Identity fraud is child’s play

Back to homepage

Click here for an overview of all news articles

About 540 people in the Netherlands are the victim of identity fraud every day and identity fraud has become the fastest growing criminal activity. Just a couple of years ago I thought that it only happened to naïve and careless people. Now I know that this is not the case.

Identity fraud is easy to do: most people work with computers but are unaware of the dangers. This is why employees download viruses on their company networks or leak sensitive information through infected private computers. Recent research shows that about 85 percent of employees click on phishing emails. On top of this, many employees create weak passwords for their work emails as nobody has shown them how to create, and remember, strong passwords. There are plenty of useful, free programmes to do this, but most people do not know them. And even worse, they use the same password for several sites. This has become a huge problem, especially because even reliable sites appear to leak data - from Sony to LinkedIn, from broadcast corporations to insurance companies. Electronic security seems to be the Achilles’ heel in the budget of many organisations.

Protecting consumers will not work with only a careful IT department and up-to-date software. The weakest link still remains the ordinary employee. While researching my book ‘Komt een vrouw bij de hacker’ (a woman goes to the hacker), I came across incredible examples of employees who shared the most privacy-sensitive information, thinking that they were speaking to a colleague on the phone instead of to a con man. I did a test myself to see how far I could go by temporarily taking on the identity of a female friend. I phoned her healthcare insurance company and the information that they requested for identity verification on the phone was easy to find on google so I passed the test easily.

Data leak

Information security is just like the sewage system: you don’t notice anything until it goes wrong. The hackers that I have spoken to say that it is not if an organisation is hacked, but when. Hackers can force their way into an organisation’s IT infrastructure on the Internet in three of the four security tests.

When information is leaked, it is not only companies who face damage, but citizens as well. The phenomenon of identity fraud has major consequences that often last for years. The victims that I spoke to initially believe that the problems would be solved very quickly as they themselves had not done anything wrong. Still, some victims had to pay the debts and for things of people that they did not even know while others lost their jobs. About fifty people come into contact with the police or with the legal system every day because of identity fraud. With only a copy of your passport, people can do all sorts of things under your name as so many organisations accept copies on the internet as proof of your identity. How can you then prove that you did not close a contract or purchase agreement if all traces lead to you?  


While you should not allow others to copy your ID, many companies require copies and most people simply do not know that this is illegal. If you wish to become a member of something or want to rent a machine, many companies still make a copy of your ID. And you do not hear the consumer complaining. It is only when they have problems that they see the consequences that a simple copy can bring. One example is Linda, whose details were used by an unknown person. She had to pay for telephone contracts that she never purchased. All in all, she was 11,000 Euro in debt which was not of her making. She suffered psychological problems because she was constantly dealing with bailiffs.

Another person who I spoke to, Boudewijn, was arrested for drugs. He thought that it was a mistake, but it turned out that someone had rented premises using his passport and had planted marijuana. It took Boudewijn more than two years to prove his innocence and he was treated as a criminal all that time. He was even turned away from doing voluntary work because he had a police record, even long after it was clear that his was a case of identity fraud. 

When I give lectures, I am always surprised about many participants' naivety. Many think that they are not an interesting ‘target’, while we know that hackers are not choosy. The good thing is the reactions after the lecture – people admit en masse that they do many things badly. And then they put these things right. They make up better passwords, they remove digital copies from their computers, they remove their date of birth from facebook, they do not click away updates of little used programmes because they then understand that without these updates their computers are as leaky as a sieve. And they no longer say that I may know everything there is to know about them because they have nothing to hide. This is what made me start on research for Komt een vrouw bij de hacker in the first place, but now I know that even ‘good’ citizens have enough to hide if they do not want to become victims.

Maria Genova