The Identity Theft Resource Center has released their predictions of six expected trends in identity theft and identity fraud for 2022.
- There will be a shift from identity theft (the accumulation of personally identifiable information (PII)) to identity fraud (the misuse of that information).
- Identity fraud will cause consumers to avoid certain interactions, transactions and communication channels. Consumers may return to “old fashioned” communications such as telephone and postal mail due to fear of falling prey to perfectly spoofed emails, websites or text messages.
- We will continue to feel the effects of pandemic-related fraud into 2024. The ITRC believes that new forms of benefit fraud will be seen in 2022. Due to the continuing nature of unemployment.
- Benefit identity fraud, the ITRC expects this fraud to be a permanent addition to the risk landscape.
- The root cause of data breaches and identity crimes is changing, as the methods criminals use to steal data change. Ransomware may become the number one cause of data breaches, and supply chain attacks are expected to pass malware as the third most common root cause of data breaches. These changes will cause consumers to alter how they protect themselves and they will focus more on behaviors than technology.
- Revictimization rates will continue to increase, and a new “chain of victimization” will emerge. In 2021, the ITRC saw revictimization rates rise as 29 percent of respondents reported being repeat victims. Social media account takeovers, in particular, will be used to create new chains of victims.
- Cybercriminals will shift from debit and gift cards as their preferred methods of payment as consumers turn to payment apps, digital wallets and peer-to-peer services. Cryptocurrency will also be used by criminals as these transactions become more mainstream.
As criminals move toward methods of identity theft based on social engineering, the Department of Homeland Security recommends the following to keep yourself from becoming a victim:
- Be suspicious of unsolicited contact from individuals seeking internal organizational data or personal information.
- Do not provide personal information or passwords over email or on the phone.
- Do not provide information about your organization.
- Pay attention to website URLs that use a variation in spelling or a different domain (e.g., .com vs. .net).
- Verify a request’s authenticity by contacting the company directly.
- Install and maintain anti-virus software, firewalls, and email filters.