Identity Theft and Fraud Overview

Questions and Answers

What does identity theft traditionally describe?

• Any use of stolen personal information (correct)
• Only the fraudulent use of credit cards
• Creating fictitious identities for online scams
• Only identity fraud activities

Identity fraud includes identity theft.

True (A)

What is the primary aim of criminal record identity theft?

Evading capture or criminal prosecution

Identity theft is often committed by accessing __________, credit cards, or financial records.

employment records

Match the type of identity theft with its description:

Assumption of Identity = Assuming all aspects of another's life Theft for Employment = Fraudulent use of personal information for work Criminal Record Identity Theft = Using a victim's identity to evade prosecution Reverse Criminal Record Identity Theft = Using a victim's identity just to get work

What has been a growing factor in the theft for employment and border entry?

Rise in illegal immigration and alien smuggling (C)

Assumption of identity is common due to its perceived ease.

False (B)

Fraudulent documents for border entry may include alien registration cards and __________.

passports

What is the most common type of identity theft?

Credit Identity Theft (D)

Virtual Identity Theft requires significant effort to be accomplished.

False (B)

Name one reason why measuring the prevalence of internet theft is difficult.

Lack of consistent reporting

The major concern regarding Credit Identity Theft is the creation of ________ accounts.

fraudulent

Match the sources of information with their interests:

Credit reporting agencies = Want to sell protection services Software companies = Want to sell products for protection Popular press = Thrives on consumer fears Government agencies = Monitor crime and protect citizens

What factor contributes to the lack of accurate measurement of internet theft?

Apathy perceptions (D)

Private companies have no vested interest in exploiting consumer fear about internet theft.

False (B)

Which agencies are considered primary sources of information on internet theft?

Credit reporting agencies, software companies, media, government agencies

What is one major factor that complicates measuring the costs associated with victimization?

Loss of consumer confidence (C)

Increasing globalization of communication and commerce is expected to lead to a decrease in cyber crime.

False (B)

What is 'popcorning' in the context of identity theft?

Stealing information by looking for raised flags on outgoing mail.

Searching waste receptacles for identification information is known as __________.

dumpster diving

Which of the following is NOT a method of physical identity theft?

Phishing (D)

Match the physical methods of identity theft with their descriptions:

Mail Theft = Information stolen from mailboxes Dumpster Diving = Searching waste receptacles for identification information Theft of Computers = Physical theft of computers that contain personal information

Credit bureaus primarily exist to help consumers protect their information.

False (B)

What do lenders often avoid creating due to concerns about alienating consumers?

Time-consuming safety measures

Which of the following methods involves fraudulent emails seeking information?

Phishing (C)

Spyware is primarily used for capturing information to achieve identity theft.

True (A)

What type of fraud involves strangers deceiving people into providing financial information?

Advance-fee/419 fraud

Malware that redirects traffic to an undesired site is known as ______.

Redirector

Match the following terms with their descriptions:

Spyware = Captures user information Keyloggers = Records keystrokes such as passwords Trojans = Pretends to be legitimate software Botnets = Collectively controlled networks of compromised computers

What is pharming primarily concerned with?

Redirecting connections from legitimate IP addresses (D)

Phishing Trojans are used solely to create botnets.

False (B)

What is the purpose of keyloggers in cyber crime?

To record keystrokes and capture sensitive information like passwords.

What is the first phase in the process of identity theft/fraud?

Procure stolen identifiers (D)

Insurance fraud only involves obtaining government loans.

False (B)

Name one consequence of immigration fraud.

Securing a border crossing or obtaining immigration benefits.

Identity theft/fraud typically involves a ____-phase process.

four

Match the types of fraud to their descriptions:

Identity Theft/Fraud = Anonymous entry into private areas to transfer resources Insurance Fraud = Pocketing money from government loans Immigration Fraud = Securing a border crossing Data-Selling Companies = Selling personal information without oversight

Which recommendation involves enhancing security measures against identity theft?

All of the above (D)

Victims of identity theft can petition the court for a finding of factual innocence.

True (A)

What is one method proposed to protect personal identifying information?

Restrict access to social security numbers.

What is the most common type of identity theft?

Credit Identity Theft (B)

Virtual identity theft requires significant effort to accomplish.

False (B)

Name one reason why measuring the prevalence of internet theft is difficult.

