Working for a leading cybersecurity company like ESET, it’s common for our colleagues to become the ‘online safety representatives’ in their personal lives and be consulted by friends and family members for advice on many different issues. Often, people come to us seeking help regarding the impersonation of a child or young adult they know; and such cases are normally examples of identity theft.
What may seem like a short and unpleasant incident is, in most countries, considered a crime. The parents or legal guardians of young identity theft victims should contact the local police or seek legal advice. If active efforts aren’t taken to protect the personal data of children, it can have a serious impact on their financial futures.
Identity theft affects even very young children
Online theft of personal data is very common. You might think that your children’s data would not be of much use to cybercriminals but as they get older, they will accumulate clean credit scores and a clean criminal record – something that fraudsters can exploit for their own benefit. Even if it is legally proven that someone else has obtained a loan or incurred a legal fine by using the name of a child, this can still present endless problems and paperwork for that child in the future.
There are not many statistics regarding cases like this but according to a 2018 study released by US research firm Javelin Strategy & Research, more than one million children in the United States were victims of identity fraud in 2017. Perhaps even more concerning is the fact that two thirds of those affected were under the age of eight. “The limited financial histories of minors give fraudsters a long-term opportunity to slowly develop networks of accounts, mimicking legitimate holdings,” reads the study.
Beware of social engineering
Identity thieves usually try to steal the names, addresses, passport or ID numbers, and in some cases the financial data, of anonymous victims. They either buy such data in bulk on darknet websites, or use malware or social engineering to obtain it themselves.
By infecting victims’ devices with malware, cybercrooks can exfiltrate personal data stored on the devices or within internet browsers. If they use a keylogger, everything that a victim writes on their infected device is sent directly to the attacker – including credit card numbers and passwords. However, the most cost-effective solution for online fraudsters is social engineering: they simply trick their victims into providing personal details, either by impersonating somebody else or by manufacturing a fake website.
At ESET, we see cases like this so often that you might think it is impossible to protect your child or your family from online fraudsters. However that’s not the case – by following these simple steps, you will strengthen the protection of your children’s personal data.
How to protect your family from identity theft
Teach your children not to overshare. Try to talk to them about their use of social media and what they usually enjoy posting there. Explain to them why it’s not wise to fill in their home address on an account which they sometimes use to accept friend requests from people who they don’t know too well.
Good password hygiene is a must. Teach your family how to come up with long, hard-to-guess and unique passwords, or how to use a Password Manager. Remember not to reuse passwords, always choosing new passcodes for different services or websites.
Keep all your family devices secure and submit your personal data online only when your internet connection is secure. This means that you should avoid public Wi-Fi or any untrusted sources of internet connection. On an unsecured connection, fraudsters can easily eavesdrop on all your submitted forms.
Discard sensitive documents in a safe manner. If you want to throw away old physical documents that contain personal data, shred them. Don’t forget that your older electronic and data storage devices contain a lot of personal information too. Some of them offer a ‘wipe’ function to safely discard of all saved data. There are some free and premium online tools to help you with the rest of them.
Teach your children to identify suspicious messages or websites that might try to trick them into submitting their personal data. You can also use anti-phishing, which can be part of a cybersecurity solution. If you or your family tries to open a phishing website, your antimalware solution will warn you.
Next steps: call the police
But what should you, as a concerned parent or legal guardian, do if you find out that your child’s personal data has already been stolen and used for something illicit? Do not hesitate: contact your local police department. In one way or another, for most countries and regions, identity theft is considered a criminal act. When contacting the police, bear in mind that they may not be familiar with every aspect of this branch of the law. If you are turned down, just show up again – this time with a lawyer. There are many NGOs that provide either general legal counsel or advice tailored specifically to help children in need.
Then prepare for a surprise. As the Javelin study showed, more than half of child identity fraud victims personally know the perpetrator and there is a strong connection between fraud and bullying. This means that in some cases you will need to contact your child’s school representatives and discuss this topic with them – or you may need to convene a family council to talk about the behaviour of a certain family member.