Letting identity theft out of the bag

Why pop-ups, phone bills and photocopies can put you at risk for fraud

P&CC head manager Geoffrey Dudgeon displays a few of the pieces of identification students have left behind at his service.
P&CC head manager Geoffrey Dudgeon displays a few of the pieces of identification students have left behind at his service.
Photo: 

Imagine this: you go to the bank machine one night on your way to the bars, and for some reason, your account is empty. “This can’t be right,” you say, “I just deposited my cheque the other day.” So you call the bank the next day and the nice teller on the other end of the line informs you that someone has withdrawn all the money from your account—it wasn’t you, though. So who was it? Is this some kind of conspiracy; are you paranoid?

Maybe not. More likely, you were the victim of identity theft. Identity theft is a form of fraud whereby thieves steal a person’s ‘identity’ by gaining access to personal information, such as Social Insurance and credit card numbers, in order to pose as the individual and steal from them. It’s theft. It’s just high-tech theft. How much of a problem is this bastard crime of the information age? In 1999, there were between 60 and 70 reported cases every month in Ontario of an individual forging someone else’s identity. In the past five years, that number has swelled to over 1,800 cases per month. Identity theft is now the fastest-growing crime in North America and has topped the list of consumer frauds in both Canada and the U.S. for the third consecutive year. Usually, in identity theft cases, thieves will collect personal information about a certain individual until they have enough to withdraw money from that person’s bank account or to apply for credit cards or loans in that person’s name. Since it’s getting easier to conduct bank transactions and apply for credit cards and loans virtually anonymously online, many victims don’t even know they’ve been victimized until it’s too late.

But how are thieves getting this information in the first place? Detective Brian Timmins of the Kingston Police Fraud Unit said most of these crimes happen over the Internet. Many cases of identity theft begin with spam emails resembling official notices from companies such as eBay, Best Buy and Amazon.com. These emails usually have a similar format: they either tell the victim his or her ‘account’ needs to be updated—and the victim is prompted to enter credit or bank information—or they say he or she has won some kind of prize. To claim this prize, the victim must fill out a bogus form that may ask for anything from birth dates and addresses to SIN numbers and sensitive passwords. Timmins said thieves can gain access to sensitive materials anytime people give any kind of personal information over the Internet.

“Don’t do it,” he said. “If you think [an offer] is too good to be true, then it probably is.” Many people take a ‘this can’t happen to me’ approach to identity theft. But these criminals don’t usually target wealthy individuals and businesses—instead, they’ll steal from just about anyone whose personal data they can get. How easy is it for thieves to obtain such information? According to Timmins, people leave their personal information everywhere. In addition to duping people out of their birth dates and account numbers online, some of these criminals just plain out steal it in hard copy. Timmins said one of the prime targets for identity thieves is mail. “Don’t leave mail anywhere,” he said. “Make sure it’s secure. There is a lot of theft when it comes to cheques, bank information and personal identification out of the mail. They get their hands on that information and bang—somebody’s got a credit card in your name.” Identity thieves have also been known to go through garbage bags looking for old bank statements, credit card reports and bills with account and biographical information on them, all in an effort to create a new identity. The risk of Queen’s students being victimized in this way may be even greater at this time of year, as relocating students line Ghetto streets with more garbage bags than the city will pick up. I was curious to see what people were really throwing out, so I went through several bags of garbage left in front of my building by the previous tenants.

The more I looked, the more I found. I came away with two credit card bills, one half-completed Visa application and three old Bell Canada bills from three different people. If I were an identity thief, I’d have hit the jackpot. But is the problem simply that people don’t realize how far a thief will go, trusting their neighbours to treat their garbage cans as private property? P&CC head manager Geoffrey Dudgeon says the problem goes beyond what people throw out.

