Identity Theft Check

If you have regularly thrown out your Person Identifying Information (particularly if you live in a city or large town) or if you have recently lost or had stolen important personal documents like your passport or driving licence, you should take steps to check to see if you have already been targeted by identity fraudsters.

How can you know if your personal information has been compromised? The British Home Office suggests you look out for any of the following:

- post that you have been expecting from the bank does not arrive

-  you are receiving no post at all

- items appear on your bank / credit-card statements that you know you have not purchased

- you have applied for a state benefit of some sort but you are told that you are already claiming it

- you receive bills, invoices or receipts through the post for products or services you haven’t purchased or asked for 

- you have been refused a financial service, such as a credit card or a bank/private loan, despite knowing you have a good credit history

- you receive a new mobile-phone contract, in your name, but whicjh you have not ordered or applied for

- you have been sent correspondences from solicitors or debt collecting agencies for debts that you know are not yours

- financial institutions that you have not dealt with contact you to pursue an outstanding debt.

- you find entries in your personal credit file from organisations you do not normally deal with

To check your credit rating and to look at your entire credit file, apply to any one of the following agencies. I report costs about £2 and is well worth checking:

Call Credit – http://www.callcredit.plc.uk/

Equifax – http://www.equifax.co.uk/

Experian – http://www.experian.co.uk/

Remember, if you have been contacted by any company or organisation about bills that you know are not yours, be sure to document every conversation you have with these companies, asking for the names of the people speaking to you and reference or case numbers where relevant.

Do not wait for things to sort themselves out. If you are a victim of identity fraud you must be proactive.

One of the most endemic forms of internet fraud comes in the form of what is commonly referred to as ‘phishing’. This is when a would-be (or actual) criminal impersonates a trusted institution, company or organization in an email in an attempt to make you reveal personal information.

Can you think how many “I am the Finance Minister of an African state overrun by guerrillas. Please give me your banking details so I can put a bazillion US Dollars in it for safe keeping” scams you have seen or heard of circulating the net?

But not all of these scams are quite so embarrassingly obvious, with some being highly sophisticated forms of fraud.

Entire bogus websites have been created in the past that replicate perfectly the legitimate websites of certain banking companies, and if you follow the link in the email sent to you by such fraudsters there are often very few clues to indicate that you aren’t at the legitimate website of your online banking account. If you enter your account number and security codes you are then certain to be robbed.

The trick here is to never email you bank account details back to your bank. No bank asks you to email them your passwords or account details. Likewise, do not follow links in emails that seem to be from your bank, instead just type their web-address into your browser and go there yourself to verify whatever claims are being made in the email.

Another form of ‘phishing’ is when you receive emails offering bogus job offers. These are intended to harvest your full name, address, CV, telephone numbers and, if they can get away with it, your banking details.

Don’t be fooled into thinking that as long as you don’t send your banking details you cannot be affected by some sort of scam. A friend of mine once gave her name, postal address, email address and messenger details to what she thought was a potential employer just so that she could receive more information about the ‘job’ being offered. She then received a batch of sealed boxes in the post that her would-be ‘employer’ told her was sent by mistake and asking if he could pop around to pick them up.

He did, but it turned out that the goods were by fraud or were illegal in themselves (my friend didn’t find out which). She was arrested a fortnight later and had her laptop computer and her Nokia 6500 Classic mobile phone confiscated for analysis as part of a major investigation into whatever internet crime she was implicated in.

The whole process was very invasive, with all her private computer files, emails and mobile phone messages being analysed by the police, before finally being acquitted without charge.

Another thing to watch out for is posting too much personal information on internet social network sites like MySpace or Facebook. Some criminals spend hours surfing through accounts that do not have strict enough security settings, harvesting information that may be used for various unwholesome deeds…

You have been warned…!

One of the most common forms of illicit (if not always illegal) PII acquisition comes from the harvesting of email addresses by various companies in order to send out seemingly endless amounts of advertising in the form of ‘junk mail’.

There are, however, more acute threats to our security that come from electronic sources and resources.

Having our computers ‘hacked’ into or infected with a ‘Trojan Horse’ virus or ’spyware’ are sure-fire ways to lose sensitive information. Hacks and some viruses can give another party access to our computer files and at the very least may reveal our email addresses, our friends’ email addresses, our internet browsing habits and even internet account passwords – all of which can be used for potentially nefarious and certainly nuisance ends.

The worst that can happen from having a compromised computer would be having private files sent across the internet without our knowledge to someone who wishes to use any sensitive information contained within them for criminal activities (such as fraud and theft).

Always be sure to have an active firewall and anti-virus software running when you are online and never download any files or programs from sources you don’t trust absolutely.

Similarly, private information can be gleaned from old and discarded computer equipment that has not been reformatted, destroyed or otherwise rendered unreadable before disposal. Never throw out a computer without first having at least deleted all relevant personal information from it.

