How to protect your identity ... offline
on 27 Aug, 2019
When most people think of identity theft, they probably think of criminals defrauding victims using digital tactics such as MITM (man in the middle) attacks or phishing scams. They see the online world as a place where everything needs encryption or password protection, and the real world as somewhere safer. Unfortunately, this simply isn’t true. And in recent years, almost 1 in 5 cases of identity fraud actually happened offline.
Protecting your identity when you’re out and about isn’t as technical as protecting your identity electronically. However, failing to take both seriously can be just as harmful. This article will cover some of the most common offline scams you’re likely to encounter in your everyday life, and what to do if you think you’re being targeted by one.
First, though, let’s put to bed the rumours regarding digital pickpocketing.
Your wallet or purse is a prime target for identity thieves. Inside is a bevy of information that criminals can use to pose as you, and in the past few years consumers have become increasingly worried about fraudsters getting hold of their cards or bank details using contactless technology.
This is called ‘skimming’ and exploits RFID, or radio frequency identification – the technology our contactless cards use to communicate with card readers in store. There are lots of articles online about this crime. In fact, today you find dozens of demonstration videos where security experts show you how criminals get away with it.
In reality, UK finance haven’t been able to find a single confirmed incident of someone taking money from someone’s contactless card just by bumping into them on the street. The chances that someone could clone your card using a card reader is equally as unlikely, as the data transmitted by your contactless cards is encrypted and doesn’t include your name, billing address or, most crucially, the three-digit security code on the back of your card.
The only danger contactless payments pose to consumers is when someone steals or finds your credit card and then goes on to make fraudulent contactless payments using it. Fortunately, UK customers are protected under the Consumer Credit Act and can claim their money back.
Voice phishing, or vishing as it’s sometimes known, is a type of telephonic fraud where criminals attempt to gain access to sensitive information by posing as representatives of a reputable organisation like a bank or building society.
The fraudsters use sly ID-spoofing techniques that take advantage of VoIP or PRI providers’ pre-call configuration settings to make it look like they’re calling from a legitimate number, often one associated with a bank. The caller will then use social engineering tactics to manipulate the victim and persuade them to reveal financial information so they can steal their money, identity or both.
To detect a vishing scammer, ask yourself these three questions:
1. Did they offer a generic greeting? Vishing scammers rarely know your name from the offset.
2. Is there a sense of urgency? These scammers will try to put you under pressure in the hopes that it will encourage you to divulge sensitive information.
3. Does the caller refer to information that’s publicly available? If the caller does know your name, they may be trying to convince you of their legitimacy using information they’ve found online. So consider what you post on social media.
To protect yourself against vishing scams, it’s vital to remember that caller-ID is not an adequate form of identification and that your bank will never ask you to provide your account details or pin number over the phone. If a caller does ask you to provide information you feel uncomfortable with sharing, simply hang up, wait a few minutes and then call the number on the back of your card or bank statement to verify the veracity of the call.
Your post is a veritable treasure trove for fraudsters. Every piece of mail contains information that criminals can use to pose as you and make financial transactions in your name, such as opening a bank account or taking out a loan. This sort of fraud can be particularly harmful as it can take weeks for the bills to arrive. By which time, the impostors have already made off with the money and left you in serious debt.
To prevent identity thieves from piecing together your details using your discarded mail, never throw away entire bills, bank statements or receipts. Instead, use a shredder or ID-protection stamp to scramble your post before putting it in the bin. If you live in a shared house or flat where other residents have access to your mail, you may also wish to think about fitting a private post box in the communal area.
Before moving to a new house, it’s important to take precautions to secure your mail. Tell your bank, card issuer and any other important organisations that you’re changing address, and get in touch with the Royal Mail to arrange a redirection. This will ensure your personal mail is delivered to your new address and prevent any of your post from falling into the wrong hands.
Over one quarter of UK consumers have been affected by identity theft, according to research conducted this year, so it’s important to make sure you’re protected. If you think you’re a victim of identity theft, you should inform your bank or building society of any unusual activity; report any missing documents to the organisations that issued them; make a statement to the police; and apply for protective registration with CIFAS, the UK’s fraud prevention service.
James Murray is a professional copywriter and researcher. He has written for a number of well-known brands in the past few years, and his professional work covers topics from cyber security and consumer technology to digital marketing and the science of sleep.