Assumed or Stolen Identity

Because of the inherent Impersonality or Anonymity bestowed by the Internet, it is possibly easier to carry out actions using an assumed identity or persona on the Internet than anywhere else. Fraudsters use this fact in many of the scams discussed on this website (and many others not described here.) Sweetheart Scams, Advance Fee or Overpayment Scams, 419 Scam and Fraudulent Deposit Scams are all made possible because of the ability to impersonate another identity. Even Fake Escrow Sites are arguably assisted in their set-up by some form of impersonation.

In the public eye probably the greatest fear is of assumed identities used in ChatRooms or discussion groups. There has been great play made in the Press of cases where paedophiles have used ChatRooms to 'groom' youngsters for their own purposes. Even at the peer level or near-peer level younger users have used other identities in order to cyberbully other users. At present there is much activity and research into how this sector might be better protected. Some possible solutions have been suggested but all break down at the level of placing trust in a third party who may, or may not, be more trustworthy. Sadly, at present the only advice is one of enhanced parental supervision.

Assumed Identity

Assumed Identity is a description of a situation where the actual identity of the person attempting to carry out a transaction is disguised in any manner. This can range from the simplest cases of giving incorrect age or marital status in profiles, through incorrect gender etcetera, to completely fictitious identities such as are presented in Sweetheart Scams or 419 Scams.

The manner of assumption of the identity varies but (besides incorrect profiles) normally starts with the acquisition of an anonymous email address from a general domain (Such as Yahoo! Hotmail, BTInternet etc.) that provides free email addresses. When doing this, the user can choose ANY name and very few, if any, checks are carried out to see whether a commercially sensitive name has been chosen (i.e. one which would indicate an origin within a commercial organisation.)

The moral of the story here is never to trust an email address alone no matter how familiar it looks.

Assumed Identity used in Commercial frauds

The press does not dwell on Assumed Identity in connection with other day-to-day transactions which are sometimes overwhelmed by potential fraudsters. Outside of the field it is often assumed that 'straightforward' transactions such as purchases from Classified Listings are not at much threat from scammers but the opposite is very much the case. Anyone who has used Classifieds to advertise a reasonably-priced or high-value item will know that they will receive a number of strange looking responses and often will not realise immediately that they have been targeted for an Overpayment Scam. This scam cannot work without the cloak of invisibility given by the Internet.

Classified Sites or Papers.

These days many sites or classified listings papers carry prominent warnings and advice about avoidance of fraud. The detailed working of these scams is discussed elsewhere in this Security Centre and any prospective purchasers or sellers should read the relevant sections carefully. Whether you are selling a motorcycle, car, caravan, horse or commercial vehicle you should be aware that any advertisement of an item for sale (of sufficient value to make the scam worthwhile) is taken by scammers as an invitation to defraud the seller. For example, a personal acquaintance reported that, out of the first five responses to his 'for-sale' advert for an off-road motorcycle, four were scams! All were claiming an interest in buying the item immediately without inspection. Many sellers would be overjoyed by this response but the acquaintance had the advantage of knowing how the scam works.

Fortunately this is one area where steps are being taken to remove the anonymity of buyers and sellers alike. The NETCRED service identifies the seller/landlord/bidder/buyer/tenant as having passed through a rigorous Identity Check and can therefore be confidently taken as who they say they are. Anyone considering transacting through the classified service or listings service can opt to ONLY transact with NETCRED verified persons if they wish. The NETCRED certificate can be used on multiple sites and is helping to create a community of trusted and verified persons.

Stolen Identity

The most extreme form of assumed Identity is Identity Theft. This refers to a situation where scammers have managed to acquire sufficient, if not the complete, identity details of another person and use these to commit frauds. The manner of acquisition of the Identity details varies widely but in general involves some form of intercepted or acquired correspondence. In the old days this was based on stolen credit card receipts but today the public is more aware of the importance of secure disposal of these and not letting the card out of their posession during payments. Nowadays the scammer's method of choice is more likely to be some form of phishing to get the victim to give out their details.

Using the details gained from phishing an Identity, the scammer can then either attack the victim's finances directly or, more commonly nowadays, use the identity to carry out a further series of frauds of which the victim is entirely unaware until they start to get letters from finance houses or credit card companies chasing loans or card charges for which the victim is not responsible. These frauds normally take the form of multiple credit card applications, loan applications, unauthorised overdrafts on freshly opened bank accounts and high value purchases using the victims credit rating. Usually the fraudster will try to do as much as possible to hide the transactions from the victim until the last possible moment in order to maximise the return from the fraud.

