This is Part 1 of a two-part article. Read Part 2 here.
From 2017 to 2018, the U.S. population experienced an abundance of serious data breaches which traumatized millions of people.
Here is a look at a couple of major data breaches that occurred between 2017 and 2018:
Although the data breaches listed above affected a large portion of the U.S. population, they are not the only data breaches that took place in 2017 and 2018. According to the Identity Theft Resource Center, there were 1,632 data breaches that occurred in the United States in 2017 and 1,244 data breaches in 2018. Although the number of data breaches recorded in 2018 was less than 2017, the Identity Theft Resource Center’s report provided that “the reported number of consumer records containing sensitive personally identifiable information (PII) jumped significantly” in 2018.
In addition to data breaches, millions of people were affected by identity theft and scam crimes that took place in 2017 and 2018.
Although there is no absolute way to avoid identity theft, scams, and data breaches, you can lessen your risks if you know what to prepare for. We asked a few experts to predict 2019 scam and identity theft trends. Here’s what they said:
“In regard to data breaches, things aren't as bad as you think. They are far worse. Personal information stolen through data breaches continues to be a major problem and one that puts people in danger of identity theft for the rest of their lives when the information stolen includes Social Security numbers. Too many entities with insufficient security hold too much personal information and these entities whether they are companies or government agencies have been and continue to be vulnerable targets for hackers. Therefore people must do whatever they can to limit the places that have their personal information. For instance, your doctor may ask for your Social Security number, but he or she does not need it.” — Steve Wiseman, Professor at Bentley University, Author and Blog Writer for Scamicide
“We’ll probably see a few more sensational data breach headlines this year, but the truth is, data breaches happen every day, all over the world. Dozens make the news every month, and many more go unreported. I don’t see any difference between 2019 and 2018, other than 2019 will have more than 2018. Ransomware attacks might become even more commonplace because they’re easy to setup and maddening to trace.” — Greg Scott, Author and Cybersecurity Professional
“When it comes to identity theft, by far the biggest threat in 2019 comes from large scale data breaches. In what’s become a shocking trend, the occurrence of these massive data breaches has dramatically increased over the past few years. And that trend shows no signs of slowing down, even with the increased awareness surrounding the issue.” — Doug Brennan, Cybersecurity Expert and Digital Addicts Blog Manager
“In 2019, businesses should be on the lookout for threats that are coming from the inside/from their own employees, compared to remote threats from overseas. A majority of data threats are posed by employees who do not have education on cybersecurity. For example, phishing emails are gaining prominence. Some of the biggest hacks have occurred because someone opened an email from a malicious sender.
Expect to see businesses investing in more internal security training to teach employees the proper way to create passwords, how to identify phishing emails, how to properly store and delete data, etc.” — Keri Lindenmuth, Marketing Manager at The Kyle David Group, LLC
“Even if you keep your home network safe, if your company is hacked (even when you’re only an employee), you are subject to personal identity theft from the information that is stolen. According to the FBI’s IC3’s 2017 Crime Report, out of all types of victim loss reported, the most money lost was through Business Email Compromise and Email Account Compromise. This means that a hacker can break into your company’s data and garnish your social security number, home address, full name, driver’s license number, and more. While this might have been easy to trace in the past, skilled hackers no longer leave a web trail that an expert can easily catch. They take the stolen data to the dark web and sell it to the highest bidder.” — Johnny Santiago, Brand Partnerships Manager at Social Catfish
“Organizations need to be prepared for malicious breaches and cyber attacks, many of which are delivered by way of email. Fraudulent emails come in all shapes and sizes, but I’ll share some tips to help anyone easily identify them. If you receive an email where the ‘To’ field is left blank, it’s a clear signal that it didn’t come from the perceived sender. When an email from a company has spelling errors or bad grammar, it should be another warning sign. Large companies have copywriters and editors who make sure email communications are grammatically correct. Also, if the email begins with ‘Hello’ but doesn’t actually state your name, that’s another red flag.” — Brian Gill, CEO of Gillware Data Recovery
Identity theft types
“Synthetic identity theft is also increasing as a problem. This is where some of your information is joined with information about others or made up information to form a totally synthetic identity.” — Wiseman
“Sophisticated identity theft is on the rise. This is a type of fingerless identity theft where hackers can be overseas and steal your information and then sell it remotely from the dark web. They are protected by the privacy veil of the dark internet, where they can sell your information to another hacker who will use it fraudulently and steal from your accounts, max out your credit cards, sell your information to someone who might impersonate you, and put you at risk in your financial world. Victims of identity theft subsequently don’t get hired for jobs that run background or credit checks or even miss out on the ability to purchase a home or rent a property.” — Santiago
“Medical identity theft is a rapidly growing problem that will likely get worse before it gets better. This can lead to long-term financial difficulties due to issues with debt collectors and credit issues. Patients can experience problems with their insurance copays and maximums because of fraudulent use. The list of problems goes on and on.” — Adnan Raja, Vice President of Marketing for Atlantic Net
“In 2019, cyber-attacks will be more versatile than ever before. People should be aware of the most common types of identity theft as for instance account takeover, mail identity theft, child/senior identity theft etc. However, according to the Federal Trade Commission (FTC), the most popular type of ID theft in 2018, which will probably remain a real threat in 2019 is synthetic identity theft. This type of ID theft combines real and fake personal information to create a new identity using sensitive data such as names, SSNs, and addresses that can be obtained on the dark web. So, if you start to receive phone calls or mail asking about new credit accounts or if you receive mail addressed to a different name, those are signs of synthetic ID theft.” — Mihai Corbuleac, Senior IT Consultant at ComputerSupport
“Credit card skimming and shimming will likely continue to make local headlines as technology improves. While card skimming is a renowned scam, shimming takes the crime to the next level with specific tech designed to record information from chip-enabled credit cards, which had previously been considered the more secure alternative to cards with magnetic strips.