Lack of mandatory reporting

The vested interest of private companies often ________ consumer fear.

exploits

Match the following sources of information with their interests:

Credit reporting agencies = Selling protection services Software companies = Selling security products Popular media = Thriving on consumer fears Government agencies = Regulating cyber crime

Which of the following is a primary information source regarding identity theft?

Credit reporting agencies (D)

Delayed notification of victimization is one reason measurement of internet theft is complicated.

True (A)

What complicates consistent prosecution of cyber crime on a national level?

Lack of national standards

What is the primary characteristic of identity fraud?

Involves the use of stolen personal information (A)

Reverse criminal record identity theft is used to evade capture from law enforcement.

False (B)

What illegal activity has been growing due to the increase in illegal immigration?

Theft for employment and border entry

Assumption of identity is considered ________ due to its difficulty.

rare

Match the types of identity theft with their descriptions:

Assumption of Identity = Involves assuming all aspects of another's life Criminal Record Identity Theft/Fraud = Used to evade capture or gain employment Theft for Employment and/or Border Entry = Fraudulent use to gain work or entry Reverse Criminal Record Identity Theft = Using a victim's identity to gain work

Which of the following is NOT a type of identity theft?

Proximity Theft (B)

The growing presence of fraudulent documents for border entry primarily includes passports and citizenship documents.

True (A)

What is the aim of criminal record identity theft?

Evading capture or criminal prosecution

Which of the following is a type of phishing variation that involves redirecting users to a fake site?

Pharming (D)

Spyware can be used to achieve identity theft.

True (A)

Which method of identity theft is characterized by the use of shell companies to gather personal information?

Fraudulent/Fictitious Companies (C)

Child identity theft is often committed by strangers rather than parents.

False (B)

What type of malware redirects traffic to an undesired site?

Redirector

A(n) __________ is software designed to record keystrokes, often used to capture passwords.

keylogger

What physical method of identity theft involves stealing personal information through manipulated ATMs?

ATM Manipulation

The use of __________ is a common physical method of identity theft that targets personal information on credit/debit cards.

Card Skimming

Match the following terms with their descriptions:

Phishing = Fraudulent emails seeking personal information Trojans = Malware disguised as legitimate software Keyloggers = Records keystrokes on a computer Botnets = Networks of infected devices used to spread malware

Match the following physical methods of identity theft with their descriptions:

Bag Operations = Theft of intelligence in hotel rooms Insiders = Threats posed by employees Card Skimming = Theft of card information ATM Manipulation = Stealing information from ATMs

Which of the following describes advance-fee/419 fraud?

A promise of financial gain in exchange for personal information (C)

Which of the following statements best describes a challenge regarding child identity theft?

It often falls outside child welfare agencies' purview. (C)

All Trojans have a malicious intent.

False (B)

Name one purpose of crimeware.

Identity theft

The international nature of the web reduces the number of potential victims of identity theft.

False (B)

What is the term used for theft of personal information from the magnetic strip of credit/debit cards?

Card Skimming

What is a common fraudulent act enabled by identity theft/fraud?

Opening new bank accounts (A)

Insurance and loan fraud can involve disappearing after pocketing government loans.

True (A)

What type of unique data should be included in the definition of personal identifying information according to the recommendations?

Biometric data

A central repository of vital statistics should be established to improve __________ practices.

identity authentication

Match the types of fraud with their descriptions:

Identity Theft = Unauthorized use of personal identifiers Insurance Fraud = Obtaining funds under false pretenses Immigration Fraud = Securing immigration benefits through deceit Loan Fraud = Fraudulently applying for financial loans

Which act is NOT recommended to enhance protection against identity theft?

Exporting personal information to foreign countries (B)

Enhanced identity authentication practices can help reduce the chance of identity fraud.

True (A)

Name one recommended action to protect victims of identity theft.

Provide civil remedies for victims

What is the most common type of identity theft?

Credit Identity Theft (C)

Virtual Identity Theft requires significant effort to be accomplished.

False (B)

Name one factor that complicates the measurement of internet theft.

Inconsistent reporting by law enforcement

The primary information sources regarding identity theft include credit reporting agencies, software companies, and __________.

government agencies

Match the examples of identity theft with their descriptions:

Virtual Identity Theft = Developing a fraudulent online persona Credit Identity Theft = Creating fraudulent financial accounts Medical Identity Theft = Using someone else's medical information Employment Identity Theft = Assuming another person's identity for job purposes

Which of the following is a reason why the prevalence of internet theft is difficult to measure?

Lack of mandatory reporting (A)

Private companies have vested interests in lessening consumer fear regarding internet theft.

