Cybercriminals are constantly working to try and steal personal information. Hundreds of millions of people have been impacted by their attacks. The coronavirus pandemic provided an opportunity for these criminals to change their tactics.
"Why would I go attack 300 consumers and get $300 each when I can attack one business and get $300,000 at one time," asked James Lee of the Identity Theft Resource Center (ITRC).
The ITRC's latest report on cybercrime in 2020 shows that total data breaches were down 19% in 2020 compared to 2019. Lee says as incidents of cybercrime are falling, the target is changing.
"So there are fewer data breaches, fewer people impacted," Lee said. "But what we're seeing is more identity fraud."
ITRC's report says more than 300 million consumers were still impacted by a data breach in 2020, but overall that is a 66% decrease compared to 2019. Lee says this is because ransomware and phishing attacks on businesses have increased.
"They'll tell them they have this much of your information and all of your customer's information," Lee said. "If you want it returned and not released then pay us X amount of money."
While stealing a lot of people's information from a business might be attractive to cybercriminals, it doesn't mean scams aren't targeting consumers. Many cybercriminals are still trying to get your personal information directly from you.
"Not only are we in the middle of a pandemic, we are in the middle of a scam-demic," said Eva Velasquez of the ITRC. "Whether it's your iCloud account, your Amazon account, your Google account, they're just trying to get your data."
One recent scam targeted San Diegans by calling them, saying their accounts had been compromised.
"If you get a call stating your iCloud account has been compromised, hang up the phone and log into your account," Velasquez said. "If you didn't initiate the conversation, go to the source."
Velasquez says the scams are getting more sophisticated. The ITRC says these cyber attacks are a $1.8 billion problem for U.S. businesses. These ransomware and phishing attacks can be automated and have large payouts. Between 2018 and 2020, the average ransomware payout grew from less than $10,000 to more than $233,000.
"[Cybercriminals] are not as interested in your bank account anymore," Lee said. "They're still interested in your information because they need that to commit the other kinds of fraud that are going to make them a lot more money."
Even though you aren't the direct target of these attacks, there are still several ways for you to protect yourself from identity theft fraud.
"They're counting on you not having antivirus, on you having the same password for every account," Lee said. "Those kinds of behaviors are what will make you safer and it will make it harder for businesses to be attacked too."
The ITRC also offers a data breach tracking tool called "Notified" which you can find on its website, here.