IDENTITY THEFT – A MAJOR FRAUD CRIME COSTING US $20 BILLION+ ANNUALLY
I originally posted this blog in January of this year and really did not think more about it other than getting a lot of great feedback on how helpful it was to so many people, individuals and businesses. We had one corporate customer ask our cyber team to help them install a more significant infrastructure to prevent any type of invasion especially to their senior executives. The problem is and will always be that the world is continuously in a catch up mode with the best hackers and cyber thieves. In China you have young teenagers who are being trained like soldiers in an Army with the target being U.S. companies and individuals, and the weapon is the Internet. These young, well-trained engineers/hackers are being trained to perform these illicit cyber activities while penetrating our country’s infrastructure as well as corporate targets. We as Americans have recently read about such attacks on Target stores’ customer base (40 Million+) personal information including Social Security numbers and credit card information. According to a Gallup poll, “27% of Americans say their credit card information has been stolen in the past year, and 11% say their computer or smartphone has been hacked. And the rest are scared: Almost 70% of Americans worry that hackers will steal their credit card numbers from retailers, and 62% worry that hackers will target their personal devices.” The attack on Sony Pictures whether coming from the North Koreans or not again speaks volumes to the seriousness of our exposure to these ongoing attacks.
Family and Friends have said you are a seasoned Professional Security Consultant and Investigator why admit that you too have been a victim of Fraud and my response is this . We all need to start talking about these experiences on a much broader scale and start going after these Fraudulent Predators as a Society. If sharing my story helps and motivates others to begin aggressively prosecuting these Criminal’s as I will be doing then there is certainly no shame in saying yes” I am a victim as well” !
I had my identity stolen 2 weeks ago and although my financial institution was very helpful in applying credit back to the funds that were taken, the whole experience has been time consuming and a nightmare. But here is the clincher: after changing all my account information with new security measures by the bank and new passwords by me put in place, the same culprits got back into our new accounts 48 hours later. They had my social security number and somehow pretexted their way telephonically back into my accounts by speaking to an underpaid I assume customer service representative. If there is a “crack in the door” these thieves will find a way in, and there seems to be little that you can do about it! Your social security and date of birth are the most important numbers that you will ever be issued in life. When it comes to banking and credit card theft/fraud, once you have lost control of these two numbers, it is open season to these “cyber wolves.”
Ok, here is my disclaimer regarding law enforcement officers(LEO) and those working these low valued economic crimes. As I often say, I come from a family (Irish side) of LEO’s starting with my grandfather who was a Commander in the Bronx for the NYPD, uncle and cousins also with the NYPD, DEA and FBI. I cannot say enough about them and LEO’s in general. The expression overworked and underpaid certainly pertains to these professionals. Having said that, if you’re thinking and depending on law enforcement to help in the majority of these identity theft and fraud cases, you’re sadly mistaken. There are multiple reasons for this but as one local municipality LEO told us, they have only 2 officers assigned to economic crimes to handle 200-300 reported cases a month and believe that number is understated. Clearly to many cases for just two assigned Detectives.
Usually banks will reimburse the victims, over a period of time from 10 days to months as long as the victim can prove that the transactions in question had nothing to do with them. The victims have spent a substantial amount of time changing accounts numbers, banks reissuing debit/charge cards, initial notification of your “bill pays and depositors”, to be followed up in 10 days by permanent bank cards, and repeating the same notification process again. Because of this inordinately lengthy, time consuming process, the victims in the majority of cases usually decide not to bother with assisting in the prosecution of these cases and the thieves know this. So their strategy is to go in and out of most of these accounts using a 72-hour (average) window before moving onto the next victim. I am inclined to write a much more lengthy article of my most recent experience because the gravity of what happened was much more involved that I can fit into a blog. I think I have devoted enough time on this matter for today, but the only suggestion I would make to my fellow citizens and victims is to take that extra step further and help in the prosecution of these cases. No one knows better than myself how time consuming all of this is but to not prosecute these criminals is really an injustice to all. We as a community and as a country need to get these cyber thieves off the internet/streets and be committed to disrupt the process of these “ring of thieves!” My time investment into this type of crime as described has shown me that most often there are “wolves” behind the “thieves” and unless we disrupt their “den of wolves,” we will have no hope of ever reducing our economic losses! None! The following is the article I posted in January 2015.
Our business goes through waves of different types of investigative requests, which is what I try to address on these blog posts. Recently there have been multiple requests from victims of fraud. Fraud is a broad-based crime that extends to many areas but it can be best described as a criminal act committed for financial gain. One of the largest areas of fraud in the US today is “Identity Theft!” In fact, according to a 2013 report by Javelin Research, “there is one incident of identity fraud every three seconds.” This report also shows that “the number of identity fraud incidents increased by 1 million consumers in the past year and the dollar amount stolen increased to $21 billion.”
This is a very broad subject but let’s address some of the areas of how the identity theft thieves/perpetrators get access to our information. The thieves begin with getting a hold of the victim’s name plus one of the following: email address, credit card info or other identifiers like a Social Security Number (SSN) and/or Date of Birth (DOB). Any combination of the victim’s name and one of the other identifiers is enough for most seasoned thieves to get full access to the victim’s personal and financial information. Recently we have discovered one of our client’s SSN being used in one case by more than 10 individuals and at least 8 in another. Most of the time this theft of our information is used to gain direct access of our credit cards and then used by the thieves to apply for additional credit cards or even for extension of credit as in the case of a bank loan or mortgage application. One of the oldest identity theft scams still being used today is the theft of a person’s identity that has recently passed away and is similar in age to the thief/perpetrator. The thieves take the deceased’s information and continue building on the deceased’s credit worthiness or start a new credit line for other similar scams as just mentioned.
Often times our client’s good credit has been ruined and it takes many years to unravel and explain the deceit to financial institutions and to the credit bureaus. Unfortunately we the victims are at the mercy of the credit institutions to understand and help re-establish our good name and credit. So the question becomes how do we insulate ourselves from these thieves/predators that steal our identity to use for their own financial unscrupulous gains. If you adhere to some or most of the following suggestions, you’re ahead of the curve and doing more than most who have been victims. And I can include myself on this very long list as well.
I hope the following information will at least put some more attention on this international crisis and hopefully make you a little more aware and attentive to following some basic guidelines.
*Minimize any Personal Information on Social Media Sites
In 2011 Javelin Research stated, “Those long time social media users are twice as likely to become a victim of identity theft as opposed to a recent user.”
*Maintain Anti-Virus and Anti-Malware Software
One of the most common areas of attack is opening an attachment from an unknown source and the malware/virus is automatically installed and then the perpetrators are able to record key strokes, mine passwords and monitor your sessions with your own financial institutions. Always decline when asked to store your password.
*Handle Financial Documents Carefully
One of the requirements as a PI in my home state of Florida is to have a shredder in our office. A shredder should become your new best friend. Any documents not needed especially with identifiers such as account information, DOB, SSN and financially related should be shredded immediately.
The rule of the thumb we tell our clients is that a password should have one or more capital letters, numbers (several) and at least one symbol. Using your kids name or your DOB or your street address is what is most commonly used and what you should practice staying away from, along with changing passwords on a regular basis.
Make sure that your home Wi-Fi network is password protected and never open your financial institutions’ websites with your information exposed on an open network such as a coffee shop, friends home or other free networks.
There are several other ways to protect your personal information further and rest assure that predators/thieves will always be knocking on our networks infrastructure to wreak havoc in our lives!
Our suggestion is to practice vigilance at all times and if you become a victim of fraud, call us TODAY!
CSI Secure Solutions
Data Breach Tracker