Identity Crisis Survival: Learning the Scams of Identity Theft

Mari Frank’s nightmare began late one night in 1996 when she received a call from the Bank of New York asking why she hadn’t made the monthly payment on her credit card. Frank didn’t have a credit card with Bank of New York. But her double – who looked nothing like her – took Frank’s background, her credit, and even some of her business cards. The impostor also bought $50,000 in clothing and luxury items, plus a Mustang convertible, and charged it to Frank’s tab. The impostor, living in Ventura County 200 miles to the north, had been enjoying the high life for more than a year before the fraud was detected. Fixing the damage required about 500 hours of Frank’s time and cost $10,000.

Identity theft ruins reputations, destroys credit ratings, and empties bank accounts, and in most cases, there is nothing anybody can do about it. Fraud artists sweep up personal information, take on the personas of victims and steal money from their accounts, or rack up bills in their names. It’s one of the fastest-growing white-collar crimes, fueled by the exponential growth of the Internet and instant credit as well as widespread use of Social Security numbers. Fraud examiners and investigators need to know the scams and the ways they can be detected.

The Victim’s Plight 

Identity theft occurs when a thief uses another person’s personal identification – name, address, Social Security number, date of birth, mother’s maiden name, or other identifying information – to open new credit card accounts, take over existing accounts, obtain loans in the victim’s name, steal funds from the victim’s checking, savings or investment accounts, lease cars and apartments, or even apply for telephone service.

The victims go through a difficult and time-consuming ordeal to clear their names. They must first try to convince the lenders and the credit-reporting agencies that they are victims of identity theft. They also must deal with calls from collection agencies and endless paperwork that results from trying to expunge erroneous information and fraudulent accounts from a credit record.

Many victims of this fraud are unwittingly impersonated for years. They struggle to get their finances, jobs, and lives back in order. The thieves seldom discriminate. For instance, several cases filed with the Broward Sheriff’s Office in Ft. Lauderdale, Fla., revealed a variety of victims – from the unemployed to the self-employed and from an electrician to a judge. The main offenses committed were establishing public utility accounts, and obtaining credit cards to order merchandise in the victims’ names. Identity thieves target everyone – they cross all boundaries.

In Mari Frank’s case, the crook simply crossed her own name off a mass-mailing credit application and inserted Frank’s name, Social Security number, and other personal information. The address and phone number didn’t match Frank’s, but the bank still approved a $10,000 account. Making things even easier for the impostor, the bank then passed along Frank’s “new” address to credit bureaus. They then sold her credit information to other direct marketers, who wooed the impostor with even more offers. “It was sent to her door like candy and flowers,” Frank said.

In another case, Bob Hartle, a Phoenix-based aerospace worker, was victimized by his mother’s next-door neighbor. Hartle’s impostor rang up $100,000 in debt, filed bankruptcy, had automobile accidents and speeding tickets, was hired and fired, and ran up tax bills – all in Hartle’s name. The impostor taunted Hartle, saying he would continue to impersonate Hartle because there was no law to stop him. Hartle spent nearly four years and $15,000 to restore his good name.

When Sen. Dianne Feinstein, D-Calif., decided to find out what information was available about her, she was startled by what she discovered. It took her staff less than three minutes to retrieve her Social Security number and other personal information from an on-line service available to Internet users. That experience, along with complaints from her constituents, led her to introduce a bill to curb the distribution of Social Security numbers, unlisted phone numbers, and other personal information.

Lori, a certified nursing assistant from Jacksonville, Fla., learned that a former house guest used her Social Security card and state identification card to secure a loan and open a utilities account. The delinquent accounts totaled more than $750. Several years later, Lori discovered that her credit was damaged when she tried to purchase a truck.

A security guard named Barbara in Atlantic Beach, Fla., said someone used her driver’s license number and checking account number to withdraw more than $30,000 from her bank. The thief used the drive-through at branches of Barbara’s bank to deposit a series of stolen money orders and simultaneously make large withdrawals.

In some cases – such as the one that prompted Arizona to become the first state to make identity theft a felony – the victim had no idea he was being impersonated because the thief kept payments on the falsified accounts current. Later, this thief misguidedly declared bankruptcy.

The Suspects 

The suspects are many and can come from all walks of life. Any of the following people could be perpetrators.
Landlord – A landlord can call a credit bureau and get someone’s entire credit history.

College or university students or staff – A student may have access to classmates’ Social Security numbers from attendance sheets passed around in the classroom. One such suspect used other students’ Social Security numbers and applied for over 160 credit cards. At another college, the suspect working in the financial aid office collected and sold students’ Social Security numbers to another perpetrator. The two conducted their transactions in the school’s parking lot.

Telemarketer – Usually registered as an “unknown number” on Caller ID, the suspect calls a person and asks to verify whether he ever had an account in any of several named banks, then demands the last four digits of the victim’s Social Security number – supposedly to verify information. The caller insists that the victim supply his last four digits otherwise his name will remain on “a list.”

