Prevalence & Statistics
I.T. availability and understanding grows amongst the world’s population as does the increase of Identity Theft. Those who perpetrate this crime constantly invent new ways of obtaining the victims personal and private information.
In June 2005 reported that its study returned that 13% of all internet users had stated that they or a member of their household had been the victim of identity theft. In today’s terms there are estimated to be in the region of 1.1 Billion internet users which at 13% identifies a staggering 143 Million cases of identity theft.( )
Geographically many scams are reported to originate from Eastern Europe and some African Countries with the majority of victims being located in Western Europe and the United States of America. (http://www.cifas.org.uk)
The DCPCU (Dedicated Cheque and Plastic Crime Unit) reports that in the UK during 2006 whilst credit and debit card fraud losses had reduced against 2005, the total card fraud losses amount to £439.4M in 2005 and £426M in 2006.
It breaks down losses further on variances between 2005 and 2006 as follows:-
Within those statistics the total fraudulent transactions carried out in the UK amounted to £309.8M a decrease of 13% on 2005 and fraudulent transactions made abroad amounted to £118.2M with an increase on 2005 of 43%.
The Criminal – Your Personal Information, Methodology & Tools
The methods used to obtain personal and private information are categorised as follows;
A card reader is a device that reads the magnetic strip on a plastic card which is used to pay for goods or services on the merchants’ site e.g. a shop, petrol station or a restaurant. This magnetic strip contains information about the card, relevant account(s) and in some cases, its user. A card skimming device is usually attached to a legitimate device or a memory card that can be swapped for the original into it, the information is recorded, the memory card is then replaced for the original and the cashier will then typically sell this data to a fraudster for future use.
Criminals have resorted to raiding household bins in order to obtain discarded documents, such as bank and credit card statements, utility bills and any other document that holds a victims name and address. The metropolitan police report an incidence of members of the homeless community being paid upwards of £5 per useful document obtained by bin raiding.
- Obtaining your useful documents
The criminal can obtain the victims documents via burglary, by setting up a divert/forwarding address at the post office of all the victims post, and by requesting documentation from the credit reference agencies and government departments.
The criminal will watch over the shoulder of the victim. Examples are watching whilst the victim is completing an application form or keying in his/her pin number at an ATM, a card reader may have been installed onto the ATM giving the criminal the relevant card/user details. The criminal may wait for a receipt that the victim may leave behind which may show all of part of the victims bank or card account numbers.
- Spoof Letters, Telephone Calls, Faxes and Callers at your Home.
These types of methods for obtaining the victims personal information are diverse in nature but will typically inform the victim that he/she has come into money via one of a number of sources, e.g. benefactor, inheritance or an unknown investment by a predecessor and the victims banking information is required in order that the he/she can receive it or the website and or caller may require the completion of some sort of so called “survey”, completing this survey would usually require the victim to divulge his/her personal and or financial information.
- Advance Fee Fraud (AFF) and 419 Fraud.
This type of primarily electronic fraud is perhaps among the most prevalent and continues to grow. It will take the form of email (spam often sent to millions of email addresses), postal documentation or faxes. Its pattern is said to be predictable. It will usually entice the victim into parting with their banking/private information with large sums of money allegedly due to them. It may name high ranking officials and forged official and or legal documentation to endorse legitimacy. It may involve a high profile investment portfolio, easily researchable by the victim or it may infer assistance to a charitable or religious body.
In some cases the criminal will have a website set up which will require the input of banking/personal information; it will also enable the victim to view fictitious “bank accounts” with seemingly large available balances ready to transfer to him/her. The victim may be encouraged to travel abroad in order to pay the required monies (AFF) which could be purported to be taxes, processing fees and or bribes necessary in order to progress the payment of monies that is stated to be due to them.
This typically consists of changes to registration details of the company, such as the names and addresses of the company, it directors and or its company secretary via Companies House. This can then lead to the acquisition by the criminal of financial services and goods, leaving the company in some instances with charges against their assets and payments due to creditors for goods or services it has not received.
These scams can be carried out by means of email, telephone or the receipt of bogus official faxes. One example of a telesales scam is a caller purporting to be from an advertising agency for wall planners and proceeds resulting from sales of the wall planners to be donated to charity, encouraging the company to make a donation and receiving advertising in lieu with an additional benefit of such advertising to the company as a tax deductible charitable donation. This type of scam carries the badge of “Support Publishing”. ()
The “Bogus Invoice Scam” where a company is invoiced for advertising they have not ordered nor agreed to. A contact name of an employee has been acquired by the criminal via a brief telephone call to the receptionist of the company merely enquiring as to who would authorise any advertising. The invoice is then potentially followed up by any or all of the following; demand letters, threats of court action, seizure of goods and the attendance of bogus debt collectors to the business premises.
This is potentially the most insidious tool for corporate identity theft. The following is an example as to how the criminal can access the network; A telephone call is made by the criminal to an employee purporting to be from the company’s I.T. department this call acquires the user name and password of the employee allowing the criminal to enter the network in order to obtain information, induce loss of data integrity, or acquire detailed financial information, order goods or services from the companies suppliers delivered to a non trading external address of the company to the criminal, all of which could potentially remain undiscovered for a considerable period of time.
