As selling and purchasing identities become a thriving market, more providers turn to effectively monitoring the dark web for signs of stolen data to help users protect their personal details.
Identity theft is a pressing challenge, with personal records selling for thousands of dollars on the dark web. Following data breaches and leaks, information finds its way into black markets, where it can then be used by threat actors to take out loans and claim social benefits in the victim’s name.
David Putnam, Head of Identity Protection Products, shared with us how to mitigate identity theft risks and told us about NortonLifeLock’s approach to securing users - and their identities.
Millions of users worldwide trust Norton with their cybersecurity. For those who are only familiar with the Norton antivirus, can you briefly describe what LifeLock is?
LifeLock provides identity theft monitoring, alert, and recovery services to help you monitor and proactively block threats and safeguard your personal information.
Often, personal details are sold and exchanged on the dark web in a set of illegal activities. Does that pose any challenges for LifeLock?
LifeLock has a specialized Dark Web Monitoring service that regularly scans for customers’ personal information on hard-to-find dark websites and forums, and we do this in more than 20 countries around the world. If we detect your information on the dark web, we will alert you, and our 24/7 customer service team will walk you through what to do next to help you protect your personal information and identity. Unlike free services (e.g., some browser solutions or websites where you provide your email address) that simply inform you that you were involved in a breach event, LifeLock goes one step further and details the specific personal information of yours that was exposed.
Consumers are concerned when they are alerted about the Dark Web. To help them through the process, we have the industry’s only Dark Web chatbot that subscribers can interact with, in addition to providing key next steps the consumer should follow in their notification, as well as a robust Support Center for learning about how to stay vigilant.
Has the pandemic played a part in the recent rise of cyberattacks? Have you noticed any new identity theft tactics arise?
The pandemic has absolutely played a part in the recent rise of cyberattacks. People are spending more time online than ever before and using their devices for new uses, like work and school. Cybercriminals have looked to take advantage of the increased time spent online – and the uncertainty and concerns around the pandemic – to launch coordinated attacks and convincing scams. Our annual Norton Cyber Safety Insights Report found that 55 million people were victims of identity theft globally last year, including 13.5 million Americans.
We have seen a noticeable uptick in the number of unemployment insurance fraud claims, as many people have been displaced from their jobs due to the pandemic. Between February 2020 and May 2021, NortonLifeLock observed a 29,600% spike in the number of people who have requested identity theft restoration services due to fraudsters stealing their unemployment benefits or filing for benefits in their name.
Share with us, what are some of the worst cases of identity theft you’ve ever encountered?
There have been many unique identity theft incidents that stood out to me over the years as requiring significant effort to help remediate and where our agents have added significant value. In one instance, it was uncovered that one of our members’ children – a minor – had their identity stolen, with a cybercriminal using the minor’s social security number to open credit card accounts and fraudulent non-profit organizations to scam other people. The minor’s guardian went to court, and with the information provided by LifeLock, the guardian was able to collaborate with authorities and the government. This case even got the attention of U.S. Congresswoman Kyrsten Sinema and the Social Security Administration. After a few years, the minor was provided with a new social security number and card, and a bill was introduced to further alleviate any challenges with getting a new social security number in the event yours got stolen.
Another case that stands out to me was when a member received a LifeLock alert indicating that they had opened an account with a bank. The account was opened with the individual’s social security number but with a different name and date of birth. Despite LifeLock and the user providing the bank with documents to prove this account was fraudulent, the bank refused to shut down the account because of the name discrepancy. Finally, we were able to contact the bank and confirm the account was fraudulent, and they later closed the account and scrubbed all information of the account from the internet.
Identity theft is still a common occurrence today. Which methods used by threat actors are especially hard to discern?
Card skimming, where fraudsters attach a hidden device to a card reader to capture your card number and PIN, can be incredibly sneaky. Usually, if you slow down and take the time to see if anything looks “off” or suspicious, you can catch yourself before using a card reader that’s been tampered with.
Another tricky method is mail theft, in which someone steals or takes your mail to mine it for cash, checks, and personal information that can be used to commit identity theft. You may not realize that a piece of mail is missing until a few days later. Meanwhile, fraudsters have been carrying out nefarious actions. The U.S. Postal Services offers a great feature called Informed Delivery, where you can sign up to receive a daily email with a digital preview of the mail headed for your mailbox. This allows you to easily identify if anything was taken from your mailbox. We strongly recommend everyone take advantage of this free service!
What should be the first steps as soon as one finds out their identity has been compromised? Can everything go back to “normal”?
Something many people don’t know about identity theft is that the onus is on the victims to prove it to their financial institutions and other companies they have sensitive accounts with. This can be a bit overwhelming, as it involves a lot of different steps and paperwork. If you use an identity theft protection service like LifeLock, the first thing you want to do if you find out your identity has been stolen is to contact the service provider. They can walk you through the process step-by-step. In the case of LifeLock, we’ll even help you fill out and submit some of the forms, taking some of the stress off your plate.
If you don’t use a service like LifeLock, you’ll want to first contact the companies and financial institutions where you know the thief used your personal information. This may include closing or freezing your accounts that have been compromised. You’ll also want to contact the three major credit report agencies – Equifax, Experian, or TransUnion – to let them know you’ve been a victim of identity theft and ask to place a security freeze on your credit report. This will prohibit a credit bureau from approving new credit, loans, or other services in your name without your express approval. The final critical step is to report your identity theft to the FTC right away. The FTC can create a report that you can use to provide supporting evidence of the ID theft to businesses and financial institutions. To do this, you can fill out a report online or call 877-438-4338.
Once you’ve responded to the identity theft, you’ll need a recovery plan to help resolve the negative effects of the fraud and protect yourself moving forward. For example, victims of identity theft often need to rebuild their credit. The FTC is a great resource for putting together your recovery plan. We can also help you identify a plan for action for recovery at LifeLock. It takes time, but things can return to “normal” after identity theft.
Although it seems like identity theft can happen to anyone, what groups do you think are the most vulnerable?
Children and the elderly are among the most vulnerable to identity theft.
The fact that children are at higher risk of identity theft often surprises people. However, children’s Social Security numbers often offer identity thieves a “clean slate” to apply for credit cards, mortgages, and more. Unfortunately, it can also take years to realize a child’s identity has been stolen, which can exacerbate the damage. Often, children won’t find out until they become much older and start applying for things like student loans or car financing.
A Cornell University study found seniors may be less able to perceive people's intentions and understand dangerous situations, and thus be more susceptible to financial scams. Because they might also have high net worth, their age group can easily be targeted for phone scams, phishing attacks, and medical identity theft.
In your opinion, what are identity theft protection measures going to look like in the future? Do you think the growing use of biometrics is going to prevent identity compromise?
Threats will continue and evolve, and technological and insurance solutions will evolve to either counter these threats proactively before they happen or follow shortly thereafter. Verification and authentication mechanisms will help to slow these threats (e.g. 2-3 factor) as well.
We envision a world where consumers can “lockdown” aspects of their identity and have control over releasing information about their identity when they want. We see this in its infancy with solutions such as credit locks, payday loan locks, account freezes, and emerging W3C solutions.
Share with us, what does the future hold for LifeLock?
As the largest identity protection service, LifeLock is committed to keeping our customers safe as threats around their digital lives increase and continue to evolve. You can expect us to continue to push the envelope of innovation around proactive solutions and expand our monitoring solutions to cover more aspects of a consumer and their family’s lives. Our investment going forward is not only US-centric, as we are currently in the early innings of protecting consumers from threats in 20+ additional countries.
Your email address will not be published. Required fields are markedmarked