The plustotal losses from identity fraud in the US were calculated to $43 billion last year. While many of us are becoming more careful about protecting our personal data online, we can't say we're as careful about our children's data.
"Children's identity theft is more common than you think," says Phil Muncaster of global digital security firm ESET. «Almost a million children in the US were victimized in 2022, with incidents costing an average of $1.128 per household and taking 16 hours to resolve. This costs Americans more than $1 billion a year," he emphasizes.
So why is children's personal information in such high demand, how is it stolen, and what can parents do to stop it?
A billion dollar problem
Fraudsters use children's identity data for some of the same reasons they use adults' information:
- Opening bank accounts for use in money laundering and fraud.
- Issuing credit cards to create debt
- Scams for receiving social benefits and loans
Why are children's personal details so popular in the criminal community?
"One big reason is that kids don't have bad credit," explains ESET's Muncaster. “This means fraudsters have more confidence that their attempts to exploit stolen identity data will not be blocked by banks or government agencies. The victim themselves is also less likely to realize their details have been stolen, because - even if they have a bank account - children don't check their bank account or credit report. Frauds can go undetected for years."
Another popular technique is the combined fraud. This happens when a fraudster combines personal data from various sources: some of them are real, some of them are fake. Thus, a brand new identity is created using the child's important personal data to ensure a clean credit history.
How is identity theft done in the case of children?
Underground cybercrime is a well-tuned machine where different actors have different roles. Cybercriminals usually collect personal data and then sell in markets and dark web forums for fraudsters to use in subsequent attacks. The methods of obtaining this data are similar to those used to breach the personal data of adults and include:
- Electronic fishing (Phishing) via email, social media or even text messages. People are lured into clicking on malicious links, potentially installing information-stealing malware, or tricked into handing over their personal information – perhaps to enter a non-existent lottery.
- Third party infringements. Personal information approx 1,7 million children in America, that's 1 in 43, were potentially stolen through a data breach last year through no fault of their own.
- Account breach: The accounts online gaming, social media, and even online learning accounts can be a valuable treasure trove of personal information. They can be compromised through phishing attacks, password cracking and other techniques.
- Oversharing on social media: Οι γονείς μπορεί να είναι εξίσου ένοχοι με τα παιδιά τους για την ανταλλαγή προσωπικών πληροφοριών μέσω των κοινωνικών μέσων. Ακόμα και οι ημερομηνίες γέννησης και οι λεπτομέρειες σχετικά με τη σχολική τους education μπορούν να χρησιμοποιηθούν ως εργαλεία για απάτες που αποσκοπούν στο να αποσπάσουν περισσότερες πληροφορίες.
- Family members: Fraud rates within the family are shockingly high. In 67% of households facing child identity fraud, the victim knew the perpetrator(s) personally. Access to sensitive documents gives these family members the perfect opportunity, and fraud can go undetected for years.
- Theft: The good old way, like grabbing documents with personal information from the trash or even directly from the mail.
How to protect your child's personal information
Fortunately, several tried-and-true best practices can have a significant positive impact on protecting your child's information. Muncaster from the ESET team notes a few:
- Avoid sharing too much information about your child on social media. Sharing is best avoided unless the accounts are well protected.
- Check your child's accounts (bank, phone, etc.) for unusual activity.
- Διατηρείστε όλες τις Appliances του σπιτιού ενημερωμένες με τα τελευταία patches και προστατέψτε τες με λογισμικό προστασίας κατά του κακόβουλου λογισμικού.
- Explain to your children the dangers of oversharing on social media, phishing attacks or identity theft.
- Limit the number of accounts/services your child signs up for. Instead, enter your own details where necessary.
What to do if the worst happens
If the worst should happen, it's important to act quickly.
- Report the incident to the authorities.
- Report the incident to police.
- Notify any organization where your child's details were used to open an illegal account. Ask them to close it and get written confirmation that your child is not responsible for it.
Identity fraud is a part of life – unfortunately for our children too. Being a responsible parent in the digital age can take more effort than it did 20 years ago. But that's really non-negotiable.