Identity theft
Identity theft is a serious crime involving the unauthorized use of another person's personal and financial information for fraudulent purposes. Commonly sought data includes social security numbers, financial account details, and identification documents. This crime has seen a significant rise due to advances in technology, particularly through the internet, making it easier for criminals to access personal information. Various techniques are employed by identity thieves, including phishing, dumpster diving, and skimming, each targeting individuals in different ways to harvest sensitive data.
Identity theft can take several forms, such as true name identity theft, account takeovers, and criminal identity theft. Victims often remain unaware of the crime for months, complicating recovery efforts. The federal government has established laws and frameworks to combat identity theft, highlighting its growing prevalence; for instance, the Federal Trade Commission reported millions of complaints in recent years. Law enforcement agencies collaborate at multiple levels to investigate and prosecute offenders, with increasing penalties introduced for those found guilty. Overall, identity theft remains a significant challenge, requiring ongoing vigilance and coordinated responses to protect individuals' identities.
Identity theft
SIGNIFICANCE: Criminal identity theft occurs when individuals, without permission, transfer, take, or use for their own benefit the personal and financial information of others. The types of information sought by identity thieves include social security numbers, driver’s license information, passport and citizenship paperwork, financial account numbers and passwords, insurance records, tax returns, and credit card numbers and account information.
Every year, millions of people around the world lose access to personal accounts and lose assets when they have their identities stolen in what the federal government has called one of the nation’s-fastest growing crimes.
Types of Identity Theft
Five main categories of identity theft have been reported in the United States since the early 1990s. These categories serve as benchmarks for the numerous subvarieties of identity theft. They fall under the broad headings of true name, or cloning, identity theft; account takeovers; criminal identity theft; Internet and telecommunications fraud; and professional identity theft.
True name, or cloning, identity theft occurs when offenders use other people’s personal information to open new accounts in the victims’ own names. The information sought by this type of identity thief usually focuses on social security numbers, which are used to establish lines of credit in the potential victims’ names. Once thieves gain access to their victims’ social security numbers, they literally begin to take over their victims’ full identities.
Account takeover occurs when criminals gain access to other persons’ existing accounts and use them to make fraudulent transactions. This type of identity theft is most often used to purchase merchandise, to lease cars and dwellings, and to manipulate and bleed savings accounts, retirement portfolios, and other assets.
Criminal identity theft occurs when criminals give to law-enforcement officials the identifying data of other persons in place of their own and when the impostors present counterfeit documents containing other persons’ personal data. Such impostors often fraudulently obtain driver’s licenses and social security cards in their victims’ names and provide these false identification documents to law enforcement. When impostors lack the appropriate visual identification cards, they give law enforcement the names of friends or relatives.
Internet and telecommunications identity theft may be the fastest-growing type of identity theft in the world. Internet and telecommunications technologies allow offenders more quickly and efficiently to open new accounts, strike online merchant sites, sell and share information electronically with other criminals, and then simply disappear into the dark confines of cyberspace. Telemarketing schemes, electronic mail and regular mail offers, site cloning, using chatrooms from public lists, and various forms of fraudulent sweepstakes and prize giveaways have been some of the most common techniques used to carry out this type of identity theft. Additionally, with the rise of online banking, which can now be conducted on both personal computers and cell phones, criminals have even more chances to use the Internet to find and hack into people's banking information. The prevalence of social media sites such as Facebook, which invite users to include personal information such as names, physical and e-mail addresses, and telephone numbers has also increased the ability for criminals to steal people's identities through the Internet. While most of these sites have amped up security and privacy settings over the years, many could still remain vulnerable to experienced hackers.
Professional identity theft usually consists of concerted efforts of two or more professional thieves who work together to amass as much money and merchandise as possible by stealing and using others’ identities before being detected. These criminals sometimes pose as representatives of charitable organizations; volunteers in community-affiliated groups; members of social associations; and representatives of known professional organizations, such as state police or local fire department unions. In all cases, their sole purpose is to gain their potential victims’ personal and financial information. In some extreme cases, these criminals create false merchant sites to elicit personal information or employ hacking and cracking methods to infiltrate directly the valid organizations they claim to represent in order to gather personal information about the organizations’ donors.
