Identity Theft Is Usually an Unsophisticated Crime 86
apatrick writes "A recent research report by Heith Copes (University of Alabama at Birmingham) and Lynne Vieraitis (University of Texas at Austin) has examined identity thieves and their methods. Copes and Vieraitis searched federal court records in the US for people convicted of identity theft and then tried to find out where they were serving their sentences. They were able to find 297 inmates, from which they sampled 59 inmates in 14 prisons across the country. The convicts agreed to do detailed interviews, in private, to talk about themselves and their crimes, and the results are reported in a recent issue of Criminal Justice Review. According to Copes and Vieraitis, 'it is best categorized as an economic crime committed by a wide range of people from diverse backgrounds through a variety of legitimate (e.g., mortgage broker) and illegitimate (e.g., burglar) occupations.' As to the issue of whether these are white-collar criminals, the authors say: 'Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.'"
people are usually stupid (Score:4, Funny)
news at 11
These are just the ones being caught (Score:5, Insightful)
The sophisticated high tech criminals are not in prison. They're on a beach somewhere enjoying your money.
Re:These are just the ones being caught (Score:5, Insightful)
And the penalty for identity theft should be the same as the penalty for taking someone's life (because that's what the do, sort of), at least if it's done for criminal reasons.
Taking life is penalized so harshly because it's irreversible.
Re: (Score:1)
Taking life is penalized so harshly because it's irreversible.
The problem is, many convicted murderers get less time than people convicted of identity theft/fraud/tax evasion etc.
Re: (Score:3, Informative)
I don't think that the Federal Correctional Institution near Littleton, Colorado has a beach (hint: he is in prison, as is Fastow).
Re: (Score:3, Interesting)
It is a gated community.
The staff are ready to listen 24/7/365.
You can lift weights on the beach.
You have baseball games and television.
There are no loud radios or drag races nearby.
There are educational opportunities not readily available elsewhere. The Twenty Third Psalm (modified "... I am the meanest bastard in the Valley.") hangs on every wall.
Re:These are just the ones being caught (Score:5, Funny)
The sophisticated high tech criminals are not in prison. They're on a beach somewhere enjoying your money.
The joke's on them. I've applied for a job at Club Med where I'm going to earn back every cent right out of their clammy hands. And thanks to my prompt and courteous service, they won't suspect a thing until it's too late!
Re: (Score:2)
Milton Waddams: Excuse me? Excuse me, senor? May I speak to you please? I asked for a mai tai, and they brought me a pina colada, and I said no salt, NO salt for the margarita, but it had salt on it, big grains of salt, floating in the glass...
Mexican Waiter: Lo siento mucho, senor.
[Under his breath] Mexican Waiter: Pinche gringo.
Milton Waddams: [as the waiter walks away] And yes, I won't be leaving a tip, 'cause I could... I could shut this whole resort down. Sir? I'll take my traveler's checks to a com
Re:These are just the ones being caught (Score:5, Funny)
Re: (Score:1, Funny)
So all of the thieves they found in prison had been caught. Hmm...
Re:These are just the ones being caught (Score:5, Insightful)
This sounds like my door-to-door survey which indicates that homelessness is a complete myth. Or my phone survey where I did a random sampling from the Yellow Pages and discovered that not a single person has so far given up their land-line.
Sample error? (Score:5, Interesting)
This is a self selected sample of people who were stupid enough to get caught. The sophisticated ones generally don't get caught, or at least not so quickly.
Re: (Score:2, Insightful)
The sophisticated ones generally don't get caught, or at least not so quickly.
They usually get caught because they become complacent or greedy. It's a statistics game: And one they will lose because they are human and will make a mistake eventually. Usually, the mistake is because of one of those two reasons.
