(Bloomberg) – Alan Brillhas scoured computers for intelligence left byIraqi forces retreating from Kuwait.

He has probed a bank in Bosnia suspected of fundingethnically targeted mass murder. He has investigated thework of hackers who got inside the 2008 presidentialcampaign networks of Barack Obama and John McCain.

What's on his radar now? Your kids.

As school ends and camp and summer jobs begin, scammers areafter their identities, which can be teased out from informationgiven in application forms. Identity thieves can use a child's SocialSecurity number, for example, to "apply for governmentbenefits, open bank and credit card accounts, apply for a loan orutility service, or rent a place to live," the Federal Trade Commission warns on itswebsite.

'Perfect storm for bad guys'

"When you think about kids, in some ways they have the mostvulnerable identities, but they are the ones people think aboutleast," said Brill, senior managing director for cybersecurity andinvestigations at the New York security firmKroll Inc. "It's kind of a perfect storm for thebad guys."

In addition to requesting a Social Security number,camps, sports leagues, and potential employers may askfor insurance information and other personal data.Criminals see computer systems at camps and other extracurricularprograms as easy hacking targets. At the same time, thereare no potentially lucrative financial accounts tied to achild's identity. So, while the future damage can beincalculable, your child's identity goes for cheap — $10 to $25 onthe dark web, depending on supply and demand.

Big problem increasing year-over-year

While it isn't clear how many child identitythefts are committed annually in the U.S., said Brian Lapidus, who heads the identity theft andbreach notification practice at Kroll, "this is a bigproblem that we're seeing an increase in year-over-year, ascriminals get more savvy."

Here, Brill and Lapidus offer their thoughts on childID theft. Kroll and ID protection companyLegalShield launched a service called IDShield two yearsago, but such services aren't the first line of defense forconcerned parents. It's simple awareness of theproblem. 

Related: Top 10 states most vulnerable to identitytheft and fraud in 2016

Both men have quizzed their children's orgrandchildren's camps on their cybersecurity practices andsafeguards. You can imagine it was a pretty goodgrilling. Here's what to do and what to look outfor in guarding your own young ones' 

Here's what to do and what to look out forin guarding your own young ones' identities fromthieves:

Q: How do you even know if your child's identity has beenstolen?

Brill: Unfortunately, in many cases, you find out the hardway. Either your kid eventually applies for credit and discovers hehas a terrible record, or someone has been using your kid'sinformation for something like W-2 fraud, using it to work whenthey're not supposed to be working, and a year and a half lateryour child gets a nasty letter from the IRS saying, "We have W-2'sfor you, why haven't you filed your taxes?"

Related: Imprisoned identity-fraud kingpin shares secrets of hisscams

Or your kid looks to go to college, and the college says, "Whydo you owe AmEx $37,000 on a credit card, and why do you havebankruptcies on your record?" It can cause problems for the kid,and for parents who want to protect the identity of the of kid.

Another thing we see that is scary is how criminals use yourkid's identity to get medical services for another kid. In this ageof electronic medical records, there may be a fairly extensiverecord under your child's identity, but it has a different medicalhistory and blood type than your child. The last thing you want isyour child to go into the hospital and the medical staff to havethe wrong information and your child's medical history and allelse.

Q: What are other areas in a child's world where identity theftissues come up?  

Brill: The Internet of Things. You probablyread about the [bluetooth-enabled] doll marketed in Germany thatrecorded a lot more than you, as a parent, would want andsent it to a cloud-based server. A lot of American toycompanies follow the Children's Online Privacy Protection Act aboutcollecting information from kids. But when you get knockoffversions of a product that is imported, that's not necessarily thecase, and you don't know where the data is going, how it is beingprotected, if it is being misused.

Related: Should you keep your kids away from connectedtoys?

Lapidus: Also, you have teenagers applying forjobs in the summer, and with a lot of applications, they have togive their Social Security number. You see job fairs wheresomeone shows up saying, "I'm from X organization," and people fillout applications. What the group really is is an identitytheft ring. Say it's a popular job fair, they get 500 applications,they walk out the door and have 500 identities to sell on the darkweb that day. 

Q: So, in that case, does a parent just tell their teen not togive out a Social Security number?

Lapidus: I'm not sure most 16-year olds wouldsay this — my 11-year-old might, but he's an exception — butconceivably they could say, "Hey, I'm really interested in workingfor your organization, but I'm not going to give you my SocialSecurity until you are ready to make an offer, because my dad is insecurity, and I worry about things like that. It's about havingthat dialogue with your child and that sense of awareness."

Q: Where are the attacks coming from? What kind ofcybercriminals are we talking about?

Brill: In large part, the nation/state actorsdon't care about your kid's data. If they were to get it, it wouldjust be accidental along with other stuff they grabbed. The peoplethat traffic in this data are mostly commercial cybercriminals whoare going to use it for credit frauds, medical frauds, and W-2frauds. It tends to be very low-level hackers who aren't verycreative. But if the place where the data is stored hasn't done thesecurity basics, they can run an attack that might get them thatdata.

Q: Aside from warning your kids, what can a parentreally do?

Brill: To me it's really an area whereparents can do quite a bit, but not if they aren't thinking aboutit. The first question to ask a company is how are you protectingmy kid's data? If they look at you like you are speaking Klingon,that's probably not a good thing. You want to hear something thatmakes sense, for them to have an answer that shows they havethought about it. They might tell you how they limit access todata, how they limit the information they collect. I've found thatonce you ask that question and listen to the answer, you tend toget a good or bad feeling about whether they are serious about itor not. 

Related: Unique cyber risks your HNW client's kidsface

It all comes down to consciousness of this as an issue,asking questions, and in some cases working together. Very often acamp will have a parents association, and if your kid was therelast year and is going again this year, you probably have somecontacts that you can speak with and take a little collectiveaction. 

And you want to monitor your kid's Social Security record justas you would for an adult to see if anything is reported.

Lapidus: You can see if a credit file isavailable on your child. A lot of products have the capability todo some kind of monitoring for minors. There are some indicators of[identity] compromise. There's monitoring of the dark web. Onething I always find interesting is if a child gets an explanationof benefits from an insurance company and it has nothingto do with them. You might think that was just a clerical mistake,but it would be an indicator that something is awry. We had a casea few years ago where an 87-year-old woman received an EOBfor a rhinoplasty. She called us up and said, "Hey, I have not hada nose job."