Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy Security

Identity Theft Is Usually an Unsophisticated Crime 86

apatrick writes "A recent research report by Heith Copes (University of Alabama at Birmingham) and Lynne Vieraitis (University of Texas at Austin) has examined identity thieves and their methods. Copes and Vieraitis searched federal court records in the US for people convicted of identity theft and then tried to find out where they were serving their sentences. They were able to find 297 inmates, from which they sampled 59 inmates in 14 prisons across the country. The convicts agreed to do detailed interviews, in private, to talk about themselves and their crimes, and the results are reported in a recent issue of Criminal Justice Review. According to Copes and Vieraitis, 'it is best categorized as an economic crime committed by a wide range of people from diverse backgrounds through a variety of legitimate (e.g., mortgage broker) and illegitimate (e.g., burglar) occupations.' As to the issue of whether these are white-collar criminals, the authors say: 'Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.'"
This discussion has been archived. No new comments can be posted.

Identity Theft Is Usually an Unsophisticated Crime

Comments Filter:
  • by Anonymous Coward on Saturday October 03, 2009 @12:29PM (#29628217)

    news at 11

  • by Anonymous Coward on Saturday October 03, 2009 @12:30PM (#29628229)

    The sophisticated high tech criminals are not in prison. They're on a beach somewhere enjoying your money.

    • by bitt3n ( 941736 ) on Saturday October 03, 2009 @01:37PM (#29628745)

      The sophisticated high tech criminals are not in prison. They're on a beach somewhere enjoying your money.

      The joke's on them. I've applied for a job at Club Med where I'm going to earn back every cent right out of their clammy hands. And thanks to my prompt and courteous service, they won't suspect a thing until it's too late!

      • Milton Waddams: Excuse me? Excuse me, senor? May I speak to you please? I asked for a mai tai, and they brought me a pina colada, and I said no salt, NO salt for the margarita, but it had salt on it, big grains of salt, floating in the glass...

        Mexican Waiter: Lo siento mucho, senor.

        [Under his breath] Mexican Waiter: Pinche gringo.

        Milton Waddams: [as the waiter walks away] And yes, I won't be leaving a tip, 'cause I could... I could shut this whole resort down. Sir? I'll take my traveler's checks to a com

    • by noidentity ( 188756 ) on Saturday October 03, 2009 @01:54PM (#29628873)
      Here's another one of their findings: "Based on our sample of the identity thieves in prison, we found that every single one of them had been caught. We thus conclude that law enforcement is doing unusually well at catching identity thieves."
  • Sample error? (Score:5, Interesting)

    by jonbryce ( 703250 ) on Saturday October 03, 2009 @12:34PM (#29628259) Homepage

    This is a self selected sample of people who were stupid enough to get caught. The sophisticated ones generally don't get caught, or at least not so quickly.

    • Re: (Score:2, Insightful)

      The sophisticated ones generally don't get caught, or at least not so quickly.

      They usually get caught because they become complacent or greedy. It's a statistics game: And one they will lose because they are human and will make a mistake eventually. Usually, the mistake is because of one of those two reasons.

    • by lapsed ( 1610061 )
      From the published article:

      Some argue that interviews with active, free-ranging offenders have numerous advantages over those with incarcerated offenders (Jacobs & Wright, 2006). Purportedly, findings based on inmate interviews may be biased because the participants are âoeunsuccessful,â fearful of further legal sanctions, and likely to reconstruct their offenses in an overly rational manner. However, many of these claims against captive populations are overstated (Copes & Hochstetler, in press). In fact, a recent study examining target selection of burglars found a âoestriking similarityâ between studies using free-ranging and prison-based samples (Nee & Taylor 2000, p. 45). Little is gained by denying that the interview setting colors narratives or that conversations with social scientists are not different than what might be said elsewhere. Yet offenders appear to report similar patterns of behavior regardless of how they were originally contacted or where they were interviewed. Semistructured interviews were used to explore

      • I would think that there would still be a selection bias in play in the free-range vs incarcerated study. After all, even if the police haven't caught up to you, the researchers apparently have.

    • Yeah, my thoughts went along these lines:

      Smart, sophisticated people don't need to steal to start with

      Smart sophisticated people who DO steal aren't likely to be caught

      The sample comes from a prison population, thereby demonstrating that they are NOT smart & sophisticated

      If any of our sample population really IS smart and sophisticated, he was caught due to complacency and/or laziness, and he's not going to share hes best secrets with the unwashed masses unless it buys him an early release

      Most definitel

      • If any of our sample population really IS smart and sophisticated, he was caught due to complacency and/or laziness...