Re: (Score:1)
Some argue that interviews with active, free-ranging offenders have numerous advantages over those with incarcerated offenders (Jacobs & Wright, 2006). Purportedly, findings based on inmate interviews may be biased because the participants are âoeunsuccessful,â fearful of further legal sanctions, and likely to reconstruct their offenses in an overly rational manner. However, many of these claims against captive populations are overstated (Copes & Hochstetler, in press). In fact, a recent study examining target selection of burglars found a âoestriking similarityâ between studies using free-ranging and prison-based samples (Nee & Taylor 2000, p. 45). Little is gained by denying that the interview setting colors narratives or that conversations with social scientists are not different than what might be said elsewhere. Yet offenders appear to report similar patterns of behavior regardless of how they were originally contacted or where they were interviewed. Semistructured interviews were used to explore
Re: (Score:2)
I would think that there would still be a selection bias in play in the free-range vs incarcerated study. After all, even if the police haven't caught up to you, the researchers apparently have.
Re: (Score:2)
Yeah, my thoughts went along these lines:
Smart, sophisticated people don't need to steal to start with
Smart sophisticated people who DO steal aren't likely to be caught
The sample comes from a prison population, thereby demonstrating that they are NOT smart & sophisticated
If any of our sample population really IS smart and sophisticated, he was caught due to complacency and/or laziness, and he's not going to share hes best secrets with the unwashed masses unless it buys him an early release
Most definitel
Re: (Score:2)
If any of our sample population really IS smart and sophisticated, he was caught due to complacency and/or laziness...
Bad luck happens, you know...
Re: (Score:2)
I don't know about identity thieves, per se, but the STUPID bitch that stole a tenant's check out of our mailbox took it to her bank and cashed it on her own account. She's doing time, the twit that cashed it probably still works there.
Re: (Score:1)
Checkbooks (Score:4, Interesting)
Re:Checkbooks (Score:4, Insightful)
i still can't believe how many people write checks because they think it's safer than computers. that one piece of paper gives a thief your name, sometimes your address, bank account # and the ABA routing #. if it's someone working in a mail room they can just copy the address from the envelope if you don't have it on the check. Then they can buy the rest of the info for cheap from some company and they have your entire profile. if you own property then all your info is available via your county courthouse and some company that organizes all this info.
Re:Checkbooks (Score:4, Insightful)
and if you're one of the idiots writing a check to pay for a retail purchase because you think credit cards are evil then the store probably puts all kinds of other info on the check like driver's license # to track you down in case it bounces
Re:Checkbooks (Score:5, Interesting)
Having worked in retail and foodservice industry, I hate checks. I'm flabbergasted that any retail outlets still take them.
The rate of fraudulent checks accepted at retail is astronomical; in foodservice it's even worse. The last check-accepting restaurant I worked at that had nearly a 50% rate of fraud on them; mostly from checks being written against closed accounts. The vast majority of these bad checks we never saw a cent from.
The corporate office required that we accept checks as a form of payment; they were located in some rural ghost town, where debit card use still hasn't caught on, and set national policy based on that. In a modern urban area, Visa/MC logo'd debit cards have all but replaced paper checks, and the only people who still use them are the fraudsters.
Checks are terrible, for both those using them and those accepting them.
Re: (Score:2)
Even sadder is that the banks are fully responsable for setting the whole scheme up and refuse to take responsibility for the hell it creates for identity theft victims.
Then because apparently that's not insecure enough, they accept "check by phone" and refuse to flag your account as not allowing them.
Then they bend over backwards with all sorts of "security features" that supposedly prevent check fraud as if they won't cash a check that's hand written on a sheet of paper (they will).
Sure it is. (Score:2)
When a thief uses the credit card, you just block the charges. Done.
When a thief has your checkbook, he can write all the checks and the money's out of your account.
