ITRC 2017 Identity Theft and Fraud Predictions

Date: 01/12/2017

As we round out another year, it’s time to cast the Identity Theft Resource Center’s predictions for 2017. Our expectations for data breaches, hacking, ransomware, and identity theft-related crimes are based on a number of factors, including the tracked data breaches of the past year, news of large-scale hacking, and of course, our work with the victims themselves.

First, the predictions for this past year were far from optimistic, and unfortunately, for the most part they proved true. Privacy took center stage this year as the market filled with IoT gadgets and “always listening” voice activated devices. It took until October’s large-scale DDoS attack that hijacked millions of IoT-connected devices to make the public really aware of the threat, but already lawmakers are at work on regulations to prevent future attacks. Unfortunately, the numbers aren’t in yet on child identity theft in 2016, so we can’t know if any progress was made, although we do know that about 1.3 million children’s records are taken annually.

But what does the coming year bring? Our first prediction is actually one of hopeful optimism, and that’s increased focus on legislation to close some of the doors that technology has left wide open. Hackers have exploited everything from the IRS’ website to children’s toys in the past few years, and it’s largely due to developers not being aware of the “holes” in their networks. With new concerns about voice-activated technology and “government spying,” as well as news headlines about foreign hackers infiltrating and impacting US politics, we’re fairly certain that there will be a number of new privacy and cybersecurity measures introduced in the new year.

Voice activated technology like Amazon’s Echo and Google’s Home will take a lot of focus next year. We’ve already faced our first criminal case in which the police have requested access to the suspect’s Alexa device under the possibility that it accidentally recorded key evidence. Undoubtedly, the higher courts will have to tackle the subject of what to do with an audio recording of you—in your own home, and without your specific knowledge—when you’re a suspect in a crime.

At the same time, other connected devices may come under more intense legal scrutiny. The US Supreme Court ruled in 2014 that your smartphone contains just as much sensitive information as your home, such as photos, previous geolocations, and letters. But what about a baby monitor, a thermostat that adjusts the temperature and indicates that you’re home, or a water meter that proves you suddenly used twenty extra gallons of water on the night of the murder (a key facet in the aforementioned legal case involving a suspect’s Echo)?

We also predict that 2017 will see an unprecedented number of scams and fraud attempts, but that they will be very different from what we’re used to. The current political climate and the plethora of “fake news” sites mean that scammers’ work has practically been done for them. We’re concerned that the more than 10 billion phone scams in 2016 will only increase next year, and that they will address topics such as the possible repeal of “Obamacare,” Social Security, and Medicare, all of which are key “hot button” topics right now. This is in addition to the still-current charity scams, employment scams, lottery scams, and other similar tactics.

The coming year will perhaps bring even more “boss phishing”-related data breaches. Why? Because they worked so well in 2016. The statistics on this crime are staggering, with 85% of the surveyed businesses reporting that they received spoofed phishing emails in the past year. Unfortunately, the high rate of attacks against businesses, many of which targeted employees’ payroll information, can easily translate into an increase in tax return fraud in the first few months of 2017.

Of all the previous predictions, possibly the one that stands to cause the most harm to consumers in terms of personal data loss and skyrocketing medical costs is the rise in ransomware. In the previous year, ransomware hit medical facilities and major companies hard; next year, though, the trend may steer towards individuals being hit by this type of crime. Ransomware was so plentiful in 2016 that some individuals’ records are for sale on the dark web for less than the price of a pizza, giving us reason to believe that criminals will begin finding new ways to monetize from ransomware attacks.

One final prediction involves the most mundane of identity theft crimes, and that’s old-fashioned methods. There’s a plausible likelihood that the widespread adoption of EMV credit cards—something that was slow to roll out last year but should move along much faster in 2017—will mean data thieves will have to resort to other methods to steal financial information. That could result in a rise in practices like dumpster diving, check washing, and mail theft.

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center