Devil's Tale


A new face on crime

By Phillip Kuhlman

Identity theft is the fastest growing crime in the country, with the estimated annual cost to businesses and individual victims exceeding 50 billion.


“I had several people who would go out and steal mail, and they would bring it back for some form of payment, whether it was drugs or money,” began an unidentified perpetrator of identity theft on the February 28 episode of the KAET show Horizon.

“I would go through the mail and look for credit card statements and bank statements. Sometimes you would even get the credit card itself,” she said. “I would use those to make purchases on the Internet or in person at electronics stores or take cash out.”

Identity theft is the fastest growing crime in the country, with the estimated annual cost to businesses and individual victims exceeding 50 billion, according to the Federal Trade Commission (FTC). Even more alarming, Arizona has the highest rate of identity theft in the country. Roughly 0.12% of Arizonans experienced some form of identity theft, according to FTC statistics from 2003.

While no one at ASU has reported identity theft, ASU crime prevention specialist Stewart Adams said students are at risk. Student credit cards have been stolen, he added.

Credit cards, along with Social Security numbers, are popular targets for would-be thieves. As of 2003, the FTC noted that people between the ages of 18 and 29 experienced the highest rate of identity theft. While most college students fit snuggly in this age group, simple precautions can help you safeguard your identity.

Photo by Brandon Quester Don’t let your credit card numbers fall into the wrong hands, or you might find yourself a victim of identity theft.

Preventing identity theft
Police officer Dan Brown of the Tempe Police Department’s Crime Prevention Unit has educated people about identity theft for more than two years. Brown said the most common way to commit identity theft is by stealing someone’s mail from a mailbox or by searching through trash.

One of the attractions of identity theft, Brown said, is that “it’s very rare to get caught.” Thieves steal pre-approved credit card offers to get personal information.

“Everyone at least once a year should pull their credit report,” Brown said. “There’s a number you can call to stop having your pre-approved credit cards sent to your house.”

Brown added that in order to deny thieves access to your personal information, shred everything and put your mail in a secure mailbox.

Tempe Police detective Ken Haugen investigates computer fraud. While online fraud is not synonymous with identity theft, victims may lose their identity when a credit card number is stolen via an online transaction. Haugen advises anyone engaging in online commerce to adopt a “buyer beware mentality.”

Haugen added that the anonymity of the Internet makes it more difficult to catch identity thieves. “Any time you’re involved in an online auction, you need to use caution because of the anonymity involved,” Haugen said.

If you’re a victim of online fraud, such as having your credit card number stolen, report the crime as quickly as possible because your Internet service provider may delete data that could be used to solve the crime.

Protecting your identity

• Stop pre-approved credit offers through the mail by calling 888.567.8688.

• Order your credit report from all three bureaus:

   Equifax: 800.685.1111

   Trans-Union: 800.016.8800

   Experian: 888.397.3742

• Shred sensitive documents with a crisscross shredder.

• Limit the number of identifying cards you carry.

• Never share your passwords or Social Security number.

• Don’t carry your SSN; leave it in a secure place.

• Give your SSN only when absolutely necessary. Ask to use other types of identifiers when possible.

• Before revealing any personal information, find out how it will be used and whether it will be shared with others.

• Pay attention to billing cycles. A missing credit card bill could mean an identity thief has taken over your credit card account and changed your billing address to cover his or her tracks.

• Put outgoing mail in post office collection boxes or at the local post office. Promptly remove mail from your mailbox after delivery.

Protecting student information
ASU has also developed methods for combating identity theft. Dr. Bill Lewis, who has served as ASU’s vice provost for Information Technology (now chief information officer) since 1993, works to maintain the integrity of student information and prevent inappropriate access. Sensitive information is “as secure as we can make it,” he said, “but there’s nothing that’s absolutely secure.”

The Internet has made it easier for thieves to access public records. “[By] getting access to bank account numbers, Social Security numbers, and date of birth, you accumulate enough to create your own identity as that individual,” Lewis said.

Thieves use two primary methods to steal sensitive information. The first involves finding unprotected files. In one case, a student running for office asked a university to give him the names and e-mail addresses of other student so he could e-mail them campaign material. When the university refused, the student accessed unsecured files that included Social Security numbers. Fortunately, the student didn’t misuse the information, but the ease with which he obtained it prompted the university to call Lewis in for security consulting.

A particularly vulnerable piece of information is your credit card number. Lewis said ASU protects these numbers by sending them to the credit card agency, which sends back a transaction number. The credit card number is destroyed, so only the bank can check the transaction number.

Another way thieves steal information is by installing a software program known as a Trojan horse on a victim computer to steal sensitive information. As Lewis describes it, thieves use a “keystroke-capturing piece of software and a remote control [to access stolen data].” Thieves are then able to steal student IDs, credit card numbers, Social Security numbers, and other sensitive information entered by the user of an infected computer.

A highly publicized case took place at ASU in 2002, when Russian mafia members installed Trojan horses on vulnerable computers. Lewis said the thieves targeted computers in the Memorial Union and some other areas of campus that didn’t require identification to access.

The incident was investigated by the Secret Service, which“came in because they were tracking [the thieves]. They identified a few machines, we gave them the machines, and they did forensic analysis,” Lewis said.

Reporting identity theft

1. Contact the fraud departments of any one of the three major credit bureaus to place a fraud alert on your credit file. The fraud alert asks creditors to contact you before opening any new accounts or making any changes to your existing accounts. As soon as the credit bureau confirms your fraud alert, the other two credit bureaus will be automatically notified to place fraud alerts, and all three credit reports will be sent to you free of charge.

2. Close the accounts that may have been tampered with or opened fraudulently. Use the ID Theft Affidavit when disputing unauthorized new accounts.

3. File a police report. Send a copy to your creditors and others who may require proof of the crime.

4. File a complaint with the FTC, which maintains a database of identity theft cases used by law enforcement agencies for investigations. Filing a complaint also helps the FTC learn more about identity theft and the problems victims are having.

Lewis also notified everyone whose information may have been compromised. No one appears to have been affected.

In addition to preventing unauthorized access to information, ASU is taking other measures to prevent identity theft. Recently, someone set up a website that looked similar to the official ASU site, possibly in an attempt to obtain personal information. Student Affairs was notified, and ASU shut down the site.

As an added precaution, all new ASU faculty and students now receive a CD with information on how to prevent identity theft. In addition, ASU is developing a new security program.

Lewis said students need to be careful with their personal information. “Don’t answer questions routinely,” said Lewis. “Make sure you’re doing it deliberately because you want to do it.”

Lewis acknowledged that balancing security with a university’s openness is a difficult task. “The more open I get, the more security issues I’m going to have, and the more security I try to put on, the less open I’m going to be,” he said. “So we try to balance.”

Even with all the safeguards, Lewis said it’s up to students to protect their own information. “Everybody has to be involved in the security effort,” he said. “You’re either part of the solution or part of the problem.”


Back to top