Identity, Vulnerability Management

More than half of US identity fraud victims shared information in Google Voice scam

Several Google apps are displayed on a smartphone. (Photo by Carsten Koall/Getty Images)
Several Google apps are displayed on a smartphone. (Photo by Carsten Koall/Getty Images)

A nonprofit organization established in 1999 to support identity crime victims reported that it received the most number of contacts and requests for help in its history last year.

In its 2021 Trends in Identity Report, the Identity Theft Resource Center reported that nearly 15,000 people in the United States were victims of identity crime, up 26% from 2020.

Instead of taking over existing financial accounts like in years past, the ITRC said criminals preferred to open new accounts using personal information stolen in data breaches or collected by tricking individuals to share their information with the bad actors, ITRC President and CEO Eva Valasquez wrote in the report.

Over 1,100 victims reported financial account misuse, with 64% coming from new accounts and 36% were account takeovers (ATOs). Of the new accounts, 36% were for credit cards and 14% for bank accounts, while 37% of ATOs were bank accounts and 28% were credit card accounts.

Half of the 14,947 victims reported sharing personally identifiable information with criminals, and more than half of those, 53%, were scams involving Google Voice. This method involved scammers posing as interested buyers contacting online sellers and convincing them to share their Google account verification code to prove they were legitimate vendors. The criminals then open a Google Voice account with the victim’s information to scam others, according to ITRC.

It’s worth noting that Cisco’s recent breach was caused by an employee’s Google account information being used to access the software giant’s networks. Using a series of sophisticated voice phishing attacks, it was reported last week that the victim eventually accepted multi-factor authentication (MFA) push notifications made by the attacker, which granted access to the VPN of the victim.

More than half (55%) of the nearly 2,300 victims of identity misuse cases reported their information was used to open or take over government accounts or steal benefits, likely unemployment benefits and COVID-relief packages.

Social media ATOs grew by 1,044% from 2020 to 2021. 

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.