The confidential data are being routinely extracted from home computers by criminals to take money from bank accounts and make fraudulent credit card transactions. Identity fraud has increased sixfold over the past five years and is estimated to cost the economy more than £1.7 billion a year.
In an investigation raising serious concerns about online security, The Sunday Times obtained a sample of 13 stolen British identities in one trawl of a website. Tens of thousands more were available in a virtual “shopping arcade” on a range of websites. The reporter was able to pick up the material without any specialist codes or computer skills.
Some of the victims were IT experts who took all the recommended precautions when buying goods via the internet or opening e-mails.
The data allow a criminal to access personal e-mail accounts, log on to subscription services and transfer funds. Victims from the sample confirmed the accuracy of the information, including confidential passwords, e-mail addresses and security codes used for credit card transactions.
“I’m horrified at what’s happened,” said Cheryl Lambert, 38, from Helston, Cornwall, who was one of those targeted. “This is my online profile which anyone could use on the internet.”
Advertisement
The criminals use so-called “trojan” software to track every keystroke made by the victim when he or she is accessing secure sites. The victim unwittingly downloads it from a website or e-mail. This enables the criminal to find out all of the victim’s codes and personal data, which he sells on to fraudsters. They can use the information to trade online using assumed identities or to obtain bogus documents.
Some of the victims contacted by The Sunday Times had had money stolen from their accounts in the past fortnight. British police are now investigating the theft of the data.
The Sunday Times reporter was offered stolen identities for between $2 and $5 each by online users of the Russian site www.carder.info. The reporter requested a sample and was provided with a list of names, passwords, e-mail addresses and credit card numbers. The stolen material included credit card details from HSBC, Lloyds TSB, NatWest and Barclays.
One victim, Chris Anderson, 25, who works for Norwich Union, said criminals tried to use his credit card for two fraudulent transactions totalling more than £1,000 on August 24.
According to registration records, carder.info uses a Russian company, Net of National Telecommunications, to host its website. Rustam Narmanov, who works for the internet provider, would not comment last week but it is understood the company reports suspicious transactions on its servers to the police.
Advertisement
Russian police said they could not comment on a specific case but were co-operating with British counterparts.
Additional reporting: Mark Franchetti, Moscow