Slashdot Mirror
Identity Theft Is Usually an Unsophisticated Crime
apatrick writes "A recent research report by Heith Copes (University of Alabama at Birmingham) and Lynne Vieraitis (University of Texas at Austin) has examined identity thieves and their methods. Copes and Vieraitis searched federal court records in the US for people convicted of identity theft and then tried to find out where they were serving their sentences. They were able to find 297 inmates, from which they sampled 59 inmates in 14 prisons across the country. The convicts agreed to do detailed interviews, in private, to talk about themselves and their crimes, and the results are reported in a recent issue of Criminal Justice Review. According to Copes and Vieraitis, 'it is best categorized as an economic crime committed by a wide range of people from diverse backgrounds through a variety of legitimate (e.g., mortgage broker) and illegitimate (e.g., burglar) occupations.' As to the issue of whether these are white-collar criminals, the authors say: 'Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.'"
news at 11
The sophisticated high tech criminals are not in prison. They're on a beach somewhere enjoying your money.
This is a self selected sample of people who were stupid enough to get caught. The sophisticated ones generally don't get caught, or at least not so quickly.
I remember several times I have listened to the radio talk show host Clark Howard and heard him say that most ID theft that goes on is a case of someone's paper checkbook being stolen. The implication was that it's a bad idea to carry one around unless you really need to and that a good place to store it at home would be in a safe or other secure location so burglars could not easily obtain it. That would be consistent with what this article is claiming, that mostly it's a low-tech crime involving a compromise of physical security, not digital.
It is a miracle that curiosity survives formal education. - Einstein
i have a store credit card that my wife uses once every few months to buy something. usually baby clothes. a lot of times the card is in the drawer and she would just go the store and tell them my name and they would find the card in the system and ring up the sale. now she says they want to know identifying information like driver's license expiration date, SSN, birthday, etc. she asked about this and they said that they were losing too much money to ID theft.
back in 2006 and 2007 no one cared since business was good. when a recession hits you start to look at every penny you can save
Being a successful identity thief, however, is a different story, I believe. Measuring that success by remaining uncaught. It's ridiculous how much of the information necessary to "steal" someone's identity is easily available, without needing to dig very deep. The hardest part would be SS#, but even then it's not that hard to get, considering how often someone asks for mine, and refuses to take anything else.Having lost my entire wallet once, I called the 3 credit monitoring groups and put a fraud watch on it, or whatever it is they called it, and I really think it should be standard. It requires that they contact you personally to verify any new openings of credit cards.
Absolute power corrupts absolutely. indymedia
Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.
No, but that's like saying theft is a mundane crime that requires few technical skills. You'd be right -- the majority of those caught are unsophisticated and generally of low intelligence. The only other common traits is that they're generally desperate and were presented with an opportunity. But if they are organized and sophisticated, like say the mafia, or botnet authors -- those very few people who have refined their skills and moved beyond immediate opportunity and are refining their methodology are capable of far, far, more. And the police are ill-equipped to deal with this sophistication because most people who reach that level of competency have researched police investigation methods -- by trolling the same public records this report did and figured out what the common pitfalls are.
Professional criminals may make up a minority per capita, but their "take" is orders of magnitude higher, and risk exposure orders of magnitude lower.
#fuckbeta #iamslashdot #dicemustdie
I was a victim of fraud and identity theft about 10 years ago. The "thief" simply stole my outgoing mail which contained a check. One of the other pieces in the envelope also had my social security number (I think it was an insurance payment IIRC).
The first thing that happened is that the thief simply wrote over the name and dollar amounts on the check with a red felt tip pen, walked INTO a bank and turned it into cash. Apparently at not point did this set off any flags with the teller. That was pretty easy to get straightened out because it was so obvious what had happened.
However, a few days after that the thief opened a few lines of credit and made some large purchases, including a furniture set that was delivered to a vacant house. I only found out about these a few months later when some credit collection agencies started coming after me. That was a bit more difficult to clear up. It involved numerous visits to offices of the various lending institutions that backed the lines of credit that were opened and a bunch of sworn affidavits, fingerprints, etc.
Point being, all this was done because someone swiped something from my mailbox. Nothing high-tech involved. I trust online banking and money transfers far more than I trust a little box out in front of my house.
