With this year almost over and a new year waiting on the horizon, it’s a good time to take stock of the various threats to individuals’ identities that took hold during 2016. From large-scale data breaches to scams that affected consumers one-by-one, the variety of methods and sheer volume of security threats that thieves use is staggering.
Here are some of the scams, fraud attempts, data breaches, and other related identity theft crimes that the Identity Theft Resource Center paid particular attention to this past year:
1. iTunes Gift Cards Scams – This past year, there was an uptick in scams that requested a highly specific form of payment. Whether it was utilities scams, callers posing as your credit card company, or even (believe it or not) the IRS, demanding payment via iTunes gift cards affords the thieves instant money that is virtually irretrievable.
The most surprising of these scams might just be the IRS version, in which scammers posing as IRS agents frightened their victims into believing they faced serious penalties and criminal consequences for failing to pay their taxes. The only saving grace the victims had was the ability to pay immediately with iTunes gift cards. Unfortunately, the government doesn’t actually accept payment in the form of Apple’s in-house system.
2. Romance scams – As long as there are lonely people, there will be scammers eager to toy with their emotions in order to steal their money. Sadly, far too many hopeful people fall for the sweet talk and apparent devotion, right up until—and sometimes long after—they’ve lost everything.
In the early months of 2016, even the FBI had to take their information public in order to warn people away from romance scams, especially ones that are prominent around Valentine’s Day. The agency issued warning signs of common romance scams, like requests for money due to complicated hardships, and told possible victims how to file a report.
3. Scams targeting college students – It’s been a long time coming, but it seems as though 2016 was the Year of the College Student, at least as far as scammers were concerned. Some scams that specifically affected college students included offering potential students phony financial aid applications to steal their identifying information, and “easy money” work opportunities that not only took students’ money but also left them criminally responsible in some cases.
Of course, anyone can be a victim of identity theft, and college students have long been a target dating back to child identity theft. But with the abundance of online scholarship and loan applications and with more students seeking online job opportunities, the door has been left wide open for scams that reach college-aged victims.
4. W-2 Phishing Scams – This year, there was a lot of buzz surrounding “boss phishing,” or the practice of reaching out to someone in a company while pretending to be someone higher up. The typical target in these cases was the company’s W-2 forms on all of its employees, forms which contain enough pieces of the puzzle to steal their identities. Other boss phishing attempts went after customer databases, payment methods, and related information, but W-2 phishing was very popular.
This year will be remembered for a lot of boss phishing attacks—and with numbers like this it’s no wonder. Thirty percent of phishing emails were reportedly opened, and the average cost of a phishing attack on a major company was about $1.6 million.
5. Healthcare breaches – In the healthcare industry, this year will be remembered for its high rate of ransomware attacks. Ransomware is a form of malicious software that locks up a computer network, downloads databases of sensitive information, or otherwise gains access to valuable data. Once the software is installed and the victim’s service is disrupted, the scammer reaches out and offers to fix the issue for a price.
That makes hospitals and medical offices the ideal victim. By locking up a network and stopping all patient care in its tracks, or by downloading patient records and threatening to release them online, scammers know that many victims may simply pay the ransom rather than face the potential lawsuits and HIPAA violation fines.
6. Good old fashioned credit card breaches – For every new form of attack against the public’s information, it’s easy to forget that tried-and-true methods are still valid. Take the Wendy’s data breach that occurred this year, in which more than one thousand of the restaurant chain’s stores was affected by a point-of-sale attack.
As with many of the major retail data breaches, Wendy’s discovered that a third-party vendor was the weak link. A company that works closely with the burger chain accidentally installed malicious software on its network, software that went on to infect POS systems in Wendy’s network.
Whatever the new year holds, one thing is for certain: cybercriminals, identity thieves, and scammers will be waiting with new tactics and old tricks. Reducing the risk of becoming a victim is a round-the-clock job, one that all stakeholders must take seriously in order to fight back.
CyberScout proudly provides financial support to the ITRC.
Eva Velasquez is president and CEO of the Identity Theft Resource Center.