March 13, 2012, 4:14 PM — If you're smart, ambitious, don't care too much about legalities or cheating people who are the source of your income (and Goldman Sachs isn't hiring) the place for you to be in this economy is in professional-level identity theft.
Incidents of identity fraud increased 13 percent during the past year, according to a new study from banking-security analyst firm Javelin Strategy.
While the number of identity thefts is growing, the amount stolen isn't, Javelin found. The overall take for 2011 was a healthy $18 billion, but the amount it costs consumers to recover from having their identity stolen has dropped 44 percent since 2004.
That shows both consumers and banks are getting better at picking up early signs of identity theft, drastically reducing the amount of time an identity thief has to make a few bucks before any individual money tap is shut off.
That's where the whole "professional" angle comes in.
Despite just as many warnings on social networks as on banks that identity thieves can pick up useful information on Facebook, consumers haven't connected the warnings with the data they post online, where it is available to almost anyone.
Sixty-eight percent post their birthdays;
- 45 percent post the year of their birth as well as month and date;
- 63 percent posted the name of the high school they attended;
- 18 percent shared their phone numbers;
- 12 percent shared their pet's names.
Passwords is what. Passwords and security questions and answers that are easy to guess given how unimaginative most people are about both passwords and security questions.
Even worse, 7 percent of smartphone owners have had their identity stolen, most because they don't update their OS to include the latest patches, don't use a password on their home screen and – this is really stupid – 32 percent store usernames and passwords to their various online accounts on their phones in unencrypted files.
Lose a phone and you're likely to lose access to those accounts, or at least share it with someone else for a while.
Even simpler, if you use WiFi data connections in coffee shops or other static locations without VPNs or other encryption products, you're doing everything but writing your passwords down on a napkin and passing it like a love note to the nearest identity thief.
"Socially, humans are easily engineered," according to Tracy Kitten, who lists herself as author of the Fraud Blog at BankInfoSecurity, though there's no proof she's not lying.