Risk
2/26/2009
01:52 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

FTC Report: Identity Theft Remains Consumers' No. 1 Fraud Complaint

Number of identity theft complaints rose 20 percent from 2007 to 2008

Identity theft remains the top category of fraud affecting consumers, and it jumped considerably last year, according to the Federal Trade Commission's annual consumer complaint report released today.

The FTC's Consumer Sentinel Network Complaint Data Book report for 2008 shows the number of identity theft complaints up around 20 percent from 2007, from 259,266 in '07 to 313,982 in '08. Identity theft represents 26 percent of all consumer fraud complaints, followed by third-party and creditor debt collection (9 percent), shop-at-home and catalog sales (4 percent), and Internet services (4 percent) and other forms of fraud.

The FTC's Consumer Sentinel Network is a database used by law enforcement to log consumer fraud complaints.

The marked increase in identity theft complaints is significant in that the number of these reports had stayed mostly flat from 2006 to 2007, says Tom Rusin, president of Affinion Security Center, which provides personal data security services for consumers and businesses. Rusin says the jump may be due to several factors, including the high number of enterprise breaches last year, as well as fallout from the financial crisis. "As banks consolidate today, consumers expect to get more information [electronically] from their bank," Rusin says. "That's an opportunity for identity thieves to do phishing attacks."

Rusin says the report also highlights how, contrary to popular belief, identity theft isn't just about bank card fraud; while 20 percent of the ID theft cases reported last year were bank card fraud, around 30 percent originated from document fraud, such as Social Security Number theft and employment fraud. Many people don't realize that document fraud is also ID theft, Rusin says.

The FTC report also shows what bad guys do with stolen identities. While 20 percent was pure credit card fraud, government documents or benefits fraud accounted for 15 percent, employment fraud for 15 percent, and phone or utilities, 13 percent.

"[Around] 40 percent of identity theft had nothing to do with bank or credit cards," Rusin notes. "It was stealing personal information, for working here illegally, fraudulent tax returns, [etc.]," he says.

Agewise, 20- to 39-year-olds still bear the brunt of identity theft fraud, with around 49 percent of complaints from this demographic, according to the FTC report -- a trend that has been consistent during the past three years. Interestingly, 65 percent of identity theft victims last year did not contact the police. "This just shows that most people don't know where to turn," Rusin says.

And Arizona is still the No. 1 state for identity theft complaints, with 149 per 100,000 people, followed by California, Florida, and Texas. These states typically house a wealth of assets, Rusin says, which makes them attractive for identity thieves.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-4620
Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

CVE-2014-4623
Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

CVE-2014-4624
Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVE-2014-6151
Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.