Oxford Analytica has a brief on identify theft published over at Forbes.com. The reason I say “hit the big time” is because OA is quoting some monsterous incident numbers in Hooked On Phishing. Accordingly, they say that the FTC reported roughly 27.3 million cases of identify theft over the last five years – nearly one-tenth of the US population. The total cost of the problem in the U.S. last year was $52.6 billion.
Some parts of this story strike me as odd. The first is the sheer magnitude of the cases. I suspect there are some other numbers in there, like possibly credit card fraud via traditional theft. The second issue is why throw “phishing” in the headline? Many of the cases quoted, like the Lexis-Nexis and Choicepoint issues, were not really phishing cases, but instead either a lack of internal security, or just plain stupidity. And the article mentions other forms of fraud as well.
I think those numbers deserve a little more scrutiny. This article is more so one on identity theft and consumer financial fraud, and the writers need to think a little harder about their words before they create a panic and everyone turns off their computers out of fear. Although phishing is an issue, it is part of a much bigger problem which will require additional regulatory and financial infrastructure changes far beyond protecting personal computer communications before it is solved.