We’ve touched on the subject
of identity theft (specifically, medical identity theft) before. But as
one of the most damaging outcomes of an information security failure,
it’s worth taking a closer look at.
LETS GET BACK TO BASICS
What is identity theft? If a
person pretends to be someone else, to obtain goods, services or cash in
the victim’s name…. Simply put, it’s fraud.
Identity theft can be used
to achieve a variety of ends. For example to obtain loans or take out
contracts in the victim’s name, thereby damaging their credit record
(fraudsters don’t usually bother to make payments, go figure). It may
also, as in the case of medical identity theft, be used to access
services, consuming benefits that the victim has paid for. If the
criminal is able to access a victim’s bank accounts, they’ll drain those
The trick (from a criminal’s
point of view) is obtaining enough detail about a person to enable them
to pass for the intended victim in the eyes of a bank, creditor,
insurance company and so on. In the olden days this was often achieved
by rifling through bins looking for intact paperwork containing names,
birthdates, addresses, policy numbers, account numbers, etc. amongst the
rotting veg and tea bags.
Advancements in technology
largely mean that fraudsters needn’t get their hands as dirty as they
used to. Even so, it’s worth investing in a good crosscut shredder to
destroy sensitive documents, after all, why take the risk? Also, you’ll
never have to buy hamster bedding again.
SO, HOW CAN YOU PROTECT
YOURSELF AGAINST IDENTITY THEFT?
Look at it this way, any
item or piece of information you use to prove who you are, can be used
to fake your identity, and must be jealously guarded. Not only does this
make identity theft less likely, but being sensible with your personal
details improves the chances that the cost of any fraud will be covered
by the company involved.
In practice, this includes keeping track of any forms of ID, such as
passports, drivers’ licenses, ID cards and visas. Report any lost or
stolen identity documents to the relevant authority promptly. The same
goes for debit and credit cards. Also bear in mind that utility bills
and bank statements, aside from being data goldmines in their own right,
can be used as proof of address – make sure they’re properly destroyed
But how does our modern non-dumpster-diving fraudster come by details to
abuse? Most of the time, they simply ask. A well – or even badly –
written phishing email or smooth phone call can work wonders.
At this point, one might write, “Beware of emails claiming to be from
your bank, insurance company, creditor, etc.” But realistically, the
best thing to do is to be wary of all emails. That may sound a little
over blown, we don’t want you living in a permanent fog of anxiety, too
terrified to open your inbox. However, consider for a moment – anyone
can send you a perfectly legitimate looking email with very little
effort. In the same way, anyone who can access your phone number (say,
from your Facebook account) can call you and spin whatever story they
THE ONLY WAY TO DEFEND AGAINST THE MYRIAD OF POSSIBLE SCAM VARIANTS,
IS TO WORK FROM A STARTING POINT OF SKEPTICISM.
For instance, the person contacting you claims to be from your bank. You
choose not to trust them, or act on their instructions, until you can
verify that this is the case. You contact your bank via an independent
and trusted route (like, you know, actually going into the branch) and
discover that no such communication was sent. Congratulations, you’ve
thwarted the scammers!
But what if they tell you it’s an urgent matter, needing your attention
right now. That should ring even louder alarm bells, as it’s a common
tactic used to illicit a knee jerk response from the victim, depriving
them of the chance to dig deeper.
The point is, while much specific advice is very sensible (e.g. never
give out your PIN) the best way to protect yourself is to cultivate a
mindset of vigilance. Protect your details, they are what represent you
in the digital space.
And, just in case anyone was wondering, fraud is never a victimless
crime. Even if the victim is made whole by the institution involved,
this cost will simply be recouped in the shape of higher prices for
services levied on legitimate users. Not to forget the cost in time,
effort and stress on the part of the victim while they unpick the mess
We’ve discussed what identity theft is, and how to defend against it. In
part two we’ll cover how to spot if the worst has happened, and what to
do about it!
However you find out, don’t
panic, but be sure to act swiftly. As with everything in life, ignoring
the problem isn’t going to help. Contact the institution involved
immediately to inform them that you believe you have been a victim of
fraud, they may advise you to report the matter to the police.
If you haven’t already done
so, obtain an up-to-date copy of your credit report. Check the report
thoroughly for any fraudulent transactions and challenge them.
Review your bank and credit
card statements; if you spot anything unusual, inform the relevant
financial institution immediately. And while you’ve got your paperwork
out, make sure you’ve actually received all of the correspondence you
would normally expect, if not, contact the company involved to ensure
they have your correct details. Well-organized personal records not only
make it easier to pick up on illegitimate actions, but will also help
simplify the task of investigation if things go wrong.If you suspect the
fraudster has accessed online services in your name, reset your
passwords from a known-safe device. Be sure to pick a strong password,
unique from any you use elsewhere or previously. Ideally, the password
should be as long and near-random as the site in question will allow,
password safes are a convenient way of storing passwords that aren’t
memorable. If the service offers two factor authentication (for example,
a password plus a code that will be texted to your phone), all the