment benefits in their home state or other states.  

On June 2, the ITRC surpassed the number of identity-related unemployment fraud victims for 2020 in only six months, with four months left until the enhanced benefits that are attracting criminals expire.  

At the root of the rise in identity fraud is the billions of bits of personal information available to cybercriminals that can be used to pretend to be just about any adult in the U.S. While that may sound intimidating, there are groups whose mission is to help prevent information misuse and to ensure people “are who they say they are” to make sure benefits and privileges go to the actual person who needs them. They ensure the benefits do not go to a professional imposter halfway around the world, an organized crime ring or just garden variety criminals down the street. 

Helping us make sense of how you can prevent identity fraud is the ITRC’s CEO Eva Velasquez and Haywood J. “Woody” Talcove, CEO of LexisNexis Special Services, a leading provider of information used to mitigate risks.   

We talked with Haywood J. “Woody” Talcove about the following: 

  • What LexisNexis does to help mitigate risk. 
  • The impact of identity fraud in the government and business sectors. 
  • What can be done to prevent and mitigate identity fraud by government and business (information as both a risk and the solution). 

We talked with Eva Velasquez about the following: 

For answers to all of these questions and more on how you can prevent identity fraud, listen to this week’s episode of The Fraudian Slip Podcast.   

Contact the ITRC 

You can learn more about identity fraud as well as get help if you have been the victim of an identity crime by visiting the ITRC’s website at www.idtheftcenter.org. While you are there, sign up for our emails that alert you to the latest scams, monthly data breach updates and tips to protect your identity. 

Be sure and join us next week for our sister podcast, the Weekly Breach Breakdown, and next month for another episode of The Fraudian Slip.  

  • The proper disposal of e-waste – old electronic devices that are no longer used – is a priority, particularly for protecting personal data. The Identity Theft Resource Center (ITRC) reported 78 data compromises in 2020 around “physical attacks”; 52 percent of them from device theft and improper disposal.
  • E-waste puts personal information at risk and can have environmental impacts, too. It is why individuals need to adopt good e-waste solutions by educating themselves on the issue, re-evaluating their needs for more electronics and safeguarding their information.
  • Most people do not know how to recycle e-waste. Individuals should reuse electronics, if possible, and donate their old devices to be recycled if not. When people get rid of old electronics, they should put all of the data on a backup system and then wipe the device clean of personal information.
  • For more information, or if you believe you are a victim of identity theft, contact the ITRC toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

According to the Identity Theft Resource Center’s (ITRC) 2020 Data Breach Report, there were 78 “physical attacks” in 2020. Device theft and improper disposal (which includes electronic devices) made up 52 percent of the attacks. The Verizon 2020 Data Breach Investigations Report finds more than one thousand cases of loss involving mobile devices in 2019.

As technology continues to evolve, users and manufacturers are finding more ways to keep safety, environmental impact and security measures in mind – which revolve around how to recycle e-waste. Issues range from the risk of fire from batteries, devices being sent to landfills, and disposal of information that could lead back to a user’s account and put them at risk of identity theft.

What Are E-Waste Solutions?

There are a handful of e-waste solutions consumers should keep in mind.

  1. Education: People should learn about the dangers of e-waste and what they can do about it.
  2. Re-evaluating the need: One e-waste solution is to minimize e-waste itself. Do you need that extra device? What are you doing with your devices once you are done with them? Are you reusing electronics? Re-evaluating your need for electronics can help cut down on how many devices end up in a landfill.
  3. Safeguarding information: Before you dispose of any electronics, you should make sure you save your data on a backup system or hard drive and then wipe the device clean. That way, no one can access your files if the device is improperly recycled or ends up in the wrong hands. If you are getting rid of a phone, do a factory reset to restore the phone to “empty status.” By taking these steps, you are protecting your personal information.

How to Recycle E-Waste

Instead of discarding electronics, the best e-waste solution is to reuse or recycle devices. Local governments are increasingly hosting e-cycling initiatives. These programs keep electronics out of landfills and ensure devices are wiped clean of all user data. You can search online for e-cycling centers near you before disposing of electronics, including IoT devices and medical devices.

Many device manufacturers also accept old devices to be refurbished or recycled and provide credit toward a new device. Some will take a device from any manufacturer for recycling. Check with your device maker to see if they offer a recycling program.

Contact the ITRC

It is vital everyone does their part to help address e-waste to protect the environment and people’s personal information. If you have questions about how to recycle e-waste, other e-waste solutions, or you believe you are the victim of identity theft, contact us. You can speak with one of our expert advisors toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started. 

