The dark art of identity fraud is on the rise – and almost all cases are now carried out online. Here’s how to protect yourself.
Identity fraud is big business. In 2019, Cifas, the UK fraud prevention service, recorded 223,163 cases on its National Fraud Database – a staggering increase of 18% on the previous year and the sharpest rise in the last five years.
But while banks, credit reference agencies, government and the police are all united in the fight against fraud, the onus is on us as individuals to keep ourselves safe. So where do you start?
ID theft vs ID fraud
A good place is to acknowledge the link between ID theft and ID fraud. For ID fraud to take place, fraudsters first need to steal your personal information – ID theft.
Thieves are interested in all identification documents such as passports, driving licences, credit card and bank account numbers, tax information, credit reports, and passwords. ID theft can happen whether you are alive or dead.
When a criminal then uses this data to impersonate you to obtain goods or services, it’s ID fraud. In the majority of cases (42% in 2019, according to Cifas), ID fraud relates to personal debit or credit cards, followed by bank accounts at 22%. Almost all cases now take place online.
But ID fraud can take a more sinister form than a stranger using your payment cards. With the right details, criminals can open new bank accounts or credit agreements – such as mobile phone contracts – in your name, sign up to state benefits or pay for memberships.
They can even obtain genuine identifying documents including passports.
Methods of ID theft
So, what tactics do fraudsters employ to obtain your valuable data? One of the most common, according to Cifas, is to send an email or text purporting to be from a trusted bank or service provider and tricking the recipient into disclosing their personal details.
It’s a practice widely known as phishing – the anglers in this case using digital rods and nets to trap their prey. If you check now, you may well find an example of a phishing email that’s been deflected into your email’s junk or spam folder. You may indeed find dozens.
Unfortunately, Covid-19 has played straight into the hands of digital phishers ready to exploit people’s widespread fears and vulnerability around their finances during the pandemic.
Some examples shared by national fraud reporting centre Action Fraud, include criminals sending emails from .gov addresses offering grants of up to £7,500. The emails contain links which – when clicked – can extract sensitive information from the user’s computer or device.
Other scammers have used email to offer access to ‘Covid-19 relief funds’, asking recipients to return an online form containing their personal information.
Some have even posed as representatives from the NHS Test and Trace service to exhort personal details from their victims.
But while phishing may be the ‘fraud du jour’, there are other ways criminals can get their hands on your personal information.
These include cloning your debit or credit card using a ‘skimming’ device that’s planted inside an ATM or handheld card machine, or hacking into websites where you’ve previously shared payment information, log-in credentials or passwords.
More traditional methods include simply rooting through your rubbish for hard copy data-rich documents or pickpocketing for cards, driving licences and – with any luck – passports.
Frankenfraud: piecing together another you
But what information does an ID thief need to carry out their crime?
According to the Information Commissioner’s Office (ICO) – the UK’s independent authority that protects consumer data – not very much. It says that just your name, address and date of birth can provide enough information to begin to create another version of ‘you’.
And the digital world we live in makes gathering information on top of this easier than ever. Social media alone makes it possible to compile a pretty good profile of someone in terms of their political persuasions, family life, friends, hobbies – even tastes in home décor.
LinkedIn carries details of present and past employment (and, in turn approximate salary), while property websites often list details of when a particular property address was purchased and how much for.
Finding out you’ve been scammed
Discovering you’ve fallen victim to ID fraud is an unpleasant business. If you’re lucky, you might receive a call from your bank to discuss an unusual transaction – made abroad for example, when the rest are all within the UK – so you can take preventative action, such as cancelling a card.
But making the discovery at a later stage can have much further-reaching implications. You may find you are turned down for a mortgage for example, despite having a good credit score, or you may start to receive letters from solicitors or debt collectors for debts that you didn’t accrue.
Little surprise then, that the personal impact of ID theft runs deep. Victims can feel violated and anxious and suffer mental and even physical health problems.
And it’s more vulnerable older people who are most likely to be targeted by ID fraudsters. Victims aged over 61 recorded the sharpest rise of cases in 2019, according to Cifas – up 22% on the previous year.
Nick Downing, chief intelligence officer at Cifas, said: “Having your identity stolen can be devastating and victims often suffer financial loss, damage to their credit rating and emotional distress.
“In many cases, people never find out how criminals got hold of their details, and clearing things up afterwards can be costly and time-consuming.”
When it comes to ID fraud then, prevention is infinitely better than cure.
Fighting back against fraud
The good news is that, when it comes to fighting fraud, banks are firmly on the same side as consumers.
Financial institutions spend millions of pounds every year in a bid to stay one step ahead of fraudsters and, having prevented £1.6bn worth of fraud in 2018 alone, the investment is paying off.
They are keen to reassure the public of the fact, too.
First Direct tells its customers: “To better defend you and the wider financial system from financial crime, we are making significant investments in technologies, processes and in our people. We want to ensure that you feel secure and educated against one of the fastest growing types of crime in the UK.”
Co-operative Financial Services says it “strives to educate customers and colleagues to help them spot the warning signs of fraud and identify the types of scams that they may be targeted with,” – while Barclays promises to, “deliver a world-class fraud capabilities” to prevent the crime.
You can read more banks’ statements at the Financial Conduct Authority’s fraud controls comparison page.
Protecting yourself against ID fraud
If the war on fraud is to be won, consumers will also need to take their share of responsibility.
Here are some simple steps you can take to protect yourself:
- Keep information confidential Never share personal or financial details on email, texts or over the phone
- Put the brakes on social media Don’t overshare on Facebook, Twitter or Instagram – and set your account to private
- Mix up passwords Use different unique passwords for your email account, banking and other log-ins – and make sure they are not easy to guess
- Check your spending Review your bank account and credit card transactions regularly for any anomalies
- Set a code lock on your phone The more layers of security that lie between you and someone who has stolen it, the better
- Use PayPal It means you won’t need to enter your card details or CCV number every time you make a purchase online
- Check your credit report Monitor your credit report regularly – a statutory version is now free to access
- Make sure websites are legitimate Look for a padlock symbol in the web address bar and check the URL starts with ‘https’ rather than ‘http’ (the ‘s’ standing for ‘secure’)
- Use only secured wi-fi networks Do not connect to your banking app on a public or unsecured wi-fi network
- Redirect your post when moving This will ensure hard copy statements and personal details don’t fall into the wrong hands
- Know your data rights Brush up on your rights around consumer data, such as getting it deleted, at the ICO website.
What to do if you’ve been scammed
If, despite your efforts, you fall victim to ID fraud, then as the Cifas figures demonstrate, you will be far from alone. So, what do you do about it?
If the fraud takes the form of an unauthorised payment from your current account, contact your bank immediately. Under FCA rules, it must refund you – alongside any charges or loss of interest – no later than one business day after it became aware of the issue.
You will be asked some questions however, and the bank can refuse your claim if it believes you were ‘grossly negligent’ – for example, you shared your password or PIN in a way that allowed the transaction. In most cases however, the refund should be seamless.
If the fraudulent transaction was on your credit card, you are protected under the Consumer Credit Act, which means your credit card issuer is jointly liable for the debt anyway.
If you have documents stolen, such as passport or driving licence, you should report the theft to the organisation that issued them as well as to the police – and get a crime reference number.
You can also report scams, fraud and cyber-crime to Action Fraud, a service run by the City of London Police and the National Fraud Intelligence Bureau.
The digital age has vastly improved both opportunity and anonymity for scammers, and coronavirus has given then even greater scope – meaning the rest of us must be on our guard now more than ever.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.