What is Identity Theft?

According to the Federal Trade Commission identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make or until you’re contacted by a debt collector.
Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.

Definitions of Identity theft on the Web:

According to the non-profit Identity Theft Resource Center, identity theft is sub-divided into four categories:

  • Financial Identity Theft (using anothers identity to obtain goods and services)
  • Criminal Identity Theft (posing as another when apprehended for a crime)
  • Identity Cloning (using anothers information to assume his or her identity in daily life)
  • Business/Commercial Identity Theft (using anothers business name to obtain credit)

Identity theft may be used to facilitate crimes including illegal immigration, terrorism and espionage. Identity theft may also be a means of blackmail. There are also cases of identity cloning to attack payment systems, including medical insurance.

How Many Identity Theft Victims Are There? What Is the Impact on Victims?

The number of US adult victims of identity fraud decreased from 10.1 million in 2003 and 9.3 million in 2005 to 8.4 million in 2007. Total one year fraud amount decreased from $55.7 billion in 2006 to $49.3 billion in 2007. The mean fraud amount per fraud victim decreased from $6,278 in 2006 to $5,720 in 2007. The mean resolution time was at a high of 40 hours per victim in 2006 and was reduced in 2007 to 25 hours per victim. The median resolution time has remained the same for each Survey year at 5 hours per victim.

Recommendations for consumers include:

  • Cancel your paper bills and statements wherever possible and instead check your statements and pay bills online. Monitor your account balances and activity electronically (at least once per week).
  • If you do not have access to online accounts, review paper bank and credit card statements monthly and monitor your billing cycles for missing bills or statements.
  • Use email based account alerts to monitor transfers, payments, low balances and withdrawals and review your credit report (now available for free annual review).

How do thieves steal an identity?

The Federal Trade Commission tells us that identity theft starts with the misuse of your personally identifying information (PII) such as your name and Social Security number, credit card numbers, or other financial account information. For identity thieves, this information is as good as gold. Skilled identity thieves may use a variety of methods to get hold of your information, including:
1. Dumpster Diving. They rummage through trash looking for bills or other paper with your personal information on it.
2. Skimming. They steal credit/debit card numbers by using a special storage device when processing your card.
3. Phishing. They pretend to be financial institutions or companies and send spam or pop-up messages to get you to reveal your personal information.
4. Changing Your Address. They divert your billing statements to another location by completing a change of address form.
5. Old-Fashioned Stealing. They steal wallets and purses; mail, including bank and credit card statements; pre-approved credit offers; and new checks or tax information. They steal personnel records, or bribe employees who have access to your personal information.
6. Pretexting. They use false pretenses to obtain your personal information from financial institutions, telephone companies, and other sources.
7. Retrieving (Wekipedia adds) information from redundant equipment which has been disposed of carelessly, e.g. at public dump sites, given away without proper sanitizing etc.
8. Stealing payment or identification cards, either by pickpocketing or surreptitiously by skimming through a compromised card reader
9. Remotely reading information from an RFID chip on a smartcard, RFIDenabled credit card, or passport 10. Trojan horses, hacking Stealing personal information in computer databases.
11. Advertising bogus job offers (either full-time or work from home based) to which the victims will reply with their full name, address, curriculum vitae, telephone numbers, and banking details
12. Infiltration of organizations that store large amounts of personal information 13. Obtaining castings of fingers for falsifying fingerprint identification.
14. Browsing social network (MySpace, Facebook, Bebo etc) sites, online for personal details that have been posted by users
15. Simply researching about the victim in government registers, at the Internet, Google, and so on.

What is “pretexting” and what does it have to do with identity theft?
Pretexting is the practice of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, to steal your assets, or to investigate or sue you. Pretexting is against the law.
Pretexters use a variety of tactics to get your personal information. For example, a pretexter may call, claim he’s from a research firm, and ask you for your name, address, birth date, and social security number. When the pretexter has the information he wants, he uses it to call your financial institution. He pretends to be you or someone with authorized access to your account. He might claim that he’s forgotten his checkbook and needs information about his account. In this way, the pretexter may be able to obtain other personal information about you such as your bank and credit card account numbers, information in your credit report, and the existence and size of your savings and investment portfolios.
Keep in mind that some information about you may be a matter of public record, such as whether you own a home, pay your real estate taxes, or have ever filed for bankruptcy. It is not pretexting for another person to collect this kind of information.

