Cybercrooks don’t need to hack your computer or cellphone to steal an identity. They simply trawl cemeteries for a target ID, says a security expert.
“Fraudsters will trawl cemeteries, online obituaries, even newspapers to find a deceased person that fits the profile they are looking for,” independent identity verification expert Dawid Jacobs said. “For example, the right gender, age group and racial profile because they want that to assume that person’s identity.”
Identity theft provides cybercriminals with the ability to open fraudulent accounts, which will be billed to the origin ID’s owner.
“South Africa is among the top three countries globally that are experiencing the highest rates of fraud using recycled deceased identities,” Jacobs said.
That view ties with research from Cleardata, which found that ID theft in SA contributed to losses of R1bn in 2014 alone.
However, Jacobs said the very nature in the way we transact with companies makes consumers vulnerable to ID theft.
“We are forced to provide all of our personal details in order to transact. When we apply for credit, cellphone contracts, insurance policies, bank accounts and even employment we are forced to hand over our identity to a stranger and hope that they act honourably.”
Although laws like the Financial Intelligence Centre Act, known as Fica, seek to eliminate money laundering and provide a safe financial transacting environment, some companies take shortcuts.
Many loan providers will typically conduct a transaction over the phone, often only requiring three questions as verification of identity.
A criminal with access to basic information contained on bills or property rates accounts could assume someone’s identity and fraudulently access funds.
Although large-scale hacking incidents make headlines, Jacobs argued that while this method was prevalent, there were easier methods to steal personal data.
“Fraudsters send out e-mails purporting to be from a financial institution or revenue service. The attached file contains malware designed to steal your personal details.”
Such phishing attacks are particularly popular in South Africa during the tax season.
Typically, a phishing message purporting to be from the South African Revenue Service will cop the official logo with a website link claiming to be official.
However, Internet users are advised to delete these e-mails without consideration as they often contain malware attachments or point to a phishing site where criminals will be able to steal financial information.
In the US, the Federal Bureau of Investigation’s most wanted cybercriminal is Evgeniy Mikhailovich Bogachev. He is wanted in connection with bank fraud, conspiracy to violate the Computer Fraud and Abuse Act, conspiracy to violate the Identity Theft and Assumption Deterrence Act, aggravated identity theft and other crimes.
The FBI has posted a reward of US$3m for information leading to his arrest and conviction. According to the agency, Bogachev is responsible for the Zeus malware, which was able to “capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts”.
Jacobs has developed an ID verification platform that allows people to protect their personal details from bad cyber actors.
“Operating in a highly secure environment, only the true owner of an identity can be verified on this system.” — Fin24