At its simplest, identity theft is any effort to use someone else’s name or personal information without that person’s knowledge or approval. Although the crime of identity theft bas become one of the hottest topics of the day, especially for internet users, it is nothing new and can be perpetrated upon people who do not even own a computer or know much more than how to turn on the one they do have.
Any expert in the field will be quick to say that many people do not realize how simple it can be for even the most elementary thief to acquire their personal information and use it illegally. These days, most people associate identity theft with hackers who steal information off a computer. But identity thieves can gain access to your personal information simply by stealing junk mail out of a mailbox or trash can, or by looking over your shoulder when you are punching in a password at an Automatic Teller Machine (ATM) or a calling card number in a telephone.
The first thing to remember about identity theft is that any personal information that can be collected can be used to impersonate someone. That includes a telephone number and address in a phone book, records stored at the Department of Motor Vehicles, or any letters mailed to the house. This is one of the reasons some people have unlisted telephone numbers.
Any information passed on to someone on the phone can be used for identity theft if the person asking the questions is lying about who they really are. This is one form of what has come to be known as “social engineering.” What it really means is tricking someone to reveal personal details. Another low-tech way to steal personal information is called “dumpster diving,” and it means exactly that – sifting through someone’s trash. That is the main reason paper shredders are moving up the list of popular Christmas gifts.
Although social engineering and dumpster diving both require some legwork on the part of the identity thief, the internet has meant that the crooks do not have to leave the comfort of their homes in order to steal data. Many companies legally, though controversially, use so-called “adware” and “spyware” to track one’s computer activities, but thieves employ similar tactics.
Another form of identity theft can come from “phishing” expeditions. Phishing scams are malicious programs that trick computers and their users to believe an attempt to contact their computer through the internet is for a legitimate purpose or from a trusted source, such as their bank. Since 1998 all these efforts violate Federal law and are considered to be felonies.
One of the most dangerous forms of identity theft is the use of credit cards. It also is the most talked about form of identity theft and the one that is most reported. The United States Federal Trade Commission (FTC) estimates that 67 percent of victims report that one or more of their credit card accounts are misused and that 85 percent of all identity theft involved misuse of some type of existing financial account.
Just because a person does not use a credit card or refuses to give out any information about their accounts either over the phone or on line, does not keep them safe from credit card identity theft. The FTC reports that 8 percent of credit card identity theft stems from accounts opened fraudulently using some else’s personal information.
However, there are some useful fraud prevention services which can help you to stay secure online and avoid any kind of credit card frauds. These tools helps merchants to protect their online e-commerce stores from malicious fraudsters. It screens all sales orders transacted using credit cards, PayPal, and so on for online frauds (also known as payment frauds or CNP frauds). So, keeps you secure.
Federal Trade Commission
The other bad news according to the FTC is that identity thefts are expected to rise considerably over the next decade. The good news is that Federal regulators are taking the crime seriously and taking steps to increase public awareness and education about credit card identity theft while the penalties for the crime have been toughened. In fact, the FTC’s web site contains extensive resources and information for those wishing to educate themselves on the latest identity fraud information.
One of the most important bits of information to know is that identity thieves can steal or create credit card information without the victim even knowing. As late as the 1970s, some credit card issuers were sending active cards through the mail to people who had not even requested them. A thief who steals someone’s mail, or sifts through their trash, can find applications for “pre-approved” credit accounts and have them activated.
The best way to minimize the risk of having credit card information stolen and used is to tear up or shred all such applications before discarding them. For existing accounts, check the statements each month and report any charges that seem out of place. Most banks and credit card issuers these days will not hold a person responsible for fraudulent charged if reported promptly.
Some credit card companies now are advertising their protection policies as an inducement to attract customers. Customers should talk to customer service representatives of their credit card companies to find out what their policy includes. In the competitive financial services market, any company not willing to offer an aggressive policy to protect its customers will find others eager to take the business.
Somewhat less glamorous, and certainly lower tech, is identity theft through mail fraud. For some criminals, this can be a case of the time honored methods being the best. Even those who conduct no business over the internet or who never talk to telemarketers still can be victims of identity theft just by opening their mail.