        Bad luck happens, you know...

    • I don't know about identity thieves, per se, but the STUPID bitch that stole a tenant's check out of our mailbox took it to her bank and cashed it on her own account. She's doing time, the twit that cashed it probably still works there.

    • And they usually get hired by the company they swindled for more than they could ever steal.
  • Checkbooks (Score:4, Interesting)

    by causality ( 777677 ) on Saturday October 03, 2009 @12:34PM (#29628269)
    I remember several times I have listened to the radio talk show host Clark Howard [clarkhoward.com] and heard him say that most ID theft that goes on is a case of someone's paper checkbook being stolen. The implication was that it's a bad idea to carry one around unless you really need to and that a good place to store it at home would be in a safe or other secure location so burglars could not easily obtain it. That would be consistent with what this article is claiming, that mostly it's a low-tech crime involving a compromise of physical security, not digital.
    • Re:Checkbooks (Score:4, Insightful)

      by alen ( 225700 ) on Saturday October 03, 2009 @12:40PM (#29628311)

      i still can't believe how many people write checks because they think it's safer than computers. that one piece of paper gives a thief your name, sometimes your address, bank account # and the ABA routing #. if it's someone working in a mail room they can just copy the address from the envelope if you don't have it on the check. Then they can buy the rest of the info for cheap from some company and they have your entire profile. if you own property then all your info is available via your county courthouse and some company that organizes all this info.

      • Re:Checkbooks (Score:4, Insightful)

        by alen ( 225700 ) on Saturday October 03, 2009 @12:41PM (#29628319)

        and if you're one of the idiots writing a check to pay for a retail purchase because you think credit cards are evil then the store probably puts all kinds of other info on the check like driver's license # to track you down in case it bounces

        • Re:Checkbooks (Score:5, Interesting)

          by LackThereof ( 916566 ) on Saturday October 03, 2009 @04:04PM (#29630129)

          Having worked in retail and foodservice industry, I hate checks. I'm flabbergasted that any retail outlets still take them.

          The rate of fraudulent checks accepted at retail is astronomical; in foodservice it's even worse. The last check-accepting restaurant I worked at that had nearly a 50% rate of fraud on them; mostly from checks being written against closed accounts. The vast majority of these bad checks we never saw a cent from.

          The corporate office required that we accept checks as a form of payment; they were located in some rural ghost town, where debit card use still hasn't caught on, and set national policy based on that. In a modern urban area, Visa/MC logo'd debit cards have all but replaced paper checks, and the only people who still use them are the fraudsters.

          Checks are terrible, for both those using them and those accepting them.

      • by sjames ( 1099 )

        Even sadder is that the banks are fully responsable for setting the whole scheme up and refuse to take responsibility for the hell it creates for identity theft victims.

        Then because apparently that's not insecure enough, they accept "check by phone" and refuse to flag your account as not allowing them.

        Then they bend over backwards with all sorts of "security features" that supposedly prevent check fraud as if they won't cash a check that's hand written on a sheet of paper (they will).

  • by alen ( 225700 ) on Saturday October 03, 2009 @12:35PM (#29628275)

    i have a store credit card that my wife uses once every few months to buy something. usually baby clothes. a lot of times the card is in the drawer and she would just go the store and tell them my name and they would find the card in the system and ring up the sale. now she says they want to know identifying information like driver's license expiration date, SSN, birthday, etc. she asked about this and they said that they were losing too much money to ID theft.

    back in 2006 and 2007 no one cared since business was good. when a recession hits you start to look at every penny you can save

    • Yeah, 'cause we all know how smart it is to give strangers who're selling you stuff your SSN. FAIL.

      If this is how retailers are "smartening up" to ID theft, I'll take my business elsewhere, thanks.

    • by colfer ( 619105 )
      What about idiot banks that send letters to warn you when you change your address. Fine, but the letters list no account number and say to call an 800 number if you have any questions. That is just training people to give away account numbers & pass-answers to anyone who contacts them. Especially since we had not changed an address.
  • Capable...? (Score:5, Informative)

    by esocid ( 946821 ) on Saturday October 03, 2009 @12:35PM (#29628277) Journal

    No particular group has a monopoly on the skills needed to be a capable identity thief.

    Being a successful identity thief, however, is a different story, I believe. Measuring that success by remaining uncaught. It's ridiculous how much of the information necessary to "steal" someone's identity is easily available, without needing to dig very deep. The hardest part would be SS#, but even then it's not that hard to get, considering how often someone asks for mine, and refuses to take anything else.Having lost my entire wallet once, I called the 3 credit monitoring groups and put a fraud watch on it, or whatever it is they called it, and I really think it should be standard. It requires that they contact you personally to verify any new openings of credit cards.