Even if the victim's personal finances are not attacked directly, one consequence is the destruction of the victim's credit rating which can be a nightmare to correct and can dramatically affect the victim's lifestyle and plans.

Identity Theft was ESTIMATED to have cost Britain over £1.3 BILLION pounds last year.

Fake Documents

Fraud is often assisted by the ready availability on the Internet of extremely realistic documentation such as Drivers Licences, Bank and Utility Statements and even Passports which can all be aquired at low cost from 'fun' sites that claim to supply them purely for 'joke' purposes or as 'novelties' and say that they should not be used to mis-represent the identity of the holder (!) It is difficult to think of any other reason for carrying the documents!

One website is also currently offering Fake Birth Certificates, GCSE Certificates, Degree Certificates, P60s, Payslips, Car Insurance Certificates and MOTs. Interestingly, their preferred payment methods are cash(!), Blank Postal Order or Western Union. No PayPal, Cheques or Bankers Drafts (too traceable?)

The fakes look very genuine even down to holograms on the cards and could be acepted by institutions such as banks to open accounts.

Up to recently (July 2006) the carrying of false ID was not of itself an offence but measures taken to allow the introduction of a National Identity Card have made it so now.

The Identity Cards Act 2006 was recently passed in the UK and makes illegal the use of fake ID. A successful prosecution was carried out in Haringey, London where it was established that the atttempted usage of a fake Greek passport to prove ID was "Possession of an Identity Document with the intention of using it to establish registerable facts ".

This legislation is 'catch all' and, although only used in a few high-level cases up to now, would apear to bring the law to bear even on the attempted use of fake ID to get into a pub or club. (Date of Birth is a 'registerable fact'.)

Recent ID Theft Case

In a recent case, a woman was arrested in the UK for allegedly shoplifting at Tescos. When she was being checked by the Police she was found to be carrying a driving licence application in another person's name and a loan application in a third name!

On further checking it transpired that she had worn a blonde wig and glasses and produced driving licence and bank account details in the third name at a letting agent to rent a house. The letting agents said they had no reason to disbelieve the person's assumed Identity because "We credit-searched and referenced the tenant and she passed as XXX " - Identity theft number one!

The owner of the house was away in the USA long-term as a sailing instructor and before her departure, had locked her personal documents away in the attic room.

The fraudster had then used the owner's Birth Certificate and Marriage Licence from the attic to assume a new identity as the owner of the house and then proceeded to sell antiques in the house worth £14,200 (for £1,250) - Identity theft number two!

She then tried to sell the owners £560,000 house TWICE (for £430,000 and £480,000).

If not for the fortuitous shoplifting arrest this could all have ended with the illegal sale of the property and further fraud using the newly acquired identity. None of this would have been known to the real owner until legal letters started to reach her in the USA which would be long after the fraudster had fled with the money if things had gone according to plan (Remember she already had the loan application made out in the owner's name!)

At least the house sale was prevented but, although some of the heirloom antiques were later recovered, the owner cannot get them back as she received £10,000 compensation from the letting agent.

What to do

Secure your computer against attempts to steal your personal details. There are a few simple measures you can take to make it much harder for a phisher and they will not cost a penny if you choose not to use the commercial options.

Although it is difficult to do continuously, you should try to keep track of what information you are leaving around. Shred or burn anything which has your name and address on it.

Exercise extreme care in any situation where you are being asked to hand over information. Be very careful on the Internet, but also by telephone. Watch out for phishing attempts.

Do not leave documents around where they might be seen by others. (This is particularly important during house viewings!) Be extremely careful about leaving documents around during building or alteration work or when others may be visiting your home - especially if you do not know them personally.

Always know where the really important documents are and ensure this is a safe place - Put them in a safe or deposit them at a Bank.

Keep a close eye on statements and look out for any suspicious transactions. Watch out for missing statements - Someone may have diverted or intercepted them.

If you are worried about anything, check your credit rating regularly. Some authorities recommend twice a year. This may cost a small fee but will keep you up-to-date on all of your financial affairs.