  • When doing your spring cleaning, consider making a digital spring-cleaning checklist. It is more important than ever in today’s digital-first society.
  • Digital spring-cleaning tips include backing up your information, deleting unused apps, reviewing all of your passwords (and making changes if needed), and checking your social media privacy settings.
  • It is also a good idea to delete or archive old emails, especially with sensitive information.
  • If you would like to learn more or believe you are a victim of identity theft, contact the Identity Theft Resource Center. You can check out our latest resources or speak to an expert advisor toll-free by phone (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.

Everyone looks forward to the spring! The weather changes, the flowers and landscape start to bloom, and people clean out clutter they don’t need before the summer arrives. While spring cleaning may make you feel good and productive, it is also a great way to minimize the risk of identity theft. With the move to a digital-first society, digital spring cleaning and having a digital spring-cleaning checklist is more important than ever. A few basic digital spring-cleaning steps could help keep one’s identity information out of a criminal’s hands.

Before You Begin

There are digital spring-cleaning steps to take before you have to deal with clutter. One possible vulnerability is your email inbox. Adopt the habit of not just deleting unwanted emails, but actively unsubscribing from them. To do that, open the email, scroll down and click “unsubscribe.” Do not follow these steps for emails that appear to be scam attempts. If you click on a malicious link, it can redirect you to harmful websites or install malicious software on your computer. Instead, you should avoid links or attachments in unsolicited messages and block the sender.

One other thing you can do is update your contact information. Review all of your contact information to ensure it is up-to-date and you are not missing any essential information. Once you take these steps, you can begin on your digital spring-cleaning checklist.

Digital Spring-Cleaning Checklist

Your digital identity becomes more important every day as the world moves to a digital-first model. However, the same principles behind decluttering your physical world can help you in the virtual space. Here are some digital spring-cleaning checklist tips to digitally declutter:

  1. Backup your information– No matter how safe and secure you are, you might need to recover old data in the future. Creating automatic backups is a good idea. Consider investing in an external hard drive or cloud-based storage subscription to store and protect the things you want to keep.
  2. Delete unused programs and apps– Take a look at all of the apps on your devices and figure out which ones you are not using. Delete unused apps or programs on the devices. This step is a good idea because some apps require large amounts of storage, can slow the device down, and most importantly, can introduce new vulnerabilities. The fewer apps and programs you have, the more secure your device and personal information will be.
  3. Review your passwords– Check the passwords for all of your accounts to ensure there are no duplicates (especially between work accounts and personal accounts). Also, make sure you use a strong and unique 12+ character passphrase for each account. They are easier to remember and harder to crack. If you cannot remember all of your passwords, consider investing in a password manager to store all of your passwords. Finally, if possible, enable multifactor authentication (MFA) on all of your accounts. The app version is better than the SMS version because scammers can create fake MFA SMS text messages.
  4. Update all of your apps and settings– When going through your digital spring-cleaning checklist, it is important to keep apps, programs and devices up-to-date on all software. The device will run faster, and it will lead to increased privacy, which will make it more difficult for someone to hack into them. It is also a good idea to enable automatic updates when possible.
  5. Look at the permissions you allow– Pay attention to the permissions you allow the mobile apps on your device because third-parties could be tracking information about you that you might not realize. If they aren’t actively using the collected data, they may still be storing it, leaving your personal information vulnerable to cyberattacks should the third-party fall victim to a data compromise.
  6. Review plugins and add-ons in your browser- Review the permission settings of the plugins and add-ons to make sure you are not sharing too much information. If you are not using a particular plugin or add-on anymore, delete it.
  7. Review your social media privacy settings– Check your privacy settings on all of your social media accounts to ensure you are not oversharing information with people you do not know. If criminals get a hold of enough information about you, your family and your friends, they can connect enough dots to commit scams based around social engineering.
  8. Clean out your email– Get rid of any unnecessary emails in your inbox, especially emails that contain personal information.

Other Digital Spring-Cleaning Tips

There are a few more spring-cleaning tips for people to follow:

  • While doing your spring cleaning, if there are important documents you might need later, you can photograph or scan them, and then store the originals in a secure space like a safe or bank safety deposit box.  
  • While you’re cleaning your email inbox, take a moment to destroy any paper documents you no longer need, especially those records with personal information.
  • It is also a good idea to organize your digital files. While it is time-consuming, it will make more space available for the most important things that need to be stored on your devices.

