Risk
2/26/2009
01:52 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%
Repost This

FTC Report: Identity Theft Remains Consumers' No. 1 Fraud Complaint

Number of identity theft complaints rose 20 percent from 2007 to 2008

Identity theft remains the top category of fraud affecting consumers, and it jumped considerably last year, according to the Federal Trade Commission's annual consumer complaint report released today.

The FTC's Consumer Sentinel Network Complaint Data Book report for 2008 shows the number of identity theft complaints up around 20 percent from 2007, from 259,266 in '07 to 313,982 in '08. Identity theft represents 26 percent of all consumer fraud complaints, followed by third-party and creditor debt collection (9 percent), shop-at-home and catalog sales (4 percent), and Internet services (4 percent) and other forms of fraud.

The FTC's Consumer Sentinel Network is a database used by law enforcement to log consumer fraud complaints.

The marked increase in identity theft complaints is significant in that the number of these reports had stayed mostly flat from 2006 to 2007, says Tom Rusin, president of Affinion Security Center, which provides personal data security services for consumers and businesses. Rusin says the jump may be due to several factors, including the high number of enterprise breaches last year, as well as fallout from the financial crisis. "As banks consolidate today, consumers expect to get more information [electronically] from their bank," Rusin says. "That's an opportunity for identity thieves to do phishing attacks."

Rusin says the report also highlights how, contrary to popular belief, identity theft isn't just about bank card fraud; while 20 percent of the ID theft cases reported last year were bank card fraud, around 30 percent originated from document fraud, such as Social Security Number theft and employment fraud. Many people don't realize that document fraud is also ID theft, Rusin says.

The FTC report also shows what bad guys do with stolen identities. While 20 percent was pure credit card fraud, government documents or benefits fraud accounted for 15 percent, employment fraud for 15 percent, and phone or utilities, 13 percent.

"[Around] 40 percent of identity theft had nothing to do with bank or credit cards," Rusin notes. "It was stealing personal information, for working here illegally, fraudulent tax returns, [etc.]," he says.

Agewise, 20- to 39-year-olds still bear the brunt of identity theft fraud, with around 49 percent of complaints from this demographic, according to the FTC report -- a trend that has been consistent during the past three years. Interestingly, 65 percent of identity theft victims last year did not contact the police. "This just shows that most people don't know where to turn," Rusin says.

And Arizona is still the No. 1 state for identity theft complaints, with 149 per 100,000 people, followed by California, Florida, and Texas. These states typically house a wealth of assets, Rusin says, which makes them attractive for identity thieves.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is Senior Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web