Recently, the Federal Trade Commission’s (FTC) Identity Theft Task Force (ITTF) set out to find out just how fast hackers attempt to use stolen data.
The Test
The study was conducted using about 100 sets of fake information. The information included what appeared to be a normal online customer database. The data in the database included items such as names, physical addresses, email addresses, phone numbers, and different types of payment information. To make the data appear real, the phone numbers were associated with the physical addresses and the payment information included one of three different types of payment sources: a credit or debit card online payment service or a bitcoin wallet.
The FTC went so far as to use Census data and real addresses to ensure the data appeared to be genuine. The data was then posted on a website that hackers use to exchange stolen identity information. The fake identities were posted twice to the same site, in slightly different formats.
The Results
Within nine minutes of the second posting, the account information began to be used. There were over 1200 attempts by the identity thieves to access the email and payment accounts.
Email account access was attempted, likely to find additional information about the account holders. Email can be a treasure trove of information, indicating where individuals make purchases and giving criminals additional information about the individuals.
There was significant activity by the thieves to access the fake payment accounts. This is logical as the cybercriminals would want to make changes to the account to be able control it, or drain the account if the account had a balance.
Online purchases were also attempted using the fake payment accounts supplied in the test data. The purchases included clothing, food delivery, retail purchases, online games as well as online dating site memberships.
The Identity Theft Task Force (ITTF) was launched in 2006, by a President Bush executive order. The goal of the ITTF is to identify how identity theft happens and to combat it. In the over ten years since the creation of the task force, there have been great strides to educate the public and reduce identity theft. However, the Federal Trade Commission (FTC) still received approximately 500,000 complaints from citizens about identity theft. A Department of Justice (DOJ) report says that in 2014, approximately 7% of the US population over the age of 16 approximately 17.6 million individuals were victims of identity theft.
Protect Yourself
The ITTF determined that two-factor authentication (2FA) prevented thieves from gaining access to the accounts. 2FAis a process that requires both a password and what is referred to as a second factor such as a code or PIN sent to a phone to access an account. Because the criminals did not have access to the second factor, they were unable to access the accounts. 2FA is not a security cure-all, but it certainly can help.