Methods of Identity Theft

Criminals use several methods in committing identity theft. See: RCMP “Personal Information and Scams protection”. [RCMP Scams Protection]. These methods were broken down into three categories in one of the working papers of the Canadian Internet Policy and Public Interest Clinic (CIPPIC). See: CIPPIC “Techniques of Identity Theft”. [ID Theft].  The identified categories are: 

  1. Physical Theft: examples of this would be dumpster diving, mail theft, skimming, change of address, reshipping, government records, identity consolidation.

  2. Technology-Based: examples of this are phishing, pharming, DNS Cache Poisoning, wardriving, spyware, malware and viruses.

  3. Social engineering: examples of this are pre-texting, contests and surveys, obtaining credit reports, bogus employment schemes.

More information about these techniques can be found in the referenced CIPPIC’s paper. [ID Theft].

A few of the methods of identity theft are described below:

1.    Land/ mortgage schemes:

A fraudster impersonates the true property owner; forges the owner’s signature in sale documentation filed at the land registry offices and deceitfully obtains ownership on paper. He/she then sells the land to another rogue or uses the property to obtain money through lines of credit or mortgages from unsuspecting lenders. The imposters abscond with the money and the mortgages immediately slide into default. This results in a dispute for compensation between the innocent landowner and the lenders who relied on the officially registered documentation. This fraud is estimated to be a $1.5 billion industry in Canada. See: Peter Bowal “Identity Theft: Mortgage Mayhem” at page 5. [Mortgage Mayhem].  The Canadian Bankers Association has some good tips for preventing real estate fraud. See: “How to protect yourself from title fraud”.

2. Vishing (Source: Canadian Bankers Association)

What is Vishing?

Vishing stands for "voice phishing" and is a twist on the phishing e-mails that you may have received, but now the criminals are using the phone as well to trick consumers into revealing personal information. See: https://cba.ca/phone-fraud.

Vishers will send out an e-mail to thousands of people which looks like it is from a reputable organization, such as a credit card company, online retailer, bank or government agency. The e-mail may warn of a security alert and ask you to call a local or toll-free number where an automated attendant will ask you to punch in personal information, such as your credit card number, social insurance number or online banking password. After you do that you may be disconnected without speaking to anyone, but the criminals will have your information.

Security experts have seen another variation of vishing where the criminals will leave a voicemail message or make telephone calls directing people to the bogus phone number. With Voice over Internet Protocol (VoIP) and other internet-based telephone technology, criminals can now make calls inexpensively and can mask their identity and their location and even make it look like they are calling from a legitimate company on your call display.

So, why do they do it? Usually it is to commit some sort of financial fraud.

How to Identify a Vishing Contact

We all get e-mails and telephone calls from legitimate companies and organizations that we do business with, but here are some things you should keep in mind as you try to figure out if you’re being contacted by the legitimate company or by a visher.

  • If you are dealing with a legitimate company, they know who they are contacting and will address you by name in an e-mail or telephone call. Vishers don’t typically know who you are and don’t usually use your name.

  • If a bank suspects fraudulent activity on your debit or credit card or account, they will never contact you by e-mail. If you do receive such an e-mail, do not respond and delete it.

  • In some cases, your bank may contact you by phone or leave you a voicemail message if they suspect fraudulent activity. As part of a legitimate conversation with your bank, you may be asked verification questions so the bank can ensure that they are speaking to the right person. You will not, however, be asked to verbally provide any PIN or banking password or enter your PIN or password on your telephone keypad. As part of the verification process, your bank will never ask you for your Social Insurance Number.

  • It is a wise practice not to use the phone number provided in the e-mail or in the telephone message you receive. You can validate that the call is legitimate by contacting your bank using the phone number on the back of your card, on your statement or a published number you have looked up yourself.

  • As a general rule, be cautious about how and with whom you share personal or financial information.

3. Stealing Your Credit Cards or Numbers

a. From your wallet/Pocket/Purse

Credit cards are most often stolen from your place of employment. Watch your purse/wallet carefully. Lock valuables if you work out. There was a scam going where people replaced credit cards with fake ones. Thus, check your credit cards in your wallet to make sure they are yours! 

b. Skimming/ Photographing/ Switcheroo in the kitchen

After receiving food or other services, credit card is taken away out of sight and then skimmed or another one replaced when it is returned. Alternatively, scammers use cell phone cameras to take a picture of your credit card.

c. Copying the number from a receipt

Although stores have become careful on this one, some still reproduce your whole number on receipts, which can easily be misplaced and copied.

d. Ex-Spouse or other acquaintance

Many cases of identity theft have been reported by people whose ex-boyfriend or ex-girlfriend or ex-spouse use their credit card fraudulently.

4. Account Fraud

Thief uses identifying information to open new accounts in your name. Thief may also have statements mailed to a fake address, so victims don’t learn of the fraud for quite some time.

The RCMP indicates that the stolen or reproduced personal or financial information can be used by criminals [RCMP: Identity Fraud] to:

  • access your bank accounts

  • open new bank accounts

  • transfer bank balances

  • apply for loans, credit cards and other goods and services

  • make purchases

  • hide their criminal activities

  • obtain passports or receive government benefits

Using identity theft to facilitate organized criminal and terrorist activities also appears to be a growing trend.