The good part about mail fraud us that the United States Postal Inspection Service reports that people are three times more likely to be victimized by identity theft over the phone or the internet than through the postal system. This is despite the fact that the Postal Service delivers more than 200 billion pieces of mail each year.
Another beneficial aspect of the Postal Service is that it has its own law enforcement branch, the Postal Inspection Service, charged with hunting down and catching those who commit mail fraud. Because using the mail system to commit a crime is a violation of Federal law, postal inspectors have more power and authority to investigate incidences of identity theft than most police agencies.
They also have more experience doing it. Before there was an internet – or nearly universal telephone service for that matter – there was an extensive mail delivery service. Those charged with monitoring it for criminal activity have a long history. In fact, the Postal Inspection Service web site has an entire section devoted to identity theft. Unfortunately, the advice found there is pretty generic and is much the same as can be found on most other sites devoted to the crime.
Forms of Fraud
Everyone with an address receives junk mail. Most people also get unsolicited applications for credit cards and mail pieces from “public opinion research firms.” Most of these are legitimate, some are not. People should be very careful what forms they fill out and what information they write down on these forms. Perhaps the most common, and most dangerous, piece of personal information is one’s Social Security number.
Although the cards clearly state the number is not to be used for identification, a Social Security number is one of the most common “account numbers” used by a myriad of private and public organizations to identify clients and customers. Another good habit to get into is shredding, or at least tearing up, any junk mail that could be stolen from the trash and used to open fraudulent accounts in the name of the recipient.
Surfing the internet has become one of the most common new technological pastimes of the 21st century. Computer access to the global network can bring a person in touch with vast amounts of information and can put people in touch with others around the world. Unfortunately, some of those people have ill intent.
Beyond those whose contact is sought out over the internet there are others with the technical knowledge to seek out computers connected to the net and take control of them. While many such “hackers” (or “crackers” as malicious computer users are increasingly being called) in the past have been teenagers or bored technology whizzes looking to test their skills, security experts are reporting that these days financial gain is increasingly a motive.
Today’s Black Hat Hackers, or crackers, take over networks of “zombie” computers and use them to broadcast large numbers of spam email or launch cyber attacks against corporate web sites. This use of personal computers is in fact a form of identity theft since a person’s computer, with their individual internet “signature,” is being put to a purpose of which the owner has no knowledge.
A computer also can be tricked into sending out a person’s personal information stored on it through this method. As some malicious mass emailers are finding it more and more difficult to find legitimate means of bypassing filters designed to weed out such spam, they are willing to pay crackers a goodly sum to infect masses of unsuspecting computers.
Another increasingly common and dangerous method used to steal consumer identities through the internet is by a method called “phishing.” One such phishing ploy is to send computer users a message supposedly from a trusted source, such as from the “fraud” division of their Internet Service Provider (ISP) or a shopping site like eBay, claiming someone has tried to break into their account.
The scams then ask the user to visit the website link they provide and confirm their account or credit card information. While the site might look legitimate, it is a phony, and any information supplied there falls directly into the hands of thieves. The best advice here is never to provide such information regardless of how legitimate the request appears. Legitimate sources will never ask for or even allow such information to be sent over the net. If one has a question about an account, go to the company’s site independently and find a customer service telephone number to check the claim.
Commercial Identity Theft
Although most attention surrounding identity theft is on how it affects individuals, stealing a company’s identity can be even more dangerous, and more costly. There are several good reasons for this. Most companies generally have a lot more money to steal than individuals and companies have a lot of people who make use of that identity and keeping track of them can be difficult.
Commercial identity theft can work two ways. Corporate identity thieves can use the company name to steal from it or they can use a stolen corporate identity to steal from its customers or the general public. The problem has become so pronounced that most big companies now employ their own watchdogs to keep track of who is using company information and for what purpose.
Stealing From The Company
By stealing a company’s identity, thieves can gain access to corporate funds. On one case from Florida thieves gained access to corporate bank account numbers and used them to obtain more than $250,000 in goods and services. In another case, corporate identity thieves used fake payroll checks to get banks to hand over the company’s money.
Crimes such as these are more “low risk” since the identity being stolen is not tied to one person. The money being stolen is less likely to be missed since the company has any number of legitimate accounts payable and the fraudulent charges are just a few “trees in the forest.”
