Our cybersecurity colleagues at ESET are occasionally asked to consult on a specific scenario. Friends or family members typically seek advice regarding the impersonation of a child or young adult that they know. Such cases are normally examples of identity theft.
What may seem like a short and unpleasant incident is in most countries considered a crime, and the parents or legal guardians of young identity theft victims should contact the local police or seek legal advice. If you don’t act to protect the personal data of your children, it can have a serious impact on their financial futures.
Identity theft affects even very young children
Online theft of personal data is very common. You might think that the data of your children would not be of much use. But when they get older, they will have a clean credit score and a clean criminal record – something that fraudsters can exploit for their own benefit. Even if it is legally proven that someone else has obtained a loan or incurred a legal fine by using the name of a child, this can still present endless problems and paperwork for that child in the future.
There are not very many statistics regarding cases like this but according to a 2018 study released by US research firm Javelin Strategy & Research, more than one million children in the United States were victims of identity fraud in 2017. More concerning is the fact that two-thirds of those affected were under the age of 8. “The limited financial histories of minors give fraudsters a long-term opportunity to slowly develop networks of accounts, mimicking legitimate holdings,” reads the study.
Beware of social engineering
Identity thieves usually try to steal the names, addresses, passport or ID numbers, and in some cases the financial data of anonymous victims. They either buy such data in bulk on darknet websites or use malware or social engineering to obtain it themselves.
By infecting victims’ devices with malware, cybercrooks can exfiltrate personal data stored on the devices, or from internet browsers. If they use a keylogger, everything that a victim writes on their infected device is sent directly to the attacker. Including credit card numbers and passwords. However, the most cost-effective solution for online fraudsters is social engineering: they simply trick their victims into providing personal details themselves, either by impersonating somebody else or by manufacturing a fake website.
At ESET, we see cases like this so often that you might think it is impossible to protect your child or your family from online fraudsters. But that’s not the case. By following these simple steps, you will strengthen the protection of your children’s personal data.
How to protect your family from identity theft
Teach your children not to overshare. Try to talk to them about their use of social media and what they usually enjoy posting there. Explain to them why it’s not wise to fill in their home address when accepting friend requests from people that they don’t know.
Good password hygiene is a must. Teach your family how to come up with long, hard-to-guess and unique passwords, or how to use a Password Manager. Remember to not reuse passwords for different services or websites.
Keep all your family devices secure and submit your personal data online only when your internet connection is secure. This means that you should avoid public Wi-Fi or any untrusted sources of internet connection. On an unsecured connection, fraudsters can easily eavesdrop on all your submitted forms.
Discard sensitive documents in a safe manner. If you want to throw away old physical documents that contain personal data, shred them. Don’t forget that your older electronic and data storage devices contain a lot of personal information. Some of them offer a wipe function to safely discard all saved data. There are some free and premium online tools to help you with the rest of them.
Teach your children to identify suspicious messages or websites that might try to trick them into submitting their personal data. Or use anti-phishing, which can be part of a cybersecurity solution. If you or your family tries to open a phishing website, your antimalware solution will warn you.
Next steps: Call the police
But what should you, as a concerned parent or legal guardian, do if you find out that the personal data of your child has already been stolen and used for something illicit? Do not hesitate: contact your local police. In one way or another, in most countries and regions, identity theft is a criminal act. When contacting the police, bear in mind that they may not be familiar with every aspect of this branch of the law. If you are turned down, just show up again – this time with a lawyer. There are many NGOs that provide either general legal counsel or advice tailored specifically to help children in need.
Then prepare for a surprise. As the Javelin study showed, more than half of child identity fraud victims personally know the perpetrator and there is a strong connection between fraud and bullying. This means that in some cases you will need to contact your child’s school representatives and discuss this topic with them – or you may need to convene a family council to talk about the behavior of a certain family member.