By law, it’s illegal for anyone to:

  • use false, fictitious or fraudulent statements or documents to get customer information from a financial institution or directly from a customer of a financial institution.
  • use forged, counterfeit, lost, or stolen documents to get customer information from a financial institution or directly from a customer of a financial institution.
  • ask another person to get someone else’s customer information using false, fictitious or fraudulent statements or using false, fictitious or fraudulent documents, or forged, counterfeit, lost, or stolen documents.

Why Do We Need to Worry About Dumpster Diving?
The best thing about it for people who make a living off the practice is that generally this is a LEGAL livelihood! Stealing trash is not illegal according to The Supreme Court ruling in 1988 that stipulated once an item is left for trash pickup, there is no expectation of privacy or continued ownership. If you do a Google search on the Internet, there are over 842,000 pages dedicated to dumpster diving. There are thousands of WebPages dedicated to the fine art, techniques and guidelines to successful dumpster diving.

It should in my opinion and others, be a first step consideration in any serious business or personal intrusion. The dumpster diving hacker can map out the target, understand the interpersonal relationships that can be subverted, and most important, can glean technical details, often passwords and account names from the tons of trash they are swimming in.

When it comes to businesses, taking papers from dumpsters outside offices is a common tactic used by commercial information brokers as well as foreign intelligence services. “Trash cover” is a standard methodology used by investigators and intelligence agents throughout the world. It involves collecting and going through the trash left out for collection in front of residents and businesses. Trash may also be stolen from waste baskets by cleaning crews.

In the aspect of residential trash; It is estimated that upwards of 80 percent or more households do not take the necessary steps to prevent dumpster diving or make it less of an effective tactic for thieves. Instead, they let their sensitive, personal information sit at the curb–waiting to be harvested.

Consider the fact that we all get mail and have documents that contain some very personal information. Credit card and bank statements, utility bills, insurance polices medical records and more. All of which, contain critical pieces of the puzzle that once put together by an identity thief, can be used to exact a financial quagmire that could literally, take years to recover from.

There is an old saying that “one man’s trash is another man’s treasure.” That is certainly true in the intelligence world.

Some of the things that dumpster diving, hackers look for are as follows:

  • Phone lists Helps map out the power structure of the company, and gives possible account names, and is essential in appearing as a member of the organization.
  • Memos Reveal activities inside the target organization.
  • Policy manuals Today’s employee manuals give instructions on how not to be victimized by hackers, and likewise help the hacker know which attacks to avoid, or at least try in a different manner than specified in the policy manual.
  • Calendars of events Tells the hackers when everyone will be elsewhere and not logged into the system. Best time to break in.
  • System manuals, packing crates Tells the hackers about new systems that they can break into.
  • Print outs
  • Source code is frequently found in dumpsters, along with e-mails (revealing account names), and Post It & tm; notes containing written passwords.
  • Disks, USBs, CD-ROMs People forget to erase storage media, leaving sensitive data exposed. These days, dumpsters may contain larger number of “broken” CD-Rs. The CD-ROM “burning” process is sensitive, and can lead to failures, which are simply thrown away. However, some drives can still read these disks, allowing the hacker to read a half-way completed backup or other sensitive piece of information.
  • Old hard drives Like CD-ROMs, information from broken drives can usually be recovered. It depends only upon the hacker’s determination.
  • Organizational changes, such as mergers, acquisitions, and “re-orgs” leave the company in disarray that can be exploited by hackers (in much the same way those hackers look upon January 1, 200X as a prime hacking day).

Dumpster Diving is when an identity thief will go through your trash in order to obtain copies of your checks, credit card or bank statements, or other records-all for the sake of harvesting your personally identifiable information to steal your identity.