Contact the ITRC

If you have more questions about digital spring cleaning, a digital spring-cleaning checklist, or if you believe you are a victim of identity theft, contact us. You can chat with an expert advisor toll-free by phone (888.400.5530) or live-chat. You can also check out our latest resources. Just go to www.idtheftcenter.org to get started.

The IDSA shares with the ITRC in the newest Fraudian Slip podcast exploring identity management & the future of identity

  • This week, the Identity Theft Resource Center (ITRC) celebrated Identity Management Day, hosted by the Identity Defined Security Alliance (IDSA). The day raised awareness on the importance of identity management, securing digital identities and sharing best practices to help organizations and consumers.
  • The ITRC sat down with the IDSA to discuss how identity management has changed, the future of identity, how identity crimes are changing and much more.
  • To learn more, listen to this week’s episode of The Fraudian Slip
  • You can also learn more about the identity-related crimes discussed in the podcast and how to protect yourself from identity fraud and compromises by visiting the ITRC’s website.
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voice mail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started.

Below is a transcript of our podcast with special guest Julie Smith, Executive Director of the Identity Defined Security Alliance

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. 

This month, April, we’re going to talk about one of the hottest topics in the world of cybersecurity, privacy and identity. Namely, the shift from what we think of as traditional identity theft to what is increasingly more common today – identity-based fraud.

As more organizations analyze their 2020 data and information from the first three months of 2021, there is a common theme. Cybercriminals are less interested in mass attacks seeking to scoop up as much information as possible about consumers. Instead, data thieves are focusing on attacking organizations where they can hold data for ransom, or where an attack against a single company can yield information from all the customers who rely on the breached business.

At the core of many of these attacks are identity credentials, little pieces of information that once upon a time was pretty much limited to your driver’s license, Social Security number and occasionally your mother’s maiden name. Today, identity credentials are everything from your login and password, which is more valuable than your credit card information to a cybercriminal, to the location where you use your smartphone.

The complexity of identity today makes it simultaneously more difficult to protect your identity while also making it easier to prove you are who you say you are.

This week we celebrated Identity Management Day to raise awareness of the importance of identity management, securing digital identities and sharing best practices to help organizations and consumers. Be Identity Smart. 

Identity Defined Security Alliance (IDSA) hosted the day.

We talked with Executive Director of IDSA Julie Smith about the following:

  • The IDSA, its members, and issues
  • How identity management has changed
  • A businesses role in managing and protecting consumer identities; the most important actions to take
  • The future of identity

We also talked with ITRC CEO Eva Velasquez about the following: 

  • How identity crimes are changing
  • Consumer self-management and protection; the most important actions to take
  • The future of identity

For answers to all of these questions, listen to this week’s episode of The Fraudian Slip Podcast

Contact the ITRC or IDSA

You can learn more about data privacy, cybersecurity, the future of identity and other identity-related issues by visiting the ITRC’s website www.idtheftcenter.org. If you want to learn more about the IDSA and its work, you can visit www.idsalliance.org.

If you have questions about how to protect your personal information, or if you believe you have been the victim of an identity crime or compromise, talk to one of our expert advisers on the phone (888.400.5530), by live-chat or by email during normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Be sure and join us next week for our Weekly Breach Breakdown podcast and next month for another episode of The Fraudian Slip.

  • Identity Management Day 2021 is about informing people of the dangers of improperly managing and securing digital identities. It is also designated to share best practices. 
  • The biggest threat to individual identities is the significant shift away from traditional identity theft fueled by personal information acquired in mass attacks and towards credential theft used to commit identity fraud, according to the Identity Theft Resource Center.  
  • Targeted attacks against businesses are easier for threat actors to execute and result in a larger payout. The average ransomware payment from companies has grown from less than $10,000 in Q3 2018 to more than $312,000 per event today.  
  • To protect themselves, businesses and consumers should follow cyber-hygiene best practices, especially good password management. To learn more or participate in Identity Management Day 2021, visit https://www.idsalliance.org/identity-management-day-overview/

Save the date for the first-ever Identity Management Day! Identity Management Day 2021, hosted by the Identity Defined Security Alliance (IDSA) and the National Cybersecurity Alliance (NCSA), is a day to inform people about the dangers of improperly managing and securing digital identities. It raises awareness, shares best practices and leverages the support of vendors in the identity security space.  

