Last Monday, we looked at the recent Interpol crackdown on international online scams. Basically, these days, it is much easier to scam people using social media than to hack their computers and that principle applies to identity theft as much as anything else.

In the United States, identity theft was the top complaint filed with the Federal Trade Commission (FTC) in 2023. It comprised 20% of complaints for a total of 1,036,903. Credit card fraud was by far the most common type, which is consistent with the fact that people use their cards a lot on line. They are often at a higher statistical risk than they realize.

Millennials are most at risk

At Cloudwards, a review site for reviews of cloud and privacy software, cloud technician Samuel Okoruwa notes that tech savvy Millennials are actually most at risk:

People aged 30 to 39 years old reported the most cases of identity theft in 2023.

People in this age bracket reported 272,971 identity theft cases. Those aged 80 and above had the fewest cases of identity theft, with just 8,901 sending in a report.9

This figure may have resulted from a false sense of security held by millennials, who grew up at the advent of the digital age. However, it’s also worth noting that some victims of identity theft may not report the crime due to feelings of embarrassment about being duped.

Samuel Okoruwa, “Identity Theft Statistics, Facts and Trends You Need to Know in 2024,” Cloudwards, May 14, 2024

It’s also worth noting that many seniors may protect themselves simply by avoiding online transactions wherever possible.

How do the scammers do it?

That’s a big topic but in 2023, a leading cause was phishing, that is, the scammer tricks the victim into revealing financial information by posing as a person with some sort of authority. Jacob Roach, a writer who specializes in online privacy, offers,

The majority of phishing schemes live in your email inbox as random emails asking you to verify your identity or fork over credentials. There are other phishing scams, though. Attackers phish through voice calls, text messages and social media, as well.

In most cases, phishing asks you to click on a malicious URL that looks like a legitimate login. Institutions impersonated are typically banks, credit card agencies and PayPal. Instead of sending your data to one of those companies, though, you send it to the attacker.

Jacob Roach, “What is Phishing? More Than Just Your Spam Folder,” Cloudwards, May 16, 2024

Some scammers may also install malware on your machine (if you do what they tell you). Roach warns that, these days, “mock websites are indistinguishable from real ones and hackers are finding ways to get past increasingly sophisticated spam filters.” We are less likely to regret caution than we are to regret an impulse to trust. If unsure, you can always check your guesses at Cisco-operated Phishtank.

Here’s a chilling story about how sophisticated phishers can be and how it can all sound very reasonable:

Note: we sometimes hear the term “spoofing” and it seems to be roughly the same as phishing. According to cybersecurity firm Kaspersky, it means, “a cybercriminal masquerading as a trusted entity or device to get you to do something beneficial to the hacker — and detrimental to you. Any time an online scammer disguises their identity as something else, it’s spoofing.”

Reducing one’s risks of getting phished

Microsoft provides some tips for easy scam spotting. Some of the advice may seem obvious but wait. Scammers use phishing because it works. Often, it works because we are in a hurry. Their best advice is probably, slow down and evaluate new information suspiciously:

Urgent call to action or threats – Be suspicious of emails and Teams messages that claim you must click, call, or open an attachment immediately. Often, they’ll claim you have to act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won’t think about it too much or consult with a trusted advisor who may warn you.

Cybersecurity giant Norton also offers tips for spotting the scam when it comes in, including one that is not obvious:

You might get a phishing email from a name you recognize. But here’s the catch: That email may have come from the compromised email account of someone you know. If the email requests personal information or money, it’s likely a phishing email.

Norton offers other non-obvious tipoffs here.

The FTC offers several suggestions to make you a less tempting target: Use security software for phone and computer that updates automatically. Also, use multifactor authentication: That is, more than one step for establishing your identity. It might include a step unique to you like your fingerprint or known only to you, for example the name of a secret childhood sweetheart.

Of course, many people end up learning the most when they do get scammed, hopefully over something that doesn’t cost too much. That’s when we really start to pay attention. Stolen identities are called fullz by criminals are are typically marketed on the dark Web. Identity theft can be reported here.

Here’s the earlier story on the Interpol crackdown: Interpol crackdown: Have you been scammed on social media too? Some details of the law enforcement release hint at the intimate reach of international online crime as well as its broad scope. It’s not that you’re naive. Rather, it is much easier than it used to be to fake up all kinds of things using social media — much easier than hacking computers.