Identity Theft Techniques
Several common techniques are used to conduct identity theft. Some criminals conduct what is known as “dumpster diving” expeditions, in which they literally rummage through business and residential trash cans and dumpsters to search for copies of checks, credit card and bank statements, credit card solicitations, or other records that contain personal information. After the thieves harvest such information, it becomes possible for them to assume the identities of other persons and take control of the latters’ active accounts or even establish new accounts in their victims’ names.
A second technique used by identity thieves has been dubbed “shoulder surfing.” In this technique, offenders literally look over the shoulders of their potential victims as the latter enter personal information into telephones, computers, and automatic teller machines (ATMs). They may also wait for potential victims to leave credit card receipts on restaurant tables or in trash receptacles near automatic teller machines, banks, and residences. After the offenders get hold of codes, passwords, and account information, they begin the process of victimization.
Identity thieves who use “under the color of authority” and “skimming” fraudulently obtain credit reports by using their employers’ authorized access to credit report companies without authorization and by posing as landlords, employers, and other persons who may have legitimate rights to see people’s personal information. Skimming occurs when thieves steal credit and debit card account numbers when the cards are processed at restaurants, retail stores, and other business locations. Thieves employing this technique use a special data-collecting device known as a “skimmer.”
Another technique used by identity theft criminals is called “phishing” —a technique used on the Internet that plays on the word “fishing.” Phishing identity thieves send out large volumes of unsolicited electronic mail messages that appear to be from legitimate companies requesting personal account information. Criminals then use the data they harvest to their own advantage by robbing the unsuspecting victims’ accounts. As technology has advanced, some criminals have discovered ways to send e-mails that will install a virus simply upon the opening of the message rather than just by clicking on a link or attachment. Beginning in 2012, another form of phishing became more prevalent: SMS phishing, or "smishing." In these instances, criminals send bad links and fake telephone numbers prompting victims to provide personal information through text messages on cell phones; these scams are not as easy to recognize as on a computer.
Vishing refers to frausters making phone calls to target victims. They might offer victims a prize or make threats such as not receiving a tax return to get them to release personal information. In 2021, nearly sixty million Americans were victims of vishing, losing $29.8 million, according to Keepnet Labs.
Pharming, yet another Internet technique employed by identity thieves, involves hacking into a website (such as merchant sites) and redirecting users to a different, fraudulent website. Under the impression that they are still on the correct and trusted site, victims might unknowingly submit personal and account information directly to an identity thief.
Scammers create fake websites that look like legitimate sites. Some mimic online shopping sites, but shoppers never receive their purchases, and their devices may become infected with malware that stelas their personal information. According to the Federal Trade Commission (FTC) in 2023, fake online shopping sites were the second most common type of fraud, with investment scams being the first.
History
Identity theft is not a new crime phenomenon. Criminals have been committing similar offenses for centuries. Classic examples are petty thieves who steal wallets and purses and use the credit cards in them to go on shopping sprees. Until recent years, such crimes were categorized simply as fraud and petty theft. However, with vast advances in computing and telecommunication technologies of the late 1990s, a new wave of identity thieves emerged who were skilled at concealing both their true identities and their illicit behavior.
Fraudulent transactions on the Internet are the most common form of identity theft crimes. Before the rise of the Internet, identity theft criminals had to appear in person at banks and lending institutions to apply for accounts and faced a high risk of being caught. However, with the instant credit accounts now available on the Internet, the likelihood of identity theft criminals being caught has been significantly reduced, while the potential rewards for thievery have increased greatly.
It was not until 1998 that the federal government finally acknowledged the threat posed by identity theft and enacted legislation against it. The first federal law of its kind, the Identity Theft and Assumption Deterrence Act of 1998 served as a model for the individual states to follow in drafting their identity theft legislation.
Prevalence
The full damage done by identity theft is difficult to measure since identity theft is often the means by which criminals commit other crimes. Moreover, victims may not even know they have been victimized for more than a full year after the fact. It has been estimated that average identity theft victims do not know they have been victimized until fourteen to sixteen months after the crimes occur. Because of their consequent embarrassment or shame, they often do not file criminal complaints.
