Spearphishing, identity theft and personal devices brought to work are areas to watch for increasing fraudulent activity, according to a panel on 2014 Fraud Trends at the recent Privacy XChange Forum in held in Paradise Valley, Ariz.
The panelists discuss the phishing versus spearphishing tactic. While a phishing scam can target just about anyone, spearphishing is a tactic by which only one or two emails are specially crafted and sent to C-level executives. Bob Sullivan, a consumer advocacy journalist recommended companies host phishing fire drills where fake emails are sent to all employees. Those employees that fall victim should then get additional education on the practice.
Identity theft remains a popular choice for fraudsters. Some new areas of concern include child, synthetic and medical identity theft.
Child identity theft occurs when a thief uses a child’s Social Security number. Since children aren’t in the market for a new home, car or other high dollar purchase they are not likely to discover the theft until adulthood. The theft may not even come up in a credit report check because a different name, date of birth or address was used with it, said Steve Reger, director of Consumer Solutions and Fraud Victim Assistance for TransUnion.
Synthetic identity theft fraud occurs by using bits and pieces of real identities to make new identities. According to Reger, victims usually don’t find out about it.
Medical identity theft is equally frightening. This can change medical records data such as a wrong blood type or a missing notation regarding an allergy to medicine, some of which could prove deadly for victims.
“Consequences for medical identity theft are tremendous,” said Eva Velasquez, president and CEO of the Calif.-based Identity Theft Resource Center.
In any of these instances, Velasquez said the discovery is usually the result of a need by the consumer such as people discovering their identity has been stolen when they go to buy a home or car. She said her organization gets 20,000 phone calls a year relating to identity theft. Most, she says, generally don’t know how it happened.
Adding to the problem, according to Sullivan, is that hackers are innovating more quickly than financial and healthcare institutions. In addition, jail time is going down for these types of crimes. In California, for example, a criminal convicted of identity theft is unlikely to get jail time, according to Velasquez. The crimes are also harder to prosecute because of jurisdictional issues and reduced manpower.
Another area of concern is that many businesses are allowing employees to bring and connect their own devices (BYOD) to the mainframe at work. While Sullivan said there is economic pressure to go BYOD, there are security vulnerabilities to consider. If there is a case that requires employee cell phones as evidence, then every single one has to be collected. Employees and employers are unprepared for the liability associated with BYOD, panelists said.