Neighbors, family, friends, or acquaintances – Those who have access to mailboxes or to personal information in homes can steal identities.

Rental car agents – Car rental agreements provide a wealth of personal information. Copies of these agreements easily can fall into the wrong hands.

Anyone – In 1997, Carlos Salgado Jr., 37, used a computer at the University of San Francisco to steal 100,000 names, log-ons, credit card numbers, and other data from several Internet providers in San Francisco. He encrypted the information on a CD-ROM and offered it for sale. FBI undercover agents convinced him they would pay $250,000 for the files. In January 1998, Salgado pleaded guilty and was sentenced to 30 months in prison, according to George Grotz, spokesman for the FBI’s San Francisco office.1

The Law 

In November 1998, President Clinton signed a bill into law – The Identity Theft and Assumption Deterrence Act of 1998. The law helped end Mari Frank’s two-year ordeal. Designed to stem one of the biggest and fastest-growing financial frauds in America, the law could benefit hundreds of thousands of people, who, like Frank, suddenly wake up to learn that somebody else has been living their lives.

The new law enables police to recognize the victims and helps to get erroneous items eliminated from credit and police records. Police say the crime of stealing someone’s name and credit is extremely common, but in the past, officers could do little except shrug. When a report came in about unauthorized utility hookups or charge-card applications, they filed the crime report and hoped a lead would drop out of the sky.

Under the Act, the Federal Trade Commission is responsible for creating a clearinghouse for consumer complaints and providing information to help victims recover. The agency will forward complaints to credit-reporting bureaus and law enforcement authorities for prosecution. The tracking should help identify thieves and their patterns.

“This is a victory for consumers,” said Sen. Jon Kyl, R-Ariz., who introduced the legislation in the Senate. “The use of technology now is making identity theft so much easier.”

“This change in federal law will help prevent thousands of dollars in financial loss in the months and years victims now spend trying to restore their good credit and reclaim their identities,” said Rep. John Shadegg, R-Ariz., who co-sponsored the bill.

Financial Privacy Threatened 

In Congress last summer, the House Committee on Banking and Financial Services held a hearing on how financial privacy is threatened and how people can protect themselves. Following are some excerpts:

From the testimony of Al Schweizer of Al Schweizer Investigations, of Boulder, Colo.: 

“For the better part of almost two decades I was a dominant force in the confidential information underground. I’ve been described by U.S. prosecutors as ‘The Godfather of the information industry,’ alleging that I was the largest and most successful of the confidential information brokers, a conclusion they reached after indicting me on three separate occasions. Many of my successes, as well as my lapses in judgment, have been documented in the mainstream media.

“I feel it is important to point out that although some of the methods used to obtain financial information may be considered ‘gray’ or in some cases outright illegal, the information is typically obtained for use in legitimate applications such as business intelligence, collections, enforcement of judgments, due diligence, etc. It is also important to note that although not all information brokers or private investigators are involved in illegal activities, it is probably accurate to say that most have ventured into ‘gray’ areas. The methods used to obtain financial information can be summed up in three ways:

• Public records available to anyone who cares to look;
• Use of an accomplice within an organization who has custody or access to the information sought; and
• Through the use of pretext, ruse, or gag calls, as they are referred to in this industry. A ‘gag’ call is simply a telephone call initiated by the investigator/information broker … . The investigator/broker purports to be someone other than his true identity, claiming to be the party that the information would be normally released.

“For example, if I wanted your bank account information, Mr. Chairman, I would first obtain your home telephone number either from public records, or if need be, directly from the telephone company using another gag. I would then call the billing office of your local telephone company and claim to be you. At this point I know your name, address, telephone number, and more often than not your Social Security number and date of birth.

“I would explain to the telephone company representative that although I know I paid my bill last month, I forgot to record it in my check register. I then ask, ‘Could you please tell me how much it was and when it was due?’ The service rep would then tell me the amount paid and when it was due. Next I ask when my next bill is due and how much it is. The service rep would also freely tell me that.

“Now I change hats. I call you at home and either get you or maybe your wife on the telephone. This time, I’m the service rep at your local telephone company. ‘Mr. or Mrs., this is Mr. Sawyer with Bell Atlantic. I’m calling about your May bill that was due on June 10 in the amount of $98. We haven’t received payment and now your June bill in the amount of $122 is also due. If this can’t be paid immediately I’ll have to disconnect your service.’ The majority of individuals will immediately become indignant, claiming that they have already paid those bills. ‘Let me get my checkbook; here it is. I paid you on June 5 – $98.’ ‘You did? What check number was that? What bank was that drawn on? The account number, please, so we can locate it in our billing system. It was probably credited incorrectly to another account; I’m so sorry.’