In fiscal year 2023, the Federal Trade Commission (FTC) reported federal government estimated Americans lost about $10 billion to the crime, with the leading scam being investment fraud. The FTC received 2.6 million complaints of fraud in 2023. In 2021, the Justice Department's Bureau of Justice Statistics announced that 23.9 million people age sixteen and older had experienced at least one incident of identity theft that year. USA Today reported that 2023 was a record year for Internet compromises, with 3,205 data compromises, a 78 percent increase from 2022. Among the companies reporting major breaches in 2023 were Microsoft, Samsung, and Walmart. In 2024, Ticketmaster, AT&T, and Roku were among the many major companies reporting breaches.
Investigation
The need for stronger law enforcement against identity theft has been evident in the fact that a small amount out of hundreds of cases result in capture and successful prosecution of offenders by federal authorities. The rate is even smaller for local and state authorities. One of the most pressing issues facing law enforcement is how to investigate and successfully prosecute the often complex identity theft cases. Since the year 2000, all fifty US states have enacted identity theft laws.
Many federal, state, and local law-enforcement agencies and private institutions participate in the identity theft investigation and prosecution. These range from such federal regulatory agencies as the FTC to nonprofit organizations, such as the Identity Theft Resource Center in California, that work closely with law enforcement.
Section 5 of the federal Identity Theft Act makes the FTC a central clearinghouse for identity theft complaints. The law requires the FTC to log and acknowledge complaints, provide victims with relevant information, and refer their complaints to such entities as major national consumer reporting agencies and other state and local law-enforcement agencies.
The US Department of Justice encourages federal prosecutors to make greater use of the resources on identity theft provided by regulatory agencies and nonprofit watchdog groups. The FTC’s Consumer Sentinel database, for example, is an invaluable resource for federal agents and prosecutors; it provides instant access to thousands of complaints filed about possible identity thefts. In addition, the Internet Fraud Complaint Center—a joint project of the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center—provides investigators with information about Internet fraud schemes in which identity theft may figure.
The Department of Justice recognizes that all identity theft victimizations are serious offenses, even when no money is actually taken. Identity theft demands a comprehensive response that involves prosecution for identity theft and other offenses as appropriate laws prescribe. This holistic approach requires legitimate and continual cooperation among federal, state, and local law-enforcement agencies.
On the federal investigative level, violations of the Identity Theft Act are examined by such investigative agencies as the US Secret Service , the FBI, and the US Postal Inspection Service. They are then prosecuted directly by the Department of Justice.
The Department of Justice prosecutes identity theft and fraud cases under a variety of federal statutes, while also assisting various state and local district attorneys in preparing and prosecuting their cases. Federal prosecutors in various states also make use of multiagency task forces that share resources to investigate identity theft and other related white-collar crime. The Secret Service in particular recognizes the exponential growth of the electronic and computer world and developed a plan of action in late 1995 to create nontraditional task forces to assist in combating such crimes as identity theft.
In the past, traditional task forces consisted largely of law-enforcement officers and investigators to the exclusion of other parties that could make considerable contributions. This new type of nontraditional task force evolved into what the Secret Service named the Electronic Crimes Task Force. The first of its kind was established in the state of New York in 1995 and consisted of not only law-enforcement officers and analysts from various different levels, but also prosecutors, private industry professionals, and academics. By establishing new relationships with private sector organizations and numerous university scholars, the task force opened itself up to sources of information and communication lines with limitless potential. Now, task forces in every region of the United States deal with identity theft and related crimes. Although the victimization rate continues to increase, the efforts of both investigators and prosecutors continue to grow stronger and more effective, with hopes of eventually winning the war against identity thieves.
Since 1999, the US Department of Justice has chaired the Identity Theft Subcommittee of the Attorney General’s Council on White-Collar Crime. The subcommittee brings together representatives from federal, state, and local law-enforcement and regulatory agencies on a monthly basis. They share data about identity theft developments and promote interagency cooperation and coordination on identity theft enforcement and prevention efforts.
In 2013, the Internal Revenue Service (IRS) expanded a pilot program designed to aid in law-enforcement efforts to track down and apprehend identity thieves in the growing area of tax fraud. The organization's Law Enforcement Assistance program grew to include all fifty states. The IRS agreed, through this program, to help law-enforcement officials get consent from taxpayers to obtain suspected fraudulent tax returns in the pursuit of an identity thief.