“People leave student cards, credit cards and even health cards here so often that it would be tough to come up with a daily or a weekly figure,” he said. “We make every effort to keep that information hidden, but we worry about students who are leaving themselves vulnerable to things like identity theft.” Sometimes students need photocopies of their identification for various reasons, including filing insurance claims, but they aren’t always careful. Both the P&CC and the UBS have large stacks of unclaimed identification left behind by Queen’s students, including student cards, birth certificates and even passports. Even if students remember to take their ID with them, Dudgeon said, they often forget about the copies.

“A lot of times people leave their photocopy errors on the table, or in the recycling bins around the store,” he said. “Quite often, we’re not the first person to see it, especially when the self-serve area is full.”

Timmins agreed, but he said carelessness isn’t always the cause of identity theft.

“The bad guys are getting so smart and organized that they’ll go to the drop-off points for paper boys and steal the delivery slips to see who is away, and then break into the houses,” he said.

Some identity thieves act alone, amassing personal information either online or in hard copy, but efficient and organized identity theft is not unheard of. In November, U.S. authorities arrested three men who had stolen over 30,000 identities from the database of a defunct software company.

The federal government has recently taken steps to help victims of this new cyber crime. It has set up a body called the Consumer Measures Committee (CMC), consisting of representatives from the federal government and from each province and territory, that seeks to protect the rights of consumers across the country. The Committee’s website, www.cmcweb.ca, offers general tips on several different consumer issues, including protecting one’s personal information. To thwart identity thieves, experts suggest that students shred all personal documents before they throw them out—a policy that the AMS maintains for all the sensitive information going through its doors. Timmins agreed.

“Anything with personal information on it, tear it into a million pieces, even receipts that have Visa numbers,” he said. “It’s amazing how many places are taking Visa numbers over the phone these days.”

Timmins also warned people against carrying their birth certificate or SIN number.

“Those two pieces can recreate a person and cause you all kinds of grief if someone gets their hands on them,” he said.

But just how much money are we talking about each time one of these thieves steals an identity?

“The [cases] I see always seem to be in the high hundreds and the thousands [of dollars],” Timmins said. “If someone gets a bank card and they have your PIN number, they’ll use it till [the bank machine] won’t spit any more money out.”

He recalled a Queen’s student this year whose bank card was stolen out of her dorm room. While she wrote her last exam, someone emptied her account. How did they get the PIN? The only way that could have happened is if someone knew her—the thief was someone she was friends with or had lived with.

While those “protect your PIN” stickers on bank machines may seem silly, they really are there for a reason. If someone knows your PIN through your own carelessness, there is nothing the banks can do, Timmins said.

He suggested students follow banks’ advice and choose a PIN that is difficult to guess. They should also avoid lending their bank card to anyone.

“Don’t give [your PIN] out to anyone or write it down,” he said. “Don’t make it your date of birth—those are the first things the thieves try.”

Bank managers I contacted throughout Kingston and Toronto refused to comment on the issue.

If you do find yourself the victim of identity theft, there are a several things you can do. First, contact the police immediately. The longer you wait, the lower their chances of being able to help you are. Also, go through your credit history every few months with an accredited credit checking agency like Equifax or Transunion Canada, to identify a thief’s purchases as soon as possible. The Federal government has also recently introduced an Identity Theft Statement form, which can be filled out when a theft is discovered and forwarded to all the victim’s financial institutions. The form is available on the CMC website or from most financial institutions. Students can also rely on the police to prevent a theft, Timmins said.

“There is no problem with phoning someone from the fraud department or an adult they trust before they do something [involving sensitive personal information],” he said. “What might sound good to one person might set bells off for someone else ... The more you do to prevent these things, the fewer problems you’re going to have.”

I’m not a conspiracy nut, and it looks like I’m not paranoid, either. This stuff is really going on. And although it’s not foolproof, Timmins offered his best tip to stop yourself from being victimized.

“Just be careful with your property—don’t give the bad guys a chance to hurt you,” he said.

—With files from the Ottawa Sun and www.cmcweb.ca

When commenting, be considerate and respectful of writers and fellow commenters. Try to stay on topic. Spam and comments that are hateful or discriminatory will be deleted. Our full commenting policy can be read here.