Criminals are getting creative in how they try to drain your financial accounts.
There's not much good news for consumers in Javelin Strategy & Research's 2018 Identity Fraud Report, released Tuesday. The firm has been tracking trends in the space for 15 years.
A record 16.7 million consumers experienced fraud or identity theft in 2017, blowing away the previous record set in 2016 of 15.4 million victims. The total amount stolen also rose, to $16.8 billion.
"It used to be … that one type of fraud would be up, but another would be down," said Al Pascual, senior vice president of research and the head of fraud and security at Javelin.
This year, he said, there's a broader upward trend across different fraud categories. Where there is a decline, it's typically because thieves have more than made up the difference with a lucrative opportunity elsewhere.
(For example, the advent of chip cards has pushed thieves to misuse victims' existing credit cards online rather than in store.)
One of the potentially dangerous trends to watch is so-called "intermediary new-account fraud," where thieves use Social Security numbers and other stolen data to open new accounts in the victim's name. The aim: Use those new intermediaries to access and drain a victim's existing financial accounts.
"That's just gone through the roof," Pascual said.
The tactic — although labor-intensive — has several advantages for thieves. Some of those new accounts may not entail a credit check or otherwise pop up on a credit report, delaying victims' awareness of the crime.
When a bank assesses account ownership — say, when the thief initiates a funds transfer or account connection to that intermediary — it can look like you own both accounts, Pascual said. That's less likely to raise immediate red flags than a large transaction involving an unfamiliar party. (You appear to be transferring money to yourself, rather than a scammer.)
That new intermediary account could even help the thieves successfully take over a financial account and lock the real owner out — for example, by redirecting two-factor authentication prompts or password-reset requests to a newly set up email or cellphone.
"The primary accounts that have a lot of value, that criminals want to monetize, are pretty heavily secured," Pascual said. "They just need to compromise accounts that are one degree separated from those accounts."
"It's not confidence-inspiring," he added.
There are plenty of steps consumers can take to thwart would-be thieves. (See infographic below.)
"It's a multiprong approach they have to take," said Melba Amissi, senior vice president and chief risk officer at Identity Guard, which sponsored the Javelin report. "Be cautious about what information you're sharing, and with whom."
Take protective steps like enabling two-factor authentication — and do so on more than just your financial accounts, Pascual said.
"Criminals are very interested in piecing things together," he said. "You have to raise the walls along all accounts."
Keep tabs on your accounts regularly, and sign up for alerts to new transactions and other account activities that could point to potential fraud or identity theft, said James Chessen, executive vice president of the American Bankers Association Center for Payments and Cybersecurity. He gets a text message every time he makes a purchase.