Identity theft incidents are becoming more prevalent these days as societies rely more on online transactions and leave behind traces of their personal information. Perpetrators of identity theft are also becoming more innovative in the way they steal private data about people and use them to their advantage. The end result is the unsuspecting victim usually ends up with a high credit card bill or worse, an empty bank account.
In today’s article, we will be covering the methods used by identity thieves to steal such information, and ways you can prevent this from happening to yourself. It may be surprising to learn that sometimes common sense isn’t enough, and you need to think a step or two ahead of these criminals to get the better of them.
We have tried to be as complete as possible with our information and video samples below. We believe that awareness and education is key to beating these thieves at their game.
Common Identity Theft Methods and Ways to Prevent Them
Here are some of the typical ways identities are stolen and measures you can take to avoid becoming a victim of such thefts – of both identity and money.
This is the age-old tactic of scouring through trash in search of personal information and data. This could happen at both the workplace and at home. The identity thief then pieces together all the information that is collected and assumes your identity, which then gains him or her access to your personal accounts.
#solution: Use a paper shredder to scramble your personal information on sensitive documents into shreds. Sure, an identity thief could piece together the information but it would take the patience of the FBI to do it. We’ve seen this done many times on TV.
If you don’t have a paper shredder at home, tear the sensitive document into a few pieces and ensure that your name, address and other pertinent information do not appear in full on a single piece of paper. After that, split these pieces of paper into separate trash bags and discard it on different occasions (a few days apart) or at different locations (good precautionary measure). Just make sure you don’t have perishable waste in the trash bags that you’re planning to discard days later.
Doing this ensures that identity thieves will not have easy access to your complete personal information for them to execute their ill intentions.
Phishing via Email
Phishing is a method we’re seeing more these days and have been used for many years now. What typically happens is a person opens an email that appears to be from his bank (but isn’t), and clicks a link in that email that leads to the bank’s (supposed) website and then proceeds to log in to his online banking account. Only thing is, it is NOT the bank’s website, but an actual replica of that site (a fake website). When he keys in his username and password, this information is then sent to the identity thieves (plural, as these are usually run by syndicates) and they then use this information to withdraw funds from his account.
#solution: Always, always be careful when you’re opening an email or clicking a link in an email from a bank or financial institution. Double check that the email address of the sender, that the domain name after the “@” matches the exact one of the supposed bank, e.g. it should be email@example.com and not firstname.lastname@example.org. A dash, dot or additional character makes all the difference, and are there to fool you into thinking you’re dealing with a bona fide party. This may not always be clearly visible, as the bank may also use a legitimate subdomain, such as email@example.com. If you receive and rely a lot on communications with your bank via email, you may want to learn to identify and recognise their legitimate email addresses.
In any case, if you’re planning to log into your online banking account, it is best to do so directly from a browser. Make sure you’re at the official website of the bank, and check for the httpsAn extension of the Hypertext Transfer Protocol (HTTP) used for secure communication over a computer network, and is widely used on the Internet. at the front of the URLUniform Resource Locator, or simply the address at the website seen in the address bar of your browser.. Do not rely on links in an email (e.g. Click here to login to your bank account) to log into your online accounts.
Another excellent security measure is to opt for 2-Factor Authentication (2FA) where available. Most banks already enable this by default, where you are asked to confirm a security passphrase or an image (that you had set when you first registered the account) before proceeding to key in your password. Some online accounts may also be set to require a 6-digit code generated by an app on your smartphone (such as Google Authenticator or Authy) before access is granted. The premise to this is that even if your username and password are known by the thief, without your smartphone and the generated 6-digit code that refreshes itself every 30 seconds, the thief will not be able to gain access to that account. This makes it a lot more difficult for your account to be breached.
Using Fake Websites
The basis of this is similar to the phishing one above. The difference is that you are led to the fake website from an advertisement or an organic search on your search engine. We have seen a few examples of this on a Google search, where it appears at the top as an ad. Careful scrutiny of the domain name revealed that the actual URL of the website has an additional alphabet in it that is not immediately apparent.
Example: For the cryptocurrency exchange Bittrex at www.bittrex.com, we have seen fake websites listed as www.bitttrex.com (an additional “t”) and www.blttrex.com (the letter “L” instead of “i”). Were you able to spot the con if the hints were not given? From these 2 examples, you can see how difficult it is to spot these clever disguises of the actual official web address.
#solution: As before, try to refrain from clicking an ad link to go to the official website. Although an ad could be a legitimate one from that website, It is safer to type in the URL into the address bar of the browser yourself.