Identity Management Day 2021 is important for both businesses and individuals. According to IDSA, 79 percent of organizations have experienced an identity-related breach in the last two years, and 99 percent believe their identity-related breaches were preventable. A report from the Federal Trade Commission (FTC) shows that identity theft reports have tripled since 2018.  

Technology grows in importance every day as the world moves towards a digital-first model. With the emphasis on technology, it is more vital that people’s digital identities and the systems that protect them work properly. 

The Biggest Identity Management Challenge Facing Businesses & Consumers  

The biggest threat the Identity Theft Resource Center (ITRC) sees to identities is the dramatic shift to credential theft and away from traditional attacks fueled by personally identifiable information (PII) acquired in mass attacks. Today, threat actors are more interested in collecting personal and business logins and passwords that can be used in credential stuffing, phishing (including business email compromises or BECs) and supply chain attacks.  

  • Statistics show that cybercriminals are spending more time and effort on attacks that rely on personal credentials to commit cybercrimes like identity-related fraud. According to the ITRC’s Q1 2021 Data Breach Report, the number of individuals impacted by a data compromise was up 564 percent in Q1 2021 compared to Q4 2020. The rise is in large part to an increase in supply chain attacks. There have been supply chain attacks at 27 third-party vendors and 19 supply chain attack-related data compromises in Q4 2020.  
  • According to the FBI, BEC scams cost businesses more than $1.8 billion in 2020. The ITRC’s 2020 Data Breach Report shows 382 phishing/smishing/BEC attacks, making up 44 percent of all publicly-reported U.S. data breaches in 2020.  
  • The trend toward supply chain attacks shows that cybercriminals are concentrating their efforts by attacking single organizations that give them access to the data of multiple businesses. Instead of attacking 1,000 consumers to gain $300,000, threat actors attack one company and walk away with the same amount or more money with less effort and risk. 

What You Can Do 

The ITRC’s advice is simple and revolves around good password and cyber-hygiene practices.  

  • A long and memorable password (12+ characters) is a great way to keep people out of your account. They are easier to remember and harder for a criminal to use an automated tool to crack. 
  • It is essential to have a unique password for each account. If your credentials for one account are stolen, threat actors will not be able to access any of your other accounts.  
  • Do not use a password from one of your personal accounts on a work account. It puts consumers and businesses at an increased risk. 
  • Multifactor authentication (MFA) is always a good idea because it creates an added layer of security for the account. It is better to use MFA with an app than SMS because hackers can create scams with fake SMS MFA messages.  
  • Never click on a link in an unsolicited email, text or social media direct message. You should directly contact the sender to see if the message is legitimate if there is any doubt.  

The ITRC is honored to participate in Identity Management Day 2021 and hopes to educate business leaders, IT decision-makers and the general public about the importance of managing and securing digital identities. To learn more or participate in Identity Management Day 2021, visit https://www.idsalliance.org/identity-management-day-overview/.  

  • According to a report from Javelin Strategies, traditional identity theft is declining. However, what one might think of as identity theft is being replaced by identity fraud.
  • trend identified by the Identity Theft Resource Center (ITRC) in 2020. Cybercriminals continue to move away from mass data breaches of consumer information to more targeted attacks like phishing, ransomware and supply chain attacks.
  • There is no reason for consumers to panic. One record exposed is one too many, but one can’t determine the risk represented by a data breach based on the size of the breach. Knowing what records are exposed is far more important than how many records are compromised.
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. 
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

The Path is Smooth That Leadeth on to Danger

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 2, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. Last week we talked about the FBI’s most recent cybercrime report that shows an exponential increase in cybercrime and the losses associate with it. This week we look at how people can assess what that really means for them or their business.

In his poem, Adonis and Venus, Shakespeare wrote, “The path is smooth that leadeth on to danger.” That is the title of this week’s episode, reflecting how our desire for convenience often leads to risky behaviors.

Traditional Identity Theft is on the Decline

Let’s start with a good and bad news trend. A report from Javelin Strategies is the latest to show that “traditional identity theft” is declining. That’s good news. However, here is the “but” people may be expecting: what we think of as identity theft is being replaced by identity fraud.

Identity Fraud Cases Are on the Rise

What does that mean? It’s part of the general trend we’ve discussed where cybercriminals move away from mass data breaches of consumer information to more targeted attacks. Phishing, ransomware and supply chain attacks are good examples of the kinds of exploits that allow criminals to hit a company. The criminals reap hundreds of thousands of dollars from a single organization instead of the old-school way of attacking thousands of consumers.