False (B)

What complicates consistent prosecution of cyber crime on a national level?

Jurisdictional discrepancies

What type of identity theft involves creating a credible identity to gain employment or border entry?

Theft for Employment and/or Border Entry (B)

Assumption of Identity is a common form of identity theft due to its perceived ease.

False (B)

What is the primary aim of criminal record identity fraud?

Evading capture or criminal prosecution

_________ involves the fraudulent use of identifying information of a real or fictitious person.

Identity fraud

Match the following types of identity theft with their descriptions:

Theft for Employment = Fraudulent use to gain employment or entry Assumption of Identity = Assuming all aspects of another’s life Criminal Record Identity Fraud = Lying to evade criminal prosecution Reverse Criminal Record Theft = Using a victim's identity to get work

Which document is commonly used in fraudulent activities for immigration purposes?

Alien Registration Card (A)

Criminal record identity theft involves using someone's identity to help them secure a job.

True (A)

Fraudulent use of _______ information is a major component of identity fraud.

identifying

Which of the following factors complicates the measurement of victimization costs?

Delay in victim awareness (D)

The primary method of identity theft is through financial records.

False (B)

What is 'popcorning' in the context of identity theft?

Stealing information by looking for raised flags on outgoing mail.

One method of identity theft involves searching waste receptacles for identification information, known as __________.

dumpster diving

Match the following physical methods of identity theft with their descriptions:

Mail Theft = Stealing information from mailboxes Dumpster Diving = Searching for identification information in trash Theft of Computers = Physically stealing computers containing personal data

What is a reason for expected increases in cyber crime?

Increased globalization of communication (D)

Credit bureaus primarily benefit from selling protection services.

True (A)

Name one method that can be proposed to protect personal identifying information.

Enhancing security measures such as using strong passwords.

What is the first step in the typical four-phase process of identity theft/fraud?

Procure stolen identifiers (A)

Immigration fraud solely aims to secure employment opportunities.

False (B)

Name one recommendation aimed at preventing identity theft.

Establish a central repository of vital statistics.

Identity theft/fraud typically involves a ____-phase process.

four

Match the following types of fraud with their descriptions:

Insurance Fraud = Obtaining government loans and disappearing Immigration Fraud = Securing immigration benefits or border crossing Identity Theft = Using another person's personal information for financial gain Credit Fraud = Opening unauthorized accounts in another person's name

Which of the following recommendations restricts the access and publication of sensitive information?

Ban the sale of social security numbers (A)

Providing civil remedies for victims is one of the recommendations for combating identity theft.

True (A)

What is a proposed method for victims to control their credit information?

Consumer-initiated credit 'freezes' or 'blocks'.

Which of the following is a method used in child identity theft?

Identity theft by parents (B)

Insider threats are a minor concern in identity theft.

False (B)

What is a common problem associated with child identity theft?

Delayed identification

Card skimming involves the theft of personal information encoded on the __________ of a credit or debit card.

magnetic strip

Match the following identity theft methods with their descriptions:

Bag Operations = Theft of intelligence by governmental operatives ATM Manipulation = Stealing personal information via fraudulent ATMs Fraudulent Companies = Creation of shell companies for personal information Child Identity Theft = Theft typically committed by parents

Which of the following statements about physical identity theft is accurate?

It can involve theft by insiders such as employees. (C)

Fraudulent companies often operate transparently and openly.

False (B)

What is one primary characteristic of internet-facilitated identity theft?

Capitalizes on the efficiency of the world wide web

What is the most common type of identity theft?

Credit Identity Theft (A)

Virtual Identity Theft requires a significant amount of effort to accomplish.

False (B)

Name one reason why measuring the prevalence of internet theft is difficult.

Lack of reporting by law enforcement

The vested interest of private companies often ________ consumer fear about internet theft.

exploits

Match the types of identity theft with their characteristics:

Virtual Identity Theft = Developing a fraudulent online persona Credit Identity Theft = Creation of fraudulent financial accounts Physical Identity Theft = Stealing physical documents for identity usage Employment Identity Theft = Using stolen identity for job applications

Which of the following is a primary source of information on internet theft?

Credit reporting agencies (C)

A lack of national standards in measurement leads to more accurate data on internet theft.

False (B)

What is a common consequence of Credit Identity Theft?

Creation of fraudulent accounts

Which of the following factors is NOT a contributor to the expected increase in identity theft?