Stealing From Customers
There are many examples of ways identity thieves use legitimate company names to steal from its customers. One such scam that the International Chamber of Commerce estimates involved more than $3.9 billion, thieves would set up phony web sites that looked like the real thing and induced people to provide credit card numbers and other personal data that was used for further crimes. According to security professionals, thieves pay computer “crackers” by the account number for such information.
In another well publicized theft, Bank of America said it “lost” computer tapes containing the account information of 1.2 million customers, including some members of Congress. There have been other cases where companies have been caught selling that personal information. Still another case of corporate identity theft involved a fraudulent advertisement being placed in the name of a legitimate business offering low-interest loans. People who called the fraudulent telephone number sent in thousands in processing fees for loans they never received.
One of the most clever ways of engaging in identity theft is through what has been come to be know as “social engineering.” In short, social engineering simply means tricking someone into believing they are providing information to a legitimate source. Another method of acquiring personal information that can be grouped under the heading of social engineering is “dumpster diving,” or rummaging through trash.
In both cases, these are ways of getting a person’s vital personal information in order to commit a crime without the person knowing. In most cases people who have been the victims of social engineering had a hand in helping the thieves get the information.
A very popular way to socially engineer access to personal information is by using the phone. This can be done many ways but one common example is the phone call that begins, “you are receiving this call because you answered an ad or requested information about … .” Often the caller also might add “you have a credit card with the last four digits … .” Then they ask for permission to use that card. In the process of the call, the potential victim might be tricked into giving out the entire credit card number or providing other identifying information such as their Social Security number.
These and other calls, such as those asking the person to answer questions for a survey, might well be legitimate, but they might not. It is not uncommon for the social engineer to mask the request as part of defense against fraud. Savvy social engineers catch a person off guard by claiming that someone else has tried to gain access to their account information, they then claim that in order to reactivate the account they must get confirmation of account numbers and often other information, such as log in names and even passwords. Before long the victim has handed over just the information the thieves wanted.
Scams such as this are becoming quite common on the internet. People whose email addresses have been sold and resold many times to mass mailers can get two or three such fraudulent emails a day. Just as with social engineering by telephone, the thieves often disguise the attempt to gain the information by saying they are trying to investigate fraud. In many cases these can take the form of legitimate-looking surveys or web sites with similar – but not quite the same – names as established companies.
One such tried and true scam is known as the “Nigerian” letter. This email is sent supposedly by someone in Nigeria (or any number of other countries these days) asking for monetary help. The fictional “Nigerian” is supposedly caught in civil war and unable to gather necessary funds to “escape.” Once the recipient, who is promised a portion of the money if they help, gives out their bank information, there is a withdrawal but no deposit.
These days the list of known identity theft scams is as long as the list of people who are likely to fall for them. A number of private security firms and several government agencies post descriptions of these scams as they surface. Often these scams play on the greed of the individual or a person’s compassion by pretending to be part of a disaster or other relief agency.
Some of these scams prey on people least able to absorb the loss. Either through the internet, by telephone, or through the mails, identity thieves target the elderly, the unemployed, or those most in need of financial help. Unfortunately, those desperate for financial assistance or relief themselves, often make easier victims.
One of the best places to keep abreast of these identity theft scams is on the United States Federal Trade Commission (FTC) web site. The site issues regular reports when new scams are uncovered and reported. The site details how these scams are organized, what they involve, and how they are carried out. In many cases, the scams are veiled as investigations of the very type of fraud they are perpetrating.
Another good source of learning about specific identity theft scams is the Federal Bureau of Investigation (FBI) web site. Much like the FTC, the FBI issues bulletins about new scams just like computer security firms issue notices about new computer viruses. In both cases, being forewarned is the best way of avoiding falling into the trap of a current scam.
Many of the scams have generic components. One of the biggest detailed on the FTC web site is the “Nigerian” letter. The scam can be in the form of an email or a letter in the mail asking for help in moving money out of a country involved in turmoil or a civil war. If the recipient will share their bank account information, they will get to share in the funds moved out of the country. A recent poll estimated that this now famous “Nigerian” scam accounts for up to 19 percent of all such scams reported.