Prosecution and Punishment
Since Congress’s enactment of the Identity Theft Act in 1998, federal prosecutors have made increasing use of the law’s power and have issued sentences to convicted offenders that have ranged as high as fifteen years in prison, along with substantial fines, for offenses that net at least one thousand dollars during any twelve-month period. In July of 2004, President George W. Bush signed the Identity Theft Penalty Enhancement Act, which expanded maximum penalties for identity theft. The new legislation also defined a new offense, “aggravated identity theft,” as a charge that can be added to other criminal charges in crimes that employ stolen identities, such as terrorist acts and various forms of fraud.
In addition, to ensure that persons convicted under the federal identity theft statutes receive appropriately tough sentences, the United States Sentencing Commission , with unwavering support from the Department of Justice, issued new guidelines for identity theft crimes. Even cases in which there is no monetary loss or that involve first-time offenders could result in prison sentences. The guidelines also encouraged harsher penalties for more severe offenses, such as those that seriously affect their victims’ lives.
In 2008, President Bush signed the Identity Theft Enforcement and Restitution Act into law. This bill authorized victims to receive a payment equivalent to the amount of time reasonably spent resolving the complications caused by identity theft crimes, such as dealing with credit bureaus. Additionally, the law allowed federal courts to prosecute identity theft criminals if they live in the same state as their victims, made the damaging of ten or more protected computers used by or for the government or financial institutions within one year a felony, made it easier for prosecutors to bring charges against hackers and cybercriminals, and encouraged the Sentencing Commission to further review its guidelines.
According to the National Conference of State Legislatures, thirty-seven states introduced identity-theft legislation in 2013 alone. As of 2023, at least forty states had introduced bills or resolutions related to cybersecurity. These bills, many of which were enacted, included additions to the definition of identity theft and altering the level of punishment for the crime.
Bibliography
Bureau of Justice Statistics. "16.6 Million People Experienced Identity Theft in 2012." Bureau of Justice Statistics. Bureau of Justice Statistics, 12 Dec. 2013. Web. 22 July 2015.
Federal Trade Commission. "Identity Theft Tops FTC's Consumer Complaint Categories Again in 2014." Federal Trade Commission. Federal Trade Commission, 27 Feb. 2015. Web. 22 July 2015.
General Accounting Office. Identity Theft: Prevalence and Cost Appear to Be Growing. Washington, DC: General Printing Office, 2002. Print.
Hage, Brian S., et al. Identity Theft in the United States. Morgantown: Natl. White Collar Crime Center, 2001. Print.
Hammond, Robert J., Jr. Identity Theft: How to Protect Your Most Valuable Asset. Franklin Lakes: Career, 2003. Print.
Hayward, Claudia L., ed. Identity Theft. Hauppauge: Novinka, 2004. Print.
Internal Revenue Service. "IRS Expands Law Enforcement Assistance Program on Identity Theft to 50 States; Victim Assistance and Criminal Investigations Grow." IRS. IRS, 28 Mar. 2013. Web. 21 July 2015.
Jasper, Margaret C. Identity Theft and How to Protect Yourself. Dobbs Ferry: Oceana, 2002. Print.
Krebs, Brian. "New Federal Law Targets ID Theft, Cybercrime." Washington Post. Washington Post, 1 Oct. 2008. Web. 22 July 2015.
National Conference of State Legislatures. "Cybersecurity Legislation 2017." National Conference of State Legislatures, 29 Dec. 2017, www.ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2017.aspx. Accessed 5 July 2024.
National Conference of State Legislatures. "Identity Theft State Legislation 2013." National Conference of State Legislatures. Natl. Conference of State Legislatures, 19 Feb. 2014. Web. 22 July 2015.
Sullivan, Bob. Your Evil Twin: Behind the Identity Theft Epidemic. New York: Wiley, 2004. Print.
Vacca, John R. Identity Theft. Upper Saddle River: Prentice Hall, 2003. Print.
"Vishing Statistics 2024: Unmasking the Voice Phishing Threat." Keepnet Labs, 26 Jan. 2024, keepnetlabs.com/blog/vishing-statistics-2023-unmasking-the-voice-phishing-threat. Accessed 5 July 2024.
Welsh, Amanda. The Identity Theft Protection Guide: Safeguard Your Family, Protect Your Privacy, Recover a Stolen Identity. New York: St. Martin’s, 2004. Print.