IDENTITY CRIMES HAVE MANY DIFFERENT TYPES, but all have the same purpose and that is to make a new identity.
Identity theft is when someone illegally obtains your personal information, such as your name, Social Security number, date of birth, mother’s maiden name, and address. They use it to create a New Identity for their own financial advantage without your knowledge or permission.
This can include non-technical as well as technological solutions. The following is a summary of some of the most popular ways used by identity thieves to access your personal information to create a New Identity for themselves. We offer suggestions for preventing fraudsters from getting and utilizing your personal information for each scheme to make a New Identity.
Schemes without technology are used to make a new identity.
Dumpster diving is an activity that involves diving into garbage cans. Dumpster diving is when someone looks through someone else’s trash in order to gain personally identifiable information from objects such as credit card bills, utility bills, medical insurance policies, and bank records. To be safe, shred everything using a cross-cut paper shredder before throwing it away. Going paperless and receiving statements and making payments online is another option. Maintain a close eye on your credit record and notify your credit card issuer and credit bureaus if there are any anomalies. See What to Do If Your Identity Is Stolen if you suspect you’ve been a victim of identity theft.
Robbery of Mail
You should keep an eye on your mail to stay safe. Contact the post office right once if you feel someone is stealing mail from your mailbox. Other safeguarding measures can be taken. Don’t keep your mail in the box for long periods of time, for example. If you have the option, use a locked mailbox or rent a post office box. Set up an online account to receive bills and pay them. Other suggestions can be found on the Preventing Identity Theft web page in the section titled Reduce Your Exposure to Mail Theft.
Social Engineering is the use of social engineering techniques to manipulate
Social engineering is the act of deceiving someone into giving sensitive information, whether in person, over the phone, or through a computer. Typically, social engineers have access to information that leads the victim to assume they are trustworthy and provide the requested information. Con-men are the perpetrators of social engineering, which is sometimes known as a “con game.” Pretexting is a term used to describe the process of preparing a text. Maintain vigilance to avoid this. Give no personal information to strangers. If you’re unsure, get the person’s phone number and tell him or her you’ll call back. Confirm the identity of the individual. Also, double-check with others or the company that the individual represents that such information is truly required.
Surfing with the shoulders
This type of attack can happen everywhere you use a password or a device that records PIN digits, such as an ATM. When you enter password information, such as a PIN number, the identity thief tries to get near enough to you that the password is recorded. Although this is more likely to happen in a public environment when the victim and their credentials are visible, it might also happen if the criminal has put up a video camera. To avoid this, remain alert to your surroundings when accessing any accounts that need you to enter a password or PIN in a public location.
Don’t be scared to ask someone to move back if they are standing too close to you. Let the person go first if he or she is unwilling to do so. Always remember that it is preferable to be safe rather than sorry. Try another machine if you don’t feel safe with this one. You might also try using cash or a pre-paid credit card for your transactions. Passwords should not be written down or kept in places where they could be discovered, such as your wallet or purse. Also, credit reports can assist you in determining whether your identity has been stolen and used to gain access to your bank accounts.
Personal Property Theft
By swiping your wallet or handbag, identity thieves can get access to your personal information to make a new identity. When this happens, you should notify your credit card company, bank, and credit bureaus right away. We recommend that women keep their purses locked and secure at all times to keep their wallets or purses safe. Carry the purse near to your body and in front of you so you can see it. If their wallet has a button, we also advise males to button up the back pocket where it is kept. If not, stow the wallet in your front pocket and keep a close eye on your surroundings.
We also advise you to keep your personal data to a minimum. Limit the number of credit cards you have with you by not carrying your Social Security card. Remove any information that contains your login and password information, such as old deposit slips, blank cheques, and any other information. Other suggestions can be found on the Preventing Identity Theft web page under the section Protect Your Other Personal Information.
STUDIES IN TECHNOLOGY
Identity Theft Using a Credit or Debit Card
Identity theft includes credit card fraud. The information on the card can be used to commit various forms of identity theft crimes, which might have far-reaching consequences. Anyone can gain what they need to open further credit card accounts or bank accounts in the victim’s name by utilizing the signature on the back of a stolen card, or by loaning a credit card to a friend or family member.
Writing CID on the back of your signature panel instead of your signature on the back of your card is one step you can take to secure sensitive information. CID stands for “SEE ID,” and it requires businesses to ask to see other kinds of identification in order to confirm the cardholder’s identity. When making payments, another precaution is to have your card visible. For example, in some restaurants, the waiter will take your credit or debit card away from you to complete the transaction.
However, identity thieves have been known to steal a victim’s card and swipe it through a card reader to make a copy of the information on the card (see “Skimming” below). If the merchant is using numerous swipes to approve a charge, it is recommended that you inquire. This could mean that the card reader is copying the magnetic strip’s data electronically for later use. On an untrusted website, do not use your credit card.
