Identity Theft & Identity Fraud

What Is Identity Theft?

Identity theft is the theft of personal information, likeness or possessions with the purpose of using it to commit other crimes – be they related to acquiring access to the victim’s accounts or used as a way to hide the real identity of the fraudster. It encompasses a huge range of different scams and crimes, all related to a criminal impersonating someone else, usually to enable further crime. It is a growing problem, resulting in billions in losses each year – $5.8 billion in 2021, just in the USA.

The ulterior goal is usually financial gain, though there could be various steps and stages to the scheme. The literal definition of identity theft refers to the actual theft of data or possessions. Making criminal use of someone’s identity is technically identity fraud. However, the terms are often used interchangeably.

According to Javelin’s Identify Fraud study, 27 million consumers in the US alone were victims of identity theft scams in 2021. Furthermore, the numbers are rising stratospherically. Recorded data compromises in the US increased by 68% between 2020 and 2021.

How Does Identity Theft Happen?

Identity theft can happen in various ways. It encompasses a wide range of criminal activities, online and offline. While the focus is often on the online element, it’s important to remember that identity theft happens in the physical world too. It can involve the theft of passports, credit cards and financial and legal documents.

The first phase of identity theft always involves criminals gaining possession of personal information. Ways they do this include:

• Physical theft: This category includes pickpocketing, burglary, mail interception, and stealing documents from trash bags and recycling bins.
• ATM fraud: The use of skimmer devices on cash machines and shoulder surfing or secret recordings to learn someone’s PIN.
• Social engineering scams: These can happen online or on the phone. They include criminals posing as bank staff or technical support representatives, using deceit to trick people into voluntarily handing over sensitive information.
• Phishing: Email and SMS scams and the use of fake or clone websites, where people log in and inadvertently disclose their details. There’s also voice phishing, sometimes shortened to vishing.
• Hacking: This can include a vast array of methods, such as the use of malware and keyloggers, as well as man in the middle (MitM) attacks on public Wi-Fi networks.

Criminals constantly evolve their methods in order to catch out even the most tech-savvy victims.

From there, they will use the stolen identity to attempt a wide variety of schemes, or even sell the data to other fraudsters. For example, withdrawing the victim’s money from a bank account, stealing sensitive documents which will then be sold for cash, or committing money laundering.

There’s a new case of identity fraud every 14 seconds, according to the National Council on Identity Theft Protection.

How Do Thieves Steal Your Information?

There are many different types of attacks, hacks, and trickery that can enable thieves to steal your information online. For instance, covert installations of viruses, keyloggers and trojans can enable cybercriminals to access your information without your knowledge.

A keylogger, for example, records your keystrokes and sends the data back to the criminal. Your keystrokes could include the usernames and passwords you enter into websites, as well as your credit card details.

These exploits can find their way onto your machine through various means. Often, hackers will trick users into installing seemingly legitimate software.

Cybercriminals are also known to target public Wi-Fi networks to intercept data passing over the network that includes personal information.

Phishing and social engineering are also extremely common. For example, criminals often send out a huge number of spam messages purporting to be from a legitimate business such as PayPal or eBay.

Users who click links in those messages are led to a login screen that looks like the real thing, and unwittingly enter their username and password. At that point, the fraudster has those at their disposal.

Hackers also build on their techniques by using phone calls and SMS messages to lure people to websites or to convince them to hand over personal details. Criminals may pose as bank employees, or representatives of Apple or Microsoft, for example, to convince unsuspecting consumers to grant remote access to their computers.

Common Types of Identity Theft

Once in possession of personal details, criminals move on to making use of them. Technically speaking, this is when identify theft becomes identity fraud. Individual types include account takeover, shopping fraud, tax ID fraud and more.

Let’s take a look at these in detail. Here are some examples of identity fraud:

1. Account takeover fraud: This can mean changing an account address and ordering a new debit card, or gaining access to an online banking account and making transfers.
2. Shopping fraud: All fraud related to shopping with someone else’s details and/or payment methods. This can happen online (using card details to make purchases) or offline (cloning credit and debit cards and making unauthorized copies).
3. Document fraud/identity cloning: Possession of certain personal data can make it possible to obtain passports, driving licenses and other official paperwork. Using those for application fraud, scams and other schemes can also be called document fraud.
4. Tax identity theft: Criminals may file a false tax return in somebody else’s name, in order to obtain a refund.
5. Selling on identity details: There’s a huge market for stolen IDs on the dark web. These are called fullz by criminals, referring to a full set of ID documents that can be used for nefarious purposes.
6. Vehicle fraud: Some criminals rent or lease vehicles using somebody else’s identity and steal them. When the company looks for the perpetrator, they realize they are also a victim – of vehicle fraud.
7. Medical ID theft: This involves obtaining expensive medical treatment under somebody else’s identity to then resell or use for illegal purposes.
8. Business fraud: Criminals can also set up businesses using stolen identities to evade taxes or launder money.

