We’ve written at length about account compromise and identity theft, and how criminals will often hijack accounts belonging to dead people. In many ways, it’s the perfect crime for anyone indulging in social engineering.
The amount of abandoned accounts due to death can only ever go up, and nobody is really paying attention if someone accesses them illicitly. By the same token, crooks grabbing ID’s during a disaster (natural or otherwise) is a good fit for bad people. Governments and rescue organisations are busy looking for folks and sorting out the problem. The moment victim details are released and / or leaked, the possibility for fraud is there. It could be days, or weeks before someone realises what’s happening. By that point it could already be too late.
Digging into identity theft
Depending on the region, identity theft of the dead can take many forms. In the US, for example, there were concerns back in 2012 over public access to something called the “Death Master File”. There were also plenty of concerns about this problem on a broad scale. Millions of dead people each year having their identities stolen, and around 800,000 instances of credit applied for in their names?
You bet. If this happens close to the time of the person’s death, it can easily disrupt and complicate a situation which is bad enough to deal with as it is. In the aftermath of the Japanese Earthquake / Tsunami in 2011, identity assistance was in so much disarray generally that most ID scams we saw focused on pretending to be charities as opposed to victims.
It stands to reason they’re probably more likely to swipe data from smaller, more local disasters than those on a much larger scale. Bigger events tend to cause scammers to gravitate towards mass donation charity fakeouts in any case.
When scammers strike
The latest example of this particularly distasteful trend came to light a few days ago. Scammers simply monitored unfolding news of a partial 12 story building collapse in Surfside, Florida that has so far claimed 90 lives. As names of victims were released, the scammer tried to exploit their identities. Relatives of the deceased are being urged to check credit accounts in case something untoward has taken place.
At time of writing, no further details have been released. We can only hope law enforcement has some idea who is behind this one, and that more information will be forthcoming soon. So far, the only comment available is one which says they’re protecting the integrity of the case, and also preventing further victimization.
Speaking to WPLG Local 10, Surfside Mayor Charles Burkett channelled the town’s revulsion, warning “[the police department] are out there looking. I wouldn’t want to be that person right now.”
Preventing identity theft
This can be a contentious topic, especially when credit score agencies themselves are at risk from attacks of the most severe variety. There’s also considerable concern over various types of identity theft protection services. With those caveats out of the way:
- Here’s a run-down of how you can protect yourself from any breach which affects a credit score agency you happen to have shared your data with.
- We cover a lot of ground with regards warding off various types of tax identity theft.
- Did you know child identity theft is a thing? Because it absolutely is. We’ve covered this topic at length in not one, but two articles.
Away from our blog, there’s a couple of other articles you may wish to also check out. The Experian blog explains some of the different types of common identity theft. Mail, credit card, online shopping, biometric, and synthetic. There’s something for everyone. They also have another article which details some of the ways scammers can misuse your data. Finally, Equifax list some of the methods you can deploy to keep your social media identity secure.
It’s not like there’s a huge amount we can do to secure our accounts or identity once we’re gone, but we can certainly be proactive about it while still able to set the wheels in motion.
The post ID theft ghouls targeting Surfside victims is appalling, but no surprise appeared first on Malwarebytes Labs.