In April 2010, a US court sentenced an Indian named Jaisanker Marimuthu to 81 months in prison. This native of Chennai would hack into brokerage accounts in the US and use them to purchase thinly-traded stocks. Once the prices of these stocks had risen, he would sell his own holdings in those stocks and pocket a neat profit.
In May 2011 and again in June the same year, hackers broke into databases of a popular gaming company and stole millions of passwords of online gamers. In July this year, police in Sacramento, California, busted a gang that installed skimming devices at gas stations in the US. Whenever a customer swiped his card to purchase petrol, the vital details on the magnetic strip of his card would be captured by the skimming device. The gang would then use those details to create a clone of the original card and run up bills on the card owner’s accounts.
In a more benign instance, a student at a Delhi-based management school created a fake account of the Police Commissioner on a social networking site. He then used this account to offer advice to those who wrote to him. In another instance, an impostor created Nobel laureate and economist Amartya Sen’s account on Facebook which he then used to dispense political and economic views that were contrary to those held by the great man.
These are all instances of identity theft, where a criminal steals a victim’s critical information and then misuses it, either for financial gains or sometimes just for some frivolous thrill. This stolen information could include name, signature, phone numbers, address, bank account and credit card details, and more.
Identity thieves could also use your personal details to commit crimes and thus create a criminal record in your name. Thus, identity theft has emerged as a major threat to an individual’s financial as well as personal security.
Modus operandi
On the Internet there are legions of other ways employed to steal confidential information. Criminals could use trojans [a type of malware] that drop keyloggers on your computer. Keyloggers transfer to the hacker’s system your user names, passwords, credit card details, and bank account details as you enter them on your computer.
Another approach is email phishing. The victim receives an email whose header and design make it appear as if it has come from a bona fide organisation, for instance your bank. The email then directs you to a website that is also designed such as to appear similar to the design of the original organisation. At the site, you are encouraged to update critical information, such as your bank account number, password, and even credit card numbers. In reality, however, the site is fraudulent and has merely been set up to entice victims into surrendering information.
A similar approach to stealing information is also adopted over the phone. This is known as ‘vishing’. Here, the criminal may call you, posing as a bank [or any other organisation] employee and try to obtain information under the guise of performing verification on behalf of his organisation.
Does your child use your credit card to play video games online? That too renders you vulnerable to identity theft. Your child may visit sites that appear as gaming sites, but are mere fronts for stealing credit-card information.
Skimming,often happens at retail outlets. The salesperson under some pretext [most often citing that the machine is not working], takes your card out of your sight. He then swipes it in a skimmer, a hand-held device that can read the information on the magnetic strip of your credit card. Later that information could be used either at a place where the physical presence of your card is not required, say, for online purchases, or a clone of your card could be made. Thieves then apply for a change of address, and before you know it, run up vast bills in your name.
What can you do?
As the methods adopted by identity thieves grow more sophisticated, it might appear that victims are fighting a losing battle. To some extent, we are all susceptible to such crimes. Nonetheless, some of the precautions suggested below can keep you out of harm’s way.
Precautions you can take online
Invest in buying an original security software suite such as from Norton or Mcafee or QuickHeal. It has the ability to keep out malware, scan your emails and instant messages with anti-phishing tools, and warn you against mala fide websites and downloads. These software suites have firewalls that can detect trojans and worms and repel attacks by hackers. They can even encrypt data so that it doesn’t get stolen over a public wi-fi network.
Conduct all online transactions at well-known websites that offer data encryption facility [usually these sites state that they are protected by VeriSign or some other reputed firm that offers online security]. As far as possible, do not conduct transactions that require sensitive information while using public computers and public wi-fi networks.
Be wary of indiscriminately opening unsolicited emails. Most people have a large number of online accounts and passwords. A common mistake we all make is to use the same user name and password in all accounts. The problem with this is if one account gets hacked, it will render vulnerable all your other accounts as well.
As far as possible, avoid writing down your user names and passwords [or at least not at obvious places]. Instead commit them to memory. Also, avoid using common passwords such as names and birthdays of close relatives.
If you hold a number of credit cards and do a lot of online transacting, you could even consider buying an insurance policy from a general insurer. This will take care of liabilities arising from all your cards. Once you are covered, an alert sent to the insurance company [in case you feel your safety has been compromised] will block all your cards, thereby limiting your losses.
Register for mobile alerts with your bank and credit card issuer so that you are alerted at once if any transaction takes place in your bank account or card. If your address or mobile number changes, have this information updated. Make sure that you receive monthly statements both from your bank and credit card issuer. If these statements don’t arrive, follow up and make sure that they do. As soon as these statements arrive, scan them for transactions you may not have conducted.
Precautions you should take in the real world
Identity theft doesn’t just happen online; it takes place in the real world too. For instance, when you apply for a bank account, a mobile phone card, or a piped gas connection, you have to submit photo copies of documents as proof of identity and residence. Criminals, often in connivance with those in positions of authority, use these documents to gain benefits under a false name.
Not all identity thefts are high-tech. Many thieves use pretty old-fashioned approaches to steal vital information about the victim. They could lurk in and around public offices and look over your shoulder to steal personal information as you go about filling up an application form. Many go to garbage dumps and look for documents such as mailers from banks and credit card companies, ATM receipts and the like, to gather information about victims.
When you offer a photocopy of any documents, write the message, “This document is being submitted by … [your name] for the purchase of … [specify the purpose]” at a place within the document so that it can’t be reused by an impostor. Always shred all your vital papers before consigning them to the waste bin.
Over the telephone, never reveal vital information if you have not initiated the call and you do not know the person at the other end of the line.
While there are no guarantees, observing these simple precautions will, to a large extent, keep you safe against identity theft.
This article was first published in the September 2012 issue of Complete Wellbeing.
Spot an error in this article? A typo maybe? Or an incorrect source? Let us know!