Again, use 2FA for an extra layer of security to safeguard your account.
Retail Credit Card Skimmer
This is usually carried out by a cashier or staff working at a restaurant. A victim pays by credit card and the card is swiped by the staff through a skimming device, stealing personal information from the credit card. A cloned card can then be created and used by the perpetrator to conduct purchases online and offline where security requirements are lax. Watch the following video for an idea:
Credit card skimmers are sometimes installed at credit card terminals at supermarket checkout counters. In such a case, a victim swipes the card and loses his personal information to a criminal third party without actually realising it. Here’s another video on ATM and debit/credit card skimming:
#solution: When paying for goods and services at a retail outlet with your debit or credit card, always pay attention to where the card is going and what is being done with it. It may not always be convenient at a restaurant, but if you have a funny feeling in your gut, it may be better to walk to the cashier to hand over your credit card personally than having it sent by a waiter. Pay attention to your credit card at all times as these swipes of stealing data happens in a blink of an eye.
With more self-checkout counters finding their spots at supermarkets, it pays to be aware and educated about this, and be extra vigilant when using credit card terminals for self-checkouts as these terminals are not manned by a staff of the establishment and they are sitting out openly and subjected to tampering.
This is not as common as it is a little sophisticated and not as easy to pull off, but has been used successfully by identity thieves to scan and clone a victim’s ATM card. The cloned card is then used by the perpetrators to withdraw cash from the victim’s account. Watch the following video to understand how this skimming works:
#solution: Check for any oddities on the ATM or if there is any loose attachment that can be removed with your hand. You don’t have to do this at every ATM you visit out of paranoia, but if you have a suspicious feeling about an ATM at a remote location or dodgy area of the city, it doesn’t hurt to just casually check.
ATM or Debit Card Swap
A victim places his ATM card in the slot and just before it slides in fully, he is distracted by a person, done by dropping something on the floor and asking if the object belongs to the victim, or offering help of some nature. The perpetrator, usually aided by a second person, swaps the actual card for a dummy card, and then walks away with his partner and keeps the original card for cloning or for having a field day later. The victim enters a PIN on this dummy card now and fails to perform any transaction at the ATM. Sometimes he may not even realise that the name on the card isn’t his, until he takes the card to the bank to report a fault.
#solution: Always be mindful and pay attention to what you are doing when dealing with money transactions at the bank or ATM. Do not allow yourself to be easily distracted by another person nearby, or by someone who has approached you for something or to offer help. An incident may also be staged in your vicinity to draw your attention away from your activity. Stay focused and keep your eye on your card!
Identity Card Fraud
In countries where government-issued identity cards are required in the purchase of assets and goods such as properties and cars, photocopies of the purchaser’s identity card are received by the vendor as record for the sales. An identity thief would use further photocopies of this and pretend to be the purchaser to make fraudulent purchases elsewhere, often in absentia.
#solution: When handing copies of your identity card over for a purchase transaction, whether in hard copy or in PDF, always cross out the corner of the image of the identity card over a portion of the document or card number. Be very specific and state the name of the company you’re paying to and for what item, e.g. TO ABC MOTORS FOR ALFA ROMEO GIULIA (see below). This would already reduce greatly the chance of the document copy being used for purchases elsewhere.
Credit Card Fraud
This happens after the identity thieves have successfully obtained your personal information such as CVV codes and PIN, and have begun using your credit card details or a cloned card without your knowledge, usually for purchasing goods online and at offline places where security levels are lower, such as at a petrol kiosk.
#solution: It is important to go through your monthly credit card statements and make sure that every expense there is accounted for. Look out for any transaction that seems out of the ordinary. This could be transactions at places you have never been to before or amounts that appear foreign to you.
#personal tip: When using my credit card to pay for petrol, I never fill the car fully, or fill up to a round number amount. I would normally fill to an amount such as $33.33 or $35.53. When I scan through my credit card statement and if I see a fuel purchase with an amount such as $30.00 or $35.00, then I would know immediately that something is suspect and there was probably an unauthorised use of my credit card at that petrol kiosk.
Phone Call Fraud
Phone call frauds happen on a daily basis. Usually what happens is someone will call you claiming they are from the government department such as the immigration or the IRS, or even from the bank, and they already have some of your identity information with them. They relate some of this information to you to give you the impression that they are an authorised body, and attempt to obtain further information from you to complete everything they need to carry out a heist. Sometimes, to take the short cut, they may also inflict some fear in you by threatening you with a federal penalty unless a summons fine is paid.
