The growing threat of identity theft and what can you do about it

Did you receive a random email and checked out the attachment? Or, perhaps, did you click play on what looked like a helpful tutorial? These are just a couple of ways cybercriminals have been using to have you download a type of malware known as information stealers.

The researchers at Gen Threat Labs have observed these types of attacks online, bringing them to light in their Gen Q2/2024 Threat Report. Let’s dive into what’s happening and—more importantly—how you can protect yourself.

What’s happened?

Identity theft is digital gold for cybercriminals. They’re persistently looking for your personal information—your passwords, social security number, bank details, and anything else that can give them access to your identity. Once they have it, they can drain your bank accounts, open new credit lines in your name, or even sell your details on the dark web.

One of the primary tools these criminals use are information stealers. These are sneaky types of malware designed to infiltrate your devices, usually without you even knowing, and steal sensitive information. They can capture everything from your browser history to your login credentials—even your private documents.

In the second quarter of 2024, a dominant information stealer, AgentTesla, has been the most active one—responsible for a third of the attacks. AgentTesla has been spreading mainly through malicious emails disguised as legitimate communications—like fake order confirmations or invoices. Once it infects your device, it starts collecting valuable information, which can then be used to take over your accounts or sold to other criminals.

On mobile devices, the situation is just as concerning. Banking trojans are on the rise, slipping through even on trusted platforms like the PlayStore. These trojans target your banking apps, trying to steal your login details or intercept two-factor authentication codes. Once they have this, they can drain your accounts without you even realizing it until it’s too late.

How do these attacks work?

Cybercriminals use various methods to infect your device with information stealers. Here are a few examples:

• Phishing emails: These emails are crafted to look like they come from legitimate sources—maybe your bank or a service you use regularly. They usually contain links or attachments that, when clicked, download the malware onto your device.
• Malicious websites: Sometimes, just visiting a compromised website is enough to get infected. These sites might look like ordinary news pages or online stores, but are actually traps set up by cybercriminals.
• Fake apps: Particularly on mobile devices, fake apps that look like legitimate tools—like a PDF reader or a new game—can be the source of infection. Once installed, these apps quietly steal your data in the background.
• System vulnerabilities: Cybercriminals also take advantage of flaws in software or apps, exploiting these weaknesses to gain access to your devices.

How can you protect yourself from information stealers?

While the rise in identity theft and information stealers is alarming, you can take the necessary precautions to help protect yourself.

• Be skeptical of emails. If you receive an email asking for personal information or urging you to click on a link or download an attachment, think twice. Always verify the sender and, if in doubt, go directly to the official website rather than clicking any links.
• Use strong, unique passwords. Never reuse passwords across multiple sites. Use a password manager to help you generate and keep track of complex passwords.
• Enable two-factor authentication (2FA). This adds an extra layer of security to your accounts. Even if a criminal gets your password, they’ll still need a second form of identification to access your account.
• Keep your software updated. Regularly update your operating system, browser, and any apps you use. These updates often include patches for security vulnerabilities.
• Download apps carefully. Only download apps from trusted sources, like official app stores, and check the app’s reviews and ratings before installing.
• Invest in a strong cyber security plan. A reliable antivirus with identity theft protection with identity theft protection can help detect and block malware before it causes damage. Make sure it’s always up to date.

Protecting your information

As identity theft and the use of information stealers continue to rise, it’s crucial to stay informed and take proactive steps to protect yourself. By being vigilant and adopting safe online practices, you can significantly reduce your risk of falling victim to these increasingly sophisticated attacks.

Remember, your personal information is valuable—both to you and to those who would steal it. Protect it as carefully as you would any other valuable asset. Stay safe out there!