Month: January 2020

Adventures with Identity Theft – Prevention, and what to do if the worst happens

Click here for the last part of the story that prompted this post.

So, if you’re wondering why I’m posting details about Identity Theft, I’d suggest reading my prior posts on my own experience with having my identity stolen.

So, in terms of prevention – what can you do? please bear in mind that this information is intended for a UK audience – I have no idea how these things work in different countries.

Surprisingly, not as much as you’d think. The person who stole my identity had key pieces of information – my full name, date of birth, place of birth, full address and my bank account number and sort code. As to how they got these? Either some hackery went on somewhere, or someone who knows me very well attempted to rip me off. The level of information they had in terms of security questions points towards someone who knows me, or has access to someone who knows me. But, I guess I will never know the truth!

Still, you can be somewhat proactive.

  • Check your credit report regularly. You can get a statuary credit report for free. This will show you any searches done against your credit. There are even mobile apps these days that will let you know when your credit report has changed! Here are the relevant links:
  • Experian will allow you to add a password to your credit file, adding an extra layer of security to jump through if you ever apply for any type of credit. You will have to sign up for your free credit report through them directly.
  • Shred all documents that contain personal information before disposing of them.
  • Don’t share personal information online. Keep your accounts (facebook, etc) private where possible.
  • Be careful with any online account – set up two factor authentication, use different passwords, etc. Be aware that someone getting access to these can get all kinds of personal information just by looking at what details you filled your accounts with.
  • Treat the answers to security questions as passwords – never set up an easy to find answer!
  • Don’t keep all your eggs in one basket – I know this may not be feasible for everyone, but if you can have a ‘parachute’ account or credit card with another financial entity than your main bank, you will still have access to some funds if they opt to freeze your account for an investigation. In this case, having my credit card really helped me to continue with my every day life.

With that said, bear in mind that I did/do all the above (bar the password on my credit file), and I was still done (although the security question bullet did prevent the fraudster actually accessing their ill-gotten gains). Sometimes, even doing all you can is not enough.

If you have been done:

  • Sign up with CIFAS for protective registration.
  • Check with Royal Mail that your mail has not been redirected.
  • Get in touch with the above mentioned credit agencies, and flag anything that you don’t recognise.
  • Get in touch with Action Fraud UK, if only to get a crime reference number for something they claim is not actually a crime.
  • Change all your passwords to all the things.
  • Change any information that was compromised, if you can.
  • Check all the above mentioned sites for victim resources, should anything new pop up in the future.

And well, I guess that’s all you can really do. Bear in mind that the process is not as smooth for the victim as it really should be. You will be looked at as if you compromised the information yourself by some agencies. Until you prove your identity, you will sometimes feel like you’re being treated like a criminal. Faceless entities like an Account Review team will hold god like power over your finances, and there will be nothing you can do about it.

So, do what you can to protect your information. Check everything regularly – and stay safe out there!

Adventures with Identity Theft – What the Police Said.

Click here for part 2.

Where we left off, I had been to the bank to get things sorted out there, I’d been in touch with Experian, and I had raised a report with Action Fraud UK. So far so good.

The good probably stops there. I find the rest of this story infuriating on many, many levels.

Here is the response I got back from Action Fraud UK about this (copied and pasted from the email)

You recently made a report which we recorded under NFRC************

Home Office Counting Rules set out the circumstances under which we can record a crime and on this occasion the matter you reported to us cannot be classified as a police recorded crime. Home Office Counting Rules for Fraud and Cyber Dependent Crime can be found online at https://www.gov.uk/government/publications/counting-rules-for-recorded-crime.

You have indicated within your report that the misuse of your personal details or that of a company trading style played a part in the matter you are reporting. The use of another person’s identity, often referred to as identity theft, is not a police recordable crime. Where the details are used to obtain goods or services, we can only record a crime on behalf of the person or organisation which was defrauded as a result of the misuse of an identity.

An example of a situation in which we could record a crime would be where details were used to obtain credit, the use of which left the provider of credit with a financial loss. In these circumstances we would record a crime for the provider of the credit and look to establish if there was scope for the matter to be investigated.

Whilst the misuse of your identity cannot be classified as a police recorded crime, we do recognise that identity theft can cause significant distress and inconvenience. For advice and support, please see www.actionfraud.police.uk/fraud_protection/identity_fraud.

