FBI AGENT JEFF LANZA, 2006 (FBI, 2008)
The first line of defense against identity theft often is an aware and motivated consumer who takes rea- sonable precautions to protect his information. Every day unwitting consumers create risks to the security of their personal information. From failing to install firewall protection on a computer hard drive to leaving paid bills in a mail slot, consumers leave the door open to identity thieves. Consumer education is a critical component of any plan to reduce the incidence of identity theft.
PRESIDENT’S TASK FORCE ON IDENTITY THEFT (2007, P. 39)
Awareness is an effective weapon against many forms of identity theft. Be aware of how information is stolen and what you can do to protect yours, monitor your personal information to detect any problems quickly, and know what to do when you suspect your identity has been stolen. Armed with the knowledge of how to protect yourself and take action, you can make identity thieves’ jobs much more difficult.
FEDERAL TRADE COMMISSION (2008)
Consumers should remain vigilant and be careful not to expose personally identifiable information over social networks and to acquaintances.
STEVE COX, CEO, COUNCIL OF BETTER BUSINESS BUREAUS (QUOTED IN JAVELIN, 2011)
As the threat of identity theft mushroomed, a victim-blaming versus victim-defending debate emerged. Victim blaming accentuates the many ways careless people can make the thieves’ tasks easier. Victims of identity theft sometimes are
blamed—explicitly or implicitly—for failing to take this threat seriously. They ignored the long and growing lists of dos and don’ts, did something careless, and singled themselves out for trouble (see Kelleher, 2006). Because of thoughtlessness or fool- ishness, they facilitated the ruination of their credit worthiness. This point of view proceeds from the assumption that carelessness is the most frequent cause of the problem, and that conscientiously tak- ing measures to protect personal data is the solution. Victim defending points out the many opportu- nities that thieves can seize to purloin information that are beyond the ability of individuals to control or counter.
College students might be especially vulnerable to identity theft for several reasons. They store per- sonal data in shared, largely unguarded dormitory rooms. Many undergraduates might not take pre- cautions because they do not have much money or assets. They do not realize that they could be tar- geted for their unblemished “good names and repu- tations,” and not the limited amounts of cash in their bank accounts. Surveys document that lax attitudes toward handling personal identifiers persist on some campuses (Office of the Inspector General, 2005). Many universities hold workshops on iden- tity theft awareness (President’s Task Force, 2007, p. 40). One theme is that users of social networking sites are warned not to post bits of information that identity thieves and burglars could exploit. Exam- ples of what should not be revealed online include addresses, dates of vacations, and information about daily routines. Telling the world about one’s place of birth, mother’s maiden name, favorite song, and even pets’ names could be providing thieves with answers to questions that are commonly asked for security purposes to sign in to Internet accounts (Schultz, 2010).
Thieves can resort to a range of methods to get the information they need to become effective impostors. They can employ old-fashioned meth- ods such as grabbing wallets and purses during bur- glaries and robberies or breaking into parked cars to find personal papers and laptops. Identity crooks can commit a federal offense by sorting through a person’s mail for bank and credit card statements,
TH E O N GO IN G C ON T RO VE RSY O VE R S HARE D RE S P ON S IB I L I T Y 149
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
preapproved credit card offers, new checkbooks, telephone bills, or tax receipts. Patient criminals can even file a “change of address” form at a post office to physically divert a target’s mail to a location of their choosing. Gutsy thieves can pry loose secrets by “pretexting”: posing as represen- tatives of a government agency or business with a legitimate need to know personal information. They can pilfer records kept by an employer or bribe an employee who has access to confidential files. When desperate, they can stoop to “dump- ster diving” by rummaging through an indivi- dual’s garbage or the trash thrown away by businesses or hospitals, searching for discarded receipts and bank statements.
Besides these low-tech means, some thieves have mastered sophisticated high-tech methods to take advantage of their intended prey. “Shoul- der surfers” find out passwords by watching their marks at ATMs. Corrupt employees can use “skimmers” to scan and capture crucial informa- tion during credit card transactions at restaurants and other stores. Others obtain what they need to know via the Internet by searching agency records (especially about births, marriages, and deaths). Cyberthieves, perhaps operating on some other continent, can engage in “phishing” and “pharming.” “Phishermen” try to fool, entice, or frighten unsophisticated email recipients into disclosing account numbers, user names, and pass- words on authentic-looking yet bogus websites; they pretend that they need to update an existing account or repair a security breach with a bank or other financial institution. Sophisticated cyber- crooks engage in caller ID phone spoofing: the recipient’s phone displays a phone number that seems to originate from a trusted party; conse- quently the naïve person is deceived into divulging confidential information. Pharmers attack legiti- mate websites with malicious codes that steer traf- fic to look-alike fake sites that “harvest” (intercept and decode) encrypted online transactions. “Key- stroke logging” spyware, planted inside a com- puter with a malicious code or virus, betrays everything an unsuspecting user types. “Screen- scrapers” can snatch and transmit whatever is on
a monitor of an infected PC. All of these techni- ques are intended to exploit the weaknesses, vul- nerabilities, and impulsiveness of unsuspecting targets who fail to remain vigilant at all times, and thereby facilitate the scammers’ tasks (FTC, 2002; Slosarik, 2002; Collins and Hoffman, 2004; NCJRS, 2005; Shanahan, 2006 and Acohido, 2014).
As for the victim–offender relationship, the thief is usually but not always a complete stranger. “Friendly fraud” carried out by persons known to their target—such as roommates or relatives— appears to be on the rise, especially against consu- mers between the ages of 25 and 34 (Javelin, 2011). Clearly, the victim–offender relationship can range from trusted employees, former intimate partners, roommates, and estranged relatives to casual acquaintances (like dishonest bank tellers or postal workers), to total strangers like car thieves and elec- tronic intruders who hack into files maintained by supposedly secure websites. It is extremely difficult to guard against all these different lines of attack (Acohido, 2014; and ITRC, 2014a).
Indeed, the implicit victim blaming message underlying theft-prevention educational cam- paigns is that those who don’t conscientiously take precautions will be sorry someday when impostors hijack their identities. If they ignore the long and growing lists of dos and don’ts, they are singling themselves out for trouble (see Kelleher, 2006). Victims who accept blame often obsess over how they inadvertently must have given their secrets away. What they might have done “wrong” appears in Box 5.5.
Victim defenders argue that facilitation is not the heart of the impersonation problem. Consis- tently following theft prevention recommendations would reduce a person’s risks by making a thief’s tasks more difficult to carry out. But even the most scrupulous observance of all these suggestions at all times still might prove ineffective. More and more people have sharpened their “cyber-streetwise” skills. And yet even as they foil attempted scams, ID crooks devise clever new ways to rip them off (Shanahan, 2006). Therefore, it seems unfair to blame most victims because sophisticated identity
150 CH APT ER 5
Copyright 2016 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
pirates can overcome any obstacles cautious indivi- duals place in their paths. Victim defenders cite observations by experts such as these:
It has been said that the theft of one’s identity and personal information is not a matter of “if” but a matter of “when.”
ELIOT SPITZER, NEW YORK STATE ATTORNEY GENERAL, 2005 (QUOTED IN KATEL, 2005, P. 534)
Firewalls and virus protection programs are routinely penetrated by sophisticated hackers seeking ID information.
BRUCE HELLMAN, SUPERVISOR OF THE FBI’S NEW YORK COMPUTER HACKING SQUAD (QUOTED IN SHERMAN, 2005, P. 24)
Even if you take all of these steps, however, it’s still possible that you can become a victim of identity theft.