The security experts at Kaspersky are shining the light on a frightening new trend in identity theft called ‘digital fingerprinting.’ Crooks use this sophisticated scam to make a copy of your identity that is so close to your own that it tricks security software. Even scarier, these copied identities are up for sale on the Internet and as simple to order as a digital song, eBook, or pair of shoes.
Here’s how it works. Thanks to ever-improving security on credit cards, it’s getting more difficult to steal credit card information. But that doesn’t mean stealing is down, it’s actually up. Crooks are just using new tech to get better and better at it.
This new technique involves stealing digital masks. A digital mask is the profile that anti-fraud systems use to identify you. A crook that’s gotten their hands on your banking info but not your digital mask, could set off a fraud alert when attempting to make a transaction. The transaction might be denied or you might be sent an alert asking you to confirm the transaction. But if crooks have your digital mask, the transaction will probably go through without a hitch. This information can include fingerprints, cookies, logs, saved passwords, and answers to security questions.
Criminals are using an online marketplace called Genesis to sell various bits of information collected from information-stealing malware and packaging it for sale. Your data could go for as little as $5. Genesis offers a free browser plug-in that lets criminals use your digital mask when completing transactions.
These cyber-criminals don’t need to know anything about hacking. They just need a little bit of money and they can start draining your bank account without raising any alarms.
So what’s the solution? Requiring every transaction to involve some type of 2-factor authentication would help. But clever criminals have a way of getting out ahead of advancements in security. Your best bet is to check your bank account daily, maybe more than once a day. Even if you don’t make online transactions, that doesn’t mean someone else hasn’t accessed your account.