Identity theft is one of the fastest growing crimes in America. According to the 2017 Identity Fraud Study by Javelin, there were over 15 million registered cases of user identity theft in the U.S. in 2016, which is 2 million more than in 2015. Moreover, according to industry reports like the Verizon Data Breach Investigations Report, user identity theft is the root cause of most data breaches that occurred over the past few years. Remember Target’s massive breach in 2013 that exposed the financial and personal data of 110 million consumers? It began with a malware-laced email phishing attack on a contractor firm. And this year we have already seen a major identity theft incident: Lithuanian national Evaldas Rimasauskas was arrested in March 2017 for defrauding two tech companies of $100 million by pretending to be a business affiliate and sending fake emails in a whaling attack.

No matter how careful you are about protecting your personal information, practice shows that no one is completely safe from user identity theft. Skilled thieves have many ways (both low-tech and high-tech) to get hold of your sensitive data and use it for their own benefit. Here are the top three ways identities can be stolen:

  • John Smith is an accounting clerk who regularly uses an ATM nearby his office to withdraw cash for small purchases. Bad luck — one afternoon he urgently needed some cash, but a skimming device had been installed on the machine that same morning. As soon as he inserted his card into the ATM and typed his PIN, he fell victim to a common form of fraud.Even as identity theft methods become more sophisticated, good old card skimming remains one of the most common scenarios. In fact, the growing popularity of contactless card readers opens new opportunities for skimmers.To protect customer data, merchants should consider purchasing tamper-resistant terminals and using tamper-evident controls to help prevent identity theft by making hackers’ jobs more difficult.
  • One day Sarah Johnson, a financial worker, received an email from her CFO asking for an urgent transfer of funds. Of course, this is not something that you should ignore. Unfortunately, she was not aware that CFO’s email had been compromised and the request was fake, and the funds were transferred to a criminal.Unlike traditional phishing, this form of attack — known as a business email compromise (BEC) or whaling attack — is more targeted and looks extremely convincing to a victim. According to the FBI, BEC has reached epidemic proportions, with more than 20,000 reported cases in just the last three years, at a cost of $3.1 billion.

    To combat phishing attacks. organizations need to provide employees with IT security training to raise awareness about whaling attacks and encourage reporting of suspicious emails. They also need to carefully monitor both inbound and outbound network activity, verify all large transactions, and use digital signatures.

  • Physical theft or loss. Jim Richardson uses his laptop to access corporate email and work remotely during business trips and vacations or outside of working hours. One day he accidentally left his laptop in a cafe, which turned to be a complete disaster. Someone took Jim’s device and managed to log in to his account, which enabled the intruder to browse corporate data and gain access to several business-critical files.Lost or stolen devices are a huge pain for the IT guys. Although this is not something that can be prevented, there are ways to ensure basic data protection. Full disk encryption on all mobile devices and removable media are standard measures. Tokenization — the replacement of sensitive data with a unique identifier that is meaningless to anyone other than the intended recipient (such as a payment processor) — has also proven to be effective.

Many organizations are selling services that claim to protect your identity. But none of them can definitively prevent sensitive information from being stolen and used. The tricky thing about user identity theft is that it is extremely hard to notice: Sometimes one can hardly distinguish unauthorized activity from typical IT changes. However, there are certain scenarios that indicate that something suspicious is going on in the IT environment. For example, a single user logging on from multiple endpoints within a short period of time, accounts being deleted soon after creation, temporary users becoming members of privileged security groups, and suspicious actions performed by previously inactive users can be signs of intruders attempting to compromise your systems and hide their malicious activity.

To protect themselves, organizations have to critically evaluate their IT environments and quickly identify the vulnerabilities that represent the biggest risks. Visibility into critical changes, configurations and user activity will help organizations promptly spot abnormal behavior and react to any warning signs of user identity theft.