Las Vegas Sun

March 28, 2024

Pickpockets strike through the ether to steal identities

Law enforcement frequently retrained to keep up with tactics used by identity thieves

HOTBED FOR ID THEFT

Nevada ranked fifth in the nation last year with 106 complaints per 100,000 residents. In 2005, the state ranked second with 130.2 complaints per 100,000 residents.

Sun coverage

Law enforcement officers learned last week how easy it is to have one’s identity stolen when a cybercrimes expert powered a $30 machine and intercepted some of the wireless transmissions coming from their smart phones as they sat in a UNLV conference room.

As cybercriminals seek new ways to outsmart police and the public, crime-fighting agencies are increasingly turning to cyber-experts to show them the latest high-tech equipment used in identity theft scams.

One of those experts is Justin Feffer, who conducts seminars for identity theft detectives nationwide on behalf of the FBI and LifeLock, an Arizona company that specializes in identity theft protection.

“It’s absolutely an arms race,” said Feffer, who also investigates cybercrime for the Los Angeles County district attorney’s office. “You see vulnerabilities in software exploited by criminals. Then you see the software companies patch those vulnerabilities and then the criminals develop new ones. That’s why you have to make sure everything is up-to-date and currently patched. What was good last year is by no means safe this year.”

That’s the reason nearly 100 officers from Metro Police, North Las Vegas, Henderson, the state Gaming Control Board and other agencies attended the conference.

It included a demonstration of skimming devices that criminals use to steal credit and debit card information, including PIN numbers, from card-swiping machines that have become increasingly present at Las Vegas restaurants and retail outlets.

Speaking outside the conference room, LifeLock spokesman Mike Prusinski emphasized the importance of training. “Most of the individuals in that room have absolutely no idea what a skimming device looks like or what the wiring looks like. We’re opening their eyes to these things.”

The interview took place outside the room because the FBI and LifeLock don’t want the public — including the media — to know what law enforcement is learning about the tricks of identity thieves.

Nevada has been a hotbed of identity theft for years. The state last year ranked fifth in the nation with 106 complaints per 100,000 residents — 2,802 complaints total — that were fielded by the Federal Trade Commission. That’s down from 130.2 complaints per 100,000 residents in 2005, when Nevada ranked second. The agency did not explain why the numbers for Nevada are down.

The FTC data paint only a partial picture of the problem because many victims file complaints only with police instead of also with the commission. But the number of identity theft crime reports filed with Metro from January through Nov. 13 — 2,063 — is down from the 2,440 filed during the same period in 2009.

Metro property crimes bureau Lt. Robert DuVall credited increased public awareness for contributing to the decline because it shows that individuals are doing more to protect themselves, including checking their credit card statements regularly. He also recommended that consumers obtain free credit reports as often as quarterly to make sure accounts aren’t being opened in their names.

“It shows that we’re on the right track as a community,” DuVall said.

While Nevada has several laws that address identity theft, Assembly Speaker-elect John Oceguera, D-Las Vegas, has submitted a bill draft for the February legislative session that would allow victims to file complaints with police within four years of learning of a stolen ID. Under current law, a complaint must be filed within four years of the crime being committed.

John Oceguera

John Oceguera

Oceguera said the reason for his proposed change is that many of the stolen IDs come from children who may not discover the theft until many years later, when they are old enough to apply for credit cards.

“The children never find out about this until they turn 18, 19 or 20, when they learn that their credit has been ruined,” Oceguera said.

Identity theft involves a far broader array of techniques than one might think but the outcome is often the same. The crook ends up taking money or running up expenses without the victim’s immediate knowledge.

Some techniques require little or no sophistication. There is the guy who dives into a Dumpster to retrieve financial records from a hotel, a doctor’s office or a retirement home. Or the crook who steals someone’s mail. Or the criminal who uses solvent to “wash” the ink away from checks so they can be reused illegally.

Just remember to avoid handing a check to a stranger whenever possible, Feffer said, because checks contain account and routing numbers that can be easily compromised by the check “washer.”

“Once you give someone a check, you are giving them the keys to the kingdom,” he said.

But it’s society’s increasing reliance on computers and convenience items such as ATMs and machines where one can swipe a credit or debit card at a gas pump or a business that are giving crooks greater opportunities to devise high-tech ways to take money from unwitting victims.

“We’ve brought a lot of this on ourselves,” Prusinski said of fellow consumers. “We’ve wanted a society of conveniences. We want to be able to just go up to a machine and place our credit card on it and swipe it through.”

Feffer used a PowerPoint demonstration to show how easy it is for a criminal to steal a point-of-sale machine from a store, replace it with another one, install technology in the stolen machine that skims credit card information, return the corrupted machine to the store and then steal it again after it has been used by unsuspecting customers. The crook then can use the stolen credit card information.

Similarly, Feffer said many banks do not maintain their ATMs, and bank managers often do not notice when the machines have been tampered with.

One of the most common complaints Feffer hears from police has to do with lack of cooperation, or slow response to queries, from certain banks.

“The ability of law enforcement to get timely information is critical,” Feffer said. “Some banks are definitely better than others. Some banks may never give you information or may take a very long time to get the information. That hurts the victim and that hurts us in law enforcement because timeliness is critical.”

Other hurdles law enforcement faces include the difficulty of retrieving certain forensic information from computers versus paper records, the ease with which cybercrooks can amass thousands of false identities and the fact that many of them receive relatively light sentences when compared with those given to traditional bank robbers.

“We need stronger penalties against these criminals,” Prusinski said of identity thieves. “You can’t have a first-time offender who steals hundreds of thousands of dollars or millions of records and maybe they get probation. We also need stronger laws affecting the companies that hold our data, forcing them to have it secured, to make sure that we don’t have these data breaches.”

Identity theft has advanced to the point where some websites offer lessons on how to pull off those crimes, such as by compromising bank accounts or gaining money from others through online social networking or by sending out nefarious e-mails. The latter technique, known as phishing, is an attempt to get someone to volunteer such sensitive information as user names or passwords that can allow a crook to access a victim’s financial accounts.

Many of these crimes originate in places such as Russia or Nigeria and often involve a sophisticated ring of computer hackers, and in the case of corporate theft, accomplices who are corrupt employees.

“Why do they target Americans?” Feffer told the attendees. “Because we have money. Their goal is to steal our information. They often need people in the U.S. to help them cash out on the information.”

As for precautions, Prusinski recommended that consumers resist giving out a Social Security number without assurances that it will be safeguarded and avoid using debit cards whenever possible because of the access it provides to one’s bank account.

Feffer added to that list the need to check one’s bank account and credit card statements often to correct irregularities quickly.

“Use good computer security hygiene,” Feffer said. “Make sure all of your software and operating systems are patched and up-to-date. Make sure you’re running some sort of well-known or well-tested anti-virus or anti-malware software. If you’re using your credit card number online and your computer is compromised, that’s going to be the first thing the suspect is going to look for.”

Join the Discussion:

Check this out for a full explanation of our conversion to the LiveFyre commenting system and instructions on how to sign up for an account.

Full comments policy