The latest way fraudsters are abusing personal information

Online lending is making cyber thieves’ lives easier by giving them another attack route

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Accord­ing to a 2016 report from the secu­ri­ty firm Threat­Metrix, iden­ti­ty thieves are work­ing a new seam in the iden­ti­ty theft gold mine: online lend­ing. There is an increase in attacks against providers of alter­na­tive lend­ing products.

Adam Levin, chairman and co-founder of and CyberScout (formerly IDT911)
Adam Levin, chair­man and co-founder of and Cyber­Scout (for­mer­ly IDT911)

The rea­son online lenders have attract­ed this unwant­ed atten­tion has to do with the niche they occu­py. First, they typ­i­cal­ly offer small­er loans in the $2,000 to $5,000 range. They dif­fer­en­ti­ate them­selves in a crowd­ed mar­ket by pro­vid­ing faster turn­around than tra­di­tion­al lenders. It is that speed that makes it an ide­al trans­ac­tion type for the com­mis­sion of iden­ti­ty theft: Thieves use fake or stolen per­son­al infor­ma­tion to apply for funds they can get quickly—before the lenders or poten­tial vic­tims know what’s happened.

I know what you’re think­ing: Real­ly? And yes, I am sor­ry to say it. Real­ly. We’re talk­ing about this again because last year fraud­sters were able to scam $16 bil­lion from con­sumers. This is yet anoth­er exam­ple of how iden­ti­ty thieves abuse people’s per­son­al­ly iden­ti­fi­able infor­ma­tion to the detri­ment of both con­sumers and busi­ness­es. That tells me we need to keep talk­ing about how to stop being such an easy tar­get.

The new normal?

There’s a ques­tion mark there because, unfor­tu­nate­ly, curios­i­ty and dis­be­lief are still the most com­mon reac­tions con­sumers have when the con­ver­sa­tion turns to iden­ti­ty-relat­ed crime. I would add that it bog­gles the mind peo­ple that still ques­tion the preva­lence of the iden­ti­ty theft scourge.

Here’s the deal: Your chances of get­ting “got” have nev­er been bet­ter, whether it’s in a sim­ple cred­it card fraud scam, a mind-rack­ing­ly com­plex attack on every avail­able crumb of val­ue to be had through the exploita­tion of your finan­cial reach in the world, or this lat­est trend where iden­ti­ty thieves tar­get online lenders.

Is it real­ly the new nor­mal? The answer: No, it is not.

There is, in fact, noth­ing new about it. It’s the plain old vanil­la, 100 per­cent nor­mal now. The trend began well over a decade ago. If I were being a stick­ler, the head­ing would say, “the mind-numb­ing­ly old, but still not total­ly under­stood, nor­mal” or the “how can this still be some­thing I have to write about” normal.

When it comes to iden­ti­ty theft, it’s all about your per­son­al­ly iden­ti­fi­able infor­ma­tion being in the wrong hands and not so much about what you can do to pro­tect your­self. But before you throw your hands in the air and start singing like Madame But­ter­fly, keep reading.

What you can do

With tongue firm­ly in cheek, one thing you can do is read Swiped: How to Pro­tect Your­self in a World Full of Scam­mers, Phish­ers and Iden­ti­ty Thieves (full and shame­less dis­clo­sure: I wrote it, and it is now avail­able in paperback).

Since the book came out last year, the prob­lem has got­ten much worse. In fact, 2016 brought a new all-time high, with an esti­mat­ed 15.4 mil­lion U.S. con­sumers becom­ing vic­tims in one stripe of iden­ti­ty-relat­ed crime or anoth­er. That’s up from 13.1 mil­lion the year before.

You can keep your infor­ma­tion from being used by scam­mers by plac­ing a freeze on your cred­it. This will make it impos­si­ble for any­one to use your cred­it with­out the authen­ti­ca­tion to thaw it (includ­ing you). In addi­tion, you need to prac­tice what I call in my book, The Three Ms:

  • Min­i­mize your expo­sure. Don’t authen­ti­cate your­self to any­one unless you are in con­trol of the inter­ac­tion, don’t over­share on social media, be a good stew­ard of your pass­words, safe­guard any doc­u­ments that can be used to hijack your identity.
  • Mon­i­tor your accounts. Check your cred­it report reli­gious­ly, keep track of your cred­it score, review major accounts dai­ly if pos­si­ble. (You can check two of your cred­it scores for free every two weeks on If you pre­fer a more laid-back approach, sign up for free trans­ac­tion alerts from finan­cial ser­vices insti­tu­tions and cred­it card com­pa­nies or pur­chase a sophis­ti­cat­ed cred­it and iden­ti­ty-mon­i­tor­ing program.
  • Man­age the dam­age. Make sure you get on top of any incur­sion into your iden­ti­ty quick­ly and/or enroll in a pro­gram where pro­fes­sion­als help you nav­i­gate and resolve iden­ti­ty compromises—oftentimes avail­able for free or at min­i­mal cost through insur­ance com­pa­nies, finan­cial ser­vices insti­tu­tions, and HR departments.

It says some­where in the Bible that the fastest run­ner doesn’t always win the race, and the strongest war­rior doesn’t always win the bat­tle. We learn in the same verse that the wise can go hun­gry and even the most tal­ent­ed among us can be dirt poor. If the scribes had lived today, they would have added that even the most care­ful among us could become vic­tims of an iden­ti­ty-relat­ed crime.

Full dis­clo­sure: Cyber­Scout spon­sors Third­Cer­tain­ty. This sto­ry orig­i­nat­ed as an Op/Ed con­tri­bu­tion to and does not nec­es­sar­i­ly rep­re­sent the views of the com­pa­ny or its partners.

More on iden­ti­ty theft:

Iden­ti­ty Theft: What You Need to Know
3 Dumb Things You Can Do With Email
How Can You Tell If Your Iden­ti­ty Has Been Stolen?