Is Catching Identity Thieves Mission Impossible?

Answers to Scambusters’ subscribers biggest questions — catching identity thieves and how scammers choose their victims: Internet Scambusters #281

A few weeks ago in response to our survey, you flooded us with your “single biggest questions” on topics ranging from identity theft to phishing, urban legends to spam.

We’ve answered a few of these questions in the interim, and today we answer two more of the top questions asked:

  • Is Catching Identity Thieves Mission Impossible?
  • How Do Scammers Choose Their Victims?

But first, we highly recommend you check out this week’s issue of Scamlines — What’s New in Scams?. It’s an especially important issue.

Is Catching Identity Thieves Mission Impossible?

Question: “How easy is it to catch cyber-criminals, and what is the average punishment someone gets after being convicted of identity theft?”

Answer: Unfortunately, catching identity thieves and other cyber-criminals is hard.

Only 1 in 700 identity theft suspects was arrested by federal authorities in 2006 (0.14%), while 15.8% of suspects involved in other property crimes were arrested and 44.3% of violent-crime suspects was arrested, according to

There are a variety of reasons for these low arrest rates.

For one, law enforcement often has other priorities (especially violent crime) and limited resources.

In addition, many cyber-criminals reside outside the nations where their victims live, which then requires close coordination and cooperation between police forces in different countries — no easy task.

Most important, as many as 85% of identity theft victims don’t KNOW that they’ve been “taken” for up to a year! By that point, any evidence “trail” that existed has grown cold.

What’s more, 60% of victims never report that their identities were stolen. One reason for this “shyness” is that significant numbers of identity thieves are co-workers, family members and so-called “friends” of their victims.

In fact, fully 50% of reported identity fraud is perpetrated by relatives, friends, neighbors or acquaintances of the victim.

The organizations that have been most successful in catching and prosecuting cyber-criminals have been large private companies — organizations that have spent the kind of money and employed the kinds of experts needed to track down the offenders.

We weren’t able to locate information on average punishments for identity thieves — possibly because nobody has tabulated this information yet.

What we can say is this: state laws vary when it comes to specific penalties. Federal laws impose a maximum sentence of 20 years and fines of up to $10,000.

There is no question that the best defense against identity theft is prevention. For many identity theft prevention tips, visit the Scambusters Identity Theft Information Center.

How Do Scammers Choose Their Victims?

Question: “How do crooks and scammers develop their leads?”

Answer: This depends on the scam, as well as the scammer’s education and expertise about particular companies, industries, non-profit organizations, etc.

For example, while some phishers may just dial phone numbers or send emails at random (and then pretend to be officials from financial institutions requesting sensitive information), this “cold calling” strategy isn’t very efficient — although it is quite effective.

It won’t work if (A) the scammer uses the phone and doesn’t sound like a real representative of a particular industry or company, and (B) if the potential victim doesn’t have, say, a bank account or credit card with the bank that the scammer is pretending to represent.

But “cold calling” DOES work, as long as the scammer targets a large enough audience. That’s why we get so much phishing spam. And many identity thieves simply use phishing to get their leads — it’s easy and cheap.

More sophisticated identity thieves narrow their audience by gathering advance intelligence about potential victims. They may:

  • “Dumpster dive” to get some (if not all) financial information about their prey — steal victims’ mail or have it rerouted to their own addresses.
  • Infect computers with spyware that gathers information from individuals or organizations.
  • Steal records from their own employers.
  • Illegally obtain credit reports on potential victims.
  • Hack into a company’s computer databases.

Armed with this knowledge, scammers can increase the comfort level of their victims when it comes to conning them into giving them even MORE information.

For example, a “pretexter” can make it appear that he’s a representative of a trusted company by mentioning key information about you. Once he makes it look like he’s a legitimate rep with your file at his fingertips, you’ll be less suspicious about giving him a little more data — even though that “little more” is EXACTLY what he needs to complete his crime.

In the end, there are an enormous number of “lead generation” techniques used by scammers. Suffice it to say that some techniques are scientific, and others aren’t. For example, scammers targeting seniors may even go through phone books looking for people with “old-fashioned-sounding” names!

Unfortunately, even if you’re careful, you may still wind up on a scammer’s list of potential victims.

So, it’s important that you know what to look for. And that’s why we publish Scambusters. Our goal is to warn you about these scams in advance, so you’ll know how to protect yourself.

That’s it for today, but we’ll be back next week with another issue. See you then!