What happens next?

Whilst we have not recorded this matter as a crime, we will still make use of the information you have provided. Information reports are utilised to enrich the overall intelligence picture which assists with the formulation and refinement of prevention strategies.

If you have any queries regarding this letter please visit www.actionfraud.police.uk/FAQ. If you would like more information on how to protect yourself from fraud and cyber crime, please see the guidance at www.actionfraud.police.uk/support_for_you. You can also register on our partner website www.actionfraudalert.co.uk to receive email alerts about new and emerging crime types.

Thank you again for taking the time to report this matter.

For the ‘too long, didn’t read’ crowd – and to clarify to those who did read the above – identity theft is not classified as a crime unless a credit company has actually lost some cash. This email let me know for sure that there was going to be no police response. Someone was/is out there, running around with all they need to commit fraud in my name, and it is not a crime. There would be no effort to trace the person who attempted to pin a £10,000 loan on me. And goodness knows what else if they had actually managed to get access to my bank account.

I still feel ragey about this. I won’t rant about it here, as these posts are more about sharing what happened, what I did about it, and what I’d advise anyone else to do to protect themselves, or what to do should this ever happen to them.

Unfortunately, this isn’t the end of the story. Where we left off, I was waiting for Tuesday to arrive so that I could make the rest of the phone calls I needed to make. I had to phone in to work for this purpose (right off the back of a week off!) to try and get this lot sorted out.

I started off phoning Royal Mail, letting them know I had been a victim of identity theft, and that I wanted to make sure that none of my mail was being redirected. Thankfully, the impersonator had not thought that far ahead. No redirections were in place.

I phoned the other relevant credit agencies – Equifax and Transunion (I’d already spoken to Experian at the weekend). I let them know what had happened, and also that I had registered myself with CIFAS for protective registration. They reported that there were no other hard searches on my files.

I then decided to check my online banking to see if that pesky £10,000 had been given back to Hitachi yet. What I found instead was surprising – £9637.12 had been transferred away from my account, with only ‘Transfer’ listed in the details part.

I phoned the bank. I was able to get on to my telephone banking very easily, as my voice is now my password. I got through to a real person – who told me that they weren’t allowed to tell me anything, and that I needed to go to a bank in person with my identification. This time, I was actually able to book an appointment at the bank for later in the afternoon. This is the point in this whole story where I feel HSBC really let me down.

We’ll get in to the bank shenanigans in the next post. Thanks for reading this far!

Adventures with Identity Theft – At the Bank!

Click here for part 1.

So, in the first part of this cautionary tale, I had found out that someone had applied for a loan in my name and had it deposited in my bank account. I was on holiday, right at the beginning of a bank holiday weekend.

I’d been in touch with HSBC, who told me that they could tell me nothing – I had to go to a branch in person with some identification as soon as possible.

We start off the day with me having very little sleep, and waiting for it to be time for the local bank to open. Since it was the ‘go home’ day of the holiday, I was able to keep busy with packing up things. When the time arrived, the Bloke kindly drive me to the local town so I could sort out things at the bank.

Since we got there at the opening time, I was able to be immediately seen. I had to go through all my security questions (as expected), show my ID (my driving license is always with me), and then discuss what had happened.

The day before (the day I had noticed the £10,000), someone had phoned the bank, and attempted to move the £10,000 away somewhere. The bank wouldn’t tell me where though.

Now at this point, the main thing going through my head is – either this person did their homework to feel confident enough to get into my telephone banking, or, more worryingly – it was someone close to me. When I consider that the only people who have ever been given my actual bank details are close family, companies with whom I am setting up a direct debit, or employers, I still feel incredibly uneasy about this.

It’s also important to note that I am a rather paranoid person – I don’t think security questions in their ‘honest’ form are secure at all. Some information is easily found about a person, after all. And if it’s someone who knows you … well. As a result, all of my life, I have always used fake answers to my security questions. Think in answer to ‘What is your favourite colour’, and instead of ‘Yellow’, the answer is ‘Banana’.

It was this paranoia that stopped the impersonator getting that £10,000. They failed on the security questions part. They had all the other information correct. The HSBC security protocols did their job, and they shut down phone access to my account – hence why I had to turn up in person. In my head, I was singing HSBC’s praises!