Retailers are finally getting serious about it (Score:5, Interesting)
i have a store credit card that my wife uses once every few months to buy something. usually baby clothes. a lot of times the card is in the drawer and she would just go the store and tell them my name and they would find the card in the system and ring up the sale. now she says they want to know identifying information like driver's license expiration date, SSN, birthday, etc. she asked about this and they said that they were losing too much money to ID theft.
back in 2006 and 2007 no one cared since business was good. when a recession hits you start to look at every penny you can save
Re: (Score:2)
Yeah, 'cause we all know how smart it is to give strangers who're selling you stuff your SSN. FAIL.
If this is how retailers are "smartening up" to ID theft, I'll take my business elsewhere, thanks.
Re: (Score:2)
Capable...? (Score:5, Informative)
Being a successful identity thief, however, is a different story, I believe. Measuring that success by remaining uncaught. It's ridiculous how much of the information necessary to "steal" someone's identity is easily available, without needing to dig very deep. The hardest part would be SS#, but even then it's not that hard to get, considering how often someone asks for mine, and refuses to take anything else.Having lost my entire wallet once, I called the 3 credit monitoring groups and put a fraud watch on it, or whatever it is they called it, and I really think it should be standard. It requires that they contact you personally to verify any new openings of credit cards.
Re: (Score:2, Informative)
The hardest part would be SS#
Actually, SSNs are assigned sequentially. If you have enough of them (even 10% of the dataset would be enormously useful) and a DOB, you can get pretty close. Plus you can eliminate certain combinations: any field with all zeros, for example, is not used. A useful thing to know if you need to give your SSN out to someone other than an employer, bank, or the IRS -- most systems accept the input (no sanity checks, oops), and you can be sure you're not interfering with somebody else's credit doing so.
Re: (Score:3, Insightful)
Why should your bank have a right to your SSN? Only your employer and the SSA have an actual need for the number, to remit the required payments.
Re: (Score:2)
To report the interest income you have earned ostensibly. But also to reduce money laundering and white collar crime, all transactions above some limit, 5K I think (Imagine, if only Elliot Spitzer was hooked on hookers costing less than 5K per charge he might not have been caught). Before you fly off the handle about the unnecessary government intrusion, this wa
Re: (Score:2)
Is there something wrong with my name and address?
Re: (Score:2)
How would he know if you gave him a fake social security number? If they really need yours, you'll find out fairly quickly when they tell you the number you gave didn't check out.
Re: (Score:3, Interesting)
After kicking the guy out, he then called in my information over the phon
Distortion of the truth (Score:5, Interesting)
Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.
No, but that's like saying theft is a mundane crime that requires few technical skills. You'd be right -- the majority of those caught are unsophisticated and generally of low intelligence. The only other common traits is that they're generally desperate and were presented with an opportunity. But if they are organized and sophisticated, like say the mafia, or botnet authors -- those very few people who have refined their skills and moved beyond immediate opportunity and are refining their methodology are capable of far, far, more. And the police are ill-equipped to deal with this sophistication because most people who reach that level of competency have researched police investigation methods -- by trolling the same public records this report did and figured out what the common pitfalls are.
Professional criminals may make up a minority per capita, but their "take" is orders of magnitude higher, and risk exposure orders of magnitude lower.
Re: (Score:1)
Or just having enough money to either hire people to be friendly and inquisitive around off-duty law enforcement staff, hire people to _be_ law enforcement staff as their day job, or bribe existing LEOs. Or all three. Plus have people pose as authors or TV program researchers who want 'accuracy' in their stories. Or just hire someone with a secretarial background to be part of an "internal investigative team"
I was a victim (Score:1, Informative)
The first thing that happened is that the thief simply wrote over the name and dollar amounts on the check with a red felt tip pen, walked INTO a bank and turned it into cash. Apparently at not point did this set off any flags with the teller. That was pretty ea
Re: (Score:2)
I had people opening lines of credit etc in my name a few years ago. One of the applications I got to see had so much information that I was baffled where they had managed to get it. Later one of the investigators told my it was from a university I had taken some classes at. This place was still using your SSN as a student id number, and apparently an employee was passing on information to a ring. It's a real pain to clear up. Since then I've had two data breach notices when companies have lost my informati
In related news... (Score:1)
good news (Score:1)
Regarding dumpster diving (Score:4, Interesting)
I know this is probably something most people have looked down upon, but my friends and I used to dumpster dive at hardware distributors in my area just about every weekend. I got things like tower cases, empty raid chassis, piles of working hard drives, decent office supplies, etc. If not ordained, you'd be amazed at how 'clean' most computer company's dumpsters are. No food waste, diapers, or other grizzly things. Just cardboard boxes, all the anti-static bags you could ever want and the occasional soda can.
