Identity theft and family history

One of the families I am interested in is Growden, and so I was interested in this article Identity thieves prey on everyone, advocate stresses | Local News | Cumberland Times-News:

Last week, a LaVale woman arrived home from her vacation in Virginia Beach, Va., to find charges on her credit card from ITunes. She did some further research and discovered other charges from a bank overseas. Somewhere, on her otherwise restful vacation, a thief had stolen her credit card number and made fraudulent charges. The local woman became the latest victim of identity theft. It happened that quickly.

“And that woman was me,” said Desiree Growden, the coordinator of the local Communities Against Senior Exploitation program. A national effort, CASE was launched in 2002 in Denver and introduced to Allegany County through the local state’s attorney’s office in 2009. Growden said the intent of the CASE program is to educate people on the dangers of identity theft.

Actually, “identity theft” is something of a misnomer. The danger here is not so much identity theft, as impersonation, or as it is sometimes called in criminal law, personation. To personate someone is to assume their identity with intent to deceive. To impersonate someone is a more everyday thing, and not necessarily done with criminal intent. So, for example one gets Elvis impersonators. But what is sometimes called “identity theft” is actually, in most cases, personation.

I’ve often read scare stories about “identity theft”, and have found that it is usually a question of simple personation. Someone who has pretended to be you has bought goods in your name, so that the account goes to you. Or they have withdrawn money from your bank account, pretending to be you.

Identity theft is a lot more serious. If someone steals something from you, you no longer have the use of it. If someone steals your car, you can’t drive anywhere, but have to walk. If someone steals your identity, you are no longer you, or at least no one believes you are you. This is the kind of thing that sometimes happens in science fiction or horror stories – a man goes on a journey and returns home to find that someone has stolen his identity, and is living in his house, with his wife, and his children call the stranger “daddy”, and no longer recognise their real father. That is identity theft, and of course it is personation as well. But someone who personates you in order to withdraw money from your bank account has stolen your money, not your identity. You are still you.

But there are scams that involve identity theft, and they were quite common a few years ago. One was when someone personates you to take out a life insurance policy on your life. Then they get a forged death certificate, and claim on the policy. And they might try to do several other things with it. And suddenly, to a lot of people, you are no longer you, because “you” are dead. In that kind of case, your identity really has been stolen, because even if you know who you are, nobody believes you.

But whether it is simple personation, or actual identity theft, it is still nasty, and something one needs to take precautions against.

How does it affect family history?

One example is that went I moved to where I am living now, I opened a bank account at a local bank, and on the application form I had to give my mother’s maiden name. They didn’t say why they wanted it, but I later discovered that if someone came into the bank claiming to be me, the bank would allow them to operate my account if they could tell the bank my mother’s maiden name. Now that was really stupid on the part of the bank. They thought it provided security and would make it harder for scammers to personate their clients. But family historians know the maiden names of most of the mothers in their family, and are anxious to find out the rest. So using the mother’s maiden name as a security question was really stupid. I think the banks have learnt a few lessons since then, and are not quite so naive about it. But if at the time they had told me that that was why they wanted me to put my mother’s maiden name on the application form, I could have told them how stupid it was.

If one is putting a family tree in a public place, like a web site, then most programs that create them allow one to avoid showing full information about living persons, and it is wise to do that, precisely because of the danger of personation.

We have a Growden family internet forum, with a mailing list, and a place to exchange files and photographs and to share information throuigh databases. But it is a “members only” forum. You have to say what your interest in the family is before you can join.

I have sometimes had requests from complete strangers, asking me to send them all the information on the Xxxx family. My response to such requests is to ask how they are linked to that family, and whether they are related, and what their relationship is. If they can show that they actually are related, then I will gladly share family history information with them, but it must be a two-way thing. I won’t give my research unless they are prepared to give me theirs. The ones who simply ask for “all the information” on the Xxxx family” might be naive newbies, who pick a branch of a family that isn’t really theirs, and latch on to it, or else they are scammers looking for information to try to personate someone in the family for criminal purposes. So my rule is, don’t share your family information with people who aren’t prepared to share theirs with you. If you take reasonable precautions like that, you are unlikely to fall victim to personation because of your family history.

The greater danger is phishing, with phony e-mails pretending to be from your bank or something, and asking for your account and password details. I got one like that yesterday.

Dear Customer,
Absa bank technical department will be carrying out a systematic
upgrade on our Network server from 7am today to 5am tomorrow morning to
avoid hackers from accessing your online account.
To take your account through this update process,
Please click on the link below
https://ib.absa.co.za/ib/tvn_upgrade
*Note. Absa Bank will not be responsible for loss of funds to online Phishers
as a result of failure to comply with this new directive.
You will also need to verify your TVN upon request.
Thank You

But hovering the cursor over the URL they asked you to click on showed this:

http://thoughtbroker.com.au/upgrades.absa/absa-banking-update/logonform.do/ibank-login.php

Now why would a South African bank (where I don’t have an account anyway) have an address at a web site called “thoughtbroker.com.au”? That’s a dead giveaway, and it’s as phishy as hell.

And some of the phishers are even more naive, and send their bogus messages from webmail addresses like gmail or yahoo. No reputable bank would send a message from an address like that, though some of the victims of the phishers are apparently even more naive, and fall for that sort of thing.

To get back to family history: be careful, but don’t be paranoid. Within the last month I’ve made contact with four distant cousins, in either my family or my wife’s, because they discovered links either on this blog or on one of our other family web sites. And because we’ve agreed to share information, once we have established the links, we’ve learnt a lot more about hitherto unknown branches of our family, and so have they about theirs. If we’d been over-suspicious, we might have missed a lot.

But a few years ago I had a couple of strange and rather frustrating encounters with over-suspicious family history researchers. One (no names, no pack drill) complained that I had posted information about “their” family (which was mine as well) on the web, and said I ought to have informed them of this, when I hadn’t even known they existed. But they themselves had posted family history queries on all sorts of web sites and magazines, without informing me, and it was in fact through one of the queries that they had posted in a magazine that I had managed to make contact with them at all, and discovered descendants of a branch of the family that connected with mine in the 1830s. They mentioned concerns about identity theft, but posting family details from the 1830s is hardly likely to help identity thieves, and they had posted more than I had. It was rather sad, because by sharing information we could probably both advance our research.

Another example was even more strange and frustrating was correspondence with someone I knew only as “visionir”, and was researching the Stooke family. I mentioned which branch I was interested in, and got this reply:

I have that branch quite straight and have been in contact with the
descendants of the children Mary and Sarah.
The William I am claiming was 7, in Love Street, Clifton in 1851.
His father was Thomas age 38 born Westbury, Salop.

The Mary in question was my great grandmother, Mary Barber Stooke who married William Allen Hayes, and the Sarah was her sister. I didn’t have that branch quite straight, and wasn’t in contact with their descendants, and would dearly love to learn more, but “visionir” wasn’t telling. In that case I don’t think it was oversuspiciousness or malice, but just being rather scatty and disorganised, and assuming that everyone already knew everything that they knew. Eventually I did manage, about 10 messages later, to get out of him/her that Sarah Stooke had married someone called Charlie Parker who kept a pub in Bristol. And I wasn’t able to help “visionir” much because the information he/she gave was too disconnected to make any sense of.

In neither of these cases did the people concerned use computers to keep track of their genealogy, though they did use the Internet to contact others. This led to some weird assumptions. For example the first lot took offence that my genealogy program put my contact address at the bottom of a family group sheet I sent them to show what I had on that branch of the family. They accused me of “claiming” their research. I think that is carrying the hermeneutic of suspicion too far.