There are literally dozens of ways to obtain the information needed to perpetrate identity theft on an unsuspecting victim. We present a partial list of the most prominent methods used by criminals to obtain identity information.
Dumpster diving. This is just what it sounds like. Criminals dig through your garbage looking for discarded documents (like bank statements or government documents). This may also involve stealing mail from unlocked mailboxes on the street.
Although conventional wisdom would indicate that high-tech users are the main culprits of identity theft, statistics show otherwise. Obtaining personal information is relatively simple. Many people tend to be neglectful, carelessly throwing away credit card receipts or paycheck stubs—seemingly harmless pieces of paper that have a wealth of information, including names, addresses, signatures (credit card receipts), and SSNs. A study by the California-based consulting firm Javelin Strategy and Research found that 26% of the fraud victims knew the identity thief, while 29% of the victims had had their wallets or credit cards stolen.5
Skimming. This involves the use of a specialized device to steal and store your credit card information. Skimming occurs most commonly at ATMs and in restaurants. At an ATM, perpetrators attach a device to the card slot of an ATM so that when you pass your card into the ATM the skimmer also reads it. A video camera nearby watches the keypad as you enter your PIN. In the restaurant scenario, the device is handheld and the perpetrator uses it to scan your credit card after you hand it over. Always check ATM slots for added hardware. When you’re in a restaurant where you don’t have absolute confidence in the integrity of the staff, your safest play is to not let your credit card out of your sight.
Computer spyware. This is software that installs on your computer without your knowledge and then captures information such as keystrokes, passwords, and credit card information, which are then communicated to the perpetrator. We talk about spyware in greater detail in Chapter 11: Malware.
Shoulder surfing. This is when someone steals your information by simply looking for anything you’ve left exposed or in the open. Someone can be standing near you and literally look over your shoulder (especially in a crowded setting). They could also be standing at a distance and using a telescope or binoculars. You should be especially careful when entering your PIN at an ATM or gas pump. Another variant of shoulder surfing occurs when you write your passwords on a sticky note and post it near your computer. It’s fairly trivial for your co-workers to obtain your credentials when you post them for everyone to see.
Hacking. Hacking into corporate databases is very big business. Companies spend enormous resources trying to protect their customers’ information. Still, breaches occur and customer information is sometimes compromised.
Phishing. Phishing attacks occur when you get an email from “trusted” source (such as your bank or other financial institution) warning you of some impending danger if you don’t click on the link in the email to take care of it. The link takes you to a website masquerading as your actual institution. If you enter your login information, they now have access into your account. It also gives them access to any other account where you use that username and password combination. We talk about phishing attacks in greater detail in Chapter 12: Email.
Overall, Consumer Reports found that 1.7 million online households were victims of Web-related ID theft in the last year, 5.4 million online consumers submitted personal data via phishing e-mails, and that cyber-crime has cost American consumers $4.5 billion over the past two years, trashing an estimated 2.1 million computers.6
Spam. This refers to all kinds of unwanted email, but the identity theft angle of spam occurs when the victim is directed to a website to purchase products (that don’t exist or are unacceptably bad). The perpetrators have not only induced you to purchase a nonexistent product, but have secured your credit card information as well. Keep in mind that not all spam involves identity theft; you can read more about spam in Chapter 12: Email.
Social networks. Social networks like Facebook can put people’s identities at risk, depending on how much personal information a user chooses to make public. Choosing to post sensitive, personal information like your full name, birth date, and mother’s maiden name, as well as any information that may help a perpetrator guess your passwords, put you at risk.
On Facebook only, 42 percent have posted their date of birth, 7 percent have posted street addresses, and 3 percent have disclosed when they were away from home. About 23 percent of Facebook users, meanwhile, are either unaware that Facebook has privacy controls that protect this information or do not use them. Another 26 percent of Facebook users post their children’s photos and names, which could potentially expose them to predators, the report said. Of the 18.4 million people who have installed Facebook apps, 38 percent were confident that the apps were secure or had not thought about the apps’ security in the first place. About 1.8 million computers were infected by social networking apps in the past year, Consumer Reports said.7
Stealing. Ah yes. Hacking the old fashioned way! Just steal a purse, or a wallet, or a laptop for that matter. People can also steal from you in less obvious ways. Low-tech methods for stealing personal information are still very popular for identity thieves.
Change of address. This technique involves someone filing a change of address form with the post office redirecting all of the victim’s mail to their address. They can then use any personal or financial information they find in the mail, like bank statements, loan applications, social security statements, or check stubs.