“Identity Theft, Business Identity Theft and Ghost Writing Identity Theft – What’s it All About?”
Over the past two decades there has been a serious growth of businesses and “alleged” institutions that offer a plethora of specialized “certifications”. We see so many abbreviations surfacing that are not identified.
As an example, there is the “NARSMONISS” (a ten (10) letter abbreviation!) that was used. I couldn’t resist attempting to find out just what it meant, especially since it was an “official certification” being represented by six additional ones following the name of the individual. After a few weeks of attempting to contact the individual, or researching the contacts (and references) it turned out to be a fraud. NARSMONISS doesn’t exist.
We have names for such individuals:
LinkedIn is just one of many contact management entities and one of the best established ones; however it makes no difference which entity these individuals (e.g. parasites) work their way into.
Businesses, job opportunities, investment offerings, anything that has a connection to revenue or assets. The common denominator is that they are targets for fraudsters. Welcome to my world.
Credentials, whether they be educational, certificates/certifications, licenses, titles, work experience and such all can look impressive and in many cases reflect honest representations of individuals who really represent who/what they are and what they do.
However, there is another side that represents “intentional misrepresentation” of information, background data and such for a number of reasons.
LinkedIn members, as with almost all other contact management companies, are always subject to “ghost-writing identity theft”.
Typically, the initial three (3) types of identity theft are:
- Regular “Identity Theft” is typically targeting financial resources of individuals.
- “Ghost-writing Identity Theft” is not only targeting financial resources, but in many cases the individual’s entire background, career and reputation. The fraudster counts on this information being readily available (which it is). This is where specific information is literally taken from one unknowing member and used in the fraudsters own profile. The information is absolutely accurate, but not for the individual it represents. What they count on is the fact a lot of that information cannot be validated without written permission. This includes many of the typical records (e.g. educational records, government agency records, etc.).
The fraudster counts on this and will mix in a number of items which CAN be validated, so you are dealing with a Chameleon-like individual. It makes no difference if it is LinkedIn, or a CV used for submission for a position opportunity in a company or agency.
- “Business/Corporate Identity Theft” is similar to regular identity theft, but the difference is it attacks a company, possibly even to the point of taking control of it for a short period of time – time enough to strip-away assets and revenues of the business, let alone sensitive information (e.g. corporate espionage).
Being in the Threat and Fraud Assessment for a few decades, we find that the due-diligence performed to “validate” such information submitted by potential candidates (whether it be for a contact management firm, employment, etc.) is exceptionally dismal at best (save except for the more serious government agencies that require extensive background checks and security clearances). However, let there be no illusion that even government agencies have approved individuals applying for sensitive positions overlooking some of the most obvious red-flags as well as some of the more sophisticated fraudster systems.
When looking at a CV or profile of an individual, first determine their field of work or their profession. You should be able to have a basic understanding of it, and it not, research it. It doesn’t take much to learn the basic “core” components of any field. That doesn’t make you an expert in it, but it does give you a start.
If it is a matter of planning to hire a potential candidate, look at the total representation made by the candidate first; and then the appropriate division management that the position is targeted for should be included to truly perform a skill level due-diligence.
Abbreviations after a name look good to some, but raise eyebrows to others, especially when they are not known. Many of them can be easily validated with the organizations claimed.
Educational institutions are another story and require a written release.
Driving records has become much more secure and require specific ID and a recognized purpose to acquire them.
Birth certificates is a different animal completely. Due to the amount of fraud, ANY records having to do with birth, death, marriage, name change, and gender change require serious written authorization and proof of being the individual requesting the documents, or by court order.
Work experience is one of the easiest to prefabricate, and with the help of a friend or two, can assure a phony validation that will even pass government inspection if done correctly.
In most companies and definitely within the government sector, there exists some type of screening process. Sometimes it is with the help of an outside agency. Submission to lie detector interrogations/validations.
Signed releases for educational transcripts and other critical records, but this is still a very weak and vulnerable area for most.
One of the first things we look at are International credentials if they are presented.
This area is so confusing and there are so many restrictions of acquiring information that, in many cases, is impossible to validate what you are looking for.
Moreover, the amount of both domestic and especially International fictitious and fraudulent certificates, educational transcripts and such is epidemic. From medical and legal degrees, to law enforcement and government credentials, we have seen more bogus representations and we are sure that it is just the preverbal “tip of the iceberg”.
