COVID-19-related internet scams have increased significantly since the disease erupted onto the world stage earlier this year.
Around 300,000 COVID-related domain names were registered globally once the disease had taken root and the number of suspicious COVID-19 websites more than tripled in March. Phishing scams are particularly rife, but many people are unaware of just how much damage such scams can create.
Common phishing themes include bogus bank and government “responses” to the virus and scam WHO “updates”, and the potential for personal-credential harvesting is high. Criminals can quickly stockpile a wealth of information on virtually anyone, including the answers to security questions which help them to quickly circumvent typical fraud-prevention measures.
Identity theft is one of the most common consequences of a data breach or social engineering scam, and unfortunately this form of cyber-crime is on the rise. According to a 2019 Internet Security Threat Report by Symantec, as many as 1 in 10 people are victims of identity fraud annually, and 21% of these individuals are victimised multiple times.
New Zealand’s Department of Internal Affairs estimates identity crime costs the country’s economy $209 million every year. But the financial impacts for NZ are only part of the issue; our wellbeing and mental health are also endangered, with emotional distress reported by more than three-quarters of identity theft victims.
It is often not until someone causes damage to your identity that you actually become aware that the theft has occurred. With your identity information, a fraudster can commit a number of different crimes, including taking out loans, starting a company in your name and incurring debts, and transferring your money to their accounts. Identity theft can damage your personal and financial reputation and is an inescapable global problem.
We may feel safe nestled away in the South Pacific but this crime – like most of modern day life – has moved online, which is something geographic remoteness won’t save us from. Cyber-criminals can operate from almost anywhere using just a laptop, and with banking and financial institutions increasingly operating in digital environments, identity theft and data misuse crimes are on the rise.
As many as 133,000 New Zealanders may be victims of identity theft annually. Kiwis tend to be trusting people, which could make New Zealand appear to be a soft target, so our vigilance and awareness are vital.
Since 2010, data breaches have exposed more than 38 billion records, according to cybersecurity firm Risk Based Security. In many cases, this means criminals already possess sensitive details about you which are floating around the online sphere. Criminals may wait months or even years to exploit these details, inflating your current sense of security.
It’s tempting to think “it won’t happen to me” but, from my own personal experience – a recent barrage of phishing emails, and my husband finding unauthorised transactions on his bank account – as well as studies finding there is a new identity theft victim every 2 seconds, it’s clear no one is safe. We all need to protect ourselves.
Common Internet scams
If you want to fight back against ID thieves, your best defence is a good offense, and it’s important to firstly familiarise yourself with some current methods of committing identity theft, which are listed below.
Phishing is where cyber-criminals obtain unsuspecting Internet users’ personal identifying information through emails and mirror-websites that look like legitimate businesses, such as financial institutions or government agencies. Typically, the phisher sends the potential victim an email that appears to be from a reputable company, using the colours, graphics, logos and wording of the company. The victim unwittingly provides the personal information by either responding to the email or clicking on a link and providing information via a website form that appears to be legitimate.
Hacking is the exploitation of vulnerabilities in electronic systems or computer software to steal personal data or install malware and ransomware.
Malware involves software codes or programmes being inserted into an IT system to harm that system or other systems, e.g. to subvert systems for use other than what is intended by the owner or user. Viruses, worms, Trojan horses, backdoors, keystroke loggers, screen scrapers, rootkits, and spyware are all different kinds of malware.
Spam is unsolicited, unwanted or harmful electronic messages that are increasingly being used as a method for delivering malware and criminal phishing scams.
Pretexting occurs when criminals contact a financial institution or telephone company, impersonating a legitimate customer, and request account information.
Cyber-criminals are diversifying their targets and using stealthier methods to commit identity theft and fraud, and no one is immune, even children. More than a million children in the US were victims of identity theft in 2017, costing families $540 million in out-of-pocket expenses and likely an enormous amount of distress.
In Australia, a man has recently been charged with a cyber-fraud of over $AU11 million, allegedly through obtaining the financial profiles and identities of more than 80 people online, creating fraudulent bank accounts and stealing from their savings and superannuation funds. Another major identity theft operation involving an organised crime network was recently shut down by Australian police after an eight-month investigation. It is alleged the gang created more than 300 false accounts through an online banking portal; the accounts were then used to apply for credit cards and loans to a value exceeding $2 million. The cards were used to purchase luxury goods and withdraw cash for daily expenses.
In New Zealand, identity theft crime is difficult to prosecute since it may have been committed overseas, and often online, and can take a long time to resolve. Therefore, mitigation and prevention are essential, and much easier than remediation.
While the methods of identity theft change frequently as criminals adapt, there are a number of simple things you can do to protect yourself:
- Be cautious. Identity crime does not always result from information that is stolen; people often give it away by publishing it in public places (e.g. your real date of birth posted on a social networking website).
- There aren’t many insurances that provide cover for ID theft but Delta Insurance do, so talk to your broker about this option.
- If you use Internet banking, do not log on from a shared or public computer, such as in an Internet café, to make any sensitive transactions.
- Close all open but unused credit cards and financial accounts in your name.
- Remove all personal information from computers before you dispose of them.
- Continual monitoring of your personal information and passwords for any breaches and data already on the dark web is critical to avoid further financial losses, and Delta’s personal cyber protection policy has this tool built into it.
- Register for a post office box, and have important letters containing sensitive information sent there to prevent thieves from raiding your mailbox.
- Use a virtual private network (VPN). This data-encryption software hides your identity, online activity and communications from unwanted eyes. Traditionally used to provide secure connections into corporate networks, VPNs are now used by many individuals to secure their presence in cyberspace, by hiding their IP address from other users and making their activities invisible.
- Be suspicious of any unexpected events (e.g. letters from creditors, bank transactions you cannot remember making) that could be the result of identity crime.
- If you move to a new house or shift to new business premises, ensure all your mail is forwarded to your new address.
- Install antivirus, antispyware and email-filtering software. Set these tools to automatically scan every 24 hours for possible vulnerabilities, and make sure you have the most updated versions.
- Monitor your credit regularly and request a credit report or credit freeze if suspicious activity crops up.
- Request an “access register” report from Births, Deaths and Marriages to find out who has applied to access your records
- If you believe you are the victim of an identity crime, contact the Police.
Criminals’ attempts at identity theft are more cunning and complex than ever before, so give yourself the best chance of avoiding falling victim to a scam and becoming another cyber-crime statistic.
Laura Murray is the Head of Personal Cyber at Delta Insurance New Zealand
Delta Insurance provide personal cyber insurance and cyber protection in conjunction with DynaRisk.