'Social Engineering' found to be more effective than 'hacking' computer systems.
Good news! Very informative
I know this is probably something most people have looked down upon, but my friends and I used to dumpster dive at hardware distributors in my area just about every weekend. I got things like tower cases, empty raid chassis, piles of working hard drives, decent office supplies, etc. If not ordained, you'd be amazed at how 'clean' most computer company's dumpsters are. No food waste, diapers, or other grizzly things. Just cardboard boxes, all the anti-static bags you could ever want and the occasional soda can.
We all grew older, made more money and cut out the practice, but I was wondering if any of you currently do this? We would often run into police officers since they are curious about people in a business complex at 12am, but were often friendly and left us to our task. Is this still how it goes? I'd imagine with identity theft, coppers may be a little more agressive with people digging through the garbage.
When a thief uses the credit card, you just block the charges. Done.
When a thief has your checkbook, he can write all the checks and the money's out of your account.
Don't think so...
New View Media - Custom Website Design
...sends chills down my spine, since I'm in escrow right now and am dealing with mortgage brokers. If you've never gone through the process before, it's completely crazy, particularly for someone like me who works for different employers and does about 20% of his income from contracts (I'm a technician in the film industry). You dig up every paystub you have for the past two years, every bank statement showing the deposits of those paystubs, your tax returns, credit card numbers, SSN, and drivers license, Xerox it all, and bring it to their office (or ship it as an encrypted PDF) -- and god help you if you have but one check stub with a missing quarter inch on the left margin. I know my brokers themselves are above board and have been around for ever and are either (1) known personally to me and my friends of many years or (2) have had a going business concern for a decade, but any punk working in their office could just walk off with a complete copy of one's economic life. A lot of it is just padding and rain dancing on the part of the broker, too, since they seem to be completely clueless about what the underwriter is going to kill your application for on a day to day basis, and basically just want to bury FannieMae and the bank in paper.
.crt and an SSL link are much more trustworthy than the coffee gofer at the mortagage broker's.) I think the real issue is the lending banks don't want to take on any of the liability for losing all the paper you sent, so if someone in the chain does steal my identity, they can always point out that it was I who made the copy in the first place and therefore bear blame. They don't want to be in the position of being a link in that chain or initiating any motion of information.
Apparently before the present crisis they didn't do any of this, and you could just walk into a mortgage brokers office, submit the the barest of credit checks, not have an income and walk away with half a million dollars to buy a Persian Palace in Riverside.
It seems ludicrous that there isn't some kind of system whereby a bank, thinking about lending someone money, can't get my signature on a form that lets them see my accounts at other institutions, or employers. (when I was using mint.com, it had much more up-to-date and personal information about me, and that required a hundreth the effort and no paper moved in any direction by mail or otherwise, and frankly a signed
Don't blame me, I voted for Baltar.
"Burglar" is now considered an occupation! Where the hell was that at my school's job fair?
QamuIs Heg qaq law' lorvIs yInqaq puS
"No particular group has a monopoly on the skills needed to be a capable identity thief who gets got and has left enough trail to be sent to jail."
There! corrected it for you.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
They talked to the people who got caught. If you are sophisticated, you aren't going to get caught. Bogus study in my opinion.
---Technology will liberate us if it doesn't enslave us first.
The easiest way I see is Craigslist. Seeing as a mass majority of the job postings on Craigslist are anonymous posters asking for resumes in return for high(these days, average) paying jobs that rarely respond. I'm sure they get tons of resumes to steal ID's that way. I have a resume with all private data asterisked out, it's gone out dozens of times for contract work I am qualified for(over- sometimes). No email responses to initial sending and half a dozen "position filled" from follow-ups. There have been three exceptions I ended up doing work for,...one pimped me on extras beyond the contract I required them to sign to commence. Even the ones who link to their webpages, a quick whois tells ya they're established alright, in the last 6 months. Craigslist should change their name to dregslist... or better yet, bottom-feeder.com.
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
This entire identity database system, usually based on one or two numeric identifiers, makes tracking people easier. It means larger and larger businesses can exist with larger and larger customers paying them larger and larger amounts of money with a great deal less overhead. The problem is that these relatively simple information "keys" are was is being exploited by identity fraudsters.
