Identity Thieves Hit a New Low
by Phillip Britt
While dealing with the emotional trauma of the death of a loved one, an increasing number of families are learning that the deceased are prime targets for identity theft, as one tragedy in Philadelphia recently illustrated.
In that case, a young man suffering from bipolar disorder committed suicide by jumping from a skyscraper, an event that made the headlines. Shortly after the highly publicized incident, several creditors contacted the young man’s parents with reports that their son had opened several different accounts. Actually, he hadn’t opened the accounts—identity thieves did.
This type of identity theft isn’t new. Identity thieves have scoured newspaper obituaries for years to get mortgage and apartment lease information or the credit data of a recently deceased person. But in today’s world of instant information, thieves are quick to learn about the deaths and put their plans in action. So consumers need to take the necessary steps to protect the identities of the recently deceased.
“This isn’t a new crime; it’s a pretty common scenario,” says Debra Geister, director of fraud and client solutions at LexisNexis. “This is a very emotionally charged issue. The problem with the deceased and the elderly is that no one thinks to monitor their credit files.”
A Handy Google Search
“Technology has made it much easier to commit these crimes,” says Gunter Ollmann, a chief security strategist for IBM Internet Security Systems (ISS), the internet security operation of IBM. “Rather than going to the library to look up information about a person, now you can use Google and do it anonymously,” he says.
Similarly, the fraudster can use the internet to apply for credit and other accounts rather than going to a bank to fill out an application. This enables fraudsters to seek out identities of the recently deceased across the country, not just in the local community. Any identity information can also be gathered more quickly than in the preinternet days, says Ollmann.
Of course, it’s not just the recently deceased who are in jeopardy of having their identities stolen. According to the Federal Trade Commission (FTC), identity theft was the fastest growing crime in 2008. More than 10 million Americans were affected. Experts predict that 2009 won’t be much better. In fact, the FTC predicts an increase in ID theft using more sophisticated means of targeting victims.
A recent report from Identity Theft 911, LLC, titled “The Perfect Storm,” warns the incoming Obama administration that identity theft is about to explode due to a number of factors, including a dismal economy, fewer resources for law enforcement, and budget constraints that make organizations focus more on survival and less on protecting personal information.
“Many of the best practices are the same as you should take for a living person,” says Joseph E. Campana, a Madison, Wis.-based independent privacy consultant. Best practices include shredding documents containing personal information, not giving out personal information to people you don’t know, and protecting credit card numbers, he says.
Likewise, Adam Levin, Identity Theft 911 chairman and co-founder, says identity thieves are specifically targeting several categories, including the deceased. Geister adds that many identity thieves troll the obituaries, a practice that has been going on for years. But now with the internet, they can easily go outside the local community to find potential marks.
The fraudster’s goal is to get as much personal information as possible to open up as many fraudulent accounts as possible in a short time before the fraud is discovered, says Ollmann. This makes the deceased a desirable target because family and friends are dealing with grief, so potential identity theft is rarely considered.
Federal Help on the Way
The highest priority for avoiding identity theft following the death of a deceased person is placing a death alert on the decedent’s credit reports, Campana says. “If someone attempts to take out new credit in the person’s name, the creditor should see the death alert. This should be particularly effective as more and more of the 10 million-plus enterprises covered by the ‘red flags’ rule meet the compliance deadline of May 1.”
With the red flags rule, developed by the FTC and financial institution regulators, financial institutions and creditors must develop a written program that identifies and detects the relevant warning signs, or red flags, of identity theft. Many institutions had to abide by these rules by Nov. 1, 2008; others have until May 1, 2009.
Red flags may include unusual account activity, fraud alerts on a consumer report, or attempted use of suspicious account application documents. The program must also describe appropriate responses that would prevent and mitigate the crime and detail a plan to update the program.
While the red flags rule should help, some creditors may not always abide by it despite the fines that might be incurred, says Campana. So it’s critical that family members or friends take steps when someone dies, or when someone is critically ill, to ensure that a person’s good name and good credit stays intact after death.
Locking Down Information
Most people don’t think about safeguarding identities, but someone will need to have power of attorney for the deceased. If possible, it’s good to have this arranged beforehand.
One of the first steps is to get several copies of the death certificate because many government agencies and financial account providers will want a copy to ensure the claim of death isn’t fraudulent.
Security experts recommend contacting the Social Security Administration (SSA) first. The SSA will want a copy of the death certificate and will add the name to the agency’s master death file. In the preinternet days, this protocol was good enough. But there tends to be a lag between the time an agency gets the information and updates the file and when the credit bureaus update their own files. Then there’s also the IRS, healthcare providers, the state motor vehicle department, and insurance companies to contact.
Experts also recommend providing each of the three credit bureaus (Equifax, TransUnion, and Experian) with death certificates as well. It’s also a good idea to get copies of the credit reports for access to financial accounts, so each can be contacted. Although contacting the SSA and the credit bureaus (and the red flags rules) should eliminate most forms of financial fraud, contacting the different account providers helps ensure the information is updated quickly.
Justin Yurek, president of ID Watchdog, Inc. in Denver, adds that it’s not just financial accounts that survivors need to monitor. Only one-third of identity theft is designed to obtain financial accounts. Others seek medical information to collect on insurance or to receive drugs or medical treatment fraudulently. Illegal immigrants also seek identity information to stay in this country.
Yurek also recommends contacting the Direct Marketing Association and the National Do Not Call Registry to stop contacts from advertisers. This will help ensure that junk advertising with personal information is less likely to fall into the hands of an identity thief.
Ollmann adds that today people need to limit how much information they have online or in free email accounts. Many thieves can gain much of what they need to steal someone’s identity via social sites such as Facebook or by hacking into free email accounts such as Hotmail. The free email accounts are easily compromised, says Ollmann, so these should be closed as soon as possible. Campana also notes that it’s not always strangers who prey upon the deceased; other family members often commit fraud too.
“Identity thieves [who focus on the deceased] are taking advantage of a terrible tragedy while the family is focused a person’s legacy to diminish it significantly,” says Levin.