Enhanced security measures by lenders (D)

Popcorning involves stealing information from mailboxes by looking for raised flags that signal outgoing mail.

True (A)

What is one common method of physical identity theft that involves searching for personal information?

Dumpster diving

The physical theft of computers, especially laptops, often occurs in places like __________.

airports

Match the following methods of identity theft with their descriptions:

Mail Theft = Stealing information from mailboxes Dumpster Diving = Searching waste receptacles for ID Theft of Computers = Physical stealing of computers

Why is measuring the costs associated with victimization particularly challenging?

Losses can take forms beyond just dollar amounts (A)

Credit bureaus benefit financially by selling protection against identity theft.

True (A)

Name one reason why lenders avoid creating extensive safety measures.

Concerns about alienating consumers

What is a common document used in theft for employment and border entry?

Alien registration card (A)

Assumption of identity is a common method due to its ease of execution.

False (B)

What primary aim does criminal record identity theft serve?

Evading capture or criminal prosecution

Fraudulent documents used in identity theft may include __________ visas.

nonimmigrant

Match the following types of identity theft with their purposes:

Assumption of Identity = Taking on all aspects of another person's life Criminal Record Identity Theft = Evading capture or prosecution Theft for Employment = Gaining work through false information Reverse Criminal Record Identity Theft = Using a victim's identity to obtain employment

Which of the following best describes identity fraud?

The illegal use of someone else's identifying information (A)

Criminal record identity theft often involves the victim being unaware of their identity being misused.

True (A)

What is the growing issue related to employment fraud and identity theft?

Illegal immigration and alien smuggling

What does pharming primarily involve?

Redirecting users to a fake website (A)

Trojans can appear to serve a legitimate purpose but may also contain malicious components.

True (A)

What is the purpose of keyloggers in the context of cyber crime?

To record keystrokes including passwords and other sensitive information.

The type of fraud where individuals are deceived into providing financial information due to a promise of windfall is known as __________.

advance-fee fraud

Match the following methods with their descriptions:

Spyware = Captures information by taking control of computer interactions Phishing = Seeks sensitive information through fraudulent communications Botnets = Utilizes compromised systems to launch attacks

Which of the following describes the process of spoofing?

Pretending to be a trusted entity to solicit funds (A)

Crimeware is a term used for software designed to facilitate identity theft.

True (A)

What is the main function of floating windows in browser security?

To obscure the address bar and steal personal information.

What is NOT a phase in the process of identity theft/fraud?

Create a breeding ground for identity theft (A)

Insurance fraud only pertains to personal loans.

False (B)

What is one way to prevent the exportation of personal information to foreign countries?

Prohibit the exportation of personal information.

Three hundred employees were arrested at _________, a major meat processing plant.

Swift & Company

Match the following recommendations with their benefits:

Expand personal identification definition = Inclusion of biometric data for security Develop civil remedies for victims = Legal options for victims to seek justice Enhance identity authentication practices = Stronger measures to verify identities Require oversight of data-selling companies = Protection against unauthorized data sale

Which recommendation is aimed at increasing the security of personal identification?

Prohibit the exportation of personal information (D)

Victims of identity theft can petition the court for a finding of factual innocence.

True (A)

Name one consequence of immigration fraud.

Securing border crossings illegally.

Flashcards are hidden until you start studying

Study Notes

Identity Theft and Identity Fraud

• Identity theft can be used to describe any use of stolen personal information.
• Identity fraud is a subset of identity theft.
• The goal of identity fraud is to create a credible identity through access to credit cards, financial or employment records.

Typologies of Internet Theft/Fraud

• Assumption of Identity is rare due to the difficulty in assuming all aspects of a person’s life.
• Theft for Employment and/or Border Entry involves fraudulent use of stolen or fictitious information to get work or gain entry into the U.S.
  • This type of fraud is increasing because of illegal immigration and alien smuggling.
  • Examples of fraudulent documents include alien registration cards, visas, and passports.
• Criminal Record Identity Theft/Fraud is committed to evade capture and criminal prosecution.
  • It often involves lying to police upon arrest.
• Virtual Identity Theft/Fraud involves using personal, professional, or other aspects of an identity to develop a fraudulent virtual personality.
  • It is easy to accomplish because it requires minimal effort.
• Credit Identity Theft is the most common and most feared type of identity theft.
  • It involves using stolen personal and financial information to create fraudulent accounts.

