Fraudsters target social media as rising identity theft puts businesses at risk

A new report from fraud prevention service Cifas has revealed that identity theft is on the rise, with serious financial implications for both businesses and individuals.

According to the report, identity theft rose by 57 per cent in 2015 as 148,000 Brits were affected compared to 94,500 the year before. More than 85 per cent were carried out online, with criminals increasingly using social media sites such as Facebook and Twitter as a "hunting ground" for identities.

Fraudsters use social media platforms to get hold of personal information such as names, dates of birth, addresses and bank details before assuming the identity of that person.

By piecing together enough information about an individual, identity thieves can target businesses by pretending to be an employee or manager and carrying out social engineering attacks - also known as spear phishing - to gain access to corporate information.

Simon Dukes, Cifas chief executive, said: "Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, fraudsters have focused on stealing and using genuine people's details instead.

"Society, government and industry all have a role in preventing fraud. However, our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need. We are urging people to check their privacy settings today and think twice about what they share. To a fraudster, the information we put online is a goldmine."

Matthias Maier, Security Evangelist at Splunk commented: “It’s not surprising that the number of people experiencing identity theft has skyrocketed, as knowledge of how to properly secure yourself online remains low. The challenge this highlights for businesses is the risk employees will unintentionally allow their work credentials to be stolen or access hijacked.

"This has the potential to trigger security breaches and data leaks, and hacks tend to be more effective when attackers have personally identifiable information and can speak to employees in context. Businesses need to understand where the threat is coming from in order to respond appropriately and secure themselves.”

Image credit: Amir Kaljikovic/Shutterstock