Identity theft can be perpetrated in many ways. When I worked for state Senator Mary Lazich she and I both attended a summit on the crime at the Milwaukee County Sheriff’s Department Training Academy in Franklin. I helped her produce a three-part series that used to be on the Journal Sentinel Community Now websites.  Identity theft is very serious business. Here are excerpts from Senator Lazich’s series.

You are not safe

This crime is scarier than most imagine. The former police chief of Columbia, South Carolina, Dean Crisp called identity theft the “most under reported, least cared about” crime. Most police officers receiving a complaint about identity theft according to Crisp have a simple, nonchalant, lackadaisical response: “So.”

Even scarier are these discouraging words from Special Agent Wayne Ivey of the Florida Department of Law Enforcement.

“No one is immune. There is no silver bullet to stop identity theft.” As evidence, Ivey asks if anyone has been victimized. Several police officers raise their hands.

One out of 10 will be targets. Only one out of 700 identity thieves are actually apprehended, convicted, and go to jail. Law enforcement, unfortunately, are unable to keep up, are saddled with funding limits, and are admittedly focused on violent crime.

Despite the escalation and severity of identity theft, Ivey says law enforcement lacks a clear understanding of the crime and compassion for the victims. To police officers and prosecutors, identity theft just isn’t sexy.

Senior citizens are prey for identity thieves for many reasons according to Ivey. Susceptible seniors are intimidated by, and therefore refuse to use computers. Some are senile, too gullible, too trusting. They are affluent and have nest eggs, and because identity theft is a crime driven by greed, seniors are desirable targets. The thieves know all too well that when victimized, seniors are much less willing to pursue the case fearing involvement and possible retaliation. So their crimes go un-reported.

In Wisconsin, most identity theft is credit card-related followed by government document cases. That follows the national trend.  The Federal Trade Commission reports nationally, credit card fraud is the top identity theft complaint followed by fraud related to government benefits, utilities, phones and loans. Identity theft is the #1 consumer complaint in the United States. Again, everyone is vulnerable

How the thieves operate

Are businesses shredding? Not exactly. They hire other businesses to do the work. However, the coveted information to be shredded is placed in huge bags left in break rooms allowing cleaning crews a feast.

Ivey says far too many unsuspecting, naïve individuals like to place mail for pickup in their mailboxes and pull out the red flag as an indication to the postal worker. Red flag is right. Ivey says it’s like screaming out to identity thieves, “Please steal my mail!”

Identity thieves burglarize. Computer hard drives are popular targets. So are women’s purses. The number one place for a woman to have her purse stolen is dropping her children off at school. The number two place is at the gym. Beaches and parks are also prime locations for predatory identity thieves.

Do you use the Felony Lane at your bank’s drive-thru? The felony lane is the lane furthest away from the bank window, a prime spot according to Ivey to cash stolen checks and make phony withdrawals, especially with the lane usually having the worst quality surveillance videos in the bank parking lot.

Guess what inmates are learning in prison as they await their release to commit more crimes? Memory techniques that can be used to shoulder surf. Common at ATMs and check out lines and becoming more frequent at Internet cafes, the identity thief is literally memorizing and stealing your personal information by peeking over your shoulder.

Thieves will stalk and hand pick their partners to steal information at departments of motor vehicles and restaurants. These are typically single moms that agree to a certain fee for each identity they can turn over. At an Orlando TGIF restaurant, 75-thousand credit cards were recovered by authorities. Two waitresses had been using credit card skimmers easily hidden in their uniforms to quickly zap and store names and numbers. Counterfeit equipment is available online with parts sold at Radio Shack.

Thieves have placed overlays on top of ATMs that appear to be authentic, and return days later to remove their wizardry that has captured a host of new victims.

The MOs used by identity thieves run the gamut, and as Ivey noted, there is no silver bullet to stop this evolving crime.

What to do if your identity has been stolen

The typical victim according to Ivey spends 400 hours straightening out a case, a period of 12.7 months transpires before an investigation even starts. By that time, all critical evidence could be gone.

If you are a victim:

1) Call the police.

2) Check your bank accounts

3) Contact the credit reporting agencies Equifax, Experian, and TransUnion.

4) Work with your creditors.

5) Report your case to the Federal Trade Commission.

To prevent identity theft:

• Don’t put outgoing mail, especially bill payments, in personal curbside mailboxes
• Make sure no one is standing right behind you when you’re using an ATM machine.
• Pay your bills online using a secure site if available.
• Don’t give out your credit card number on the Internet unless it is encrypted on a secure site.
• If you have to give out personal or financial information from a public phone or by cell phone, make sure no one is listening or wait until you’re in a more secure location.
• Shred all financial statements, billing statements, and preapproved credit card offers and the like before tossing in the trash. Use scissors to cut documents if you don’t have a shredder.
• Examine all of your bank and credit card statements each month for mistakes or unfamiliar charges.
• Pick up new checks at the bank.
• Commit all computer passwords to memory.
• Don’t give out your financial or personal information over the phone or Internet, unless you have initiated the contact.
• Don’t exchange personal information for “prizes.”
• Destroy the hard drive of your computer if you are selling it, giving it to charity, or otherwise disposing of it. Physically remove it.
• Keep your wallet in your front pocket so a pickpocket can’t take it. Hold your purse close against your body through its straps.

—This Just In…September 15, 2016

MORE from John Mac Ghlionn, a researcher and essayist
February 23, 2023

The United States is awash in crime. Rather staggeringly, as I have shown elsewhere, 11 of the world’s 50 most dangerous cities are now in the United States. Of all the various crimes plaguing the country, identity theft is the fastest-growing form of criminal activity.