Another thing to consider is Tax Season is Bringing Out Identity Thieves!

A number of clients have recently reported to their tax preparation services that they have been receiving calls from someone posing as a representative from the Social Security Administration. The caller began the conversation by talking about the pending Congressional leaders announcement where a deal with the White House on the economic stimulus package would give most tax filers refunds of $600 to $1,200, and more if they have children. The caller went on to solicit from consumers their Social Security number stating confirmation of their number would ensure they received their rebate checks within the next 6 7 months.

The Social Security Administration is not making a conscience effort to confirm consumer identification numbers. You need to be aware that identity thiefs are however and they use a number of tactics to steal your identity.

Spoofing is generally used by thieves as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft. An attempt to fraudulently acquire sensitive financial or personal information, such as credit card information or a Social Security number, by impersonating a business representative or trustworthy person is also known as a Phishing attempt and is usually initiated through e-mail, phone calls or Instant Messaging.

Thieves do not just collect Social Security Numbers. They are also after your telephone records, date of birth and your bank and credit card account numbers. This information is a personal asset as well and people who illegally solicit this information are also known as pretexters. It is yet another name for identity theft and Pretexting is (like the other practices mentioned) a means of getting your personal information under false pretenses. Pretexters sell your information to people who may use it to get credit in your name, steal your assets, or to investigate or sue you. Pretexting is against the law.
Whether it is by means of Spoofing, Phishing or Pretexting the tactics are all designed to get your personal information. According the Federal Trade Commission For example, a pretexter may call, claim hes from a survey firm, and ask you a few questions. When the pretexter (lets just call it a thief) has the information they want, it is used to call your financial institution. The thief pretends to be you or someone with authorized access to your account. They might claim that they have forgotten their checkbook and need information about their account. In this way, the criminal may be able to obtain personal information about you such as your SSN, bank and credit card account numbers, information in your credit report, and the existence and size of your savings and investment portfolios.
Keep in mind that some information about you may be a matter of public record, such as whether you own a home, pay your real estate taxes, or have ever filed for bankruptcy. It is not pretexting for another person to collect this kind of information.

The United States Department of Justice advises us that, Many people do not realize how easily criminals can obtain our personal data without having to break into our homes. In public places, for example, criminals may engage in “shoulder surfing” i.e. watching you from a nearby location as you punch in your telephone calling card number or credit card number or listen in on your conversation while you give your credit-card information.

They further advise us If you receive applications for “preapproved” credit cards in the mail, but discard them without tearing up the enclosed materials, criminals may retrieve them and try to activate the cards for their use without your knowledge. (Some credit card companies, when sending credit cards, have adopted security measures that allow a card recipient to activate the card only from his or her home telephone number but this is not yet a universal practice.) Also, if your mail is delivered to a place where others have ready access to it, criminals may simply intercept and redirect your mail to another location.

Additionally, The Department of Justice states, In recent years, the Internet has become an appealing place for criminals to obtain identifying data, such as passwords or even banking information about you. In their haste to explore the exciting features of the Internet, many people respond to “spam” unsolicited E-mail that promises them some benefit but requests identifying data, without realizing that in many cases, the requester has no intention of keeping his promise. In some cases, criminals reportedly have used computer technology to obtain large amounts of personal data.
Examples of identity theft provided by Wikipedia (The free Internet Encycopedia are as follows;

Financial identity theft

A classic example of credit-dependent financial crime (bank fraud) occurs when a criminal obtains a loan from a financial institution by impersonating someone else. The criminal pretends to be the victim by presenting an accurate name, address, birth date, or other information that the lender requires as a means of establishing identity. Even if this information is checked against the data at a national credit-rating service, the lender will encounter no concerns, as all of the victim’s information matches the records. The lender has no easy way to discover that the person is pretending to be the victim, especially if an original, government-issued id can’t be verified (as is the case in online, mail, telephone, and fax-based transactions). This kind of crime is considered non-self-revealing, although authorities may be able to track down the criminal if the funds for the loan were mailed to him. The criminal keeps the money from the loan, the financial institution is never repaid, and the victim is wrongly blamed for defaulting on a loan he never authorized.
Other forms of examples of bank fraud associated with identity theft include “account takeovers,” passing bad checks, and “busting out” a checking or credit account with bad check, counterfeit money order, or empty ATM envelope deposits.

