In 2008 there were 77,600 cases of identity theft reported
to CIFAS[1],
the United Kingdom's fraud prevention service. By 2012 this figure had risen to
123,600 and although it fell slightly in 2013 (to 108,500), identity theft is
the UK's fastest growing method of criminal activity. Whether it is phishing,
or vishing, shoulder surfing or card skimming at the ATM, or old fashioned
rooting through rubbish for bank
statements and the like, there are so many vulnerable points in our lives that
a thief could exploit and with each new piece of technology that comes along,
those vulnerabilities increase. Just recently the news has carried stories of
the threat to the public posed by thieves intercepting data from contactless
payment cards and with Apple Pay just having been launched there will doubtless
come tales of security vulnerabilities and fraud through that medium in the not
too distant future.
Any vulnerabilities in Apple Pay will come to light, sooner or later. |
From the individual's perspective, the fight against fraud
and identity theft is similar to the security services' fight against the
terrorist; the fraudsters only have to get lucky once while the public have to
be ever vigilant, a difficult task when the crooks are perpetually innovating
new techniques to part us from our money. The current method of choice appears
to be the vishing scam where the fraudsters dupe their victims into withdrawing
or transferring large sums of money from their bank accounts or deceive them
into handing over their bank cards and revealing their PIN. One might think
that with the amount of publicity these scams have received there would be no
one left gullible enough to be taken in, but apparently there remain enough
people unaware or easily duped for this form of fraud to remain popular and
just last November two couples in Tunbridge Wells lost £57,000 between them.
Even ex-bank managers can be fooled; a Nat West manager with 40 years' service
is among victims of this type of crime.
Got one of these? You are at risk. |
Touch wood, I've not had any of these sorts of calls. I have
had calls advising me that I've recently been involved in an accident (not
surprisingly, when I ask for details the caller is unaware of any) and I've had
plenty of calls asking me to take part in surveys. To date I've also not had
any calls purporting to be from Windows Support, but I did have a weird call
some years ago that illustrates how even the most careful of us can get taken
in.
Having working in banking for many years, and in the last couple
years of my time in the bank in Risk Management, you would think that I would
be quite familiar with the type of phone call that might be suspicious, but the
call I had proved how easily one can be taken in, especially if you are off
your guard.
It happened one evening. The phone rang and a chap
introduced himself as being in BT's sales department. Would I be interested in
broadband? he asked, and as it happens I was. We'd been discussing getting
broadband as we were becoming increasingly frustrated by the slow speeds and
inconvenience of dial-up, so I said yes. Of course had I actually already had
broadband or just not been interested, this would have gone no further, but as
it was the timing made me vulnerable. The man on the other end of the phone
talked me through the process, but first he had to ask some security questions,
didn't he? and like a patsy, I answered them, including the ubiquitous mother's
maiden name question. He concluded the call by telling me that my new broadband
router would be delivered within the week and that if I had any problems, to
call 150, the usual BT contact number.
A week or so passed and no sign of the new router, so I
called 150 and enquired about its whereabouts. BT had no record of the order.
Fortunately I had the name of the guy who had called me, so I asked to speak to
him. They had no one of that name in the sales department; they did have a
senior executive with that name, but obviously he would not have been making
sales calls! As you might imagine, I hung up on that call with a degree of
unease and at the earliest opportunity checked my bank and credit card accounts
for any suspicious activity; there was none. What I probably ought to have
done, and certainly would do now, was check my credit score. In fact, out of
interest , because I'm writing this, and
because there are all sorts of nasty things happening out there that we are all
blissfully unaware of, I just checked my score, which was interesting. Even
more interesting is how much information there is about us all out there in the
ether and how easily and quickly this can be aggregated and used both by us and
by legitimate enquirers.
Apart from the huge raft of publicity about scam calls, my
"BT" experience has made me highly suspicious of any unexpected phone
call, suspicious to the extent of treating calls from legitimate sources with
some distrust. My bank phoned me a couple of weeks ago and in truth I was half
expecting the call, which was about a new Standing Order instruction. I fully understand why, even though they have
phoned me on the number they have in their records, they wanted to ask me a few
security questions but even this call was one I was initially very cautious
about. A former colleague of mine had a call purporting to be from his bank
(and as he worked for the same bank you can understand why he was suspicious
when they started asking unexpected "security" questions), which he
quickly identified as fraudulent by answering one question incorrectly and not
being corrected. I have found that a
tactic that usually deters callers like those who want to undertake surveys or
sell you something or help you following your "accident" is to answer
every question with a question, or better yet ask lots of questions of your own
before they get the chance to ask any themselves. Genuine callers will field
your questions, the scammers will lose patient and hang up. I have made it my
mission to get the cold callers to hang up first and by and large I've succeeded.
And I bet you've had one of these. |
The fact that I am aware of a lot of the scams that are out
there doesn't make me 100% safe of course. Anyone can be a victim because the
fraudsters are coming up with new schemes all of the time. A high level of
scepticism and a finely tuned bullshit detector are essential in this day and
age.