Saturday, December 3, 2022


Identity theft or the theft of personal information is becoming a major problem worldwide and is an increasingly worrying phenomenon. This is one of the leading contributors to a successful fraud worldwide. Identity Theft type of fraud which involves stealing money or gaining other benefits by acquiring the Personal Information of a victim and then pretending to be that person.

Case numbers rise and fall from year to year, making it hard to get any solid criminological information on identity theft crimes. However, commonly, the sooner a person discovers they have been victimised, the smaller the losses they will suffer. Yet, most people don’t realise their identity has been stolen until months (sometimes years) after the event happened. This often ensues totally by chance when for example a person wants to get married and on checking their marital status with home affairs finds that she/he is already married to a foreign national that they have never met.

More businesses than individuals suffer financial losses from these types of crimes, because a variety of laws exist to protect individuals from many of the financial losses they would normally incur from identity theft. Financial Institutions often have to cover the costs of their client’s losses in cases of credit card fraud and the like.

The one given of identity theft is that every one of us needs to be vigilant, as we are all possible targets for perpetrators of these crimes. These criminals target victims indiscriminately and Identity Theft can occur when the victim is alive or deceased. The consequences of your Identity being compromised can be emotionally devastating and can be costly and time consuming to address.
Furthermore it may have a direct impact on your personal finance, making it difficult to obtain loans, credit cards or a mortgage until the matter is resolved.

This is a fairly new field of study for Criminologists, who have only recently turned their attention toward this kind of crime. They are primarily researching and trying to understand all the different types of identity theft.

What is personal information?

Personal Information includes all information that is unique to you, such as your ID document or driver’s license, passport, payslips, credit card information, utility bills, cheque books and bank cards, banking details, telephone records, card PIN numbers and Internet banking passwords.

Common Methods used in Identity Theft

Common methods or modus operandi used in identity theft include – phishing, dumpster diving shoulder surfing, spamming. Phishers send e-mails claiming there is a problem with one of the intended targets existing accounts. Dumpster divers go through refuse in order to salvage copies of checks, credit card and bank statements, and other records or information that they may find useful. Shoulder surfers look over peoples’ shoulders as they enter personal information into phones, computers, and ATMs. Spammers send unsolicited e-mails advertising a product, service, or get-rich-quick scheme.

An identity thief only needs to obtain a small amount of personal information (like a identity number, password, or pin) because once they have a starting point, the rest can easily be obtained from any one of the many public record websites or a fee-based information broker. People often unwittingly assist these perpetrators by putting too much personal information on social networking websites like Facebook and Twitter. Sometimes, the identity thief poses as an employer, broker, or landlord to obtain whatever additional information they need. Some of the easy-to-find personal information on the Internet includes but is not limited to: current and earlier addresses, phone numbers, taxes, small claims, criminal and civil judgments, property ownership, bankruptcies, lists of neighbours and friends, names of relatives and your marital status.

What is Phishing

Phishing is the use of bogus websites and emails disguised as highly regarded enterprises aimed at obtaining the information of unsuspecting recipients for the purpose of committing financial fraud. The personal information sourced could include passwords, identity numbers, credit card details and sometimes, indirectly, money. Phishing has become an increasing problem costing both businesses and individuals billions. Roughly 25% of phishing crimes originate in the U.S. with the rest spread throughout the world. A broadly used method of phishing involves the transmission of numerous phony emails to recipients in which social engineering is commonly used for the purpose of compelling individuals to disclose personal and/or financial information. Also known as the dragnet scheme, this type of phishing will either manipulate recipients to disclose information or will redirect them to a spoofed website (a website designed by criminals to fool users into thinking that it is legitimate). Typically, Phishing emails usually request that users obtain, verify or update contact details or other sensitive financial information. Dragnet phishing commonly compels quick action by using alarming messages that creates an immediate response on the part of victims and usually results in rapid criminal activity. Phishing toolkits are commonly available for purchase by anyone, and not only provide templates for beginners to get started, but contain advanced features which help facilitate the capture of transmitted information.