#solution: Never ever reveal personal information via a phone conversation. If the calling party is genuine, they will insist that you drop by at an official location to have the matter settled properly. Do not give in to pressure, as you are within your rights to have the issue sorted out in person rather than over a phone call.
If you would like to double check, ask the caller for his or her name and from which institution. Go online and visit the correct website for that institution, and call the number listed there to speak with the person. If that person is an unknown personnel in that organisation, or that after checking there was no case against you, then you’ve just escaped a phone call fraud attempt.
From Your Chequebook Order
When you have depleted your blank cheques and request a new one from the bank, there is a possibility that your new chequebook may be intercepted en route to your mailing address. Your chequebook would still arrive as normal, but not before your personal information on the chequebook such as your name, address, bank account number, sort code, routing number etc have been stolen by the identity thieves.
#solution: Collect your new chequebook from the bank instead of having it mailed to your home or office. This reduces the chance of it being intercepted en route for malicious intents.
Information from Mailbox
Some of the official documents sent to our place of residence contain private and confidential information about our finances and accounts. Such letters left in the mailbox for too long may be picked up by identity thieves and used to their advantage.
#solution: Retrieve your letters from the mailbox as soon as you can. Do not leave it in the mailbox for days. If that is not possible, consider using a mailbox with a design that does not allow letters to be taken easily once they are dropped into by the postman.
Another way is to opt for PDF copies of your statements emailed to you instead of having hard copies delivered to your home or office.
From Pre-Approved Credit Cards
Pre-approved credit card offers sent to you usually already contain your personal information as well as some information unique to the cards. There is a possibility that all this information could have been intercepted before it reached you.
#solution: Cancel credit cards which are sent to you unsolicited, and call the company to opt out from such offers. Remember to destroy all traces of information related to the new card before discarding it or you may one day receive a bill for this card with purchases you knew nothing about.
With people relying on free public WiFi at coffee shops and fast food establishments more and more these days, it becomes a playground for identity thieves to thrive. If you’re using your smartphone or laptop connected to a public WiFi, the WiFi hotspot you’re connected to could have been set up by an identity thief. He could then log onto that network and access information on your smartphone or laptop. Your personal information is stolen and then used for fraudulent purchases and transactions.
The threat is very real and precaution is really necessary. See the following video how this is accomplished:
#solution: If you have to use a public WiFi at places such as airports and cafes, be absolutely sure that it is the correct one from the establishment and that it is a secure encrypted network. If not, it is always better to use the 4G or 5G data connectivity of your mobile service provider, and switch on the hotspot feature on your smartphone if you need to use the Internet on your laptop. This is critically important if you’re doing any transaction of a sensitive nature on your devices, such as logging into your online accounts or where credit card transactions are involved.
Portable RFID Scanning Device
It is very easy for an identity thief to steal your personal data stored in RFID chips such as those found on your ATM card, credit cards and passport. A portable RFID scanning device only needs to be brought to close proximity to your bag or wallet for this information transfer to take place. A lot of havoc can be done in a short period of time.
Here’s a video that demonstrates how this electronic pickpocketing is accomplished by identity thieves.
#solution: Be very vigilant in public spaces especially at touristy locations and airports. Identity thieves usually operate in these types of locations with the intention of stealing private personal data from RFID chips.
An effective method to safeguard yourself against this sort of identity theft is to use RFID-safe bags, wallets and passport covers, especially when travelling as a tourist. For more information, read up about RFID-safe wallets here.
The following are some products that blocks RFID scanners and are recommended to keep your personal information safe:
Plain Ol’ Stealing
Of course, there is the classic brute force method of physically stealing your wallet with all your cards and identity documents in them, and using those in a full-blown identity theft operation.
#solution: You can never be too careful with your wallet or passport when you’re travelling in a foreign city. It pays to be aware and know where pickpockets operate and take the extra precaution to keep your belongings safe. Avoid placing your wallet or passport in your back pocket where they can be easily nicked, or in bags that can be cut easily accessed by hand. Learn how pickpockets operate, and use anti-theft bags that are specially designed to thwart attempts by pickpockets and thieves, such as those by PacSafe.
Awareness Improves Performance
Living in the digital age of today, threats to your identity security have also become more digital in nature. This is not something we can escape, as our lives have become dependent on all things digital like smartphones, social media accounts and emails.
Short of going off the grid, we believe that as more people become aware of these tactics used by identity thieves, their methods would become less effective. As such, do share this article to disseminate the information.
- Over 300,000 Credit Card Details Leaked Online
- 10 Money Wasters You Can Avoid
- 10 Tips to Survive Long Flights
RFID-Safe PRODUCTS on eBAY