However, less risk to individuals is not the same as low or no risk. In fact, the whole concept of identity fraud is based on using consumer behaviors to lure people into a scam. Maybe it’s a text that says someone’s Amazon account has been frozen, and the user needs to click on a link to verify their password to unlock it – and they do. They have just given them their login and password, which regulars of the podcast know are 10x more valuable to a data thief than a consumer’s credit card information.

Maybe someone gets an email from Google or Microsoft claiming their payment card is about to expire. All the user needs to click on is a link to log in and update their information. However, the email and login webpage are deep fakes, and the user just shared their login, password and credit card information with criminals.

All of these phishing techniques are predicated on our behaviors as humans, the need to instantly address any issue that appears by text or email in the most convenient way possible.

While different research reports come up with different identity fraud case totals, they all agree it is on the rise, and the dollar value starts with a B, as in billions. Right now, one might be thinking, “Well, that’s just great. Do I panic now or panic later?”

No Reason for Consumers to Panic

First, there is no reason to panic at all. People may have seen a media headline that talked about more records being exposed in data breaches in 2020 than in the past 15 years combined. While that is attention-grabbing, it’s not particularly meaningful.

One record exposed is one too many, but the reality is one can’t determine the risk represented by a data breach based on the size of the breach. Someone’s date of birth and Social Security number are two records. They may have been exposed thousands of times over the past 15 years, but they are still only two data points, and they don’t change.  However, the risk associated with each data point is very different.

Knowing what records are exposed is far more important than how many records are compromised. Knowing how to protect your own information is the most important information, and that’s where the ITRC can help.

Contact the ITRC

If anyone has questions about keeping their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics. 

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started.  

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.  

  • According to ID.me Founder and CEO Blake Hall, the ultimate unemployment benefits fraud totals could be between $200-$300 billion for the last year.  
  • Hall also says that over 50 percent of the claims being paid on are fraudulent, individuals are applying with their own identity in multiple states, and that eligibility fraud is at 30 percent.  
  • To learn more, listen to this week’s episode of The Fraudian Slip.  
  • You can learn more about the identity-related crimes discussed in the podcast and how to protect yourself from identity fraud and compromises by visiting the ITRC’s website www.idtheftcenter.org
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voice mail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started. 

Below is a transcript of our podcast with special guest Blake Hall, CEO of ID.me 

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. 

This month, March, we will explore one of the key issues at the root of the tsunami of fraudulent unemployment benefit claims prompted by the COVID-19 pandemic. The level of benefit fraud has gone from truly unprecedented to staggering. 

In mid-2020, the Inspector General for the U.S. Department of Labor told Congress that stolen unemployment benefits could reach $26 billion. That was before the state of California warned benefit fraud had already exceeded $11 billion just in that state. This past weekend, officials now estimate the amount of fraud to be more than $60 billion.  

Our guest on this month’s podcast, ID.me Founder and CEO Blake Hall, predicts the ultimate unemployment benefits fraud totals will be between $200-$300 billion. He also says over 50 percent of the claims being paid on are fraudulent, individuals are applying with their own identity in multiple states, and that eligibility fraud is at 30 percent.  

This is just one piece of a bigger identity-related fraud puzzle. Complaints to the Federal Trade Commission (FTC) about identity-related fraud more than doubled in 2020, with government credential and benefit fraud topping the list. 

What is the common denominator here? Automated and manual processes are used to prove we are who we say we are. I.D. verification and validation is a bedrock principle of our technology-driven world. Professional cybercriminals have largely figured out how to get around common identity proofing techniques.  

In some cases, well-meaning state officials even “pulled the goalie” last year by relaxing verification standards to help speed benefits to people impacted by the pandemic who desperately needed the help.  

There is good news to be found when it comes to identity verification. Private companies and government agencies are rapidly moving away from traditional I.D. proofing and to more modern, secure, and accurate ways of proving you are who you claim to be. 

We talked with ID.me CEO Blake Hall about the following: 

  • Traditional ways to verify identities, and how they failed in 2020 
  • State of the Art in I.D. verification 
  • What is next for I.D. verification in the age of privacy 

We also talked with ITRC CEO Eva Velasquez about the following: 

  • What happened in 2020 with identity-related fraud  
  • What individuals can do to protect themselves against identity-related fraud 
  • Resources available to help consumers protect themselves from identity-related fraud 

For answers to all of these questions, listen to this week’s episode of  The Fraudian Slip Podcast