    • Re: (Score:2, Informative)

      The hardest part would be SS#

      Actually, SSNs are assigned sequentially. If you have enough of them (even 10% of the dataset would be enormously useful) and a DOB, you can get pretty close. Plus you can eliminate certain combinations: any field with all zeros, for example, is not used. A useful thing to know if you need to give your SSN out to someone other than an employer, bank, or the IRS -- most systems accept the input (no sanity checks, oops), and you can be sure you're not interfering with somebody else's credit doing so.

      • Re: (Score:3, Insightful)

        by zippthorne ( 748122 )

        Why should your bank have a right to your SSN? Only your employer and the SSA have an actual need for the number, to remit the required payments.

        • Why should your bank have a right to your SSN? Only your employer and the SSA have an actual need for the number, to remit the required payments

          To report the interest income you have earned ostensibly. But also to reduce money laundering and white collar crime, all transactions above some limit, 5K I think (Imagine, if only Elliot Spitzer was hooked on hookers costing less than 5K per charge he might not have been caught). Before you fly off the handle about the unnecessary government intrusion, this wa

    • The hardest part would be SS#, but even then it's not that hard to get, considering how often someone asks for mine, and refuses to take anything else.

      How would he know if you gave him a fake social security number? If they really need yours, you'll find out fairly quickly when they tell you the number you gave didn't check out.

    • Re: (Score:3, Interesting)

      by Rick17JJ ( 744063 )
      About a year ago, I purchasing a used .357 Magnum revolver at a gun store here in Arizona. The clerk verbally asked me for information such as my Social Security number. Then, the clerk noticed someone behind me, who had a pen and piece of paper, who was starting to write something down. He sternly interrupted the person, and asked what he wanted. He said that he wanted to know if the gun store owners wanted to donate to some charity.

      After kicking the guy out, he then called in my information over the phon
  • by girlintraining ( 1395911 ) on Saturday October 03, 2009 @12:40PM (#29628315)

    Despite public perceptions of identity theft being a high-tech, computer driven crime, it is rather mundane and requires few technical skills. Identity thieves do not need to know how to hack into large, secure databases. They can simply dig through garbage or pay insiders for information. No particular group has a monopoly on the skills needed to be a capable identity thief.

    No, but that's like saying theft is a mundane crime that requires few technical skills. You'd be right -- the majority of those caught are unsophisticated and generally of low intelligence. The only other common traits is that they're generally desperate and were presented with an opportunity. But if they are organized and sophisticated, like say the mafia, or botnet authors -- those very few people who have refined their skills and moved beyond immediate opportunity and are refining their methodology are capable of far, far, more. And the police are ill-equipped to deal with this sophistication because most people who reach that level of competency have researched police investigation methods -- by trolling the same public records this report did and figured out what the common pitfalls are.

    Professional criminals may make up a minority per capita, but their "take" is orders of magnitude higher, and risk exposure orders of magnitude lower.

    • by Geminii ( 954348 )
      by trolling the same public records this report did and figured out what the common pitfalls are.

      Or just having enough money to either hire people to be friendly and inquisitive around off-duty law enforcement staff, hire people to _be_ law enforcement staff as their day job, or bribe existing LEOs. Or all three. Plus have people pose as authors or TV program researchers who want 'accuracy' in their stories. Or just hire someone with a secretarial background to be part of an "internal investigative team"

  • I was a victim (Score:1, Informative)

    by Anonymous Coward
    I was a victim of fraud and identity theft about 10 years ago. The "thief" simply stole my outgoing mail which contained a check. One of the other pieces in the envelope also had my social security number (I think it was an insurance payment IIRC).

    The first thing that happened is that the thief simply wrote over the name and dollar amounts on the check with a red felt tip pen, walked INTO a bank and turned it into cash. Apparently at not point did this set off any flags with the teller. That was pretty ea
    • by b0bby ( 201198 )

      I had people opening lines of credit etc in my name a few years ago. One of the applications I got to see had so much information that I was baffled where they had managed to get it. Later one of the investigators told my it was from a university I had taken some classes at. This place was still using your SSN as a student id number, and apparently an employee was passing on information to a ring. It's a real pain to clear up. Since then I've had two data breach notices when companies have lost my informati

  • 'Social Engineering' found to be more effective than 'hacking' computer systems.
  • Good news! Very informative
  • by Awptimus Prime ( 695459 ) on Saturday October 03, 2009 @01:16PM (#29628591)

    I know this is probably something most people have looked down upon, but my friends and I used to dumpster dive at hardware distributors in my area just about every weekend. I got things like tower cases, empty raid chassis, piles of working hard drives, decent office supplies, etc. If not ordained, you'd be amazed at how 'clean' most computer company's dumpsters are. No food waste, diapers, or other grizzly things. Just cardboard boxes, all the anti-static bags you could ever want and the occasional soda can.

