Tag: Identity Theft

Adventures with Identity Theft – Prevention, and what to do if the worst happens

Click here for the last part of the story that prompted this post.

So, if you’re wondering why I’m posting details about Identity Theft, I’d suggest reading my prior posts on my own experience with having my identity stolen.

So, in terms of prevention – what can you do? please bear in mind that this information is intended for a UK audience – I have no idea how these things work in different countries.

Surprisingly, not as much as you’d think. The person who stole my identity had key pieces of information – my full name, date of birth, place of birth, full address and my bank account number and sort code. As to how they got these? Either some hackery went on somewhere, or someone who knows me very well attempted to rip me off. The level of information they had in terms of security questions points towards someone who knows me, or has access to someone who knows me. But, I guess I will never know the truth!

Still, you can be somewhat proactive.

  • Check your credit report regularly. You can get a statuary credit report for free. This will show you any searches done against your credit. There are even mobile apps these days that will let you know when your credit report has changed! Here are the relevant links:
  • Experian will allow you to add a password to your credit file, adding an extra layer of security to jump through if you ever apply for any type of credit. You will have to sign up for your free credit report through them directly.
  • Shred all documents that contain personal information before disposing of them.
  • Don’t share personal information online. Keep your accounts (facebook, etc) private where possible.
  • Be careful with any online account – set up two factor authentication, use different passwords, etc. Be aware that someone getting access to these can get all kinds of personal information just by looking at what details you filled your accounts with.
  • Treat the answers to security questions as passwords – never set up an easy to find answer!
  • Don’t keep all your eggs in one basket – I know this may not be feasible for everyone, but if you can have a ‘parachute’ account or credit card with another financial entity than your main bank, you will still have access to some funds if they opt to freeze your account for an investigation. In this case, having my credit card really helped me to continue with my every day life.

With that said, bear in mind that I did/do all the above (bar the password on my credit file), and I was still done (although the security question bullet did prevent the fraudster actually accessing their ill-gotten gains). Sometimes, even doing all you can is not enough.

If you have been done:

  • Sign up with CIFAS for protective registration.
  • Check with Royal Mail that your mail has not been redirected.
  • Get in touch with the above mentioned credit agencies, and flag anything that you don’t recognise.
  • Get in touch with Action Fraud UK, if only to get a crime reference number for something they claim is not actually a crime.
  • Change all your passwords to all the things.
  • Change any information that was compromised, if you can.
  • Check all the above mentioned sites for victim resources, should anything new pop up in the future.

And well, I guess that’s all you can really do. Bear in mind that the process is not as smooth for the victim as it really should be. You will be looked at as if you compromised the information yourself by some agencies. Until you prove your identity, you will sometimes feel like you’re being treated like a criminal. Faceless entities like an Account Review team will hold god like power over your finances, and there will be nothing you can do about it.

So, do what you can to protect your information. Check everything regularly – and stay safe out there!

Adventures with Identity Theft – What the Police Said.

Click here for part 2.

Where we left off, I had been to the bank to get things sorted out there, I’d been in touch with Experian, and I had raised a report with Action Fraud UK. So far so good.

The good probably stops there. I find the rest of this story infuriating on many, many levels.

Here is the response I got back from Action Fraud UK about this (copied and pasted from the email)

You recently made a report which we recorded under NFRC************

Home Office Counting Rules set out the circumstances under which we can record a crime and on this occasion the matter you reported to us cannot be classified as a police recorded crime. Home Office Counting Rules for Fraud and Cyber Dependent Crime can be found online at https://www.gov.uk/government/publications/counting-rules-for-recorded-crime.

You have indicated within your report that the misuse of your personal details or that of a company trading style played a part in the matter you are reporting. The use of another person’s identity, often referred to as identity theft, is not a police recordable crime. Where the details are used to obtain goods or services, we can only record a crime on behalf of the person or organisation which was defrauded as a result of the misuse of an identity.

An example of a situation in which we could record a crime would be where details were used to obtain credit, the use of which left the provider of credit with a financial loss. In these circumstances we would record a crime for the provider of the credit and look to establish if there was scope for the matter to be investigated.

Whilst the misuse of your identity cannot be classified as a police recorded crime, we do recognise that identity theft can cause significant distress and inconvenience. For advice and support, please see www.actionfraud.police.uk/fraud_protection/identity_fraud.

What happens next?

Whilst we have not recorded this matter as a crime, we will still make use of the information you have provided. Information reports are utilised to enrich the overall intelligence picture which assists with the formulation and refinement of prevention strategies.

If you have any queries regarding this letter please visit www.actionfraud.police.uk/FAQ. If you would like more information on how to protect yourself from fraud and cyber crime, please see the guidance at www.actionfraud.police.uk/support_for_you. You can also register on our partner website www.actionfraudalert.co.uk to receive email alerts about new and emerging crime types.

Thank you again for taking the time to report this matter.