Prevalence and Victimology

• There are several factors that make it difficult to accurately measure the prevalence of identity theft. These include:
  • Perceptions of apathy.
  • Lack of reporting by local and state law enforcement agencies to federal agencies.
  • Jurisdictional discrepancies regarding how to measure these activities.
  • Selective enforcement based on community standards and departmental resources.
  • Delayed notification of victimization.
  • Vested interest of private companies in exploiting consumer fear.
  • Lack of mandatory reporting and inconsistent prosecution by federal agencies.
  • Lack of national standards in measurement.

Physical Methods of Identity Theft

• Mail theft involves stealing information from mailboxes, including credit card offers, government documents, and passports.
  • Popcorning involves searching for raised flags which signal outgoing mail.
• Dumpster Diving involves searching trash receptacles for identifying information.
• Theft of Computers involves stealing computers, containing personal information, from airports, hotels, homes, and offices.

Virtual or Internet-Facilitated Methods

• Phishing involves sending fraudulent emails or creating fake websites to acquire personal information.
  • Variations include:
    • Spoofing: Uses false, but apparently authentic, communications to solicit funds.
    • Pharming: Redirects a connection from a legitimate IP address to a mirror site.
    • Redirectors: Malware redirects traffic to undesired sites.
    • Advance-fee/419 fraud: Strangers deceive people into providing financial information, often with a promise of a windfall.
    • Phishing Trojans/Spyware: Often installed to create botnets.
    • Floating Windows: Placed over the address bar of a browser to steal personal information.
    • Botnets: Change a website's IP address without changing the domain name to steal information and spread malware.
• Spyware takes control of a computer’s interactions with users to capture information.
• Crimeware is spyware that is used to achieve identity theft and other financially motivated crimes.
• Keyloggers record keystrokes, like passwords, and can be hardware or software.
• Trojans can have an apparently legitimate purpose, but often are actually keyloggers, password-stealers, or installers of back doors.

Crimes Facilitated by Identity Theft/Fraud

• Insurance and Loan Fraud is committed to get government loans, enroll in a legitimate institution, drop out, pocket the money, and disappear.
• Immigration Fraud and Border Crossings involve using fraud to secure a border crossing, obtain immigration benefits, or engage in acts of terror.
  • Example: 300 Swift & Company employees were arrested for falsifying immigration documents.

Conclusions and Recommendations

• Expand the definition of personal identifying information to include biometric data.
• Establish a central repository of vital statistics.
• Develop alternate methods to authenticate identity.
• Prohibit the exportation of personal information to foreign countries.
• Provide victims with the ability to petition the court for a finding of factual innocence.
• Provide for consumer-initiated credit “freezes” or “blocks.”
• Restrict access and publication of social security numbers.
• Ban the sale of social security numbers.
• Require the oversight of data-selling companies.
• Require enhanced identity authentication practices.
• Develop a standardized police report.
• Develop civil remedies and criminal penalties directly proportionate to the loss suffered.
• Provide civil remedies for victims.

Identity Theft and Identity Fraud

• Identity theft encompasses any use of stolen personal information, while identity fraud is a subset of identity theft, specifically involving the fraudulent use of identifying information.
• Identity fraud involves the creation of a credible identity using information like credit cards, financial records, or employment records.
• Typologies of Internet Theft/Fraud
  • Assumption of Identity: A rare form of theft where someone assumes all aspects of another person's life.
  • Theft for Employment and/or Border Entry: Often tied to illegal immigration or alien smuggling, this involves using stolen or fictitious information to secure jobs or gain entry into the United States.
  • Criminal Record Identity Theft/Fraud: This type of fraud aims to evade capture or criminal prosecution, often involving false claims to law enforcement during arrests.
  • Virtual Identity Theft/Fraud: Using personal, professional, or other aspects of an identity to develop a fraudulent online persona.
  • Credit Identity Theft/Fraud: The most common and feared form, using stolen personal and financial information to create fraudulent credit accounts.

Prevalence and Victimology

• Statistics on identity theft are difficult to accurately measure. Contributing factors include:

  • Perception of apathy: Victims may not report theft due to a feeling of helplessness.
  • Lack of consistent reporting: Local and state law enforcement don't always report identity theft to federal agencies.
  • Jurisdictional inconsistencies: Varying definitions and regulations make it difficult to track the crime.
  • Selective enforcement: Resource limitations and community standards influence how local law enforcement addresses the crime
  • Delayed notification: Victims may not be aware of the theft until much later.
  • Vested interests: Private companies capitalize on consumer fear, pushing for protection services and products.
  • Lack of reporting requirements: There are no standardized reporting requirements for identity theft.

