Identity theft - the facts

Theft is a word commonly associated with property and goods, but identity theft (or ID theft) is a crime of which every consumer needs to be aware. It refers to criminals obtaining information about you that can then be used to make purchases or enter into contracts in your name.

The effects can be devastating. Many of these attacks cause direct financial loss, but if a criminal gets enough information to make hire purchase agreements or enter into larger contracts in your name your credit rating could be damaged long term. At the very least, victims face weeks or months of reorganising financial accounts.

The good news is that there are simple steps you can take to prevent your identity being stolen. More importantly, though, we'll explain how identity theft is committed and how we all need to become more security minded in general, as the majority of identity fraud is committed well away from computers and the internet.

No matter whether you call it identity theft, phishing, skimming or social engineering, almost all of these activities are variants of the age-old crime of fraud. However, the increasing use of electronic systems in day-to-day life has vastly extended the scope of these fraudsters and the potential profits they can reap.

Most people carry several exploitable pieces of identification with them every day, usually credit or debit cards. Until recently a common technique of criminals trying to steal your cards was shoulder surfing - lurking behind someone at a cashpoint, noting the PIN number of a card and then using deception or force to take that card - but as technology has miniaturised a new technique has emerged.

Mind your back
Police have already arrested several individuals copying cards using the cash machines themselves. A small electronic camera is mounted above the keypad of the cash machine and a card reader, often only a few centimetres thick, goes over the card slot.

At a busy machine hundreds of card numbers can be collected in a few hours and turned into cloned cards. The wide availability of small card scanners has also made card skimming a problem. In a matter of seconds your card's magnetic strip can be copied and a crooked employee of a restaurant or retail outlet can copy many cards in a day.

For more intricate frauds, criminals need more than credit card numbers. There is enough information in most bank statements and utility bills to reveal plenty about those to whom they are sent. Combine that information with publicly available data, such as the electoral roll and credit databases, and criminals could have enough information to apply for credit cards, set up mobile phone contracts or even arrange loans.

The problem of criminals rummaging through bins for such documents is well known and there have been reports of organised gangs paying people to pick through landfill sites for such documents.

There's also the problem of lost post. The Royal Mail watchdog, Postwatch, reported that 14.4 million letters were lost last year, and stories of new credit cards and their PIN codes, which are always posted separately, being intercepted before they reach the recipient have emerged. Even house burglars are now just as likely to take your personal documentation as the TV and DVD player.

By far the biggest problem with identity theft is 'social engineering': this means someone obtaining information by deception, and usually involves some form of incentive or plain old-fashioned flattery. A veneer of officialdom also oils the wheels and it's a surprisingly effective technique.

Several recent experiments have shown that nine in 10 people would give up computer passwords in exchange for a small gift like a chocolate bar when questioned by someone holding a clipboard. All too frequently people give out sensitive information over the telephone when they have no proof that the person at the other end is who they say they are.

Security conscious
These types of identity theft are easy to beat - it's just a question of being aware of the methods and retaining a degree of scepticism. Watch your back in the queue for the cash machine and don't allow yourself to be distracted until you've retrieved your card.

Always shield the keypad with your palm when you put in your PIN to defeat prying eyes or miniature cameras. Finally, if you use a cash machine and something doesn't seem quite right - the card sticking in the slot, for example - let the bank know and always check statements properly.

One of the most common criminal tactics is to make small but regular withdrawals that may go unnoticed, rather than trying to empty an account in one go. This applies to online banks as well, where UK-based 'money mules' accept small transfers and pass them overseas to the criminals for a small commission.

Don't forget to check other accounts regularly too, such as your sales and purchasing history on eBay. If your account details have been stolen then someone could be selling fictitious items in your name.

As for your physical documents, store important ones like birth certificates and passports in a secure, locked container and consider how you discard financial statements - rip them up or use a document shredder. These are available from £8 at www.maplin.co.uk.

Old con, new name
While identity theft committed in this manner still accounts for the majority of fraud, security experts are warning that such attacks are increasingly being abandoned in favour of electronic methods.

One of the most dangerous methods of identity theft used online is keylogging, which bypasses documents altogether. Here a piece of software records every keystroke made on the computer, including all of your log-in details. Such software is generally spread by viruses or as attachments in spam.

Email in particular allows personal contact with millions of people at the push of a button and fraudsters have taken advantage of this. It has also allowed for the merging of old and new types of identify theft to create potentially devastating crimes such as phishing.

This is another old con in modern form and involves setting up a plausible looking website that claims to be an online business. It's a cheaper, more anonymous variant of fly-by-night operators setting up stalls in abandoned shops.

Visitors are encouraged to input personal information, usually after receiving an email requesting they confirm log-in details or check the status of an order. Such emails are sent out to millions of addresses and usually contain warnings that action must be taken immediately in order to frighten the recipient into acting without thinking.

Web monitoring and hosting companies work hard to shut these websites down within days but they can harvest thousands of account details in that time. Online banks in particular have been targetted but so too have eBay and PayPal.

An even more advanced, and harder to detect, form of this con has come to light recently nicknamed pharming. This involves criminals using computer security holes to reprogram computers that allocate the addresses for all web pages so even if you key in the correct web address, your web browser may be directed to a bogus site. Such attacks are technically possible although none have been confirmed as yet.