Slashdot Mirror
Portrait of an Identity Thief
Ant writes to tell us that the New York Times has a closer look and an interview with an identity theft addict. From the article: "As far back as 2002, Mr. Sharma began picking the locks on consumer credit lines using a computer, the Internet and a deep understanding of online commerce, Internet security and simple human nature, obtained through years of trading insights with like-minded thieves in online forums. And he deployed the now-common rods and reels of data theft -- e-mail solicitations and phony Web sites -- that fleece the unwitting."
On the whole, we seem to be slowly moving from a "govern thyself" to a "If no-ones watching, why not?" frame of mind.
I wonder if this is almost being encouraged by the powers that be as it fosters a feeling that it's ok for them to be watching because I no longer expect the others around me to be governing their own behavior...
--- I've completed diagnosis of your problem and can classify it as a YOYO...You're On Your Own
True, but check TFA. The email scam referred to was only one of his early efforts. His later (and more lucrative) scams involved buying numbers and doing direct financial transfers from those accounts. One of my accounts had something similar happen to it. It was only due to the fact that the individual responsible had used two smaller charges the previous day, and it happend to be the day that I was paying bills and saw the two fradulent charges during an online reconciliation that I discovered it and was able to cancel the transfer. I'm starting to think that the entire credit card system is broken. It is just far too easy to obtain stolen numbers, and far to easy to negotiate into goods or (as above) cash. That cards can still be used for wire transfers absolutely boggles my mind. Unfortunately, I don't know of any better system. Right now I use "disposable" numbers as often as I can when doing ecommerce. They minimize (but do not elminate) the risk, but they can't be used for recurring charges, and relatively few card issuers. I'm thinking that the penalities here are too light. This guy was involved in grand larceny, easily more than $200k. Why only a couple of years? Small time drug dealers (an offense with far less of a victim) get many times that penality. When the takings are so lucrative, the chances of being caught low, and the penalities light, its no wonder this is such a fast growing crime. Why perform an armed bank robccbery (average take, about $4,000 per the FBI) and get 20 years if you get caught when credit card fraud ($10k per theft) only will get you 2? And did you notice that some of his biggest takes were when he was under indictment and out on bail? WTF?
Even for wire-transfers with a credit card. Simply have the bank call the phone numbers they have on record for you and have you press a button sequence to authorize the purchase or wire-transfer.
... and re-route the phone system.
... but the more steps that it takes, the more likely it is that the thief will fail to complete it. And the easier it will be to track him. Although it can't get much easier than tracking this punk. He gave them his address to deliver his stolen purchases to.
The banks already have the systems to do automated calling.
The banks already have your phone numbers. And your mailing address.
Now the thief has to steal your credit card numbers
Or steal the numbers and fake your ID and go to a bank branch and change the phone numbers.
All of that is possible for a thief to do
But doing that would move the risk and costs to the banks. They prefer it the way it currently is because the banks aren't losing money on these fraud cases.
That's exactly how the situation was related to a friend of mine by a wiser-than-average deputy sheriff some years ago. The crimes that get solved are usually the ones perpetrated by criminals that fail to plan ahead, or whose impulses exceed their capability for rational and careful thought.
Please stand clear of the doors, por favor mantenganse alejado de las puertas
That is what he got caught and charged on.
But consider this scenario. Suppose he uses Paypal to send money through credit cards to a fake account linked to a bank account created using a fake driver's license and social security number. I don't think the banks actually have a way to check the validity of either of them.
Now, if he got your online banking info and a maybe copy of your check (not sure about this part, my bank just started not using full numbers just last month in online banking), you're screwed. It can be emptied and no chargebacks - nothing.
The main evil is those phishing e-mails. If you get enter your info in there, you're screwed big time.
I suppose it's easier to get credit cards by buying lists from hackers who have gotten into e-commerce sites but maybe more dangerous to use?
But, this is not even identity theft; the real evil starts when people start taking loans in your name. This happened at our local housing complex. The parents of students going to school would co-sign the lease agreements that required a SSN and address and all that. A clerk working there would copy the document and request whatever amount of financial aid she wanted and just cash it in. She got caught only because she was too stupid to cover her trail. I'm sure there are a lot of experts out there who do it perfectly and cover their trail perfectly.
BTW, as a disclaimer, this is just stuff I've noticed. I don't visit or know of those ID theft sites.