Simplistic phone scams have remained popular, because modern technology enables effortless spoofing of legitimate phone numbers that belong to government agencies and other reputable organizations. Phone scams often use a combination of trust and urgency to convince victims to fork over social security numbers or credit card account information.” — Sean Messier, Credit Industry Analyst at Credit Card Insider
“I see sim hijacking causing problems in 2019 if the providers don't clamp down on it. This scam works when criminals call a cell phone carrier’s tech support number pretending to be their target. They inform the call center employee that they have ‘lost’ their SIM card, and need their phone number to be transferred, or ported, to a new SIM card that the hackers themselves already own. This works via social engineering — and maybe with other info they have sourced, be it on the dark web, such as a Social Security Number or home address (this info can be readily available due to the many data breaches that have happened in the last few years)—the criminals convince the employee that they really are whom they claim to be, and the employee ports the phone number to the new SIM card.
In some cases, bribery is involved with rogue employees porting numbers against company policy for a fee from the hackers.Once the hacker controls your phone number, they can impersonate you with other service providers, such as with your Instagram or an email provider, by using your phone number to change your password and then also taking control of your email. For example, they can go to gmail.com, type in your email, click on ‘Forgot Password’. Then Google sends a text message verification code to your phone number – which the hacker receives instead of you.” — Brandon Ackroyd, Mobile Security Expert and Founder of Tiger Mobiles
“For every correction that companies and the government try to make, a skilled hacker spends his or her time, energy, and expertise undoing those safeguards and working around them. As home networks begin to rely on smart devices like Google Home, Echo by Amazon, or Portal by Facebook, there have been documented errors and hacks. In one situation, Google Home recorded and sent data without consent. In 2018, devices like Google Home, Echo Dot, and Portal became popular. However, 2019 is the year that (next to) everyone will have a home smart device or smart home and hackers are waiting. These devices are revolutionizing the way we live and how much we allow electronics to conform our relationships and security. As more people make their household digital, home security devices will become the most popular items to hack.” — Santiago
“Scams originating with phone calls whether robocalls or scammers calling personally are growing as a problem. This problem is magnified by the use of a technique called ‘spoofing’ by which scammers are able to manipulate their victim's Caller ID to make the call appear to be from a legitimate source, such as the IRS.
The increasing presence of the Internet of Things in our lives with smart televisions, toys and other devices connected to the Internet provides an opportunity for hackers to get at our computers and our data through these devices for purposes of identity theft or install malware such as ransomware.
Spear phishing is getting increasingly sophisticated. Spear phishing is specifically targeted emails and text messages that uses information about us to tailor these messages in a manner that we will trust these communications and click on links or attachments which result in malware being downloaded.” — Wiseman
“A despicable tactic that’s gaining popularity with hackers is digital blackmailing. A hacker steals an email list and sends messages that threaten to expose a person engaging in an illegal or unethical act. Some instances of digital blackmail don’t involve lies about web surfing. A hacker can gain access to a webcam and capture intimate pictures and videos. He or she uses the files to extort money from people.” — Ian McClarty, President and CEO of PhoenixNAP Global IT Services
The bottom line
Overall, you should be on the lookout for several potential identity theft, scam, and data breach trends. Although you may not be able to prevent any of them from taking place in 2019, you can take certain actions to protect yourself. Make sure to see part two of this article series to learn about preventative steps you can take.