ID theft is surprisingly easy in SA. (Duncan Alfreds, Fin24)
Cape Town - Cyber crooks don't need to hack your computer or cellphone to steal an identity; they can simply trawl cemeteries for a target ID, says a security expert.
"Fraudsters will trawl cemeteries, online obituaries (and) even newspapers to find a deceased person that fits the profile they are looking for," Independent Identity Verification expert Dawid Jacobs told Fin24. "For example, the right gender, age group and racial profile because they want that to assume that person's identity."
Identity theft provides cyber criminals with the ability to open fraudulent accounts, which will be billed to the original ID's owner.
"South Africa is among the top three countries globally that are experiencing the highest rates of fraud using recycled deceased identities," Jacobs said.
That view ties with research from Cleardata, which found that ID theft in SA contributed to losses of R1bn in 2014 alone.
However, Jacobs said the very nature in the way we transact with companies makes consumers vulnerable to ID theft.
"We are forced to provide all of our personal details in order to transact. When we apply for credit, cell phone contracts, insurance policies, bank accounts and even employment we are forced to hand over our identity to a stranger and hope that they act honourably."
While laws like the Financial Intelligence Centre Act (38 of 2001), known as Fica, seek to eliminate money laundering and provide a safe financial transacting environment, some companies take shortcuts.
Typical phishing emails will contain malicious links or attachments. (Duncan Alfreds, Fin24)
Many loan providers will typically conduct a transaction over the phone, often only requiring three questions as verification of identity.
A criminal with access to basic information contained on bills or property rates accounts could assume someone's identity and fraudulently access funds.
While large scale hacking incidents make headlines, Jacobs argued that while this method was prevalent, there were easier methods to steal personal data.
"Fraudsters send out emails purporting to be from a financial institution or revenue service. The attached file contains malware designed to steal your personal details."
Such phishing attacks are particularly popular in SA during the tax season.
Typically, a phishing message from Sars will cop the official logo of the revenue service with a website link purporting to be official.
However, internet users are advised to delete these emails without consideration as they often contain malware attachments or point to a phishing site where criminals will be able to steal financial information.
In the US, the Federal Bureau of Investigation's (FBI) most wanted cyber criminal is Evgeniy Mikhailovich Bogachev. He is wanted in connection with bank fraud; conspiracy to violate the Computer Fraud and Abuse Act; conspiracy to Violate the Identity Theft and Assumption Deterrence Act; aggravated Identity Theft, among other crimes.
The FBI has posted a reward of $3m for information leading to his arrest and conviction. According to the agency, Bogachev is responsible for the Zeus malware, which was able to "capture bank account numbers, passwords, personal identification numbers, and other information necessary to log into online banking accounts".
Jacobs has developed an ID verification platform that allows people to protect their personal details from bad cyber actors.
"Operating in a highly secure environment, only the true owner of an identity can be verified on this system."
Have you been a victim of ID theft? Tell us your story here.
- Follow Duncan on Twitter