For the ‘too long, didn’t read’ crowd – and to clarify to those who did read the above – identity theft is not classified as a crime unless a credit company has actually lost some cash. This email let me know for sure that there was going to be no police response. Someone was/is out there, running around with all they need to commit fraud in my name, and it is not a crime. There would be no effort to trace the person who attempted to pin a £10,000 loan on me. And goodness knows what else if they had actually managed to get access to my bank account.

I still feel ragey about this. I won’t rant about it here, as these posts are more about sharing what happened, what I did about it, and what I’d advise anyone else to do to protect themselves, or what to do should this ever happen to them.

Unfortunately, this isn’t the end of the story. Where we left off, I was waiting for Tuesday to arrive so that I could make the rest of the phone calls I needed to make. I had to phone in to work for this purpose (right off the back of a week off!) to try and get this lot sorted out.

I started off phoning Royal Mail, letting them know I had been a victim of identity theft, and that I wanted to make sure that none of my mail was being redirected. Thankfully, the impersonator had not thought that far ahead. No redirections were in place.

I phoned the other relevant credit agencies – Equifax and Transunion (I’d already spoken to Experian at the weekend). I let them know what had happened, and also that I had registered myself with CIFAS for protective registration. They reported that there were no other hard searches on my files.

I then decided to check my online banking to see if that pesky £10,000 had been given back to Hitachi yet. What I found instead was surprising – £9637.12 had been transferred away from my account, with only ‘Transfer’ listed in the details part.

I phoned the bank. I was able to get on to my telephone banking very easily, as my voice is now my password. I got through to a real person – who told me that they weren’t allowed to tell me anything, and that I needed to go to a bank in person with my identification. This time, I was actually able to book an appointment at the bank for later in the afternoon. This is the point in this whole story where I feel HSBC really let me down.

We’ll get in to the bank shenanigans in the next post. Thanks for reading this far!

Adventures with Identity Theft – I was done!

Last year, I had my identity stolen. I figured I would share the story about it here, with the aim of possibly helping out anyone else who finds themselves in a similar situation. It’s somewhat lengthy, so I’ll break it out into a few posts.

I was on holiday with the bloke and his family when it happened. Me being me, I was checking my online banking in the lull between doing holiday things, and found something somewhat worrying – I had an additional £10,000 in my bank account. It had been deposited the day before. To add to this fun, this was on a Friday before a bank holiday weekend. I wouldn’t be home until Saturday evening.

Now, normally, an additional surprise £10,000 would be something to celebrate, right? Not in this case. I knew that I wasn’t expecting such a windfall, no one in my immediate circle would be sending me that kind of cash, and I certainly hadn’t applied for anything that would give me that kind of cash.

I dug a bit deeper into my online banking, and found that a direct debit was set up to Hitachi Capital Finance for a loan. I was pretty concerned at this point. I attempted to talk to the online folks at HSBC to ask more questions, and they couldn’t tell me anything – in fact, I was to go to a bank as soon as possible with my identification. Being on holiday meant I wouldn’t be able to go to my local branch – and the closest branch to me wouldn’t take appointments and was currently closed. I would have to go to a bank the next day – before heading home – to try and resolve things.

I phoned Hitachi, and had a conversation with a rather nice chap there. All I was armed with was a reference number (from the transfer), and the loan amount. I did manage to get through to their fraud department, and uncovered a few things.

The man on the phone was surprised at how quickly the loan amount had been deposited into my account. The loan had been approved immediately, as my credit score is excellent. This also meant that minimum identity checks had happened, because my credit score was that good. If anything, the whole loan had been fast tracked!

The nice man also let me know what information had been provided, and I found it really unsettling. The impersonator had my full name, date of birth, my place of birth, my full address and my full bank account number and sort code. The only things that were incorrect were my job title, email address and phone number.

We then got into how I was going to give Hitachi their money back. I was reluctant to do a bank transfer at this point, as I knew something had gone down – I decided to go direct through HSBC, but also that I had to go to a bank in person to prove that I was me at this point. As far as plans go, I figured it was a pretty sound one!

The final thing I could do, given that everyone else had likely gone home for the day, was to register with CIFAS for protective registration. This isn’t free, by the way – it’s £25 for two years.

I made a list of all the things I needed to do as soon as possible:

  • First off, find out what had happened with the bank. That would be first thing the next day.
  • Go through all my credit reports with a fine tooth comb, to see if anything else had been done in my name. This would be done when I was back home.
  • With all information in hand, report the matter to the police.
  • Contact all the credit agencies to get anything fraudulent removed from my files.
  • Check that that the impersonator had not put a redirect on my mail.

Seems like a fairly small list. Bear in mind that I had a few things against me – it was a bank holiday weekend, and this was all going down on a Friday evening, after 5pm. I had time in to morning to go to the bank and try to sort things out, but they didn’t open until 10am. And then I had a really long drive back home (about 5ish hours). Bank holiday meant that everywhere would be closed on the Sunday as well as the Monday.

I was fuming, and powerless to do anything because everyone working had gone home for their long weekend. I had been done, and at that moment in time, there was nothing else I could do about it. The joy was sucked from my holiday, and as you can imagine, I got little sleep that night.

I’ll go over what went down at the bank in the next post. This is getting long.