Check to see if a lock shows in the web status bar’s right-hand corner. If there aren’t any, don’t make any purchases on the site. Giving up your credit card number (or any other personal information) over the phone is not a good idea. You never know who might be listening in on what you’re saying. When making purchases, consider using a pre-paid credit card. Only the amount on the card will be held responsible, not your identity.
When you use your credit or debit card, this can happen at any time. When a device that reads your credit card information from the magnetic stripe on the back of the card records your information and the card’s code numbers to another electronic storage device, it is called credit card theft. The crook can then make a clone of your card and use it to make unlawful purchases. Skimming can take place in a variety of methods, including an ATM recording device or a salesperson discreetly swiping your card into his personal digital card reader. Make it a habit to check your credit reports on a regular basis to avoid skimming.
This can help you figure out if someone made unauthorized purchases in your name or if your identity was stolen and used to gain access to your bank accounts or obtain new lines of credit in your name. Review Your Credit Reports, which is included on the Preventing Identity Theft web page, has further information on credit reports. Use cash instead of credit cards as often as possible. Consider utilizing a pre-paid credit card to protect yourself against liability and identity theft.
Pretexting occurs when a criminal conducts prior research on your personal information and utilizes it to entice you to reveal more sensitive information, such as your credit card number or Social Security number. The con artist will call you and pretend to be a company in need of your information. Because they have their name, address, and phone number, the majority of people believe them. Check who you’re speaking with to avoid this. Request a callback number and inquire as to why this information is required.
Look for the company’s phone number on the person’s resume. Make an appointment with the firm. Inquire as to the request’s authenticity. File a complaint with the Federal Trade Commission at https://www.ftccomplaintassistant.gov/ if you believe you have been a victim of this type of scam or of identity theft. Also, have a look at our piece on What to Do If Your Identity Has Been Stolen. Visit our Resources page for additional identity theft information.
Attack by a Man in the Middle
This type of theft is illegally intercepting and recording communication between two parties without the parties’ knowledge. This information is then used by the criminal to gain access to accounts and possibly steal the identity of the user. Making an online search for a company’s URL address, such as the address of a banking institution, is a regular circumstance. You access the website by clicking on the URL (for example, http://www.financialinstitution.com). You didn’t notice the URL web address changed to http://www.atacker.com/http://www.server.com when the website showed on your screen.
This is a website that redirects you to a website that looks exactly like your banking institutions. All information you input on this website is forwarded to your financial institution, and any information you get from your financial institution is forwarded to you.
All transactions between you and the institution are recorded by the schemer. The goal is to get your personally identifiable information, login and password credentials, and credit and/or debit card details. Make it a habit to check your credit reports on a regular basis to see if your identity has been stolen and your bank accounts accessed. Review Your Credit Reports, which is included on the Preventing Identity Theft web page, has further information on credit reports. When you choose to visit a website based on a web search, be more careful. Verify the URL address in the web address bar situated at the top of the page to ensure that the website address is correct. Close the browser if anything appears suspicious.
Schemes of Phishing
The most frequent types of computer identity theft schemes are listed here. The crook manipulates you into providing personal information in these types of scams with the aim of making a new identity. Cell phone messaging, Internet social networks, emails, text messages, and traditional mail are all examples of how these types of attacks are carried out. The following sections go through a few popular systems.
When a hacker tampers with a website’s host file or domain name system, URL address queries are sent to a phony or spoofed website built by the hacker in order to collect personally identifying information from victims, this can happen. The victim then believes they are on a secure website and is more ready to provide sensitive information such as credit card numbers, social security numbers, and addresses. This information is then used by the hacker to steal identities.
Check for the padlock symbol at the right-hand bottom of the webpage scroll bar if it’s a merchant website to protect yourself from this form of theft. Before putting any information into a website or affiliation, contact the website owner or the organization by phone or email to ensure that the information is genuinely required. Request that your account be canceled if you supplied your credentials without questioning the request and later learn that it was a phishing scam. Check your credit record for any suspicious activities. For further information, visit the Preventing Identity Theft web page and look at your credit reports.
“Voice phishing” is another term for this type of scam. When a thief contacts someone over the phone, this is what happens. In this case, the schemer poses as a real employee of a government agency, a financial institution, a payment services firm, or another well-known company. The idea is to get you to reveal personal information.
Another strategy is to make robocalls (pre-recorded messages) asking you to call a certain phone number, claiming that you have either won a reward or that an emergency has happened to require you to reveal your personally identifiable information or credit card/debit card details. This is done with one goal in mind and that is to create a new identity.
Any unwanted phone call should always be regarded with suspicion. Utilize the caller ID feature of your phone service. Using the call-back number on the caller ID, conduct a reverse telephone search to find out more about the company. This can be done at http://www.whitepages.com/reverse phone/.
Return the call, but don’t dial the number that displays on your caller ID; instead, seek up the number in a phone book or on the internet.
