We hear about identity theft all the time. Our banks bombard us with reminders about the importance of protecting ourselves, and the U.K government regularly runs publicity campaigns highlighting the issue. Despite all this public awareness, however, instances of identity theft are at an all-time high, having reached global levels described by the Royal United Services Institute (RUSI) as “epidemic.” It seems that, while Coronavirus has ravaged the physical and mental wellbeing of the population, criminals have taken the opportunity to ravage what remains of our financial wellbeing, too.
Between 2019 and 2020, it is estimated that 3.7 million reports were made, of people being the target of fraudulent activity – a crime which now costs the U.K public sector between £31 billion and £48 billion per year. Aside from these personal and public costs, there are very real concerns about such crimes being used to fund organised crime and terrorism. Indeed, when we think about ‘identity theft,’ our thoughts tend to focus on the fear of someone stealing our savings – but the reality can be far more insidious than that.
What is identity theft?
The term ‘identity theft’ is often used interchangeably with the term ‘identity fraud.’ They are, in fact, two different things, although one usually leads to the other. Identity theft occurs when the personal details of an individual are stolen. Identity fraud occurs when stolen personal details are used to obtain goods or services. The important point to note here is that identity theft can be committed for reasons other than financial gain, and it can be committed against people who are alive or dead.
The purposes of identity theft can include:
- The concealment of a person’s real identity
Stolen personal details can allow someone to effectively ‘pose’ as a different person. Reasons can include:
- Illegal immigration status
- Evading creditors
- Posing as someone else on social media
- Evading arrest for criminal activity
- Insurance fraud
- Gaining access to finances
Stolen personal information can provide access to an individual’s personal finances. This can allow criminals to empty accounts but, more often, it allows criminals to make smaller withdrawals or direct purchases before the account owner realises anything is amiss. Similarly, it allows criminals to use the resources of an individual to launder money.
- Taking ownership of property
Though it is relatively rare, a criminal can pose as an individual in order to mortgage or sell their land or premises. This can be particularly costly to rectify, in terms of both time and money.
All these crimes are disruptive and upsetting, and have lasting repercussions for the victim. Most commonly, the impact of such actions can involve damaged credit ratings, causing problems securing mortgages and loans.
What methods do identity thieves use?
In order to protect ourselves from identity theft, we first need to understand the methods used by identity thieves.
- Public records
A significant amount of our most important personal information is a matter of public record and can be found through U.K government databases, such as the National Archives. This can include records of births, deaths, name changes, property titles, electoral registrations, and criminal court cases.
- Stealing physical documents
The theft of passports, bank or credit cards, or even household bills bearing account details can provide an identity thief with access to finances and services belonging to their target.
- Account verification questioning
Many banking institutions and service providers use questions as part of their account holder verification procedures. The maiden name of a customer’s mother, or the name of their first pet, can apply uncommon knowledge as a security feature. Identity thieves taking a more personal approach can easily defeat this – first by finding out which questions the organisation or institution is likely to ask, and then by researching the answers that are specific to their target. This can be achieved through internet research, or through simple conversation.
- Cloning cards
Some identity theft operations work by ‘skimming’ personal information provided during a transaction, and then using that information to clone bank or credit cards. This type of identity theft is easily achieved in call centres, but also happens through cash machines and pay-at-pump fuel kiosks. Criminals place a device that is difficult to detect over the card slot and use it to read the card details. When used in conjunction with miniature cameras, the PIN number can also be stolen. This is similar to the theft of card details using Radio-Frequency Identification technology, except RFID methods steal details wirelessly, without the need to tamper with public machines.
- Covert observation
The simple act of observing a target using personal information in a public space can provide everything an identity thief needs to begin the process of stealing private data. In the past, this was a common issue in internet cafes and public libraries. Today, it is much more common for people to be using smartphones for internet access, but the same type of covert observation can occur – for example, just by looking over a person’s shoulder on the train.
Computer hacking can provide identity thieves with a more generalised approach to their crime – enabling them to break into entire networks, databases, and systems to steal large quantities of personal data. In these instances, that data is often sold to the highest bidder, or used as a source for data mining activities in which targets are selected at random.
- Impersonation of banks or insurance companies
When an identity thief impersonates an organisation or service provider that is perceived as ‘trustworthy,’ the scam is often called ‘phishing.’ These types of attacks involve identity thieves sending text messages or emails, or even making phone calls, designed to trick the target into disclosing their vital information, such as login details.
- Social media
The nature of social media is such that it is often easy to forget we are posting to a public forum. While few people would go so far as to list their passwords and account login details on their Facebook or Twitter feeds, it is often possible for identity thieves to sift through the social media posts of a target and collate enough snippets of information to facilitate wholescale identity theft.
- Post or email diversion
It is a relatively simple process to implement an email or postal redirection for an identity theft target, which means that criminals can receive bank statements or other account information. It also enables criminals to cover up their crime for long enough to make it financially worthwhile, because if bank or account statements are not being received, it is harder for the target to notice erroneous charges or anomalies in their service.
Identity theft prevention strategies
Constant technological advances mean it is never possible to fully protect personal data, but we can make it harder for criminals to steal our information, reducing the likelihood of becoming a target.
- Never share personal information – This may seem obvious, but it is the obviousness of it that makes criminals employ increasingly devious tactics. Not sharing personal information covers several scenarios, including:
- On social media
- In conversation with anyone except the most trusted people
- In response to texts or emails or phone calls from what may seem to be your bank or service provider.
It is also possible to break the chain of information, simply by using randomly selected or purposefully incorrect words as answers to pre-set security questions. Your bank may ask you to log your mother’s maiden name, but you don’t have to use the real one. These types of question are intended to be an aid to your memory during the security question process, but this can also be achieved with password management software. Additionally, you can sign up to services that help to disrupt identity thieves, such as mail preference services. While there are some types of information that are shared compulsorily – for example, the public recording of births, deaths, and marriages – it remains possible to ‘opt out’ of the open electoral register. This means that your details will not appear on the version that is available to buy.
- Monitor your accounts – By keeping a close eye on your bank statements, service, and utilities accounts, it is possible to spot and report anomalies before disaster strikes. This type of vigilance includes being aware of statements that arrive late, or do not arrive at all, as this may indicate that a diversion has been put in place.
- Do not respond to unsolicited contact from banks or other trusted organisations – Unexpected texts or emails from your bank should be immediately deleted, without further interaction. This includes the option to ‘click here to unsubscribe,’ or ‘text STOP to opt out.’ Any engagement with these types of digital communication can make your device vulnerable to viruses including covert surveillance software that steals your information.
- Keep your software up to date – Ensuring that your computers and devices are running at the optimal specification helps to protect against malware and detect anomalies at the earliest stage. This applies to all software on your system, including anti-virus and firewall systems.
- Sign up to the free Property Alert service from HM Land Registry – While property fraud resulting from identity theft is relatively uncommon, HM Land Registry provides an email alert system on which you can monitor activity on up to 10 properties. You receive an email “each time there is significant activity on the property you are monitoring,”
- ] so you are the first to know if someone is applying to change the register, or if someone has applied for a mortgage on a property that belongs to you.
How Private Investigators can help
The methods and technology used by identity thieves today make some of their activities difficult to detect, but accredited Private Investigators can deploy state-of-the-art technology of their own to combat those criminal activities, leaving you with irrefutable, court admissible evidence to support your case.
Call OpSec Solutions today to discuss your identity theft concerns.