While I was in the branch, I got the security on my account updated – things like updating all the answers to my security questions just in case, setting up my voice as my password, and correcting all out of date information for their records. I was also reassured that HSBC would get the £10,000 sent back to Hitachi using their internal processes. Fabulous!

I was in the branch for over an hour. With this all accomplished, I was ready to go home (hopefully before 5pm, in the hope that some places would still be manning their phones on a Saturday). I was very eager to shut down as much of the fraud as possible, and get everything resolved.

As luck would have it though, I only got home in time to make a phone call to Experian after checking through my updated credit report from there.

There were a number of ‘soft’ credit searches (which don’t impact credit score), and a hard one for Hitachi Capital Finance. The nice gentleman at Experian was surprised I had already been in touch with Hitachi, and also recommended I sign up for CIFAS – https://www.cifas.org.uk/. He let me know that he would start the leg work to get the bad stuff removed from my credit file. In addition, he let me know that I can set up a password on my credit file itself. Awesome!

All that was left to do at this point was to get in touch with the Police to report the problem. I was advised that I should do this online through https://www.actionfraud.police.uk/. So, I reported the whole thing, and then sat back to wait. By this point, it was after 5pm on a Saturday, and all the other things I had left to do wouldn’t be possible until Tuesday, as everywhere would be closed for the next 2 days for the bank holiday weekend.

I was feeling slightly better at this point, as I felt that things were beginning to get tidied up. I let work know that I wouldn’t be able to come in on the Tuesday, as I knew I’d be spending a lot of time on the phone trying to resolve things.

Of course, the story doesn’t end there. The next part of this story was particularly rage inducing for me. In fact, it still is. But we’ll get to that in the next post.

Adventures with Identity Theft – I was done!

Last year, I had my identity stolen. I figured I would share the story about it here, with the aim of possibly helping out anyone else who finds themselves in a similar situation. It’s somewhat lengthy, so I’ll break it out into a few posts.

I was on holiday with the bloke and his family when it happened. Me being me, I was checking my online banking in the lull between doing holiday things, and found something somewhat worrying – I had an additional £10,000 in my bank account. It had been deposited the day before. To add to this fun, this was on a Friday before a bank holiday weekend. I wouldn’t be home until Saturday evening.

Now, normally, an additional surprise £10,000 would be something to celebrate, right? Not in this case. I knew that I wasn’t expecting such a windfall, no one in my immediate circle would be sending me that kind of cash, and I certainly hadn’t applied for anything that would give me that kind of cash.

I dug a bit deeper into my online banking, and found that a direct debit was set up to Hitachi Capital Finance for a loan. I was pretty concerned at this point. I attempted to talk to the online folks at HSBC to ask more questions, and they couldn’t tell me anything – in fact, I was to go to a bank as soon as possible with my identification. Being on holiday meant I wouldn’t be able to go to my local branch – and the closest branch to me wouldn’t take appointments and was currently closed. I would have to go to a bank the next day – before heading home – to try and resolve things.

I phoned Hitachi, and had a conversation with a rather nice chap there. All I was armed with was a reference number (from the transfer), and the loan amount. I did manage to get through to their fraud department, and uncovered a few things.

The man on the phone was surprised at how quickly the loan amount had been deposited into my account. The loan had been approved immediately, as my credit score is excellent. This also meant that minimum identity checks had happened, because my credit score was that good. If anything, the whole loan had been fast tracked!

The nice man also let me know what information had been provided, and I found it really unsettling. The impersonator had my full name, date of birth, my place of birth, my full address and my full bank account number and sort code. The only things that were incorrect were my job title, email address and phone number.

We then got into how I was going to give Hitachi their money back. I was reluctant to do a bank transfer at this point, as I knew something had gone down – I decided to go direct through HSBC, but also that I had to go to a bank in person to prove that I was me at this point. As far as plans go, I figured it was a pretty sound one!

The final thing I could do, given that everyone else had likely gone home for the day, was to register with CIFAS for protective registration. This isn’t free, by the way – it’s £25 for two years.

I made a list of all the things I needed to do as soon as possible:

  • First off, find out what had happened with the bank. That would be first thing the next day.
  • Go through all my credit reports with a fine tooth comb, to see if anything else had been done in my name. This would be done when I was back home.
  • With all information in hand, report the matter to the police.
  • Contact all the credit agencies to get anything fraudulent removed from my files.
  • Check that that the impersonator had not put a redirect on my mail.

