How to prevent identity theft
Name: Kevin Goes
Age: 30
The fraud: A copy of his passport was stolen
The cost: It was claimed he owed more than €16,000 in unpaid rent
Kevin Goes read the letter again. Was it a joke? It was April 1, 2015, and it was from a debt collection agency. It seemed to claim he owed 13,101.27 euros in rental arrears—but how? Kevin, 30, always paid his rent on time. Yet here were his name, date of birth and Dutch social security number. This must be a mistake, he thought.
Seeking friends’ guidance, Kevin posted the letter on his Facebook page—and learned that he knew a woman who worked at the same debt collection agency. She told him that the bill was for a house in a city 185 kilometres away from his home in Heerlen. The sum also included damages, because the building had been used as a cannabis farm. “I didn’t do that,” insisted an incredulous Kevin.
The woman looked at a scanned copy of Kevin’s passport held on the agency’s file. Sure enough, all the details were his—apart from one thing. “The photo doesn’t look like you,” she said. It had been cut and pasted onto a scanned copy of his real passport and offered to the rental agency as ID. The imposter then stopped paying rent. By the time the agency wrote to Kevin, the criminal had vanished.
In the coming weeks, Kevin would spend close to a hundred hours working to erase debts he never racked up, struggling with the stress of it.
A freelance journalist, Kevin believes it all started when he let companies he worked for scan his passport—a normal administration procedure. He never lost hold of the document itself. But, he thinks, hackers must have gained access to one of those firms’ IT systems and stolen the scan. Passports are used across Europe to prove identity when you rent a property. That leaves the door open for abuse if the agency doesn’t ask to see the original.
Kevin’s experience was just one form of ID theft—the deliberate use of somebody else’s credentials for personal gain, usually financial. Your Tax Identification Number (also called a Personal Identification Number, National Insurance Number, citizen number, or National Register Number, depending where you live), date of birth, credit card details, electronic signature, passwords, Facebook profiles and more, can all be collected by criminals.
“The theft of digital identities is a profitable business,” says Barbara Hubner, spokeswoman for Germany’s Federal Criminal Police Office (Bundeskriminalamt, BKA). “Cybercriminals either sell the data through illegal sales platforms in the underground economy or misuse the stolen identities for their own purposes—often frauds involving the purchase of goods.”
Experts and statistics from some European countries suggest ID theft is on the rise. In the UK, fraud prevention body Cifas said it hit an all-time high in the UK in 2017 with 174,523 reported cases. In Germany, a shocking 12 per cent of respondents to a survey by the Technology Review said in July 2018 that they’d been victims of identity theft. The financial impact is severe. A report by global analytics software company FICO in July of 2017 found that losses to card fraud—one common type of ID theft—reached a record high in 2017 of 1.8 billion euros across 19 European countries.
It’s not only about the cash. Victims are suddenly burdened with clearing their names. For Kevin, the clean-up job was especially tough. The debt collection agency dropped the claim against him for the first house, but a month later, another letter arrived, this time asking 3,000 euros in arrears on a rental house in Amsterdam. The agency insisted he pay up and when he protested, he received a court summons. He missed out on days of freelance work as he drove to civil hearings in Amsterdam. “Why are they treating me as a culprit when I’m a victim?” he asked.
The fraudster was finally caught trying to rent a third property when a sharp employee of a rental agency called the police. Yet the court hearings went on regardless. The judge found in his favour by December 2015, but it wasn’t until June 2017 that all the debts taken out in Kevin’s name were officially cancelled. “You don’t feel safe anymore,” he says. “Everything is so open.”
Kevin was lucky. The debts racked up never officially registered on his credit rating—the files kept by credit reference agencies to tell lenders whether a person is creditworthy or not. He believes that’s because he responded so quickly to tell debt agencies it wasn’t him. But one of the most far-ranging impacts for many victims is that their credit rating is reduced. Once that happens, it takes an average of 300 hours to reverse, according to John Webb, consumer affairs executive at credit agency Experian, which operates in 37 countries including Germany, France and Sweden. “If you’re at the point of applying for any kind of credit, even as simple as a mobile phone contract, it’s going to have an impact,” says Webb. Interest rates could be higher, or lenders may be scared off entirely.
Kevin’s story isn’t unusual. But there are things you can do to protect yourself.
Find out the creepy things your smartphone knows about you.
Protect your documents and digits
The European Commission has found that some 16 per cent of ID fraud involves the abuse of identity documents themselves. Passports and the national ID cards issued by EU member states apart from the UK, Ireland and Denmark, can all be stolen and used to draw loans or even travel in your name.
The EC is so concerned that in April 2018 it proposed a new law to improve the security of its member states’ ID cards. If passed, the cards would need to include biometric facial and fingerprint data—as passports do now―making them harder to tamper with. An EC spokeswoman tells Reader’s Digest it also means ID thieves would be easier to spot whenever the document is checked, especially at borders. “EU systems will be able to verify if, for instance, one person’s fingerprint also appears in another database, but under a different name,” she says.
To help keep your passport or ID card safe, keep it in a secure place, don’t take it out unnecessarily; report any loss immediately, and use hotel safes when travelling.
But as Kevin’s story shows, it’s not only the hard-copy document that counts. Copies can be abused, too. As if that weren’t enough, your government-issued tax identification number can also be used by a fraudster.
You lose control of the security of your ID documents whenever you hand a copy to a rental agency, a hotel or a prospective employer. Experts recommend offering just to show the physical ID—or, if they really need to scan it, ask if you can cover your personal data. Use password protection when storing copies on your own computer too.
Change your settings immediately if you use any of these passwords.