Identity cloning and concealment

In this situation, a criminal acquires personal identifiers, and then impersonates someone for concealment from authorities. This may be done by a person who wants to avoid arrest for crimes, by a person who is working illegally in a foreign country, or by a person who is hiding from creditors or other individuals. Unlike credit-dependent financial crimes, these crimes can be non self-revealing, continuing for an indeterminate amount of time without being detected.

Criminal identity theft

When a criminal identifies himself to police as another individual it is sometimes referred to as “Criminal Identity Theft.” In some cases the criminal will obtain a state issued ID using stolen documents or personal information belonging to another person, or they might simply use a fake ID. When the criminal is arrested for a crime, they present the ID to authorities, who place charges under the identity theft victim’s name and release the criminal. When the criminal fails to appear for his court hearing, a warrant would be issued under the assumed name. The victim might learn of the incident if the state suspends their own drivers license, or through a background check performed for employment or other purposes, or in rare cases could be arrested when stopped for a minor traffic violation. It can be difficult for a criminal identity theft victim to clear their record. The steps required to clear the victim’s incorrect criminal record depend on what jurisdiction the crime occurred in and whether the true identity of the criminal can be determined. The victim might need to locate the original arresting officers, or be fingerprinted to prove their own identity, and may need to go to a court hearing to be cleared of the charges. Obtaining an expungement of court records may also be required. Authorities might permanently maintain the victim’s name as an alias for the criminal’s true identity in their criminal records databases. One problem that victims of criminal identity theft may encounter is that various data aggregators might still have the incorrect criminal records in their databases even after court and police records are corrected. Thus it is possible that a future background check will return the incorrect criminal records.
Even though the laws are on your side, its wise to take an active role in protecting your information. The Federal Trade Commission recommends the following actions;

1. Dont give out personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with. Pretexters may pose as representatives of survey firms, banks, Internet service providers and even government

agencies to get you to reveal your SSN, mothers maiden name, financial account numbers and other identifying information. Legitimate organizations with which you do business have the information they need and will not ask you for it.
2. Be informed. Ask your financial institutions for their policies about sharing your information. Ask them specifically about their policies to prevent pretexting.
3. Pay attention to your statement cycles. Follow up with your financial institutions if your statements don’t arrive on time.
4. Review your statements carefully and promptly. Report any discrepancies to your institution immediately.
5. Alert family members to the dangers of pretexting. Explain that only you, or someone you authorize, should provide personal information to others. 6. Keep items with personal information in a safe place. Tear or shred your charge receipts, copies of credit applications, insurance forms, bank checks and other financial statements that youre discarding, expired charge cards and credit offers you get in the mail.
7. Add passwords to your credit card, bank and phone accounts. Avoid using easily available information like your mothers maiden name, your birth date, the last four digits of your SSN or your phone number, or a series of consecutive numbers.
8. Be mindful about where you leave personal information in your home, especially if you have roommates or are having work done in your home by others.
9. Find out who has access to your personal information at work and verify that the records are kept in a secure location. Checking your credit report annually can help you catch mistakes and fraud before they wreak havoc on your personal finances.

Order a copy of your credit report from the three nationwide consumer reporting companies every year. (Experian for example or Nodle)

We are far from being completely informed! I have more to say about credit reports, proactive measures (pros and cons) in later chapters as well.

Do not mean to be redundant but, there is just so much to consider about this ever expanding criminal activity, countering it and self preservation measures. If you do not have the time or expertise to put measures in place to protect you and your family’s identity consider visiting a credit protection service that can put the appropriate measures in place to preserve your good name, credit and assets.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s