The list of such scams is lengthy. Most involve internet scams that seek information such as Social Security numbers and other personal data, supposedly for legitimate purposes. These can include job advertisements, newsletter sign ups, or even offers to send a “free” credit report. They might also be offers of a free gift or notification that the recipient has won a drawing or even a request for funds to aid earthquake or tsunami victims.
In today’s world, good credit is extremely important. Buying a car or house depends on having a good credit score. Credit ratings are even used by some employers when deciding who to hire for a job.
Unfortunately, the task of monitoring one’s credit report can be a source for identity theft itself. One of the most common scams for identity thieves is to send email or mail offers for sending a person a “free” copy of their credit report. To get that free report, a person has to give over the very personal information that allows someone else to steal their identity and ruin that credit.
The Big Three
When it comes to tracking a person’s credit score, there are three security firms that know more about most people than they do themselves. These are the companies who legally look over our shoulders and track just about everything we do, financially. They also are the firms lenders and other companies rely on when they want to know about us.
The big three credit reporting bureaus are Equifax, Experian (formerly known as TRW), and Trans Union. All three operate in basically the same way and all of them have records on just about everyone. By the end of 2005, every consumer in the United States will be able to obtain a free copy of their credit report annually. This measure has been put in place to try and stem the increase in identity theft by encouraging consumers to examine their report.
Good and Bad
Security experts urge people to get a copy of their report annually from these reporting agencies. This is a sure way of uncovering fraudulent information that has made its way into one’s report. It also is the first step to take in reporting and correcting an identity theft. While it sometimes can be a complicated and lengthy process to get incorrect information fixed, it is a lot better than letting that information go uncorrected.
Because checking up on credit reports is so important, it has become a way of stealing identities. Most people get either emails or letters offering to provide them with copies of their credit reports for free. According to law enforcement agencies, nearly all these offers are bogus. They are intended to get someone to hand over their Social Security numbers and other personal data for just the type of crime the respondents are trying to guard against.
Federal Trade Commission
When researching the topic of identity theft or trying to find ways of battling the crime, the best source to consult is the United States Federal Trade Commission (FTC). The FTC is the government agency charged with upholding fair and legal business practices along with investigating fraud and identity theft.
In fact, identity theft is an area of special interest for the FTC. The agency can provide materials to help report identity theft and offers advice for how people should go about getting their financial lives back together after being victimized. The FTC also catalogs reports and statistics on identity theft and keeps tabs on trends and current scams.
To find out information on the FTC’s current battle to curb identity theft visit their web site. It contains sections devoted to both personal and commercial identity theft and even has a version completely in Spanish. Visitors to the site can read up on known scams and learn ways to protect themselves. There also is extensive information on what to do should you become a victim of identity theft.
One of the most important jobs of the FTC is investigating cases of identity theft. The agency maintains the Identity Theft Data Clearinghouse that catalogs more than 815,000 reported complaints. It tracks the complaints and provides a resource for those wishing to learn about other complaints related to their case.
The FTC also provides referrals to other government agencies and firms involved in the fight against identity theft. The references include links to web sites and telephone numbers for contacting these agencies either to gain more information or to report identity theft. The agency web site also catalogs press releases and explanations of current regulations and what they mean for consumers.
Among the resources offered by the agency are numerous publications explaining identity theft and what to do should it happen to you. These can be obtained through the mail or on compact disc, or downloaded from their web site. There are dozens of these publications that cover specific topics ranging from how military personnel can handle the special challenges of protecting themselves to ways to identify fraudulent schemes.
For those worried about identity theft and how to combat it, there is help out there. Unfortunately, a lot of it comes in the form of legalistic sounding reports and explanations that can leave most consumers more confused afterward. Luckily, for those who want to use their computers as a line of defense, there are plenty of commercially available products to help.
In this case, internet users can use the same tool to protect themselves that puts them in the most danger in the first place. Ironically, some programs out there can be both a source of defense and a threat. What some people use to track their personal information, others can use to steal it.
When it comes to protecting a computer from intrusions and attempts to steal personal information, there are many types of tools, just as there are many ways for hackers to attack a computer. Not all attacks are aimed at stealing personal data to be used for identity theft, but just about all the malicious software in the world can be adapted for that purpose. These range from viruses and spyware to direct intrusions aimed at taking over a computer and turning it into a “zombie,” a computer employed for illegal activity.
