Protecting your business against digital identity fraud has always been a moving target. As phishing tactics have evolved, security experts have seen a steep rise in levels of fraud. That’s especially been the case since the start of the Covid 19 pandemic as businesses have been facilitating digital transformation.
As the global spread of the virus saw governments impose mitigation measures such as stay-at-home orders, digital payments sharply increased and in-person customer interactions went remote. Cybercriminals took advantage of this rise in digital transactions. A recent FTC report found that consumers alone have lost more than $300 million in Covid 19-associated fraud since early 2020.
While digital identity fraud is on the rise, there are now more progressive ways to protect you and your business.
Digital identity fraud is a process in which a threat actor exploits weaknesses in security to illegally obtain personal information — such as social security numbers, credit card numbers or PINs, or dates of birth, which contributes to your digital identity. They then use this information to open new lines of credit, such as applying for loans, and other services.
While offline identity theft has long been prevalent in some form (think stealing a wallet, posing as a legitimate business to extract personal information, looking through trash to obtain personal financial documents), online identity theft can be much harder to prevent and potentially gives cybercriminals access to much more sensitive information.
There are common warning signs with which most of us are now sadly familiar, including receiving bills from unknown service providers, finding rogue accounts opened in your name, being notified by the IRS that more than one tax return has been filed on your behalf, or simply noticing odd transactions on personal or company bank statements. Each of these tactics is deployed by fraudsters to gain access to vulnerable accounts.
Unfortunately, businesses are under near constant threat of digital identity theft. A recent study by PWC’s Global Economic Crime and Fraud Survey revealed that 46% of businesses had reported experiencing fraud, digital identity theft, or other economic-related crimes in the previous 24 months.
The business impact of these cases can be severe. Among companies with global annual revenues of more than $10 billion, one in five reported a fraud incident with a financial impact of more than $50 million. And new threats continue to emerge. For instance, supply chain fraud has risen as Covid 19 disrupted trading patterns.
Asset misappropriation, unauthorized trading, intellectual property (IP) theft, money laundering, and tax fraud are also devastating businesses of all sizes.
Understanding the types of digital identity fraud that criminals are using to target businesses is essential in protecting your perimeter:
With many tactics at cybercriminals’ disposal, it can be challenging to identify when they are targeting you or your business for digital identity theft. Businesses must keep watch out for these common practices:
The sending of fraudulent messages to trick a victim into divulging sensitive information.
The collection of usernames and passwords, most often exposed from a data breach, that can be used as credentials to access user accounts.
A cyberattack in which unauthorized, malicious software is deployed onto an individual or business system.
URLs that are created and distributed through spam or phishing practices to deploy malware on a system.
Also known as keylogging, this is a cyberattack in which a fraudster captures and records the keys struck on a keyboard to steal passwords and other sensitive information.
Malicious software deployed on a system that gathers sensitive information and sends it to another individual.
Most often used in national security and law enforcement, OSINT sees the collection of information from publicly available sources.
Using two-factor verification or bribing an employee at a cell phone carrier to gain control of a victim’s phone number.
A cybercriminal uses a made-up scenario to trick a victim into turning over personal information. A common example would be calling someone and impersonating an individual in power to obtain information.
In which cybercriminals gain access to an email account by directing a victim to malicious login pages or via keylogging.
Created to access personal data or share malicious links.
Many new tools and strategies exist to protect businesses from digital identity fraud. Here are some ways to remain vigilant about protecting your business.
Dormant accounts can leave your sensitive information exposed. Keep a record of all your usernames, monitor your saved logins in Chrome, Firefox, and Safari, or use username and security sites to locate old accounts.
Password managers make it easy to recall passwords and allow users to create hard-to-crack logins to protect from data breaches. Invest in a password manager like LastPass, Dashlane, or Keeper to maintain all your sensitive logins in one place.
Setting up multi-factor authentication on your most sensitive accounts adds a layer of security to your login process. Even if your password is stolen, two-factor authentication can make it much more difficult for a cybercriminal to access your account.
Businesses can deter fraud in notarizations by adopting an online notarization process. Tools like Notarize use multiple types of verification that go beyond the traditional notarization process that is limited to the notary’s discretion of ID verification.
Keeping a consistent eye on your account activities can help you spot any irregularities and fraudulent activity.
It’s up to users to indicate what they want to keep private from their social media accounts. Use your privacy settings to safeguard personal information and location services, and regulate your visibility.
There are risks to downloading apps from third-party stores. Outside Google and Apple app stores, many third-party providers do not feature testing for potential malware.
There are few things as heartbreaking as losing important files and businesses need to consider having a cybersecurity recovery plan. Investing in external hard drives and cloud-based backups to ensure all your most important data is secure.
Device manufacturers and app developers regularly update software applications on phones and computers to combat cybercriminals. Keep your devices updated every time a new software patch becomes available.
Today businesses are turning to Notarize to help deter fraud. With notaries available 24/7, Notarize has made the process of signing, notarizing, and storing documents simpler, safer and more secure. With cloud-based hosting and a full audit trail of transactions, Notarize ensures that online notarizations are protected and verifiable.
As digital identity theft techniques become more advanced, it has never been more important to strike a proper balance between client experience and fraud protection. Tools like Notarize make it simple and safe to provide a great user experience while also preventing identity fraud.