Vaultie

The Top 7 Identity Fraud Schemes (and how to catch them!)

Identity fraud is not a new crime. For centuries it’s been a common plot line of novels and plays, and over the past century of movies and television as well. Whether it’s someone impersonating the long lost child of a famous figure (think Anastasia, the daughter of Czar Nicholas II) or famous examples of forgery, we’re naturally inclined to enjoy a good caper that involves false identity.

In reality though identity fraud can be far more sinister. Whether a fraudster is taking your name and address or your highly sensitive medical data, identity fraud can pose serious implications on your employment, your financial security, or even your personal safety. Larger companies are recognizing this risk and taking measures to avoid identity fraud where possible, but there are still key schemes that require you to remain vigilant.

Here are the top 7 identity fraud schemes and how you can best avoid them.

1. Credential Stuffing - Although not as well known a fraud scheme as others, this one can have catastrophic consequences.  This is when ​​cybercriminals use stolen usernames and passwords from one organization (obtained in a breach or purchased off of the dark web) to access user accounts at another organization.  This is a subset of a brute force attack: large numbers of spilled credentials are automatically entered into websites until they are potentially matched to an existing account, which the attacker can then hijack for their own purposes.  This type of breach has a relatively high probability of success as 65% of all people reuse the same password on multiple (and sometimes all) of their accounts.  To avoid becoming a victim to this type of fraud, you should use different unique passwords for the sites that you visit and change them on a regular basis.

2. Fake Phone Calls - There was a simpler time 5 years ago when spam phone calls were simply an attempt to sell air duct cleaning services, or to solicit your opinions for a survey. Yet in recent years we have been infiltrated with countless telephone scammers who phone pretending to be from a major bank, Revenue Canada, or even the RCMP. The more sophisticated scammers make efforts to sound legitimate, threatening the victim that they are behind on their tax filings, and owe a significant amount of money or risk arrest. While younger Canadians may be able to recognize these quickly as scams, older Canadians can easily fall victim. Remember that these sorts of phone calls are usually fraudulent, and any real call from Revenue Canada will offer a written mail option of communication instead. Also, the RCMP would never call to give advance warning of an arrest. 

3. Credit Card Fraud - For as many ways as there are to maintain credit card security, there are still scammers who take advantage of credit card fraud. While we once worried about people peering over our shoulder as we entered our pin (which still happens), credit card fraud today primarily occurs when websites are hacked, or bank data is breached. Thankfully credit card fraud departments are vigilant about monitoring suspicious transactions, but any credit card user should scan their monthly statement carefully and question any suspect charges. Moreover, if a physical card is lost or stolen, report it right away so that the card can be discontinued. 

4. Going Phishing - Much like the fake telephone calls from the FBI, phishing scams will take advantage of your internet usage to infiltrate your private world. These scams can imitate people you know well in order to send fraudulent emails that appear to be from them, oftentimes containing attachments that may look real but actually launch malicious tracking software onto your computer. Other phishing scams will lead you to a real-looking yet fraudulent replica of a popular ecommerce website, like eBay or Amazon, which appears to allow you to purchase but is actually pirating your financial information. Stay vigilant about emails that seem slightly off, either because they come from a familiar name with an unfamiliar email address, or the spelling and grammar does not match the person’s usual correspondence. Don’t respond to any suspicious requests for your information, and if you suspect that a family member or friend was hacked then attempt to alert them directly by telephone.

5. Bad Cheques - This is a scheme commonly perpetrated against lawyers, where a suspicious client offers an extra amount of money to get a deal done before the cheque clears. These are typically new clients who are unfamiliar and have vague back stories. They’ll often claim to be from a faraway country, and prefer to conduct business via email because of ‘time zones.’ Even though these clients are new, they may be incredibly pushy about how their work is handled. These clients can often be fraudsters, and do not have the money that they claim. Lawyers should stay vigilant for warning signs of these frauds, especially if any client looks suspicious or appears to be using a suspicious source of funds. 

6. Password Cracking - Sometimes identity fraud is made far too easy when the victims unsuspectingly leave fraudsters a virtual trail of breadcrumbs. With so many websites today requiring registration and passwords, it can be sorely tempting to use the same password over and over again for services such as virtual banking, entertainment streaming, or even food delivery. The problem is that should a password be hacked, which can be done easily especially on an unsecured network, a thief may gain access to far more than just their initial target. Use different passwords across your various profiles, and ensure that they are a complex formula of letters, numbers, and symbols. Passwords should also change frequently, as frustrating as that is, so that no password is discoverable for a prolonged period. 

7. Shadow Attack - This type of attack is not easy to detect.  It is a way of obtaining someone’s digital signature subversively, without their knowledge.  A pdf document, with multiple layers, is sent to someone for their signature.  Unbeknownst to them, there is a benign hidden layer on top so when the document is signed and sent back the fraudster can change/swap out  the visible layer to another document of their choosing.  By changing the layer's visibility it doesn't break the cryptographic signature and allows the fraudster to use the legally-binding document for nefarious purposes.  Using a pdf viewer that does not retain pdf objects when signing or making sure that you are using the most current version of your pdf viewer are ways that you can mitigate this type of fraud.

Fraud prevention is our business at Vaultie. We’ve designed tools to take fraud prevention to the next level, and ensure that not only is a piece of ID valid, but the person on the other side of the screen matches that ID perfectly. We routinely work with lawyers and other professionals to ensure that their business is protected from fraudulent and suspicious clients. Contact us today to set up a demonstration.