This way, the schemer or someone working with the schemer cannot deceive you by claiming that the company is legitimate. Inquire about the request when you call the legitimate company.
If you’ve been receiving these calls and want them to stop calling you and remove you from their list. The letter you send to the firm phoning you must be certified in order for you to submit it to your State Attorney’s Office as proof.
You can register a complaint with your State Attorney’s Office if you continue to get calls after receiving the letter. If you lose money as a result of a Vishing fraud, you should immediately alert the Attorney General’s Office in your state and confirm it is not you trying to make a new identity.
Phishing via Google
When thieves construct websites with “too good to be true” offers, services, and other incentives, they are engaging in this form of phishing. The website is properly indexed in search engines like Yahoo and Google, allowing people to locate these deals while looking for items or services.
When a user visits a website, he or she is enticed and convinced to provide personal identifying information in order to take advantage of the offer.
An example of this is when you are purchasing a generally high-priced item over the internet, such as a video game system, and you discover a website with a significantly reduced price. You may be enticed to buy this item for a lower price since you are unaware that you are visiting a fraudulent website. Individuals’ personal and credit card/debit card information is all that the con artist is after.
Social Security numbers
Another example is an employment website that may pay more than other companies in the same industry do for the same work. Your Social Security number, as well as other personally identifiable information, may be requested on the scammer’s website.
To be safe, conduct some research on the company before sending any information or downloading any files. If you’ve never heard of the firm or the offer, reach out to competitors and inquire about its credibility.
Make sure the padlock is visible in the right-hand corner of the webpage scrollbar if you’re making a purchase because they could just want to make a new identity from your personal information.
www.scambusters.org/ is another tool for determining whether a website is real. This website includes website ratings as well as message forums for the most recent phishing and identity theft scams.
The identity thief sends spam text messages impersonating a financial institution or another genuine entity in this technique. The text message has a sense of urgency to it, and it may scare you into believing there is a major emergency by implying that if you don’t respond, you may face financial penalties or taxes. By clicking on the link included in the text message, you may be prompted to reveal personal identifying information.
Do not call the unknown number back; you will just provide the spammer with a portion of the information they require.
Find a phone number for the organization that is apparently contacting you in the phone book or on the internet. If you supplied your credentials without scrutinizing the request and later discover that you were the victim of a phishing scam, check your credit record to ensure that no unlawful activity has taken place. For further information, go to the Preventing Identity Theft web page and look at your credit reports.
Phishing utilizing malware
When a thief attaches a malicious computer software that appears to be useful to emails, webpages, and other electronic documents on the Internet, this scam is called phishing. Malware is the name for this kind of computer program. The spyware records your keyboard strokes and the websites you visit on the Internet using keyloggers and screen loggers. The spyware uses the Internet to convey the information to the schemer, who is in a different place.
An email that purports to be from Norton Anti-Virus is an example of this form of phishing. To improve your computer security, the warning advises you to update your web browser. You click the link and download the ostensibly updated browser, but what you’ve actually done is download malware.
Use caution before downloading or installing any program from the internet to protect yourself from this type of scam. Using your “regular methods of communication,” such as the internet or the phone, contact the organization that allegedly sent the email message.
Tell the real company that you received an email asking you to download a specific file and that you’d like to know if it’s genuine. Do not respond to the email message. the attacker may try to dupe you into thinking it is legitimate, but really they are seeking to make a new identity. Furthermore, responding to the email message would give the attacker access to some of your personal information.
Spam as a means of phishing
The thief, also known as a spammer, uses this strategy to send you numerous spam emails. Scholarships, business collaborations, and free products are all offered in these email communications. In certain cases, the spammer poses as a financial institution or other organization to which you may be a member. The spam is intended to entice you to disclose personal information they need to make a new identity.
Examine the business and the advertised opportunity or offer. This can be accomplished by conducting an internet search or simply calling the business. You can check www.scambusters.org/ or Google the offer to see if other people have received it. Messages are usually posted declaring the Promotion to be a fraud or confirming its legitimacy.
Report the phishing attack to the Internet Crime Complaint Center (IC3) at www.ic3.gov.
Federal Trade Commission at https://www.ftccomplaintassistant.gov/, or send all spam to [email protected].
Phishing with a target on your back
This scam is similar to email phishing, but it targets businesses. For example, the email may indicate that all employees must give their login name and password for verification. This could allow the attacker access to both your personal information and the company’s confidential information. Replying to the email is not a good idea.
File a complaint with the Federal Trade Commission (FTC) at https://www.ftccomplaintassistant.gov/
You can also learn more about what to do by visiting the US Department of Justice’s website at www.usdoj.gov/criminal/fraud/websites/idtheft.html. Preventing Identity Theft section of our website. Doing due diligence will protect you from someone making a new identity out of your personal information.
When it comes to protecting your new identity, nobody does it better than Amicus International Consulting. Contact us today for more information on how we can help you.