“There you have it, Mr. Chairman, I now have your bank account information complete with your account number. Now I have two options. First, call the automated line of the bank, where by entering your account number and Social Security number, the automated attendant will provide dates and amounts of deposit and checks that have cleared as well as your balance. The second option would be to call a customer service representative and claim to be you, as I now have everything I need to impersonate you.

“Using your personal information that I had previously obtained, I could now call financial institutions within a geographic area where I think that you may have a checking or savings account. I would call the customer service center claiming to be you and explain that I just received a letter from the Internal Revenue Service stating that I have failed to disclose accounts located at this institution. Feigning ignorance, I would say the letter named this bank specifically, then add that I have never opened any account with this institution. I would then ask the rep if he could check and see if in fact I do have an account with that institution. I would add little comments like, “Maybe my accountant or wife opened an account and used my name and social.’ If the rep discovers an account, I then quickly say, ‘Really, am I rich?’ That usually elicits a laugh and helps to disarm the customer service representative.

“Once you have a cooperating employee on the line there is nothing you can’t ask. Most gags are just as simple as I’ve described, but can, in fact, be as complex as requiring several telephone calls, using the names of employees, as well as exploiting the hierarchy or the target institution. Although the examples I’ve provided seem simplistic, almost all gags for financial information are variations of the above themes.”

From the testimony of Robert Douglas, a private investigator in Washington, D.C.: 

“All across the United States, information brokers and private investigators are stealing and selling for profit our fellow citizens’ personal financial information. The problem is so extensive that no citizen should have confidence that their financial holdings are safe.

“The types of financial information for sale include private bank account numbers and balances; stock, bond, and mutual fund holdings including the number of shares held; insurance policy data including the types of insurance maintained and the amounts or values of the policies; and credit card information including account numbers, size of credit lines, and transaction details such as specific purchases.

“While the theft and sale of this information is occurring on a daily basis, much of society’s focus on privacy as it relates to personal information has been concentrated elsewhere. To date, the majority of public scrutiny has been on issues related to basic data collected via the Internet and the explosion of information that is collected every day as part of routine commercial transactions.”

Fighting Back 

As public awareness of identity theft grows, so does the onus on banks to prevent it. The Office of the Comptroller of the Currency, the federal agency that regulates the national banking system, intends to tighten controls over the release of personal financial information to growing numbers of information brokers on the World Wide Web.

Fraud artists who misuse Social Security numbers, birth dates, mothers’ maiden names, or other typical identifiers, and who steal $1,000 or more, face prison sentences ranging from three to 25 years. Penalties would be stiffer for identity thieves involved in drug trafficking, violent crimes, or terrorism.

Both Hartle and Frank, who have since written books to try to help people negotiate the maze of restoring their credit and erasing the impact of an impostor, believe that victims of identity fraud will continue to have a difficult time regaining their lives. And until U.S. privacy laws are tightened, more victims will emerge, Frank says. The Social Security number is the key to identity theft and consumers must do whatever it takes to protect its fraudulent use. The burden of proof rests on the individual.

Tracking Down the Thief 

There are probably hundreds of ways a fraud examiner or an investigator can catch an identity thief, but below are some of the techniques most frequently used. Remember each case is unique and must be reviewed to determine its individual circumstance, and at what point the financial information was compromised.

Timing is the key to success – the fraud examiner must move faster than the thief. Perpetrators of these crimes may be in other areas, states, or even countries – in other words, out of your jurisdiction.

• Establish a surveillance of the address(es) in question.
• Have overnight delivery services “flag” the address(es) in their system so that the fraud examiner is notified of any upcoming deliveries.
• Subpoena telephone records for the telephone(s) being used by the perpetrator.
• Contact credit bureaus and have them “flag” the true account holder’s file. This way, when the perpetrator attempts to obtain additional credit from a lender, the fraud examiner can be notified. This can lead to additional addresses and telephone numbers as well as descriptions of the perpetrator.
• Contact the Social Security Administration – the victim’s Social Security number may be listed in the system twice. For example, a victim’s records might indicate two different employers: Employer “A” in California and Employer “B” in New York, both reporting taxes on the same Social Security number during the same period. (Illegal aliens frequently use stolen Social Security numbers to obtain employment.)
• Obtain any videos from retailers that show the perpetrator making purchases using the identity of the victim.
• Obtain a copy of the thief’s photo on the fictitious driver’s license.
• Have the victims notify the fraud examiner anytime they learn of new breaches of their identity so those leads can be followed up immediately.
• Request assistance from the U.S. Postal Inspector, the U.S. Secret Service, or any other agency that may be able to assist in the investigation.

