Y.D. Financial Services, Inc.

Identity theft continues to be a common type of fraud in the U.S. The rise of social engineering has allowed criminals to become more sophisticated with their methods. But you can help protect yourself by staying aware, and taking extra precautions when verifying your identity.

Identity theft may be one of the oldest techniques in the fraud book, but it remains prevalent, especially in a world where much more information is shared than in the past. In 2017, the number of identity theft victims in the U.S. reached 16.7 million—an 8% increase from the previous year.

Contrary to what some may believe, not all fraudsters are geniuses who can outsmart advanced technology. Some are more unassuming, but know how to take advantage of people’s natural inclination to trust others. Meanwhile, these criminals are getting more sophisticated in their attacks by using stealthier, more complex schemes.

Recently, brokerage firm Charles Schwab has seen an uptick in impersonation calls, with fraudsters becoming more sophisticated in their attempts to gain access to client accounts through social engineering. Social engineering is the use of deception to manipulate others into divulging personal information or transacting on a client account. Typically, an unauthorized individual assumes the identity of a client, or tricks another person into believing they are a trustworthy source.

Schwab is noticing that criminals are leveraging stolen client information gathered from other companies’ breaches, purchased from the dark web, or gleaned from social media to pose as clients. Impersonators use these details—in combination with other tactics—to appear more legitimate. For example, they may spoof the client’s phone number on caller ID, or use a voice changer to sound like the client. These imposters often are calling to update account information such as email address, password, or phone number, or to initiate or approve money movements.

Social engineering is swiftly becoming a universal threat—one that can have big impacts. It is a clever, often misunderstood, and overlooked form of identity theft because, while it still requires a certain amount of finesse and skill, it doesn’t require the technical expertise necessary to hack into a major bank’s computer network and reroute funds. Think of the con artist on the street whom you never really see.

Social engineering may occur via phone, email, or social media. Often, the scammer will use skills such as charm, friendliness, wit, or urgency to build a sense of trust with the victim. This is intended to convince the victim to either release unauthorized information, or perform actions that benefit the scammer, such as sending money. It is also very common for the scammer to visit social media sites to obtain identifying information to bolster their credibility.

Fraudsters will sometimes rely on human error to obtain additional information. For example, while answering a security question about previous employers, they may rely on a LinkedIn profile. If their first answer is incorrect, the fraudster will guess again and dismiss the incorrect answer by quickly saying something like, “Oh, I only worked there for three months, so I didn’t think that was the correct answer.” Despite receiving an incorrect answer initially, a customer service representative might not press further or ask additional security questions.

Fraudsters will also try empathy, such as pleading, “My daughter, Susan, was celebrating her birthday at the park today and is seriously injured. I’m calling from the doctor’s office, and they are requiring that I pay cash before she can be seen. It’s urgent that I access my account right now, but I locked myself out. Can you please help?”

Additionally, they may employ distraction techniques, such as a crying baby or other background noises, and ask the professional to repeat questions, claiming that they cannot hear or that there’s a poor connection. Usually, they’re hoping that the customer service representative gets frustrated or loses concentration.

9 Tips to Help Prevent Identity Theft

Knowledge and awareness can help you protect yourself against cyber-crimes such as identity theft or social engineering. Here are some best practices:

1. Safeguard your financial information and your personal data with physical locking devices or strong electronic password protection.
2. Limit whom you trust or share your personal information with.
3. Use caution when sharing information and personal details on social media.
4. Consider how you interact with others via email or phone, and be selective about disclosing details.
5. Be aware of your surroundings when talking on the phone. Do not hold conversations regarding your finances in public places, and don't use public WiFi to access financial accounts.
6. Regularly review your account statements for transactions that are outside of your normal spending patterns or places.
7. Employ strict authentication protocols that you follow with every account—no exceptions. For example, you may choose to require a verbal password or security questions for all accounts. Enable two-factor authentication on your e-mail accounts and all other accounts that allow it.
8. Educate and train your family members to ensure that they understand social engineering, so they're not the weak link in your security protocols. Kids should not advertise that their family is on vacation by posting photos or disclosing their location before they return home. That invites burglars to your home.
9. Report your phone as lost or stolen to your cell phone company as soon as you realize it is missing, and ask them to suspend all services immediately to prevent interception of validation codes. Be sure to have an auto-lock password on your phone