There are two basic forms of computer defense that no one can do without these days. They are virus scanning software and a personal firewall. Virus detection programs have been deemed essential for many years, but are even more so today. With “always on” broadband internet connections firewalls have moved out of the realm of the corporate world and into the home. Firewalls monitor attempts by remote computers to access the home computer and block both incoming and outgoing communications as per the user’s specifications.
There are many cyber security firms out in the world that specialize in providing such protections. Two other big names are Symantec and McAfee. Both these companies market an array of programs aimed at protecting individuals against identity theft. Some block attempts at theft, while others seek to cover or erase the “trail” left from internet surfing and online financial activity.
These two big name companies and others also serve as watchdogs alerting the public to new scams and security flaws that are found in popular operating systems and internet browsers. They also provide regular updates to their software as new threats are identified and investigated. Some smaller companies sell add-ons to popular software offerings that target specific threats, such as identity theft.
With identity theft being the hot topic that it is, there are plenty of resources for people interested in getting more information or wanting to report a case. The list of available resources covers the entire spectrum. There are web sites, both government and private, that offer advice, hints, and tips about identity theft. There are books galore covering the topic.
Banks and other financial institutions also seem eager to educate their account holders on the subject. There are any number of private security firms that devote much of their talent and expertise to battling identity theft. Also, a growing number of company information technology departments (IT) are now working to deter such crimes and can be a solid resource for employees.
By far, the most extensive resources available to consumers concerning identity theft can be found on the internet. Several government agencies maintain web sites and man consumer hotlines on the crime. In particular, web sites run by the United States Department of Justice (DoJ), the Federal Trade Commission (FTC), the Postal Inspection Service, and the Federal Bureau of Investigation (FBI) all have sections devoted to identity theft.
Of these, the FTC site might contain the most information. If it does not have what someone is looking for, it does have links to just about any other useful site on the net. Included on this site is a form that can be used for reporting a case of identity theft. This can be very helpful in starting the process of reclaiming your identity. Other common resources these sites have are advice for discovering if someone is using your name illegally and the various steps to take for correcting the problem.
If there is a strong government presence covering identity theft, there are more extensive resources available from private businesses. Companies who sell computer security software, such as Symantec and McAfee, are more than willing to educate the public about the problem of identity theft, as well as sell their products. While those are the two most recognized names in security, there are many others. Still, a word of caution here, some web sites and email offers for protection against identity theft really are scams aimed at stealing personal data.
Everyone has heard the horror stories about what can happen if their identity gets stolen. Banks accounts get emptied, debts are incurred, and people have even been arrested for crimes committed by an impersonator. While the best defense is to make sure personal information is not stolen in the first place, it also is essential to know what steps to take in the event it should it happen to you.
The good part about this is that identity theft has become such a hot topic that government agencies and private companies are more willing to help than in years past. Reporting the crime to police, the United States Federal Trade Commission (FTC), or the Federal Bureau of Investigation (FBI) has been streamlined and authorities are better educated on how to investigate the crime.
The most important advice about recovering from identity theft is to be proactive and aggressive. Security experts advise people to check their credit reports at least once a year to look for false information. Since the first most people learn about the crime is when bill collectors start calling or threatening letters start arriving, taking the step of checking the reports and studying monthly credit card statements can provide a leg up.
Consumers also should act quickly when there is a question about their bills. Most banks and credit card issuers these days will not hold people liable for fraudulent charges if they are reported quickly. If there is a suspicious charge on a statement, be it the phone bill or a credit account, call about it as soon as it is discovered. Even one phony long-distance phone call this month could lead to the thief expanding the fraudulent use of a person’s identity in the future.
Report The Crime
Government agencies, such as the FTC or the FBI, charged with investigating identity theft have made it easy to report cases. Once a person has determined someone is stealing their identity, they are advised to make sure to file a report with the police and with other agencies. The FTC web site features an affidavit for use by victims of fraud that gets the report into the right hands quickly. The agency also maintains a database of complaints people can check to monitor the progress of an investigation.
With a police report in hand, identity theft victims can then use that to inform those with whom they have credit and other accounts. There are several steps that need to be taken, including closing all accounts and opening new ones with fresh account numbers and personal information numbers (PINs). Checklists of these steps can be found on the FTC, FBI, and Department of Justice web sites.