• Primary Information Sources:

  • Credit reporting agencies, software companies, media outlets, and government agencies all collect data on identity theft.
  • It's important to consider the agenda of each source. For example, credit reporting agencies and software companies may overstate the frequency of identity theft to sell protective services.

Physical Methods of Identity Theft

• Bag Operations: Intelligence operatives, often working with corrupted hotel staff, steal information from hotel rooms, taking advantage of readily accessible mass storage media.
• Child Identity Theft: Parents often commit this type of theft, leading to challenges in identification and delays, especially since these crimes may not fall under child welfare agency jurisdiction.
• Insiders: Employees, whether intentionally or accidentally, pose a significant risk.
• Fraudulent/Fictitious Companies: Sophisticated schemes frequently involve the creation of sham companies solely to collect personal information.
• Card Skimming: Stolen information is encoded from the magnetic strip of credit/debit cards.
• ATM Manipulation: ATM machines are modified to steal personal information, including PINs, through fraudulent means.

Virtual or Internet Facilitated Methods

• The internet's accessibility and lack of emphasis on security make it a prime target for identity theft.
• Phishing: Fraudulent emails and websites are used to collect personal information (e.g., Nigerian 419 scams). Identifying perpetrators is challenging.
  • Spoofing: Scams using false but authentic-seeming communications to request funds.
  • Pharming: Redirecting internet traffic from legitimate sites to fake mirror sites.
• Redirector Software: Malware that directs internet traffic to unwanted websites.
• Advance-Fee/419 Fraud: Individuals are tricked into providing financial information by promises of large sums of money.
• Phishing Trojans or Spyware: These often install botnets to steal information and spread malicious software.
• Floating Windows: These appear over web browser address bars to steal information.
• Botnets: Botnets change website IP addresses while maintaining the same domain names, enabling information theft and malware dissemination.
• Spyware and Crimeware:
  • Spyware: Software that monitors a user's computer activity and captures information.
  • Crimeware: Spyware used specifically for identity theft and other financial crimes.
• Keyloggers and Password Stealers: These devices record keystrokes, including sensitive information like passwords.
• Trojans: Software that appears to be legitimate but may actually contain keyloggers, password stealers, or backdoor access tools.

Crimes Facilitated by Identity Theft/Fraud

• Identity theft often serves as a method for anonymously accessing private areas and transferring resources.
• Four-phase process:
  1. Obtaining stolen identifiers.
  2. Creating or obtaining a breeder document (e.g., birth certificate, driver's license).
  3. Using the breeder document to create additional fraudulent documents.
  4. Employing the fraudulent identity to commit a crime.
• Insurance and Loan Fraud: Stolen identities are used to obtain government loans, enroll in educational institutions, and then disappear with the funds.
• Immigration Fraud and Border Crossings: Fraudulent information is used to secure border crossings, receive immigration benefits, or engage in acts of terrorism (e.g., a case involving 300 employees arrested at Swift & Company, a meat processing plant).

Conclusions and Recommendations

• Expand the definition of personal identifying information: Include unique biometric data.
• Establish a central repository of vital statistics: This would help in tackling identity theft.
• Develop alternative authentication methods: Seek out less vulnerable ways to verify identity.
• Prohibit the export of personal information: Prevent data from leaving the country and falling into the wrong hands.
• Provide victims with the ability to claim factual innocence: Allow victims to petition courts for official recognition of the theft.
• Implement consumer-initiated credit "freezes" or "blocks": Give individuals control over their credit information.
• Restrict access to and publication of social security numbers: Minimize exposure to this sensitive information.
• Ban the sale of social security numbers: Prevent the exploitation of this critical data.
• Require oversight of data-selling companies: Regulate these companies to ensure they are not facilitating identity theft.
• Implement enhanced identity authentication practices: Improve security measures for online accounts.
• Develop a standardized police report: Ensure that all investigations and reports include consistent data.
• Develop civil remedies and criminal penalties: Establish clear legal consequences.
• Provide civil remedies for victims: Allow victims to seek compensation and justice.

Identity Theft and Identity Fraud

• Identity theft is a broad term encompassing any unauthorized use of someone else's personal information.
• Identity fraud is a specific type of identity theft that involves using stolen personal information for financial gain.
• Identity fraud can involve real or fictitious identities and can affect a variety of aspects of a person's life, including employment, finances, and even immigration status.