Furthermore, if a thief is confronted, a fraud examiner or investigator should keep in mind the following suggestions:

• Upon initial contact, call the thief by an incorrect name. For example, “You’re James Smith, right?” The thief will deny it and may produce identification in the name of the victim. If no identification is produced, ask for it. (Usually, identification in the victim’s name will be produced.) Then ask for more identification.
• Next, try to establish the thief’s true identity. This is a bit more difficult in most cases and the hardest part of the investigation – unless you have fingerprints. Many will have several identities, which they established over a period of time.
• Keep in mind that you may be dealing with a parolee, escapee, or wanted felon who does not want to go back to the penitentiary.
• Addresses and telephone numbers, for example, which do not belong to the victim could be leads to the location of the perpetrator. Current leads must be acted upon quickly. Experience has shown that perpetrators use stolen addresses and telephone numbers – many are cellular phones – for a short period of time.

All fraud examiners, regardless of their expertise, should stay informed about identity fraud and how to fight it. Otherwise, the bad guys win.

SIDEBARS 

Where Thieves get Information 

• Garbage – pre-approved credit cards, bank and credit card statements, and utility bills
• Mailboxes – both incoming and outgoing mail
• Loan applications – banks, car dealerships, mortgage companies
• Rental applications – cars or apartments
• Schools – classroom attendance sheets that list the student’s Social Security number
• Desk drawers in the workplace
• Certifications/licenses placed on walls (in the workplace)
• Job applications
• Health club applications
• Internet – information resulting from the sale of personal banking and investment details, chat rooms, and false merchants
• “Who’s Who in America,” which includes personal data
• Telephone companies
• Information freely given by the public – from warranty cards, for contests, to department stores, and “Win a Free Membership…” forms

Advice for Potential Victims 

Fraud examiners should supply these recommendations:

• Don’t disclose any personal information that isn’t integral to a transaction. 
• Don’t keep your Social Security card in your wallet; bring only the one or two credit cards that you use regularly. 
• Keep your Social Security number as private as possible. If a salesperson requests it, ask why. If your health plan prints it on your membership card, ask for one without it. For students: Don’t write it on your class attendance sheet (your school already has your number on official records). Divulge this number only for legitimate purposes, such as paying taxes, requesting credit, or obtaining a driver’s license.
• Shred mail containing personal information – from account numbers to travel itineraries.
• Prevent mail theft – don’t leave mail in your mailbox for the mail carrier. Don’t have new checkbooks delivered to your home; pick them up from your bank.
• Lock up your personal papers and canceled checks in your home, in case of a break-in. 
• Be cautious on the telephone. Never give out your name, address, Social Security number, or other personal information unless you initiate the call.
• Demand secure information handling. If you’re filling out a credit application at a department store or auto dealership, find out what the establishment does with old applications. If it doesn’t lock them in file cabinets or shred them, take your business elsewhere.
• Pay attention to your bills. If you suddenly stop receiving your mail, particularly bills, that could be a sign that someone has taken over your account.
• Let federal, state, and local representatives know you’re concerned about this issue. Tell them you want tougher laws against identity thieves and better protection from the credit industry.
  Source: Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer information and advocacy program in San Diego, Calif.

Checking Credit Reports 

Fraud examiners should recommend that their clients review their credit reports once a year; all three bureaus will need to be contacted.

It’s also wise to opt out of pre-approved credit offers by calling 888-5-OPT-OUT (888-567-8688). A scam artist can retrieve a discarded credit card offer and send it to the company, saying, “Yes, I’m interested – and here’s my new mailing address!”

• Equifax – To order a credit report: 800-685-1111. To report fraud: 800-525-6285
• Experian – To order a credit report and report fraud: 888-EXPERIAN (888-397-3742)
• Trans Union – To order a credit report: 800-888-4213. To report fraud: 800-680-7289

A Victim’s Plan of Action 

• Financial fraud is a crime; call your local police department.
• Contact the fraud units of all three credit bureaus. Ask them to “flag” your account, which signals creditors that you are a victim of identity fraud. Also, add a victim’s statement to each of the credit bureau reports that asks creditors to contact you in person to verify all applications made in your name.
• Notify your banks. They can help you obtain new account numbers for all of your checking accounts, savings, and other accounts. Be sure to pick a new PIN number for your ATM and debit cards. Close all of your credit card accounts and open with new account numbers.
• Notify the postal inspector if you suspect mail theft – a felony. Depending on your situation, you may want to contact the Social Security Administration to get a new Social Security number. Their telephone number is (800) 772-1213. You also may want to contact your telephone, long distance, water, gas, and electrical companies to alert them that someone may try to open an account in your name.
• Finally, maintain a log of all the contacts you make with authorities regarding the matter. Write down each person’s name, title, and phone number in case you need to contact them again or refer to them in future correspondence.

Source: American Bankers Association

1 Robert O’Harrow Jr. “Who’s Got your Number? Data Access Feeds a New Breed of Crime Series: Eye at the Keyhole.” The Washington Post, March 10, 1998