We all grew older, made more money and cut out the practice, but I was wondering if any of you currently do this? We would often run into police officers since they are curious about people in a business complex at 12am, but were often friendly and left us to our task. Is this still how it goes? I'd imagine with identity theft, coppers may be a little more agressive with people digging through the garbage.
Re: (Score:2)
But if you're a minister, you'll be completely unsurprised?
Re: (Score:2)
Dumpster diving
I used to do some of it, and I'm not ashamed at all either.
Salvaging trash always seemed like an honest wholesome way to make a few bucks. (I emphasize that last part because it's by no means a license to print money, generally)
I've moved on from it (bigger and better things I suppose you could say; the negative social opinion that some people have is less of an issue to me than the financials)
Re: (Score:2)
Why would anyone be ashamed of dumpster diving? It should be formally organised as a way of re-using (instead of just recycling or trashing) equipment and materials. The planet has enough toxic waste dumps already.
Re: (Score:2)
Exactly.
I'm enlightened about it, so are you, and Awptimus Prime & others, but there are a lot of people who aren't, and as a practical matter, ya still have to deal with that.
I must say, a lot of the people that saw me out on my rounds were quite friendly about things.
To kind of reiterate what I said above, I ratcheted back my level of activity in that area not out of shame, but rather, for financial reasons compared to other things I could be doing. In other words, in that regard I treated it like any
Who would give interviewers all the info anyway? (Score:1)
Don't think so...
Mortgage Brokers... (Score:2)
Sweet! (Score:1)
Correction done for you. (Score:2)
"No particular group has a monopoly on the skills needed to be a capable identity thief who gets got and has left enough trail to be sent to jail."
There! corrected it for you.
Consider who they studied (Score:2)
They talked to the people who got caught. If you are sophisticated, you aren't going to get caught. Bogus study in my opinion.
Dregslist... FTW! (Score:1)
The easiest way I see is Craigslist. Seeing as a mass majority of the job postings on Craigslist are anonymous posters asking for resumes in return for high(these days, average) paying jobs that rarely respond. I'm sure they get tons of resumes to steal ID's that way. I have a resume with all private data asterisked out, it's gone out dozens of times for contract work I am qualified for(over- sometimes). No email responses to initial sending and half a dozen "position filled" from follow-ups. There have bee
The *real* flaw in the system is exposed (Score:4, Insightful)
This entire identity database system, usually based on one or two numeric identifiers, makes tracking people easier. It means larger and larger businesses can exist with larger and larger customers paying them larger and larger amounts of money with a great deal less overhead. The problem is that these relatively simple information "keys" are was is being exploited by identity fraudsters.
I refuse to call it identity theft -- the identity isn't being stolen and the name seeks to imply that the victim is the person whose numeric identifiers are being used to commit fraud against commercial activities. The commercial activities aim to place the burden of the problem onto individuals whose identities are being spoofed instead of accepting the blame for trusting fraudsters too easily. The requirements for proof of identity are too low and it is by no means the fault of the people who have these systems forced upon them. It is the fault of the lenders and other business and government entities who have all adopted this ridiculously simple and vulnerable form of identity verification.
There was a time when a person had to actually SIGN a document or contract to be held liable for a debt or obligation. These days, the requirements are much more trivial and the requirement of evidence is a great deal lower. Now the burden of proof is largely on the people who are literally innocent of any wrong doing while the burden of proof from the victims or plaintiffs (the commercial activities) is really quite low.
