Identity Theft Trends Set to Shift in 2023

Predicting exactly what hackers will do is always a dicey proposition.

Cyber criminals don’t exactly follow a logical path, often acting on instinct and opportunity. But as it has examined trends in the back half of 2022, the Identity Theft Resource Center (ITRC) believes it has a snapshot of what lies ahead.

As 2022 winds down, social media takeovers are en vogue. ITRC research shows that 27% of individuals and 87% of businesses lost revenue from this sort of attack, with the overall velocity of these takeovers increasing by more than 1,000% this year.

Bad actors also leaned into identity-based scams, impersonating someone to open an account, then using personal information to bypass security features. That resulted in over 90 supply chain attacks that impacted more than 1,600 organizations.

So what’s next? It looks to be a stronger focus on identity crimes.

“These trends point towards shifts in tactics moving forward,” said Eva Velasquez, president and CEO of the ITRC. “We expect to see identity crimes affect generations differently, depending on how people interact with the digital world, as well as a rise in scams targeting specific ethnic groups. We see romance scams shifting toward platonic relationship scams. We think identity criminals could look to exploit the technology gap between people who adopt new password-less logins and those who don’t.”

Overall, the ITRC says it expects 2023 to highlight eight trends for hackers that steal identities:

1. Expanded online impersonation: Using personally identifiable information gathered through security compromises, phishing and social engineering, hackers will open new accounts as well as take over non-financial accounts such as social media. They’re also likely to impersonate government representatives to widen the political divide across the nation.
2. Relationship scams: Romance scams are nothing new, but in 2023, they will evolve into relationship scams. That’s when the bad actors approach victims via dating apps, preying on the loneliness of people who feel left behind by love. 
3. Ethnic targeting: People who have a limited English proficiency are likely to be targeted more by identity thieves. Certain scams could target specific ethnic groups.
4. Targeting a gap: The use of passwordless tech, such as services like Passkey or 1Password, is an effective way to maintain a different, hard to deduce password for every site you have an account with (meaning, if one account gets compromised, your others remain safe). Some people can’t or won’t make the shift to these, though. And hackers are likely to set their sights on those people.
5. Generational differences: Identity crimes and fraud will continue to affect generations differently, says the ITRC, since payment and contact methods vary depending on age. People who show a discomfort with online interactions could be at risk.
6. Payment app protections: 2022 saw a rash of scams around payment apps. Since those impact people’s finances, the ITRC predicts Congress or the Consumer Financial Protection Bureau (CFPB) will crack down on that misuse. 
7. But a breakdown on security laws: Data breaches may help scammers be more efficient in their phishing pitches and account takeovers, but the ITRC doesn’t believe Congress will be sufficiently motivated to pass a comprehensive privacy and data security law next year.
8. A continued lack of sunshine: Of the 367 cyberattacks in the first quarter of this year, 154 did not include the cause of the breach. The ITRC has previously said that lack of actionable information prevents consumers from taking appropriate actions to prevent themselves. Last year, the number of data breach notices that did not reveal the root cause of that compromise was up 190% percent from 2020.

Sadly, the organization says it sees no change in this trend, meaning more people and businesses could be at risk.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Technology Cybersecurity