Seems like a fairly small list. Bear in mind that I had a few things against me – it was a bank holiday weekend, and this was all going down on a Friday evening, after 5pm. I had time in to morning to go to the bank and try to sort things out, but they didn’t open until 10am. And then I had a really long drive back home (about 5ish hours). Bank holiday meant that everywhere would be closed on the Sunday as well as the Monday.

I was fuming, and powerless to do anything because everyone working had gone home for their long weekend. I had been done, and at that moment in time, there was nothing else I could do about it. The joy was sucked from my holiday, and as you can imagine, I got little sleep that night.

I’ll go over what went down at the bank in the next post. This is getting long.

 

All the projects!

Howdy all!

It has been a loooong while.

I guess my hiatus was down to running out of things I wanted to talk about – or could in the public domain of the world wide web.

I have been keeping busy, and I’m pretty sure that will give me plenty of fodder to ramble on about!

My current thing is projects – I occasionally have phases of feeling ‘hyper productive’, where I have an idea about millions of things I want to do, then attempt to do them all in one big go and inevitably burn myself out on the all the ideas.

Take this week, for example.

I’ve decided that I’m bored of the things I’m cooking. I’m stuck in a rut of cooking all the same things because it’s easy and I can do it with my eyes closed. I need to be better at watching what I’m eating, I need to be doing more exercise (I keep falling off that wagon, current excuse is I’ve hurt my back).

This resulted in me deciding to be a bit more Mediterranean in my eating habits. I found a few great recipes online. Sensible start, right?

Kind of.

I did a big shop in the week, and then I blew my entire Saturday in the kitchen, cooking lots of different things. I didn’t sit down last night until after I emptied my dishwasher.

At this point, I’ve pretty much made all the meals I need for the next week and a half (possibly more), if I don’t mind eating the same things over the course of a few days. My fridge and freezer are full of prepared food. Which is kind of an accomplishment, but I also find myself feeling somewhat deflated. This kind of mass production is not going to be sustainable for a lifestyle change here.

My major problem here is I become somewhat obsessive in whatever project I’ve latched on to, at the expense of other things in my life. I am currently feeling somewhat guilty that my current ‘thing’ (cooking different things) took away from other things I could have used 50% of my weekend for (see note above about how I get all the ideas at once):

  • Getting into that mobile application development that has been bouncing around in my head for quite a while. App ideas = 3. So far.
  • Writing that windows app for my spending spreadsheet, to automate my own records keeping progress.
  • Making a start on that book idea that’s squirreling around my brain.
  • Teaching myself some of these new fangled (and some older) programming languages that are gaining popularity in the industry.
  • Getting back into sketching.
  • Really learning how to use my graphics tablet.
  • Get back into blogging.

While teaching myself new things is always fun, I have to acknowledge that this also takes away from my more ‘real life’ things that should be taking more of my attention:

  • Sorting out my wardrobe – so many old outfits I will never wear again need a new home.
  • Spending actual quality time with the bloke and his littles.
  • Making that choice between getting an additional book case, or re-homing some of my old much loved books.
  • Playing all the games on my ‘to play’ pile.
  • Reading all the books on the never shrinking ‘to read’ pile. My ‘to read’ pile seems to work on a one out, one (occasionally two) in process.

At the moment, I am raring to go on all of my project ideas in one go. I’ve even made myself a trello board, with sub-lists that go into more detail on all the little steps (thanks, Agile and Scrum, for giving me this fun way to visualise all the things I want to do. I’ve ended up planning out all of my projects – on my phone – and probably lost a couple of evenings to that).

I know I will end up burning out on all the above if I don’t curb my enthusiasm. All these projects have a way of consuming all my mental energy and time. Which typically results in weeks of me vegetating on my sofa and watching all the things on CrunchyRoll when my brain short circuits. Already this morning, I’m downloading up-to-date code editors for various platforms (I’m in fact writing this as I’m waiting for downloads and installations to complete). I still have things on my ‘to prep and cook’ list for today.

I guess this post is more of a stream on consciousness than anything else. It may also provide some enlightenment on my absence from this platform for such a long time – I got distracted by all the shiny ideas. The only conclusion I can come to is that I need to have a word with myself – focus on one thing at a time, and try to finish the job without burning out on it.