Frequently Asked Questions
Identity theft is when your personal details are stolen and identity fraud is when those details are used to commit fraud.
The diagram below outlines the identity fraud data evolution process:
As a private sector body we can cut through the red tape that hinders law enforcement bodies and put knowledge and awareness into the hands of the public. Sadly there is currently no single law enforcement agency or organisation which can deal with crimes where the criminal is based in Romania, using servers hosted in Russia, stealing data from people in Germany, to buy goods from an American retailer, for delivery in the UK, using an Australian credit card.
All of the data in our database has been in criminal hands and made available on the internet. It may come from criminal bulletin boards, criminal chatrooms or from ftp sites – the virtual ‘street corners’ where data is traded. Sometimes files are made available as downloads from websites posing as marketing sites or obtained by ‘social engineering’ by our highly skilled operators who engage with the criminals.
When people browse the internet and join websites, creating accounts or signing up to online services, they are often required to provide their contact details, identification details, and where services are sold, financial details. While the website that initially gathers the information may do so for legitimate purposes, the site may be compromised by hackers through poor security or possession of a victim’s email and password. Other methods include phishing or spamming emails which encourage the victim to part with his or her personal data or through dishonest employees passing personal and financial information to the criminals directly.
We employ a worldwide network of human sources to gather the data manually. We prefer not to use electronic spyders which return too many false positive results and can’t reach areas of the ‘Dark web’ that our team access. Spyders only capture information on the worldwide web from open (not password or otherwise protected) websites. These open sites are created by criminals for use by petty criminals who, by using them, effectively cover the trail of the original thief. The Dark Web is used for trade between more sophisticated criminals and different processes are needed to stop this trade. One criminal will sell on an individual’s details for another criminal who will use the information to steal from that individual. Our aim is to capture the compromised IDs before the criminal has had the chance to do anything with it. We believe in preventing and reducing danger, not just trying to tackle the problem after the identity has been used.
Hackers and phishers hold stores of credit card details, many of which are never sold or used. They tend to sell them in batches and your card may have been in one such batch that contained current and expired credit cards. The criminals buying the batch expect that not all the cards will be current and that is factored into the price they pay.
Many credit card issuers utilise the same card number on a new card as was present on the expired card. Criminals simply add three or four years to the expiry date. Details of companies and websites that accept payment without the necessity of having a CVV (security number) are commonplace among the criminals and they will attempt to use the card details in such places. If you have a current credit card that has the same number as the expired card, details of which you have obtained from our website, you will need to check with your credit card issuer that they are aware of the previous compromise. Ensure that a record of your report to them is kept, in case there is a future compromise.
It may be that the criminal is more interested in your personal data rather than your credit card details specifically. If the data included with the credit card details includes a DOB, Password, Secret Answer, bank account details or name and address, then this will be the reason the data is being circulated for sale or use.
Contact your credit card company immediately and inform them of this discovery. Also, based on the details we hold, you may need to notify your bank if it is not the issuer of your credit card. If other personal details are listed with your card such as Date of Birth or Mother’s Maiden Name etc you should notify your bank/credit card issuer that these are not to be used as ‘Secret Answers’ for identify verification by them and select your own security questions.
You are very lucky. Cards that have been compromised but unused have either gone up for sale very recently or because the criminals have many to choose from that they just haven’t used your card yet. Another scenario may be that the limit on your credit card may be too low for them to bother with. We have seen many instances of credit cards held by students with a low limit being totally ignored. If this is the situation in which you find yourself, inform your bank, and examine the personal details that accompanied your card and decide whether they could be used against you at some date in the future.
As the criminals trade personal data on the internet it is saved and stored in a variety of formats. If at some stage it has been saved in Microsoft Excel the numbers may change into mathematical equations. The credit card number may have a surfeit of zeroes and the expiry date may change, for example, from 09/10 to 09/Oct.
Obviously the more information the scammers have about you, the more attractive you are to them. That ‘one’ further piece of personal information they hold may be pivotal in their decision as to whether to target you or not.
If fraudsters have obtained your date of birth through research utilising other personal details, they will be able to find the answers to most of the personal questions that you are likely to be asked by a financial institution, questions such as your mother’s maiden name.
If fraudsters have your email address and password, they can take advantage of the fact that many people use the same password/secret answer for many of the websites they use. Together with your email address (which very often is your ‘username’) scammers have plenty of incentives to surf websites where you may be a user.
If fraudsters are in possession of your National Insurance/Social Security Number (SSN) together with associated personal data, it is very easy, with minimal additional research, to compromise a victim’s identity.
Most websites will use your email address as your user name. If the hacker has obtained your email and password from such a website he will be able to:
- Alter, add or copy any of the other personal details you included when you registered with the website.