AFFECTS ON THE VICTIM
Identity theft can have catastrophic consequences for the victim and take years to resolve. It will primarily affect or, completely destroy their financial status and will generate derogatory and false data held on public and financial sector records of their financial conduct. This could inhibit the victims’ current and future financial activities.
In cases where the victims’ identity has been used for the purposes of “life cloning” it can encroach further into the victims’ general life. In this situation the criminal may not only have falsely obtained state benefits, credit cards, bank accounts, obtained mortgages to purchase property, he/she may have an employment history in the victims name, the criminal may have created fictitious companies, committed other crimes in the victims name and may owe taxes to the government, the opportunities for the criminal having obtained the victims identity are extensive and surprisingly easy to accomplish.
Where companies are the victim of Identity Theft they may after the fact, discover that vast amount of monies for repayment are owed, their assets could be seized where a charge has been taken against them and the directors of the company may find themselves no longer named as such and their own Identity stolen. Ultimately the financial losses could result in cessation of business activities if for example if a vital piece of machinery were to be removed against which a charge had been applied or when a creditor petitions for bankruptcy for non payment of a debt not created by the company legitimately.
Preventative Measures
There are numerous ways that ones identity can be protected. Some of which are common sense and others that require more thought and investigation.
- Regularly (at least once a year) obtain a copy of a credit report for yourself from one or more of the credit agencies.
- Be aware of your mail and report any that does not appear.
- Always shred redundant documentation.
- Keep records at home in a secure, preferably locked environment.
- Only carry your cards when they are needed.
- Guard your PIN numbers and be aware of the ways that criminals obtain your information.
- Install anti-spyware, anti-virus and firewalls on your PC and or corporate network.
- Always delete any email that requests your private information that you cannot otherwise verify the source of.
- Never give your private and personal information in an email or on the telephone if you are in any doubt – remember a legitimate organisation will not be offended if you wish to carry out verification checks.
- Abide by the rule that if it looks to good to be true then chances are, it is.
- Be careful with the internet, in particular look for any anomalies in the URL of websites, as some spoof websites exist on the likelihood of an incorrect but near entry of the URL to that of the legitimate one.
- Register deceased relatives with a group that removes them from mailing lists and ensure the credit reference agencies are also aware of the event soon after it occurs.
- Be aware of your rights under the Data Protection Act.
- Identity Theft Insurances are also available.
- Reduce your mailings by registering with the Mailing Preference Service.
- Reduce the number of cold calls by registering with the telephone preference service.
- Regularly check your bank and credit card statements.
The Victims Recovery
The recovery process can be long and arduous for the victim it can take a number of years to resolve. General guidance issued by credit records agencies and the financial sector are all similar and most offer the following guidance. They state that it is essential that victim immediately contacts the credit reference agencies and places an alert on their credit file. That the victim also contacts the relevant banking institutions and credit companies and obtains a current credit report to ensure completeness. That he/she files a report with the police on discovery, and closes all accounts that have or may have been used by the criminal, the victim should consult with the the police before doing so. He/She should then open new accounts if possible. Keep records of all telephone conversations and copies of all documentation concerned with reporting of the crime and any applicable evidence. They should also inform the relevant insurance company should identity theft insurance be held by him/her. Most importantly, the victim should seek further advice.
Conclusion
The consequences of identity theft for the victim can be disastrous and difficult to resolve. The surprising ease and perpetual inventiveness of the criminal fraternity gives rise to the necessity of the individual to be aware of identity theft and the processes for stolen identity acquisition. The individual (we are all potential victims) should take basic preventative measures and great care of personal information coupled with the need to ensure timely correction of inaccurate and potential harmful records held by credit agencies and institutions, which potentially can be reported against the victim when in fact they are due to identity theft. In addition, it is clear that whilst Information Technology can be used to aid the criminal, it can also assist in the prevention of this devastating crime.
Bibliography
AUTHOR(S) (Year) Title of document [Type of resource, e.g. CD-ROM, e-mail, WWW] Organisation responsible (optional). Available from: URL address [Date accessed].
HOME OFFICE (2008)[www] Available from:[May 27th 2008]
APACS (2008)[www] Available from: [May 27th 2008]
THE BEREAVEMENT REGISTER(2008)[www]Available from: [May 26th 2008]
BUSINESS LINK(2008)[www]Available from: [May 27th 2008]
METROPOLITANPOLICE(2008)[www]Available from:http://www.met.police.uk/fraudalert/index.htm[May 27th 2008]
HOME OFFICE National Home Office Identity Fraud Steering Committee Report
Identity Fraud Consumer Awareness Group
DEDICATED CHEQUE AND PLASTIC CRIME UNIT(2002)[www]Available from: [May 27th 2008]
PUSHPA SATHISH [www] Available from: 26th 2008]
TRADING STANDARDS CENTRAL(2008)[www]Available from: 27th 2008]
AUTHOR(S) (Year) Title. Edition. Place of publication: Publisher.
JOHN R VACCA (2005)
Computer Forensics : Computer Crime Scene Investigation.2nd Edition. Hingham MA: Charles River Media