The system is VERY weak and VERY exploitable and the people who are most interested in keeping the system going (government and commercial activities) prefer to shift the blame and burden of damages on to innocent parties rather than themselves. "I'm sorry sir, someone has pretended to be you and now your assets are frozen until we can sort this mess out." How is that right, fair or reasonable? The "system" is forced upon us all and so we have little choice or ability to "protect" ourselves. All of the data that is misappropriated usually comes from government and business databases and no so much from the person's own negligence (though I recognize that some is) but the fact is that people cannot "protect" their information when they have to share it with so many strangers so often... strangers who have little if any obligation to safeguard the information and when they do have an obligation to safeguard, often fail with no punishment at all.
In short, the government issues you a number whether or not you use it and it is somehow YOUR problem if someone else were to learn that number and use it to steal from someone else.
Now I know why bank robbers on TV have been known to use Richard Nixon masks when robbing banks! They are not held accountable while Nixon is blamed for the crime.
Re: (Score:2)
I refuse to call it identity theft -- the identity isn't being stolen and the name seeks to imply that the victim is the person whose numeric identifiers are being used to commit fraud against commercial activities.
Try using your identity after someone else has 3 credit cards and an apartment rental tied to it. Good luck explaining that the cards in collections "aren't yours"
Re:The *real* flaw in the system is exposed (Score:5, Insightful)
This is the effect of the system blaming the person whose identity was spoofed rather than blaming themselves or the system in general.
It is a very bad system and punishes the innocent more than it punishes the guilty. The response you describe is exactly why and how this system fails. This system only benefits large government and large business. Why? Because they don't actually have to KNOW their customers to confirm their identities. They only have to know some numbers. Not only does this system serve to strip away human identity, it punishes completely innocent people quite often.
The system either needs to be fixed or done away with. The harm outweighs the benefits.
Re: (Score:2)
Re: (Score:3, Informative)
http://www.lasvegassun.com/news/2009/oct/03/ruling-rattles-mortgage-industry/ [lasvegassun.com]
http://www.nytimes.com/2009/09/27/business/27gret.html [nytimes.com]
Re: (Score:2)
For this comment, we need a "suddenoutbreakofcommonsense" tag. :)
That is really good news. The financial industry is being held accountable for keeping complete and accurate records and data for a change. Someone has challenged the system of the almighty and presumably infallible electronic database god that the system prays to.
Re: (Score:2)
Credit cards companies and even banks are al
If you're in jail, you're unsophisticated (Score:4, Informative)
Anyone who thinks ID theft and the mechanisms used to achieve it are unsophisticated, badly needs to read this [webtorque.org] (700K PDF). Badly.
Re: (Score:2)
In case someone else is interested, google led me to the video of this talk. It was presented at Defcon 2007 and the video is available at http://video.google.com/videoplay?docid=2566542832546263615 [google.com]
Re: (Score:1)
Identity theft...... (Score:1)
Double BS (Score:2)
They didn't just talk to people who got caught.
They talked to people who spend their days doing very little if anything interesting, and gave them the opportunity to spend a good deal of time being paid attention to, and also by having been seen as cooperative may get good marks in their record leading to reduced sentences. These people have already proven themselves willing to be dishonest, yet these "researchers" put these liars in the position of lying and present their answers as truth. For people with
Put pain in the right spot, opportunities will end (Score:2)
This finding underscores the fact that the organizations that don't really verify identity should bear the pain of their mistakes, not the poor slobs whose name was used by the thieves.
If there was support in the legal system that made the burden of proof be on Big Bucks Bank that Joe Schmoe got a credit card, maxed it out, then refused to pay the bill, I bet a lot of so-called "Identity Theft" would disappear quickly. Its a lot less sexy to say that Big Bucks Bank made a poor credit decision than to say
Flawed methodology reminds me of a joke (Score:1)