Contrary to common thought, most identities are stolen from businesses; fewer are stolen from garbage Dumpsters or by online hackers. Phishing, the fraudulent cloning of a legitimate business’s Web site or sending a fake e-mail letter requesting personal information under the auspices of updating company records, is becoming increasingly known because of the large numbers of identities that are reported stolen in a single phishing attack. But although thefts do occur from these sources, as well as from homes, cars, and persons, the majority of identity thefts are committed inside the workplace by a relatively few dishonest employees who steal the personal identification data of a company’s most valued assets: customers and coworkers.
Oftentimes perpetrators will hire into a company on a contract basis for temporary employment. Some insiders with borderline criminal minds are used as pawns by outsider criminal friends to obtain access to company information, such as names, addresses, and Social Security numbers of employees or customers. Although they may not themselves use the stolen identities of their coworkers or customers, these indirectly involved employees are, nonetheless, insider criminals because they directly facilitate the credit card, bank fraud, and other crimes committed using the stolen identities.
The solutions are three: