Search CIFAS

Help 
The UK's Fraud Prevention Service
Copyright © CIFAS 2006 - 2009. All Rights Reserved. Printed from www.cifas.org.uk on 03 July 2009
How Fraudsters Work

In order to misuse an identity, fraudsters need as much information as possible about their victims. The details and documents they need depend on how they plan to use the stolen identity, but even the most mundane of personal details can be helpful to a fraudster trying to pass as someone he or she isn't.

Fraudsters have many methods of getting hold of victims' details and documents - some are ingenious, others more obvious:

The opportunist's methods
Card skimming
Scams used by fraudsters
Impersonation of the Deceased

The opportunist’s methods

Burglars, muggers and car thieves are as interested in your personal papers and documents as they are your TV, jewellery or stereo. They can be sold on or used in impersonation attempts. How secure are your documents?  Remember, post can be intercepted or stolen and your post will contain a multitude of important documents. And, in the past even, fraudsters have been known to use stolen mail to pose as their victim and request their credit file/report from a credit reference agency. The agencies now make extensive checks before sending out credit files to reduce the possibility of this happening, but you yourself can take several steps to ensure you are doing all you can to remove the window of opportunity for the fraudster.

Studies conducted by Experian have shown that the public still discard documents that a fraudster could re-use - bank and credit card statements, utility bills - indeed, anything showing your name and address. Our everyday rubbish offers a wealth of information.

  • Do not just bin it! Strange as it may sound, fraudsters have taken to raiding rubbish bins in search of useful documents thrown out by unwitting householders.
  • Shred anything that could be of use to fraudsters (even envelopes bearing your name and address).
  • One North London Authority discovered that homeless people were being paid upwards of £5 by fraudsters for each document they found in the rubbish.
  • Fraudsters may not even need to come to your home to get hold of your personal information. By looking over your shoulder, fraudsters can capture personal details. You may be filling out an application form in a shop or business, using your PIN number to pay for goods or discussing your personal details over the phone in a public place. This is commonly known as ‘Shoulder Surfing’. Always make sure you are not revealing this information in public.
  • Fraudsters also target debit or credit card receipts discarded or left behind. Many receipts show a full (or part) card or account number, and may also still show your signature.

Back to Top

Card Skimming

This refers to a situation where your credit or debit card has been ‘cloned’ by a device attached to an ATM machine, or been skimmed through a specifically designed card reader. This gives the fraudster the opportunity to recreate an exact copy of your card, giving them access to your funds.

  • When using any ATM machine, do not insert your card if you notice any signs of tampering, or unusual devices near the card slot. Notify the bank or service provider immediately.
  • When you make a genuine transaction, unscrupulous vendors can then read and store your card details and sell them on to criminals. Petrol stations and restaurants are often targeted.
  • Be wary when your card goes out of sight. If paying in a restaurant, for example, ensure that you pay via a portable Chip & PIN reader, or stand by the till when your card needs to be read.
  • Check your transaction statements regularly and contact the card issuer if you spot anything suspicious.

Back to Top

Scams used by fraudsters

In an age of increasingly sophisticated fraudsters, it becomes easier to be duped by some of the scams attempted.

Whether it be a telephone call to your home number, claiming to be from your bank and asking for card numbers and passwords in order to ‘change’ these for your protection, or an email promising ‘one click and you could win big’: scams ultimately seem plausible, often by playing on very basic fears (such as security and theft) or the (misplaced) trusting nature of their victims.

In all cases, there are certain things to consider:

  1. Who is the call/email/letter from and what are they offering? If it seems too good to be true, that is because it probably is!
  2. Have you initiated any contact with the company that is supposedly calling/emailing you?
  3. What are they asking for? Your service providers should never contact you and request passwords or account details.
  4. If you have received an email, phone call or equivalent – purporting to be from a company you do business with – and you are unsure of the credibility of this contact, make sure that you cease interaction immediately and contact the company yourself using their website (always type the address into the address bar yourself) or contact numbers provided to you. They will soon be able to confirm the reliability (or not) of any contact you have received.

Some common scams and frauds

Phishing

Phishing is the practice of sending spoof e-mails which try to persuade unsuspecting victims to supply confidential bank and personal details.  The e-mails will appear to come from what at first glance looks like a genuine bank or payment service, and will contain links to genuine looking websites.  If you supply the personal details that they are seeking, the fraudster is then able to use them to run up bills in your name. 

In practice, a genuine company will never ask you to supply such sensitive details in this way.  If you do receive a communication of this sort, do not respond, or click on any of the links in the message, or copy and paste any of the links from the message into your browser. 

Instead, forward it to the bank concerned and report it to Bank Safe Online (please see what to do section to access a full catalogue of useful links)

Furthermore, you may notice (in the bottom left hand corner of your monitor) an address appearing whenever you run your computer mouse’s terminal over a link in an email. Here, if you are dealing with a phishing email, it is quite likely that you will notice how the address in the bottom left-hand corner does not tally with the company name or address that the email is supposed to be from.

Boiler Rooms (share scams)

Boiler room fraud is so called because of the high pressure selling techniques used by those involved.  This scam often begins with a cold call at home or at work by someone trying to convince you to invest in shares that they are selling. The caller usually makes the opportunity sound exciting, exclusive, promising and profitable.   The shares are, however, worthless or non-existent. It is possible to lose a substantial sum of money to these boiler room scams.

The reason that many people fall for boiler room scams is that the caller seems professional, sympathetic, and may be working for what sounds like a major, well-known, company and are utterly plausible.

These boiler rooms are often situated abroad and, as a result, are not subject to regulation by the Financial Services Authority (FSA) – so once you lose your money, you have no redress.   If you are thinking of buying shares, be very sceptical of any approach from someone you don’t know (e.g through a cold call) and always check the FSA register to check who is regulated and properly authorised to sell you shares.  

If you have been a victim of this type of fraud, or believe that you are being targeted by a boiler room, you should report the matter to Operation Archway.  Operation Archway is the national boiler room reporting system and is operated by the City of London Police.

Operation Archway can be contacted by e-mail at operationarchway@city-of-london.pnn.police.uk 

Lottery scams

These start with an unsolicited letter, telephone call or e-mail telling you that you have won a prize in a lottery.  The only catch is that you need to pay money (frequently referred to as a customs fee, ‘government certificate’ or administration fee) to allow the funds to be transferred safely and legally to you. Often these scams will use the names of respected organisations, police forces or official bodies to try to make them seem legitimate.  Of course, there is no lottery and no prize and it is possible to lose a considerable amount of money to the criminals who operate this type of fraud.

Remember, you can only win a competition if you have entered it! If you receive a letter/call/email informing you of a huge win in a lottery that you have never entered, then you know it is a scam.

"419" or "advance fee" fraud

This type of scam offers the opportunity to earn a substantial sum of money by allowing funds to be transferred to your account and then passing on a proportion of these to another party, keeping the remainder as your commission.  These tend to be in the form of a letter or email and may appear to be genuine at first glance as they frequently purport to come from high-ranking government or banking officials, and even charities appealing for funds. These scams often claim that you have been recommended by a business contact as a highly respected and trusted individual with high integrity, which can dupe recipients even further into thinking that the request is legitimate.

Money mule scam

This is a form of money laundering, where the so called ‘money mules’ (having been recruited online by fraudsters) receive a transfer of money into their account which they are then instructed to wire to another account, in exchange for a small commission payment. 

If you agree to be a ‘money mule’ in this way, not only does this leave you at risk of identity theft (by having to reveal your personal and account details to the fraudster) but it is also illegal, so you would risk prosecution!  The Bank Safe Online website contains further information about how this scam works.  

What to do if faced with a suspicious communication that could be a scam?

1 - First, think: Who precisely is asking for my details? What details are they asking for? And why do they need these details? If you cannot answer ALL of these questions without your suspicions being aroused, then do not proceed!

2 - If you receive a communication of any sort like those detailed above, do not respond to it in any way, as this can lead to you receiving further approaches. 

3 - If you have been contacted by e-mail you can cause the fraudster some inconvenience by forwarding a copy of the e-mail to the abuse desk of the Internet Service Provider (ISP) from where the e-mail originated using the following format (e.g. abuse@hotmail.com, for example). If it does not come from a recognised ISP, and if it is an email that has been made to look as though it has been sent by your bank,  check your known bank’s website and try to forward the email to them.

4 - There are many internet sites with full details of what to do and what to look out for regarding these types of scam. Please see the full list by using this link.

Back to Top

Impersonation of the Deceased

The pain of discovering that a loved one has been impersonated after his or her death, by a fraudster who uses the identity of the deceased person to open accounts such as credit cards and loans, compounds the grief of bereavement.

A change to the law through a clause in the Police and Justice Act 2006 now means that death registration data is released to the private sector on a weekly basis, by the General Register Office in England and Wales, together with its counterparts in Scotland and Northern Ireland, for fraud prevention purposes.

CIFAS was absolutely delighted that the release of the death records has been made possible, and is confident that this new regime will help to stamp out this most insidious of frauds.

Relatives and executors can also take numerous steps to protect the identities and reputations of the recently deceased.

  • Take care not to include the age, date of birth or the address of the deceased in any advertisements or announcements relating to the death or the funeral. These pieces of information make it much easier for identity fraudsters to impersonate dead people.
  • Notify Government Departments (i.e. Department for Work & Pensions and HM Revenue & Customs) as well as any companies (i.e. banks, utilities and insurance companies) immediately, and return any pension/allowance books by registered/recorded delivery. Should statements or other mail continue to be sent, make a formal complaint.
  • Take great care when sorting through the deceased person's belongings to ensure that no documents that could be used by an identity fraudster are thrown out without first being shredded. In addition, check any clothes, belongings, bags etc that may be given to charity shops.
  • Check with Royal Mail that there is no mail redirection on the deceased person's home that you know nothing about, particularly if it is now an empty property. Organise a mail re-direction to your own address - do not rely on collecting mail from the property, especially if the property is empty or for sale.
  • Insist that all viewings of empty properties are accompanied. Following a death, identity fraudsters have been known to organise viewings of empty properties with estate agents specifically to steal or collect mail.
  • Sign up with the Mailing Preference Service http://www.mpsonline.org.uk/mpsr/mps_choosetype.html  on-line or telephone 020 7291 3310 to stop direct mail, including offers of loans and credit cards, being sent to the deceased person - this is a free service.
  • Report the matter to the police if your family becomes a victim and insist that the matter is allocated a crime reference number to ensure that it is recorded in the national crime statistics.

CIFAS Protective Registration Service

If you believe the identity of a deceased person may be used by a fraudster, a CIFAS Protective Registration may be placed by a relative or executor against the deceased person's address. The Service protects the identities of consumers registered with it by flagging to over 270 CIFAS Member organisations (virtually the whole financial services industry) that they need to validate the information provided thoroughly, and in some cases request further proof of identification. To request Protective Registration, telephone 0330 100 0180 or  click here to view details on the CIFAS website. A copy of the death certificate will be required when the registration is set-up.

Back to Top

 

CIFAS Training Services

Identity Fraud & Theft

   CIFAS News & Events




    

 Figures show London is the capital of fraudulent activity

 ‘Scary and crippling’– victims of facility takeover fraud speak out

 Fraud threats change but the damage remains

 Fraud trends and recession go hand in hand

 Fraud figures reveal some interesting gender patterns
 
Site Version 4.00. Copyright © CIFAS All Rights Reserved. Privacy Policy | Contact Us | Page Top