There are even overseas organizations that were created to provide complete fraudulent identities of individuals who use their system to acquire positions of employment, letters/references of recommendation and even fictitious investment qualifications and successes. The sole and exclusive purpose of these types of operations is to find a business or individual to commit a fraud against. It may be used to get a job, or to have a person invest money, but whatever the case it is for fraudulent purposes utilizing fraudulent tactics.
When performing due diligence, take the time to do your own research into specific claims of representation being made by the candidate. We recommend the designing of a simple timeline, which is easy to do, allowing you to map out dates claimed, from education and work, to accomplishments and publications. That timeline is your best friend since it allows you to “branch” out into the other areas requiring validation and that is where holes will most likely start to appear. Sometimes you will find overlapping dates that make no sense. The more questions that surface, the more of a possibility that what you are dealing with would be best to walk away from.
Now when you see a “government” reference, be aware that if the candidate goes into massive detail about the job description, accomplishments, duties and specific cases or operations, it is, in almost all cases, a fake. Those within almost all government agencies are bound to a very specific confidentiality non-disclosure agreement. The more sophisticated/confidential the agency, the more restrictive they are.
If the person has a website and posts such government background information on it that they claim they have performed (in detail), it is most likely fake. It makes no difference whether they claim it on paper, orally or in a website – government agencies DO NOT ALLOW publication of sensitive information without prior WRITTEN consent.
A person who claims to have worked for the CIA most likely has not. If they represent the State Department and basic contact information, that would be appropriate. The same would be with Department of Defense, and so-on. Government agencies have very specific guidelines for individuals to follow regarding what they can place in a CV or for other employment purposes.
Military records are also sealed and cannot be acquired without some serious paperwork and releases, or by the appropriate court order. Moreover, claims of military duty, special operations and names of groups and missions is a BIG red flag. Almost ALL special operations groups, from SEALS, SOG, SAG and so on never, EVER make public their information.
It is usually listed as some benign detachment, division or group. They are bound to a code of ethics, non-disclosure and numerous other “protective” proactive documents that would see such information disclosure as a “major” violation of military AND civilian law. The same applies to special operations units overseas.
Citizenship is an interesting issue, especially where “joint citizenship” can be a major limitation to your company since the potential candidate may not be allowed to travel to specific countries (outright restrictions). Validation of citizenship, at least for the United States is relatively easy IF the information is properly supplied to you in official format.
Also it is important to validate the foreign citizenship for reasons I could spend hours going into.
The issue of civil or criminal background checks is always grey (for the exception of the government background checks). A local town background check is useless. What is needed is a National (United States – All States) background check.
This is not an inexpensive procedure and does take some serious time.
Utilization of typical Internet companies that claim they can do such a check in a matter of minutes for a few dollars is highly questionable, let alone “valid”.
If a potential candidate ever had a United States security clearance, you should be able to (1) validate that information, and (2) if it is still in-force, revoked or expired.
International Security Clearances is a different and difficult animal to validate and takes up to several months to perform correctly.
Finally, the contact information of the individual is always a major factor in determining the validation of the candidate you are look at hiring or using. Is the address real, or just an open parking lot with a throw-away phone being used for contacting the person?
Remember, acquiring an email address is free – need I say more, and acquiring a domain is typically is $9.00 or more per year. To create a business costs practically nothing and it is almost totally virtual. Remember that.
This is just a basic overview of a combination of Identity Theft and Identity Ghosting where fraudsters can work their way through your system(s) to get what they want.
We have provided extensive manuals and workbooks that address nothing but how to approach due diligence when dealing with proactive measures against:
- Identity Theft
- Business Identity Theft
- Identity Ghosting
- Employment Hiring Fraud
- General Basic Fraudster Procedures
This article is designed for readers to take the time and really perform their due diligence (with a few recommendations on how to make such a search more effective). It contains quite a bit of information that many may deem simple or basic, but our programs do not assume that people know “everything” about “everything”. The articles, PowerPoint presentations and streaming videos (e.g. lectures) will cover the basics to most advanced areas of Identity issues that we are aware of (and more).
LinkedIn® is a registered trademark of LinkedIn.Com
PowerPoint® is a registered trademark of Microsoft Corporation