In fact the best course of action might be to send your computer to a trusted source for reformatting and recycling, that way you protect your personal data and also help minimise your carbon footprint in some small (but always important) way.

Although there are some cases of illicit PII acquisition that we cannot protect ourselves from because the potential for doing so is even not in our hands (as with government databases and the like), the majority of identity crimes come about through the acquisition of information we can control the dissemination of to a greater or lesser extent.

Letters, bank statements and other personal details in our rubbish bins are not safe. Make sure that if you put any old bank statements or indeed anything at all that gives away account numbers, security numbers or banking or insurance details of any kind have been thoroughly sanitised before disposal.

This means shredding or completely ripping up the documents in question; blacking out with ink sensitive material or using white-out for the same purpose; or else burning the documents – although this is the least environmentally friendly option.

There have been some reported cases where criminals have used information they have found in rubbish bins and dmupsters to divert statements and billing information to another address to either harvest current legitimate account details or else to delay the discovery of fraudulent accounts those criminals then set up.

Credit, debit, national insurance and medical cards can be stolen from our pockets or handbags while we are out on the street or while sitting in a restaurant/café or theatre of some kind.

Always take sensible precautions with your cash-cards, purses and wallets while out on the street, especially in cities or when walking through dense crowds of people – the favoured hunting grounds of pickpockets.

Having our credit or debit cards swiped through a compromised card reader can reveal our card details and may allow criminals to deduct more money from our account for themselves.

If you are in any sort of establishment where you have reason to be concerned, always ask for your card to be swiped in front of you. Most establishments now have portable chip-readers that require you to enter a PIN, so this shouldn’t be a problem.

Be aware that PIN numbers can also be stolen by people looking over our shoulders and cash-points and other personal information (like security questions and answers) can be gleaned by people eavesdropping in on our public transactions at banks.

Identity crimes can be boiled down into three general categories: theft, obfuscation and manipulation.

Although there is considerable crossover to many of the points in these categories, the primary motivations between them are relatively distinct:

Theft:

This is stealing directly from the person whose personal details you have stolen or those that person has some financial agreement with. This can include taking money directly from their bank accounts or using their credit/debit or insurance details to acquire goods and services for yourself.

It can also include stealing from a company by using that company’s details to gain credit or receive services, products or any form of trade.

Obfuscation:

Criminal obfuscation is when a stolen identity is used to hide one’s own identity during a criminal activity. This could include posing as someone else when being questioned or apprehended by legal authorities or using someone else’s contact details as a drop-off point for stolen or illicit goods that will be collected later.

Identity obfuscation is a common tactic for many vice crimes (like blackmail) and also for more organised and/or lethal criminal activities such as illegal immigration and ‘people smuggling’, the international drugs trade, terrorism and even espionage.

Manipulation:

This general heading covers some of the more bizarre and hardest to legislate-against aspects of potential identity crimes, such as using someone else’s personal information to impersonate him or her in daily life, either to defame that person or gain credit for that person’s achievements.

Clearly then, identity crimes are quite diverse and it is rare that one of the above-described general ‘types’ of identity crime will exist without the others – so a theft crime invariably involves criminal obfuscation as well, etc.

Just to be clear from the outset, and to state the obvious, unless someone can take control of your mind or else create an exact clone of you, it is not possible to steal your identity. You remain ‘you’ regardless of what is stolen from you or stolen in your name.

‘Identity theft’ could perhaps more accurately be described as a sort of identity fraud that involves stealing money, items, services or resources, or to execute any other illegal act, by impersonating someone else. The theft can be from the person being impersonated or from a third party in the name of the impersonated person.

This means that the primary victim of identity theft  is the person whose identity has been ‘stolen’, as this person will either lose money from his or her bank account or will face the consequences of crimes done while using their identity. Suffice to say, misappropriating other people’s identities for personal gain is completely illegal in most countries.

The UK Home Office Identity Theft Steering Committee uses ‘Identity Crime’ as the catch-all term for Identity Theft, creating a False Identity or committing Identity Fraud.

The committee has forwarded the following definitions of the different sorts of identity crimes:

False Identity is either a fictitious (i.e. invented) identity, or else an existing (i.e. genuine) identity that has been altered to create a fictitious identity.
 
Identity Theft is when sufficient information about an identity is obtained to facilitate Identity Fraud, irrespective of whether, in the case of an individual, the victim is alive or dead.

Identity Fraud occurs when a False Identity or someone else’s identity details are used to support unlawful activity, or when someone avoids obligation/liability by falsely claiming that he/she was the victim of Identity Fraud.

It is worth noting however that these definitions are not legal binding and nor are they tied to specific criminal offences. They also apply to both individual and corporate Identity Crime.