In 2021, according to a recent report by Javelin Strategy and Research, ID theft-related losses totaled $52 billion and directly affected at least 42 million U.S. citizens.

As we live an increasing amount of our lives online, successfully protecting oneself from ID theft is, for lack of a better word, difficult. Difficult, but not impossible.

Identity theft comes in many forms. Social Security numbers, bank account details, driver’s licenses, personal health information, email accounts, and passwords are all at risk of being exploited.

Why, exactly, is identity theft on the rise?

To answer this rather important question, I reached out to Jin R. Lee, a criminology expert at George Mason University. Dr. Lee, a man who has studied cybercrime in great detail, told me that cases of identity theft and fraud are increasing for numerous reasons, including “the ubiquity of e-commerce and other forms of digital communication, as well as the decentralization of personally identifiable information.”

The digital nature of most transactions, he added, sees us “put our trust in companies to maintain the confidential nature of our sensitive data (for example, names, birthdates, Social Security numbers, passport numbers, driver’s license numbers, credit/debit card information).” This trust, suggested Lee, is often misplaced. We should never underestimate the power of ignorance and negligence.

This data we blindly hand over is eminently valuable, as “it serves as the basis for obtaining credit cards, mortgages, loans, and government assistance,” noted Lee. Although many criminals use the information gathered to apply for the services themselves, others sell the details on the dark web, a murky digital underworld that requires special software to access.

What’s so disconcerting is the fact that cybercriminals needn’t be wizards to steal valuable information. As Lee explained, “offenders can obtain personally identifiable information using low-tech and high-tech methods.” The former involves techniques as simple as taking personal information out of mailboxes and garbage cans. However, he added, the sharp rise in cases of ID theft is more attributable to criminals using high-tech means “due to the ease with which individual offenders can compromise the personally identifiable information of thousands of victims at once.”

In 2023, data, very much the new oil, has never been more valuable. Hence the reason why the methods of extraction are becoming more sophisticated. At the same time, however, protection methods are still extremely primitive.

Instead of targeting individuals, hackers have, in recent times, shifted their focus to large-scale databases that store consumer information. This explains why so many major hospitals are now being targeted. They are data goldmines. This fact is not lost on a number of Big Tech companies that have partnered (and continue to partner) with major health care providers. Can these Big Tech companies be trusted to keep your information safe? Absolutely not.

As Lee explained, “instead of targeting a specific person and their sensitive data,” hackers target major institutions that “have hundreds of thousands, if not millions, of sensitive documents and files that can be easily monetized in some way.” Mass data breaches, warned Lee, have become increasingly common over the last decade.

In 2013, for example, the U.S. retail giant Target was, for lack of a better word, targeted. The attack exposed 40 million credit and debit card accounts; fraud-related losses were about $18.5 million.

In 2019, Facebook, now actively involved in the health care sector, failed to prevent over 540 million user records from being captured and subsequently exposed online. In other words, in a few hours, 15 percent of the world’s population had their data compromised, and Facebook was powerless to stop this from occurring.

Who is responsible for these attacks?

Lee told me that, when exploring potential offenders based on geographic location, “recent reports point to Russia and China as two of the biggest cybersecurity threats to America.” One of the major reasons why, he added, involves “the lack of extradition agreements between the United States and both Russia and China,” which allows offenders “to conduct their illicit operations within geographic safe havens.”

Even if law enforcement identifies offenders, the complete lack of extradition agreements gives these actors a great degree of freedom. In both China and Russia, it’s important to note that hackers often work on behalf of the government.

Protecting Yourself

Rather alarmingly, people still fall for the “Nigerian Prince” scam, which involves an individual receiving an unsolicited email from someone pretending to be a foreign dignitary or high-level executive. The elderly are particularly at risk.

“Since numerous instances of identity theft are a result of interacting with socially engineered emails where offenders claim to be legitimate retailers, banks and financial providers, or delivery services,” Lee said, “it would be wise for consumers to be cautious about accepting what they see in online messages at face value.”

One thing that individuals can do to keep themselves safe from fraudulent emails, he suggested, is to look “for signs of foul play.” This, at first, may appear challenging simply because offenders regularly use the same logos and symbols used by legitimate vendors. They also tend to stress that the issue (or issues) raised in the email is time-sensitive. An urgent response, the recipient is told, is of prime importance.

People should always carefully read and scrutinize emails before interacting with them. For example, said Lee, “a fraudulent email from FedEx may contain a subject line/title comprised of a collection of nonsensical numbers (such as ‘No. 17283’) or include language that emphasizes a time-sensitive matter (such as ‘URGENT: PERSONAL INFORMATION WAS SENT TO YOU’).”

Moreover, the email address may also be hosted on a public email domain, such as Gmail or Yahoo. As obvious as it sounds, legitimate organizations will never send emails using public email domains. Large organizations, Lee stressed, “tend to have their corporate name within the email domain itself (for example, @paypal.com), so even if their legitimate corporate name is listed in the front end of the email address, it is good practice to check if their domain name has it as well.”

Another aspect worth analyzing is the quality of writing. Spelling and grammar mistakes in emails are instant red flags that you, the reader, can identify rather quickly. Moreover, fraudulent emails often address recipients using generic terms like “Dear Customer” and “Dear Friend.”

Finally, when it comes to your personal data, try your very best to keep as much of it offline as possible. Again, try not to outsource your information to Big Tech companies if possible. You can request that your social media platform, health care provider, bank, university, etc., never, under any circumstances, share your information with a third party without your explicit consent.

Although it is becoming increasingly difficult to protect ourselves in these digitally-infused times, exercising vigilance may prove to be the difference between being safe and becoming just another hapless victim of identity theft.