    We all grew older, made more money and cut out the practice, but I was wondering if any of you currently do this? We would often run into police officers since they are curious about people in a business complex at 12am, but were often friendly and left us to our task. Is this still how it goes? I'd imagine with identity theft, coppers may be a little more agressive with people digging through the garbage.

    • by Opyros ( 1153335 )

      If not ordained, you'd be amazed at how 'clean' most computer company's dumpsters are.

      But if you're a minister, you'll be completely unsurprised?

    • Dumpster diving
      I used to do some of it, and I'm not ashamed at all either.
      Salvaging trash always seemed like an honest wholesome way to make a few bucks. (I emphasize that last part because it's by no means a license to print money, generally)
      I've moved on from it (bigger and better things I suppose you could say; the negative social opinion that some people have is less of an issue to me than the financials)

      • Why would anyone be ashamed of dumpster diving? It should be formally organised as a way of re-using (instead of just recycling or trashing) equipment and materials. The planet has enough toxic waste dumps already.

        • Exactly.
          I'm enlightened about it, so are you, and Awptimus Prime & others, but there are a lot of people who aren't, and as a practical matter, ya still have to deal with that.

          I must say, a lot of the people that saw me out on my rounds were quite friendly about things.

          To kind of reiterate what I said above, I ratcheted back my level of activity in that area not out of shame, but rather, for financial reasons compared to other things I could be doing. In other words, in that regard I treated it like any

  • If I was part of an international organized crime group would I give up my connections/family safety, personal safety, etc... just for the sake of an interview?

    Don't think so...

  • ...sends chills down my spine, since I'm in escrow right now and am dealing with mortgage brokers. If you've never gone through the process before, it's completely crazy, particularly for someone like me who works for different employers and does about 20% of his income from contracts (I'm a technician in the film industry). You dig up every paystub you have for the past two years, every bank statement showing the deposits of those paystubs, your tax returns, credit card numbers, SSN, and drivers license,
  • "Burglar" is now considered an occupation! Where the hell was that at my school's job fair?
  • No particular group has a monopoly on the skills needed to be a capable identity thief.'"

    "No particular group has a monopoly on the skills needed to be a capable identity thief who gets got and has left enough trail to be sent to jail."

    There! corrected it for you.

  • They talked to the people who got caught. If you are sophisticated, you aren't going to get caught. Bogus study in my opinion.

  • The easiest way I see is Craigslist. Seeing as a mass majority of the job postings on Craigslist are anonymous posters asking for resumes in return for high(these days, average) paying jobs that rarely respond. I'm sure they get tons of resumes to steal ID's that way. I have a resume with all private data asterisked out, it's gone out dozens of times for contract work I am qualified for(over- sometimes). No email responses to initial sending and half a dozen "position filled" from follow-ups. There have bee

  • by erroneus ( 253617 ) on Saturday October 03, 2009 @03:06PM (#29629581) Homepage

    This entire identity database system, usually based on one or two numeric identifiers, makes tracking people easier. It means larger and larger businesses can exist with larger and larger customers paying them larger and larger amounts of money with a great deal less overhead. The problem is that these relatively simple information "keys" are was is being exploited by identity fraudsters.

    I refuse to call it identity theft -- the identity isn't being stolen and the name seeks to imply that the victim is the person whose numeric identifiers are being used to commit fraud against commercial activities. The commercial activities aim to place the burden of the problem onto individuals whose identities are being spoofed instead of accepting the blame for trusting fraudsters too easily. The requirements for proof of identity are too low and it is by no means the fault of the people who have these systems forced upon them. It is the fault of the lenders and other business and government entities who have all adopted this ridiculously simple and vulnerable form of identity verification.

    There was a time when a person had to actually SIGN a document or contract to be held liable for a debt or obligation. These days, the requirements are much more trivial and the requirement of evidence is a great deal lower. Now the burden of proof is largely on the people who are literally innocent of any wrong doing while the burden of proof from the victims or plaintiffs (the commercial activities) is really quite low.