Typologies of Internet Theft/Fraud

• Assumption of Identity: This rare form of identity theft involves a person taking on all aspects of another person's life. It is difficult to accomplish because it requires a high level of detail and knowledge.
• Theft for Employment and/or Border Entry: This type of fraud involves using stolen or fabricated personal information to obtain employment or gain entry into the United States. This type of fraud is growing due to an increase in illegal immigration and alien smuggling.
• Criminal Record Identity Theft/Fraud: This involves using a victim's identity to evade capture, criminal prosecution, or to obtain employment.
• Virtual Identity Theft/Fraud: This type of fraud involves using personal, professional, or other aspects of a person's identity to develop a fraudulent online persona. This can occur for innocent or malicious reasons.
• Credit Identity Theft/Fraud: The most common and feared type of identity theft involves using stolen personal and financial information to create fraudulent accounts.

Prevalence and Victimology

• Measuring the prevalence of identity theft is difficult due to a lack of consistency and accuracy in reporting.
• Factors contributing to inaccurate reporting include:
  • Perceptions of apathy by victims
  • Lack of reporting by local and state law enforcement to federal agencies
  • Jurisdictional discrepancies in measurements
  • Selective enforcement based on community standards and departmental resources
  • Delay in victim notification or awareness of victimization
• Other factors influencing the difficulty of accurately measuring identity theft:
  • Vested interest of private companies to exploit consumer fear
  • Lack of mandatory reporting and inconsistent prosecution by federal agencies
  • Lack of national standards in measurement
• Primary sources of information on identity theft include:
  • Credit reporting agencies
  • Software companies
  • Popular and trade media
  • Government agencies
• Each of these sources has its own agenda, including:
  • Credit reporting agencies and software companies that want to sell products and services for protection
  • Popular press outlets that capitalize on consumer fears

Prevalence and Victimology (Continued)

• Measuring the costs associated with identity theft victimization is challenging due to losses extending beyond financial cost.
• Factors affecting the cost of victimization:
  • Loss of consumer confidence
  • Delay in victim awareness
  • General lack of reporting
• Expected increases in identity theft, particularly virtual methods, due to:
  • Increasing globalization of communication and commerce
  • Lack of cooperation by lenders and consumer reporting agencies
  • Reluctance of lenders to alienate consumers with time-consuming safety measures
  • Profitability of credit bureaus from selling protection
  • Increased outsourcing of information and services

Physical Methods of Identity Theft

• Mail Theft: Stealing information from mailboxes, including credit card offers, government documents, passports and Social Security Statements.
• Dumpster Diving: Searching through garbage for identifying information.
• Theft of Computers: Physical theft of computers, especially laptops, for the purpose of accessing personal information.
• Bag Operations: Intelligence theft conducted by governmental intelligence operatives often in hotel rooms, usually with the help of corrupted hotel employees.
• Child Identity Theft: Typically committed by parents. Increasing dramatically, presenting challenges due to delayed identification and not being within the purview of child welfare agencies.
• Insiders: Employees, intentionally or accidentally, pose a significant threat of identity theft.
• Fraudulent/Fictitious Companies: Sophisticated shell companies created for the purpose of gathering personal information.
• Card Skimming: Theft of personal information encoded on the magnetic strip of credit or debit cards.
• ATM Manipulation: Stealing personal information, such as PINs, through fraudulent ATM devices.

Virtual or Internet-Facilitated Methods

• These methods leverage the accessibility and lack of security inherent in the internet.
• The international nature of the internet expands the potential number of victims.

Crimes Facilitated by Identity Theft/Fraud

• Insurance and Loan Fraud: Using the stolen information to obtain government loans, enroll in educational institutions, and then drop out, pocketing the money and disappearing.
• Immigration Fraud and Border Crossings: Utilizing stolen information to secure border crossings, obtain immigration benefits, and engage in acts of terror.

Conclusions and Recommendations

• Expand the definition of personal identifying information to include unique biometric data.
• Establish a central repository of vital statistics.
• Develop alternate means to authenticate identity.
• Prohibit the exportation of personal information to foreign countries.
• Provide victims with the ability to petition the court for a finding of factual innocence.
• Provide for consumer-initiated credit “freezes” or “blocks.”
• Restrict access and publication of social security numbers.
• Ban the sale of social security numbers.
• Require oversight of data-selling companies.
• Require enhanced identity authentication practices.
• Develop a standardized police report.
• Develop civil remedies and criminal penalties directly proportionate to the loss suffered.
• Provide civil remedies for victims.