How Does Identity Theft Affect Businesses?

Identity theft can affect businesses in a host of ways, which go far beyond criminals using stolen identities to purchase goods and services. Sometimes, the organization is simply standing in the line of fire rather than deliberately targeted, though the results can be equally devastating.

For example:

• Payment fraud: Chargebacks and refund fraud can occur when victims of identity theft realize that transactions have been made in their name, and they contact their card issuer to reverse them. Chargebacks not only create significant admin, but they can also prove costly if a business is unable to produce enough evidence to dispute them.

• Multi accounting: With this type of fraud, fraudsters create multiple accounts as the same person, which can cause companies financial losses and the loss of goods through bonus abuse, refund abuse and other schemes. Multi-accounting can involve people obtaining multiple free samples, introductory offers or trial periods. However, it can also be used to circumvent site bans or to engineer reviews and feedback scores.

• Loan fraud comes in many shapes and sizes, and is clearly a particular risk for businesses in the financial sector. The risk of granting a loan or mortgage to somebody using a false identity is significant, with a chance of large financial losses. However, loan fraud can also involve somebody assuming the identity of the business itself, obtaining and rerouting a business loan.

Identity theft can also put companies at risk of being in breach of their obligations around anti-money laundering (AML) and counter-terrorism financing (CFT) regulations. 

Companies can and do receive substantial fines for not exercising adequate controls and compliance checks to prevent money laundering. 

How to Find Out If Someone Is Committing Identity Fraud

Various things can alert you to somebody using your identity fraudulently. Unexpected mail should always raise a red flag, especially if you begin to receive post from a financial institution or company that you don’t do business with. Keeping a watchful eye on your bank and credit card accounts and setting up notifications for purchases can mean you are immediately aware of any suspicious purchases.

Similarly, if you keep a watchful eye on your credit report(s), you should be quickly alerted if a business runs a check on you or if somebody attempts to open a new account in your name.

Unfortunately, not all identity theft is so easily noticed. For example, in an incidence of tax identity fraud, you may not find out until you file your own tax return that somebody has already filed one in your name. In some cases, when major criminal activity takes place in your name, your first alert to somebody using your identity may be a knock on the door from law enforcement. So you will want to take as much precaution as possible to prevent this.

How to Protect Your Business from Identity Theft

If you run a business, you face additional identity theft risks. Not only can criminals use false identities to purchase goods and services, but they can also target your business and employees, or leave you falling foul of compliance regulations. So in order to protect your operations, your employees and your customers, you will want to implement a combination of purpose-built software and awareness.

Many identity protection best practices can help, including awareness around phishing, the use of cybersecurity software, and the use of 2FA/multi factor authentication. Educating staff and even customers on the risks and dangers is also critically important.

Fraud prevention software can reduce your level of risk both when onboarding new customers and when processing transactions. Often, cybercriminals use tools and methods that can be easily detected with the right software solutions.

For example, products that use IP analysis, velocity checks, digital footprinting and device fingerprinting can alert you when something seems off. This can include transactions originating from suspicious locations, users hidden behind VPNs and proxies, and the use of throwaway email accounts and phone numbers.

In the US alone, identity theft was the most common type of fraud in 2021. Precautions are a must, and not an option.

How Can You Defend Against Identity Theft & Identity Fraud?

The basics of identity theft prevention for individuals are relatively straightforward and are often recommended by businesses and financial institutions.

You can defend against identity theft by doing the following:

• Take sensible physical precautions, ranging from using zipped bags and being careful in crowded areas to shredding sensitive documents prior to recycling.

• Exercise extreme caution online by deleting suspicious emails and checking that you only visit legitimate websites.

• Be skeptical of any phone call or SMS message that requests you hand over personal details.

• Install good quality antivirus or anti-malware software, learn how to use it properly, keep it up to date and run regular scans.

• Stay informed on the latest scams.

• Use complex passwords and MFA wherever they are available.

• File an identity theft report if anything bad happens – many such crimes go unreported.

It’s important to remember that the incidence of identity theft is high and increasing. 21% of the people affected by identity theft are repeat victims. 

Criminals work hard to concoct new schemes and ensnare new victims, so stay vigilant. 

Related Terms

Related Articles

Sources