    The system is VERY weak and VERY exploitable and the people who are most interested in keeping the system going (government and commercial activities) prefer to shift the blame and burden of damages on to innocent parties rather than themselves. "I'm sorry sir, someone has pretended to be you and now your assets are frozen until we can sort this mess out." How is that right, fair or reasonable? The "system" is forced upon us all and so we have little choice or ability to "protect" ourselves. All of the data that is misappropriated usually comes from government and business databases and no so much from the person's own negligence (though I recognize that some is) but the fact is that people cannot "protect" their information when they have to share it with so many strangers so often... strangers who have little if any obligation to safeguard the information and when they do have an obligation to safeguard, often fail with no punishment at all.

    In short, the government issues you a number whether or not you use it and it is somehow YOUR problem if someone else were to learn that number and use it to steal from someone else.

    Now I know why bank robbers on TV have been known to use Richard Nixon masks when robbing banks! They are not held accountable while Nixon is blamed for the crime.

    • I refuse to call it identity theft -- the identity isn't being stolen and the name seeks to imply that the victim is the person whose numeric identifiers are being used to commit fraud against commercial activities.

      Try using your identity after someone else has 3 credit cards and an apartment rental tied to it. Good luck explaining that the cards in collections "aren't yours"

      • by erroneus ( 253617 ) on Saturday October 03, 2009 @03:28PM (#29629793) Homepage

        This is the effect of the system blaming the person whose identity was spoofed rather than blaming themselves or the system in general.

        It is a very bad system and punishes the innocent more than it punishes the guilty. The response you describe is exactly why and how this system fails. This system only benefits large government and large business. Why? Because they don't actually have to KNOW their customers to confirm their identities. They only have to know some numbers. Not only does this system serve to strip away human identity, it punishes completely innocent people quite often.

        The system either needs to be fixed or done away with. The harm outweighs the benefits.

      • Reputation theft, rather than identity theft, would be a better term.
    • Re: (Score:3, Informative)

      by colfer ( 619105 )
      The Kansas Supreme Court has ruled that electronically recorded mortgage records do not suffice for foreclosures sometimes. There are 60 million real deeds in the U.S. that list "MERS" (Mortgage Electronic Registration Systems) as a creditor instead the name of a bank, etc. An army of lawyers should be on this issue as it pops up around the country, or federally.

      http://www.lasvegassun.com/news/2009/oct/03/ruling-rattles-mortgage-industry/ [lasvegassun.com]
      http://www.nytimes.com/2009/09/27/business/27gret.html [nytimes.com]

      • For this comment, we need a "suddenoutbreakofcommonsense" tag. :)

        That is really good news. The financial industry is being held accountable for keeping complete and accurate records and data for a change. Someone has challenged the system of the almighty and presumably infallible electronic database god that the system prays to.

    • by rwa2 ( 4391 ) *
      Hear hear... I want to be able to opt-in to a system somewhere that prevents anyone from opening a credit card account in my name unless the application is digitally signed by me or something like that. There should be no reason I have to hide my SSN and birthday and Mother's maiden name... in fact they're all pretty much a matter of public record already anyway. There must be some agency, tied to the credit reporting agencies, that offers something like that.

      Credit cards companies and even banks are al

  • by gilgongo ( 57446 ) on Saturday October 03, 2009 @03:30PM (#29629813) Homepage Journal

    Anyone who thinks ID theft and the mechanisms used to achieve it are unsophisticated, badly needs to read this [webtorque.org] (700K PDF). Badly.

  • Anyone else remember when it was called "Fraud"?
  • They didn't just talk to people who got caught.

    They talked to people who spend their days doing very little if anything interesting, and gave them the opportunity to spend a good deal of time being paid attention to, and also by having been seen as cooperative may get good marks in their record leading to reduced sentences. These people have already proven themselves willing to be dishonest, yet these "researchers" put these liars in the position of lying and present their answers as truth. For people with

  • This finding underscores the fact that the organizations that don't really verify identity should bear the pain of their mistakes, not the poor slobs whose name was used by the thieves.

    If there was support in the legal system that made the burden of proof be on Big Bucks Bank that Joe Schmoe got a credit card, maxed it out, then refused to pay the bill, I bet a lot of so-called "Identity Theft" would disappear quickly. Its a lot less sexy to say that Big Bucks Bank made a poor credit decision than to say

  • Many have already commented about the obvious flaw in the study - they only interviewed thieves who were caught!! In order to really draw meaningful conclusions about identity theft they need to interview thieves who did not get caught. Of course that increases the difficulty dramatically. It reminds me of a story I heard years ago from my friend Joe. One night he was walking down a narrow street that had only one street light. Under it was a drunk who seemed to be looking for something. My friend Joe went

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Working...