According to Mohamed Chawki from the computer crime research centre other types of phishing include the rod and reel method, where phishers identify specific prospective victims in advance, and convey false information to them to prompt their disclosure of personal and financial data. The Lobsterpot method, relies solely on the use of spoofed websites. The spoofer’s goal is to either gain access to a secured site or to mask his or her true identity. They may hijack a naive victim’s address by falsifying the message’s routing information so that it appears to have come from the victim’s account instead of their own.

In gillnet phishing, phishers introduce malicious code into emails and websites. By merely opening a particular email, or browsing a particular website, Internet users may have a Trojan or other malware introduced into their systems. The malicious code may change settings in user’s systems, so that users who want to visit legitimate banking websites will be redirected to a lookalike phishing site. In other cases, the malicious code will record user’s keystrokes and passwords when they visit legitimate banking sites, then transmit those data to phishers for later illegal access to users’ financial accounts.

What can offenders do with your personal Information?

Criminals can use Personal Information to assume your Identity and obtain bank or retail accounts in your name for which you could find yourself liable. They can furthermore defraud your insurance company, your medical aid or any other company with whom you have dealings. Perpetrators may transact on your bank account while impersonating you. They can damage your professional reputation or secure employment by using your academic qualifications. This is especially dangerous where they enter careers such as nursing where lives are at risk. Your status can be changed and you could even find yourself married to an unknown person possibly seeking citizenship of your country. If they can access your credit card information they can make online purchases using your credit card running up huge debt in your name.

What is being done in Botswana to combat cyber-crime

From a legislative perspective the Cyber Crime and Computer Related Offences Act is being reviewed in order to develop the law relating to cyber crime and aid the successful prosecution of computer related offences in Botswana. The Botswana Police are currently looking into the establishment of a Computer Forensics Team and this has been earmarked as a priority for them. At present any victim of Identity theft should report their case at any Police Station where the case will be escalated to the CID and assigned to detectives dealing specifically with computer crime. The need for specialist training for these detectives has been identified and is currently being explored.

Tips to Avoid Becoming a Victim of Phishing & Personal Information Theft

According to the Banking Association of South Africa there are a number of measures that you can take to avoid becoming a victim of Identity Theft or Phishing scams. They recommend the following:
ÔÇó Do not disclose Personal Information over the internet or telephonically, without knowing exactly who you are disclosing the information to and what it will be used for.
ÔÇó Be careful when you enter competitions or answer surveys because sometimes these are scams to source your information.
ÔÇó Create Intricate passwords (use caps and numbers) Don’t give your passwords to anyone.
ÔÇó Always log off from any banking websites that you may use.
ÔÇó Carefully consider the information you disclose electronically.
ÔÇó Do not carry all your identification documentation with you, unless absolutely necessary. Alternatively carry a certified copy of your Identity document driver’s license or passport and lock the originals safely away.
ÔÇó Ensure your filing is always secure. Documents can be easily stolen or copied if left in unsecure locations
ÔÇó Always shred or burn documents that contain Personal Information, avoid throwing them away.
ÔÇó Delete all Personal Information and format the hard drive of any electronic devices such as cell phones, PDAs or computers before you dispose of them.
ÔÇó Ensure your Personal Information is subject to a confidentiality clause and cannot be sold or used for anything other than the specified purpose before you disclose it.
ÔÇó As a consumer you should obtain a credit report each year. Use the report to check if any institutions have made enquiries about you. This could indicate that your details have been used without your authorisation.”

More information can be found on their website
What to do if you become a victim of Identity Theft
ÔÇó Report the crime to the Botswana Police as quickly as you can.
ÔÇó If you suspect malware on your computer have your computer scanned by a computer technician.
ÔÇó Notify your bank, insurance company and ALL other entities where you are currently are a client.
ÔÇó Notify the department that issues the stolen document(s) such as the Department of Civil and National Registration for lost or stolen Omang and the Department of Immigration and Citizenship for lost or stolen passports.
ÔÇó Notify the post office if you think your mail may have been tampered with or stolen.
ÔÇó You may have to seek assistance from a reputable attorney in order to deal with legal ramifications that may arise.

You can call us at Expert Profiling or Lediretse Attorneys Tel: (267) 390 9957 where we will assist you in contacting people well placed to help you.


Read this week's paper