Identity Theft: ITRC Forecasts Black Ice Ahead in 2011

Identity theft is not going away. It’s escalating and transforming so quickly the Identity Theft Resource Center® can only make educated predictions on the course of identity theft for 2011.

Crime Rings: Organized crime will continue to embrace and expand its ability to gather and sell personal identifying information. These crime groups are often associated with other crimes including drugs, trafficking, counterfeiting, moving stolen goods, and selling stolen information.

Additionally, there will continue to be growth in the international nature of identity theft. Victims will find credit/debit card charges emanating from global transactions in Europe, Africa and Asia.  In June, police arrested 178 criminals in a U.S. – Europe raid on credit and debit card cloning labs, with an estimated value of $24.5 million, according to a report from Reuters. This is just one of many such organizations.

Checks: Check fraud, focused on synthesized checks, will flourish as it becomes harder to get credit due to the economy. These synthesized checks may have the name and address information of a real person or company and a fraudulent bank account and routing number.  Merchants will unknowingly accept these checks until a system is created to verify checks in real time, as is done with credit/debit cards.

Account takeover: Criminals will focus on the deep pockets of small and large businesses, educational facilities and school districts, and even governmental agencies. A recent Fraud Advisory Report for Businesses*, examined corporate account takeover techniques in which “cyberattackers” empty business accounts in minutes. Company insiders will play a larger role in overcoming security features and hacking into computer systems and online banking accounts, siphoning money directly to the criminal’s offshore account.

Breaches: The known number of breaches will continue to increase due to mandatory reporting. Additionally, more breaches will become public as evidenced by the 2010 Verizon Data Breach Investigation Report which indicated that 61% of breaches were discovered by outside sources. An increase in breaches aimed at email lists may lead to more social networking scams and malware attacks.

Social Engineering Scams: More sophisticated attempts to scam money from people via social engineering (deception) will increase.  Operation Broken Trust, a global law enforcement operation, resulted in actions against 532 defendants for fraud schemes that harmed more than 120,000 victims throughout the US and involved more than $10.4 billion in estimated losses. Ponzi and investment scams made up the bulk of those cases.

Scams will become more prevalent on social networking sites, smart phones and other mobile devices. This will be a result of the exponential growth of social media usage among the general public. Social Networking will provide additional access points for criminals.  One security company estimated that between Facebook and Twitter, cybercriminals will have at least 700 million targets in 2011. In 2011, hackers will continue to exploit these networks, using deception to feed on the feeling of “community” that encourages the exchange of information which one would not normally provide.

Cybertheft: Cybercrime and hacking will increase despite active defensive measures. Perpetrators will continue to hack into systems between POS and network servers, use skimmers at POS and ATMs, and use individuals with hidden card skimmers (either physically swiped while in their possession or by reading RFID chips). Jeremy King, PCI Security Standards Council, said in an interview that skimming techniques are increasing and “…criminals are now using cryptographic technology to protect the card information they steal, and that’s posing challenges for detection and law enforcement.”

Low tech: Mail theft continues to be the number one way for low tech thieves, followed by stolen wallets. While gearing up for a computer attack, one should not overlook an unlocked mailbox. US Postal Inspectors break more identity theft cases than any other single law enforcement group.

Other issues on the horizon include the growth of sales in Consumer Protection Numbers (CPNs), smart phone security issues, child identity theft, electronic medical records, and inmates stealing identities while still in prison. Unfortunately cybercriminals are developing new technologies to spread malware, constructing new attack methods, and are continuing to warehouse stolen information, waiting patiently for the right time to auction it off.

* Product was created as part of a joint effort between the U.S. Secret Service, the FBI, the Internet Crime Complaint Center (IC3), and the Financial Services Information Sharing and Analysis Center (FS-ISAC).