The incidence of “phishing” scams is an on-going problem in the U.S. and around the world. The federal Identity Theft Penalty Enhancement Act (ITPEA) is a law designed to deter people from engaging in phishing scams and other identity theft crimes. It increases the penalties for those who possess someone else’s personal information with the intent to use it to commit a crime. So, it basically targets identity theft crimes and enhances the penalties for these crimes.
Identity theft occurs when a perpetrator uses a victim’s personal information to pose as the victim in order to obtain products or services, or anything else of value. Reportedly, almost one in five people in the U.S. have been the victim of identity theft. Victims collectively lose billions of dollars every year to identity theft.
Identity theft can take many forms and one kind is financial identity theft. This happens when the perpetrator uses another person’s personal data for the perpetrator’s financial benefit.
Financial identity theft can happen in a number of different ways, including:
- Fraudsters use a person’s credit card number to buy things. The fraudsters may gain access to a person’s credit card number online and then use it online to buy items;
- Hackers may steal funds from a person’s bank account. They might start with an amount that seems trivial, totaling just a few dollars. However, criminals can obtain millions if they steal small amounts from enough people in this way; or
- Criminals may open new accounts using a person’s Social Security number and other data. For example, a person may use the information to open a new line of credit. They then access the line to the limit and leave the owner of the account to pay the bill.
Several federal government agencies investigate and prosecute identity theft crimes, including the following:
- Federal Bureau of Investigation (FBI);
- Federal Trade Commission (FTC);
- Secret Service;
- Postal Inspection Service;
- Internal Revenue Service (IRS).
The FTC is especially active in coordinating other federal agencies and provides helpful resources to law enforcement, consumers and businesses.
All states also have laws that define identity theft as a crime, and the vast majority of these crimes are prosecuted by state law enforcement agencies according to the respective state laws. Possible criminal charges that are levied on identity thieves include theft by deception, fraud, or misuse of identification. Many states increase the penalties when identity theft targets especially vulnerable individuals, such as the elderly or people with guardianships.
Unlike other theft crimes, such as robbery or burglary, identity theft often occurs without the knowledge of the victim. Most identity theft victims only figure out that they have been victimized when they see strange charges on their credit card statements or when they apply for a loan and find out that their credit rating has been compromised. This is why experts often recommend that a person monitor their bank accounts, especially credit card records routinely, so that charges made by someone other than the account owner are quickly detected and cards can be blocked.
A person should become familiar with the three credit reporting agencies. A person can lock their credit reports at each of the three agencies so that no one can access it without the person’s knowledge. A person can always unlock their credit report when they apply for credit and want to give someone access, e.g. a mortgage lender. Otherwise, it is protected when it is locked.
Unfortunately, personal information is sometimes revealed by security breaches at banks and other companies. So, identity theft can happen even to consumers who take every measure to protect themselves. In one case of identity theft, the owner of an auto dealership used his legitimate business to gain access to his customers’ personal information. He then used the information he gathered from customers who came to him to apply for car loans to obtain nearly $800,000 in fraudulent loans.
How Does the ITPEA Work?
The ITEPEA stiffens the penalties for anyone who is convicted of committing identity theft, also known as “identity fraud.” It states that if a person obtains the personal identity information of another person with the intent to use it to commit another crime, their sentences should be lengthened by two years without possibility of probation. In addition, if the convicted person uses the stolen information to perpetrate an act of terrorism, e.g. kidnapping government officials, arson, airport violence, then five extra years should be added to their prison sentence.
Whether this law can, in fact, serve as a deterrent to identity theft or fraud is a question. The reason is that many instances of “phishing” scams originate from places outside of the U.S., so the U.S. legal system does not have jurisdiction over the perpetrators. Their distant locations may also make detection of their identities difficult.
However, it is also important to know that insiders in a workplace are often the ones who are guilty of data breaches that reveal personal information and identity theft incidents. In the year 2013 alone, it was reported that the number of data breaches resulting from employee error, employee negligence or intentional employee conduct in the workplace increased by over 72 per cent.
So, workplaces need to take their security seriously and work to keep private information private. Some measures that experts recommend for commercial enterprises are as follows:
- Implement information security policies designed to maintain the secure storage of sensitive information;
- Give employees regular training in the handling of secure documents, including when and how to destroy secure information;
- Conduct regular assessments of workplace security to identify potential security risks;
- Utilize information protection tools on all computers;
- Implement a comprehensive policy for the management of documents that tracks information from its creation to its destruction. The information that does not need to be kept should not be kept;
- Limit employee access to personal information to those who really need it and introduce protocols for sharing and disclosing information;
- Employ a shredding company that provides a secure chain of custody including locked consoles for information that needs to be destroyed. It should also provide a certificate of destruction after every shred. Employ a company that provides secure hard drive destruction services as well;
- Introduce a policy to ensure that all information that is no longer needed is destroyed.
In the end the best solution for preventing “phishing” scams lies with the consumer. A person should be very careful about telephone calls and emails that seek any type of confidential information. A person should never provide confidential information, e.g. credit card numbers, to unknown people who call them on the telephone, including those who claim to represent a charity. A person should never provide confidential information of any kind in response to an email.
A person should remember that banks and other financial institutions do not request the confidential information of their customers through emails. In addition, a person should shred all documents, such as bills with account numbers, insurance documents with account or identification numbers, and any other papers that contain identifying personal information.
If a person thinks they have been the victim of identity theft, they need to report it to the institution involved, e.g. their bank if the crime involves a bank-issued credit card, or a retail store if the crime involves a store in which the person has recently done business. The person also needs to report it to the police and contact the FTC for other assistance in responding to identity theft.
What Should I Do if I Have Been Accused of a “Phishing” Scam?
If you have been accused of a “phishing” scam, you need to consult with an experienced identity theft attorney as soon as possible. Your attorney can advise you of any defenses that may be available to you and then your options going forward. Your attorney can help you navigate the complex legal criminal legal system.
Ken LaMance, Attorney at Law
Senior Editor
Original Author
Jose Rivera, J.D.
Managing Editor
Editor
Last Updated: Sep 26, 2022