- Obtain credit card details if you have purchased something from the website.
- Take note of the nature of the website you registered with and visit similar sites to see if you have registered using the same password.
- Try social networking sites using your email and password to open up further aspects of your life and those of your friends.
- Gain access to your emails, exposing all your personal communications and delivering viruses and trojans to your network of friends or work colleagues.
- If your work email address is compromised, or shares the same password, the criminals could hack your entire company’s security, incurring enormous costs for them as well as reputational damage. This happened when EBay was compromised in May 2015.
Every record in our database has been, or is currently in, criminal hands. Your details have been circulated on the dark web for one of the following reasons:
- At some point in time you may have responded to either a ‘work from home’, ‘market research’ or ‘representative agent’ scam email. By the very nature of these frauds, you will have been required by the scammer to provide further personal information which may have included your bank account details. We will have picked up your details from the lists of potential victims that the scammers are advertising for sale. Once purchased, the additional personal data will be supplied to the criminal purchasing them. We have identified your details prior to them being sold so can only include the details that are available prior to sale.
- We frequently identify particular family surnames that the scammers are researching to target for the ‘dead relative inheritance’ scam (one of the many West African ‘419’ Advance Fee fraud scams). These surnames are usually picked from the lists of victims who have perished as a result of a major accident or natural disaster (the Concorde crash in France and the Tsunami for example). Your surname is one of those which has been researched and you will suffer increased phishing and scam email attacks. As these emails have a personal touch rather than just a blanket approach they are often opened without a second thought.
- We have identified cases where criminals are targeting a particular post code and are researching all the people who reside within it. This occurs when they have the ability to intercept mail/goods being delivered to an address within that postcode.
There is no mileage in the fraudsters inventing a date of birth for you. That leaves two possible explanations:
- We have identified what we believe to be your date of birth from the information that has been circulated about you. There is the possibility that the date shown is actually the answer to the secret question ‘what is a memorable date to you?’
- You have been suspicious about the phishing email or website to which you have given your personal details and have given an incorrect date of birth. If all the other details that we hold are correct, this is the most likely scenario.
We are continually asked to register and create passwords on the websites we visit. On many occasions you will also have been asked for other personal data such as your address, date of birth, mother’s maiden name etc. Can you remember all the websites where you may have used that same password? The date shown will be when the criminals obtained your email and that password and probably will have been from a website you have used in the past. You are at risk as a result of the other personal data still available on that website when access is gained using that email and password combination.
This could be for several reasons:-
- The password was encrypted by the organisation from where it was hacked and we have recovered the encrypted password. Unfortunately there are numerous programs available to de-crypt these passwords so you need to change all your passwords to be safe.
- When criminals sell email password combinations on the dark web they will often ‘encrypt/ hash’ the password to prevent it being copied by others without paying. Once payment is made, the ‘key’ to decrypt the password is supplied. We will have obtained your email/password prior to it being sold in this encrypted form.
- At some time, criminals may have accessed your email account and changed your password. However if you have never encountered any issues logging into your email account using your normal password, it is likely the criminals have obtained your email address and fabricated a password to sell as a real email/password combination to other criminals! Do not believe there is ‘honour among thieves’!
You are reliant on the IT security and integrity of all the companies/institutions that hold your personal data. If their security is breached, there is little you can do. However by following the simple steps found within our Passwords, Phishing and Secret Answers blogs, you can confound the criminal intent on compromising your identity.
Ensure that your computer security is fully protected and up to date. If you cannot afford to pay for such security, you should use free IT security programs such as AVG and Avast.
Check your Credit report. Again this can be obtained for free in the UK without having to sign up for ongoing protection at www.noddle.co.uk
We monitor over 100 dark websites and will use your email address to search our database and find out if your identity has ever been traded on these criminal websites. You will then receive one of three answers:
- No records found based on search criteria to suggest identity fraud at the present time.
- At present we only have your email address. The record was discovered on dd/mm/yyyy. This has been transacted and means that you could be a target for Phishing and Spam emails in order to build your identity profile for use or future sale.
- A number of records found, suggesting possible Identity fraud. The record was discovered on dd/mm/yyyy.
We have included a great deal of practical tips in the blog section of this website. For further information, please visit:
Fraud Advisory panel: www.fraudadvisorypanel.org/
The Money Advice Service: www.moneyadviceservice.org.uk/en/articles/identity-theft-and-scams-what-you-are-liable-for
Anti Phishing Working Group: www.antiphishing.org
Home office Identity theft website: www.identitytheft.org.uk
For more help call
ActionFraud on 0300 123 2040
CrimeStoppers on 0800 555 111.