From 2006-2016, 53% of documented identity theft cases came from an analog source, according to the Identity Theft Assessment and Prediction Report from 2017. How are identity theives getting this information and what can you do to protect yourself and your organization?
Whether performing digital or analog security breaches, no cybercriminal intent is the same. These hackers have options. And regardless of the intent, it never ends well for the victims. Furthermore, these identity thieves can begin using stolen personal identifiable information (PII) within minutes. In fact, the Federal Trade Commission (FTC) performed an experiment where they used simulated PII and posted the data on a website that cybercriminals use to make stolen information public. It took only nine minutes for the hackers to attempt to use the simulated PII. This is important to know because the more recent the data, the more valuable it is to the hacker.
Once the cybercriminal has access to the stolen PII, they inventory the breached data. They thoroughly examine the data files, looking for names, addresses, phone numbers, financial information and authentication credentials. They package the information and sell it in bulk to their eager and diverse customer base.
One of their favorite customers? Criminals who specialize in establishing credit and debit cards with stolen information. They use the cards to make general purchases such as e-commerce shopping, traditional shopping, gift cards, game credits, streaming services, electronics, web hosting services, electronics, vacation destinations and jewelry. And that’s just to name a few. They virtually always spend the maximum amount of stolen credit.
Cybercriminals also sell to other cybercriminals on the Dark Web who use the stolen information for a variety of nefarious purposes. According to Tech Advisor, the Dark Web is a set of encrypted networks that are deliberately concealed from the surface web so criminal users can remain anonymous and untraceable. It is only accessible through special software. In the Dark Web, personal information is sold and shared on black market sites.
While no one is immune to cybercriminals, there are certain types of PII that are considered “the good stuff.” Military and government addresses and business email addresses and passwords are considered valuable information. This is because employees and users retype their passwords on a regular basis, allowing hackers to access government, military or corporate accounts, which may be used to target other organizations.
Another source of valuable PII is people with excellent credit. These are usually older and more accomplished individuals. Cybercriminals will steal their information and create massive lines of credit. The lines of credit can be so massive that an identity thief may purchase a car, boat or even a house.
Cybercriminals also use personal information to file false income tax returns in order to receive the maximum refund possible. They steal taxpayers’ and dependents’ social security numbers. When this happens, the victim will not receive the refund or be able to claim their dependent because the social security numbers have already been used and are in the Internal Revenue Service’s (IRS) system. This may also cause the IRS to pursue fraud charges against the victim.
Protecting Shredded Documents
Analog security breaches that can be especially harmful are the ones that involve shredded documents. This breach is not as technically in depth, but it can be effective for identity thieves. One-direction residential and home-office shredders contain sensitive information. Credit card, bank statements, tax documents and other personal information are often shredded when they are no longer needed, at least by the potential victim. Identity thieves will raid these shredders and take the time to piece together these documents if they believe there is valuable information to be had. Piecing together shredded documents is a lengthy process, but these identity thieves are practically professionals and can accomplish this task much quicker than a normal person. What makes this crime even more alarming is that there are shredded reconstruction programs that simplify this process. Software such as this uses matching algorithms to proficiently restore the shredded documents once they have gone through a scanner.
Like the cybercriminals mentioned before, shredded document thieves will use or sell any valuable information they obtain. Protect yourself and your organization by carefully handling, securing and disposing of your sensitive data.
Missed Part 1? Go back to the beginning and read Analog Security Breaches Part 1: Why They Are Still a Threat to Your Organization.
Find out what happens when an analog breach hits your company – Analog Security Breaches Part 3: The Fallout for Your Organization and Customers.