Keep your mail secure
Name: Therese Ramstad Moen
Age: 30
The fraud: Her bank card was stolen from her mailbox
The cost: The thief racked up a €6,000 retail bill
In January 2017 Therese Ramstad Moen, 30, ordered a new bank card to her address in Oslo. But it didn’t arrive within a week as she expected. A few days later, she got an invoice from an electronics store where she’d supposedly bought some goods “on credit” to the value of about €2,000. In Norway, bank cards have photographs on them and can be used as ID to take out credit in a store—allowing the customer to take the product home on the spot. She drove to the shop and told staff: “I didn’t buy any of this.”
Over the next two days, Therese received more invoices. In total, they said she was liable for about €6,000 with seven different retailers. She called her bank and the police. Thankfully she didn’t end up having to pay the money, because the police caught the woman who had stolen Therese’s details along with those of 55 others.
It turned out the thief was a nurse at Oslo’s Lovisenberg Diakonale Hospital, where Therese had had surgery a year earlier. She was convicted, sent to jail for two-and-a-half years and banned from working as a nurse for five years. Therese believes that information was used to find her address and then steal her bank card from the locked mailbox in the bottom of her apartment building. “It’s pretty terrible—a nurse. You want to trust someone when you go to hospital,” she says. Therese is worried her details could still be lurking online and being bought and sold by thieves.
Therese’s case shows how ID thieves love to target mail—a treasure trove of personal data. According to John Webb, moving around a lot leaves your mail very vulnerable, “particularly for those living in properties with shared mailboxes or shared entries,” he says. Switching to paperless billing can help, and if you’ve moved recently, make sure to redirect mail immediately. And watch out not to share information on social media about when you will be on holiday. “That can be an invitation [to thieves],” warns Webb.
Google knows a lot more about you than you originally thought.
Beware of common scams
Some of the most common thefts take place when a thief preys on a victim’s emotion. One well-known technique is phishing, which is an electronic attempt to get access to sensitive information by posing as a trusted source. For example, Sean Sullivan, security advisor at Helsinki-based cyber safety firm FSecure, received an email claiming to be from Amazon, which said it needed more information to deliver a package he was waiting for. It urged him to enter the log-on details for his Amazon account. “My hand was reaching to enter the details before my brain said, ‘That’s fake!’ ” he says. The scammers send out a huge number of emails, and some who receive it—like Sullivan—are bound to be expecting an Amazon package. The scam is simple and easy to believe. Phishing can also be done by phone, called vishing.
Each time somebody appeals to your emotions over personal data, think twice. Watch out for any communications that trigger feelings of worry—such as a phone call saying your bank card was stolen, asking for your PIN number—or frustration, as in Sean Sullivan’s case. “Don’t get emotional, because it’s then you’ll fall for a trap,” he says. If somebody has called you, tell them you’ll call them back—then find the institution’s genuine number online. Meanwhile, he says, you can set up separate email addresses with services such as Gmail to deal with specific tasks like banking, and only ever give that address to your trusted financial institution. That way, if you get a message about your bank account in your regular inbox, you’ll know it’s a fake.
This is why you should never link your phone number to your Facebook account.
Stay safe online
Europeans are still terrible at writing effective passwords, according to global security software provider SplashData. Its survey of worst passwords for 2017 found nearly 10 per cent of people—who were mostly from Western Europe and North America—are still using painfully awful keys such as “123456” and “qwerty.” Don’t use obvious dates like your birth date, or family names. Use different passwords for each account. You can use a password manager, software that generates and stores complex codes so that you can access them in one secure place on your hard drive or file-hosting service.
It isn’t only that. Using public, unsecured Wifi means many of your transactions can be seen by anybody listening in. “Public Wifi is very useful,” says Sullivan. “But I would highly recommend using a VPN,” he adds, referring to programs such as TunnelBear or Freedome, for example, which create a private network that is safe to use. You should also password-protect your home Wifi and ensure your passwords aren’t auto-filled on your iPad, laptop or phone because, although it’s convenient, anybody who steals your device then has all your details.
Barbara Hubner adds, “every user of the World Wide Web can fall victim to identity theft.” They should treat their data with care and become suspicious when requested to disclose personal details. “At the same time, service providers should be obliged to ensure the safety of data obtained from customers and to establish adequate authentication mechanisms,” she said.
A global network of scammers is targeting older people through dating websites—here’s how to avoid becoming a victim.
Watch your accounts
Name: Kara Eigl
Age: 38
The fraud: Her bank details were stolen but it is not known how this was done
The cost: Because the fraud was caught early, the amount stolen was not large
For Kara Eigl, 38, it began when she got a letter at her London home in August 2017 from a credit reference agency. It told her she’d been flagged up as a possible ID fraud victim, and that she should check her bank statements. Poring over her records, she discovered a £38 monthly direct debit payment she didn’t recognize. The bank said the payment was linked to a mobile phone contract. Fraud specialists point out that lets the fraudster claim a high-value device without attracting attention. Kara told the bank it wasn’t her, and they refunded the money.
Too few people check their bank statements and credit reports, says Experian’s John Webb—even though both provide vital clues to theft. A glance at a credit report will quickly show any applications in your name.
Webb recommends you ask credit reference agencies to put a password on your file. That way, any time you apply to borrow money, you’d be asked for the code. Another trick to keep track of your account is to set up alerts with your bank to send you a text with a weekly update on your account or alert you to any payment above a certain pre-arranged amount.
“No one’s ever going to be 100 per cent able to prevent identity theft,” Webb warns. “It’s about just not throwing around or passing on too much information.” He adds reassuringly that credit reference agencies don’t think in terms of blame and will take some of the work off your hands if it happens. “Prevention is the best cure.”
Don’t miss these other steps to preventing identity theft and fraud.