Identity Theft and Identity Fraud

• Identity theft encompasses any use of stolen personal information, including identity fraud.
• Identity fraud involves using a credible identity created through access to credit cards, financial or employment records.
• The assumption of identity is rare due to its difficulty.
• Theft for employment and/or border entry involves fraudulent use of stolen or fictitious personal information to get work or gain entry into the U.S.
• Criminal record identity theft/fraud aims to evade capture and criminal prosecution.
• Virtual identity theft/fraud involves using aspects of identity to develop a fraudulent virtual personality, with both innocent and malevolent motives.
• Credit identity theft/fraud is the most common and most feared, involving using stolen personal and financial information to create fraudulent accounts.
• Measuring the prevalence and impact of identity theft is difficult due to:
  • Perceptions of apathy
  • Lack of reporting to federal agencies
  • Jurisdictional discrepancies
  • Selective enforcement
  • Delayed notification or awareness by victims
  • Vested interest of private companies
  • Lack of mandatory reporting and inconsistent prosecution by federal agencies
  • Lack of national standards in measurement
• Primary information sources about identity theft include:
  • Credit reporting agencies
  • Software companies
  • Popular and trade media
  • Government agencies
• Measuring the cost of identity theft is challenging because it extends beyond monetary losses, also including:
  • Loss of consumer confidence
  • Delay in victim awareness
  • General lack of reporting
• Anticipated increases in identity theft are due to:
  • Increasing globalization of communication and commerce
  • Lack of cooperation by lenders and consumer reporting agencies
  • Lenders' reluctance to implement time-consuming safety measures
  • Credit bureaus profiting from selling protection
  • Increased outsourcing of information and services
• Physical methods of identity theft include:
  • Mail theft: Stealing information from mailboxes, including credit card offers, government documents, and passports.
  • Dumpster diving: Searching waste receptacles for identification information.
  • Theft of computers: Physical theft of computers, especially laptops, from airports, hotel rooms, homes, and offices, due to their storage of personal information.
• Virtual or Internet-facilitated methods of identity theft include:
  • Phishing: Using fraudulent emails and fake websites to solicit information.
  • Spoofing: Soliciting funds via false, but apparently authentic communications.
  • Pharming: Redirecting connections from legitimate IP addresses to mirror sites.
  • Redirectors: Malware that redirects traffic to undesired sites.
  • Advance-fee/419 fraud: Strangers deceiving people into providing financial information through promises of windfalls.
  • Phishing Trojans or spyware: Creating botnets for identity theft.
  • Floating windows: Placed over browser address bars to steal personal info.
  • Botnets: Changing website IP addresses without changing domain names to steal info and spread malware.
• Spyware: Takes control of computer interactions with users to capture information.
• Crimeware: Spyware used for identity theft and other economically motivated crimes.
• Keyloggers: Record keystrokes, like passwords, through hardware or software.
• Trojans: Seemingly legitimate programs that often contain keyloggers, password-stealers, or backdoor installers.
• Identity theft/fraud facilitates anonymous entry into private areas for resource transfer through a four-phase process:
  • Procure stolen identifiers.
  • Create or secure a breeder document (birth certificate, driver's license, etc.).
  • Use breeder documents to create additional fraudulent documents and solidify an identity.
  • Employ fraudulent identity to commit criminal acts.
• Identity theft/fraud is involved in:
  • Insurance and loan fraud: Obtaining government loans, enrolling in legitimate institutions, dropping out, pocketing money, and disappearing.
  • Immigration fraud and border crossings: Securing border crossings, obtaining immigration benefits, and engaging in acts of terror.
• Recommendations to combat identity theft include:
  • Expanding the definition of personal identifying information to include unique biometric data.
  • Establishing a central repository of vital statistics.
  • Developing alternate means to authenticate identity.
  • Prohibiting the exportation of personal information to foreign countries.
  • Providing victims with the ability to petition the court for a finding of factual innocence.
  • Providing for consumer-initiated credit “freezes” or “blocks”.
  • Restricting access and publication of social security numbers.
  • Banning the sale of social security numbers.
  • Requiring oversight of data-selling companies.
  • Requiring enhanced identity authentication practices.
  • Developing a standardized police report.
  • Developing civil remedies and criminal penalties directly proportionate to the loss suffered.
  • Providing civil remedies for victims.