I refuse to call it identity theft -- the identity isn't being stolen and the name seeks to imply that the victim is the person whose numeric identifiers are being used to commit fraud against commercial activities. The commercial activities aim to place the burden of the problem onto individuals whose identities are being spoofed instead of accepting the blame for trusting fraudsters too easily. The requirements for proof of identity are too low and it is by no means the fault of the people who have these systems forced upon them. It is the fault of the lenders and other business and government entities who have all adopted this ridiculously simple and vulnerable form of identity verification.
There was a time when a person had to actually SIGN a document or contract to be held liable for a debt or obligation. These days, the requirements are much more trivial and the requirement of evidence is a great deal lower. Now the burden of proof is largely on the people who are literally innocent of any wrong doing while the burden of proof from the victims or plaintiffs (the commercial activities) is really quite low.
The system is VERY weak and VERY exploitable and the people who are most interested in keeping the system going (government and commercial activities) prefer to shift the blame and burden of damages on to innocent parties rather than themselves. "I'm sorry sir, someone has pretended to be you and now your assets are frozen until we can sort this mess out." How is that right, fair or reasonable? The "system" is forced upon us all and so we have little choice or ability to "protect" ourselves. All of the data that is misappropriated usually comes from government and business databases and no so much from the person's own negligence (though I recognize that some is) but the fact is that people cannot "protect" their information when they have to share it with so many strangers so often... strangers who have little if any obligation to safeguard the information and when they do have an obligation to safeguard, often fail with no punishment at all.
In short, the government issues you a number whether or not you use it and it is somehow YOUR problem if someone else were to learn that number and use it to steal from someone else.
Now I know why bank robbers on TV have been known to use Richard Nixon masks when robbing banks! They are not held accountable while Nixon is blamed for the crime.
No, not my email mailbox, my 'snail-mail' real-life mailbox 'phished' (extracting the post), had them taking the mail from it, extracting bank statements and such and proceeding to pose as me to make fraudulent bank exchanges from my account to the phisher's account. And all it took was physical access to my physical mail box and a few fake signatures...
Anyone who thinks ID theft and the mechanisms used to achieve it are unsophisticated, badly needs to read this (700K PDF). Badly.
"And the meaning of words; when they cease to function; when will it start worrying you?"
Anyone else remember when it was called "Fraud"?
Today's show is brought to you by the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0: 25
They didn't just talk to people who got caught.
They talked to people who spend their days doing very little if anything interesting, and gave them the opportunity to spend a good deal of time being paid attention to, and also by having been seen as cooperative may get good marks in their record leading to reduced sentences. These people have already proven themselves willing to be dishonest, yet these "researchers" put these liars in the position of lying and present their answers as truth. For people with an association with the criminal justice system these two are incredibly naive regrading prison inmates.
These people are already convicted. They can "admit" to almost anything regarding their crime without fear of reprisal. Catch them when they're facing a max sentence and want to plea bargain. Then you'll get some answers that might (!) be useful.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
"ordained" would mean used to jumping in that dumpster.
So if it was your first time in it...
This finding underscores the fact that the organizations that don't really verify identity should bear the pain of their mistakes, not the poor slobs whose name was used by the thieves.
If there was support in the legal system that made the burden of proof be on Big Bucks Bank that Joe Schmoe got a credit card, maxed it out, then refused to pay the bill, I bet a lot of so-called "Identity Theft" would disappear quickly. Its a lot less sexy to say that Big Bucks Bank made a poor credit decision than to say that Joe Schmoe suffered from the "theft" of his identify, but it is a lot more accurate.
Many have already commented about the obvious flaw in the study - they only interviewed thieves who were caught!! In order to really draw meaningful conclusions about identity theft they need to interview thieves who did not get caught. Of course that increases the difficulty dramatically. It reminds me of a story I heard years ago from my friend Joe. One night he was walking down a narrow street that had only one street light. Under it was a drunk who seemed to be looking for something. My friend Joe went up to him and asked if he could help. The drunk said, "Sure, I lost my keys and I'm looking for them." My friend asked the drunk, "Where did you lose them?" The drunk responded, "Over there." My friend asked, "Then why are you looking over here?" The drunk answered, "Well it's dark over there. The light is over here."