n°64 - Avril 2017

Lettre d’information



Identity theft occurs when a criminal uses another person’s identifying information, such as their passport, identifying number, or credit card number, without their permission, to commit fraud or other crimes. Once the criminal has obtained a certain amount of identifying information about an individual, they can take over that individual’s identity to conduct a wide range of crimes.
The victim of identity theft is responsible for what the thief does while using their personal information. This means that they might have to pay for what the thief buys. Victims of identity theft often suffer significant aggravation and financial losses and the damage often takes months to rectify. Identity theft may also lead to additional problems by damaging the identity’s reputation.
In the United States alone the Department of Justice’s Bureau of Justice Statistic’s figures for 2014 suggest an estimated 17.6 million Americans older than 16 had their personal information compromised at least once during the last calendar year and total financial loss stemming from identity theft in 2014 was $15.4 billion.

Financial Identity Theft and Account Takeover
The most prevalent type of identity theft is financial identity theft, where the thief obtains key pieces of personal identifying information and uses them to obtain funds from the victim’s account such as : false applications for loans and credit cards, or fraudulent withdrawals from bank accounts.
The main type of fraud committed with financial identity theft is account takeover. Account takeover is the impersonation of the identity of an existing account holder (which has been previously properly identified by the financial institution). In most cases, the person committing identity theft will begin by changing the email address, phone number and home address associated with the account, so that if the financial institution tries to get in touch with the client they will instead be communicating with the thief. Next, they will generally use the identity of the existing client to make new credit applications, ask for new payment cards or withdraw funds.
Detection is extremely difficult for the financial institution.
However, for a criminal to successfully complete account takeover, the first step is to gather personal information about the client of a financial institution. This is why protecting your identity is crucial.

Protecting Your Identity
Protecting yourself from financial identity theft means protecting both your legal identity documents and your financial details. Below we list a few steps that can be taken to limit the risk of financial identity theft :

Delete copies of identity documents and financial details from your email
Hackers gaining access to a personal email account will often go through it looking for copies of legal identity documents and financial details. Employees of intergovernmental organisations, who travel frequently, are often asked to send photocopies of their passports and other identification to human resources departments or other entities. The result is copies of passports lingering in the SENT folder of the individual’s email. Identity documents are prime material for identity thieves. They also contain copy of your signature, which can be used to help the thief forge your signature when attempting to gain access to your account.

Email accounts of intergovernmental organisations are, unfortunately, not safe from hackers. It is therefore crucial to go through an email account on a regular basis and delete any information that could be used by an identity thief.

Watch out for dumpster diving and mail theft
Some identity thieves operate by obtaining personal information from trash cans, which they will then use or sell. Shredding personal information before throwing it away is highly recommended.

Another technique is to steal from unlocked mailboxes to obtain pre-approved credit offers, bank statements and/or tax forms.

Beware of social engineering techniques 

Social engineering refers to the technique of circumventing technological security measures by manipulating people to disclose crucial authentication information. 

Many financial institutions including AMFIE use the answers to a series of personal questions to identify members calling the Association. Imposters are identity thieves who will pose as someone with a legitimate reason to ask for this information (for example, a representative of a financial institution, an employer, a government agency or even your landlord). Alternatively, they may use fake email to try to obtain information from you. Imposters will go to great lengths to earn and exploit a victim’s trust. 

AMFIE will never send you an unsolicited email that requests your personal information.

Monitor your accounts regularly 

Sometimes even remaining vigilant is not enough. A dishonest employee with access to personnel records, payroll information, and account numbers can easily steal that information. Techniques such as shoulder surfing (obtaining personal data by looking over the shoulder of unsuspecting individuals or using cameras for the same purpose) can be used without the victim realizing it.

For this reason, it is essential to check your bank and credit card accounts online, at least weekly. Criminals engaging in account takeover generally begin by withdrawing small sums before emptying an account. Monitoring your accounts regularly can limit the damage.