[JessB]

ok so help me take it one step further. Just having that stuff isn't the end game.

What do they do with it? Apply for credit? Take out a loan? Even if they had someones bank account login information, is it really easy to drain an account? My bank certainly doesn't allow an online transfer to another account or location.

[photon_off]

The general idea is that an identity can have credit applied to it in many different ways. Loans would probably be pretty tough to exploit, since it's the bank's money you'd be stealing and they would take measures against that. The government, however, is much less efficient and just plain terrible at countering fraud.

Medicare fraud, for example, is pretty huge right now. Of the $500,000,000,000 that government pays out annually, it's estimated 10% of that is fraud. Pretty insane stuff.

Scammers will set up a medical equipment storefront (to collect checks... they are never open), signed off by a crooked, made up, or identity-stolen doctor. Then, they'll buy lists of information online (SSN + DOB + Medicare ID), and issue fraudulent charges to that person's Medicare account. Expensive things, like prosthetic arms and such. Medicare is required to reimburse the storefront the cost of the item within 60 days (it used to be 30 days, until Obamacare passed). The fraud detection is so bad at Medicare, that even when people actively report the fraudulent charges (imagine getting a Medicare invoice that says you've required 4 new arms this month), the crooks still get away.

The thieves run through a few of their stolen identity lists, cash those checks, close up shop, open up a new shop down the block, and repeat.

This is essentially a summary of what I saw on 60 minutes a month ago, so you should do some fact checking. I would also imagine a similar process would work for any government subsidized program, like welfare.

[runjake]

Seemingly harmless data on victims can be assembled into a big picture from disparate sources.

A particularly-common example are website security questions ("What high school did you graduate from?", "Who's your favorite musician?", etc). The answers to these questions can often be assembled from open sources. If I happen to have your email address and something like a bank account #. I can search a variety of sources and come up with more information (mother's maiden name, see who your fav artist is on Facebook, etc). Up until recently, it was very easy to use the security question attack on Yahoo and Gmail accounts, and as you probably know, there's often a treasure trove of info in someone's email account.

[pinksoda]

- Wire transfer the money out.

- ACH transfer the money out.

- Create checks using the account info, send it to a sucker on Craigslist who then deposits it and sends most of it back to you through Western Union, Money Gram, etc.

- Open credit cards or loans in your name. Not long ago they were getting peer-to-peer loans on Prosper.com but it's not as popular anymore.

- Buy stuff with your credit card or a "virtual check"(account # and routing #) and then sell it.

- Sell the information and let someone else worry about it.

If they get enough information about you, they can use that combined with some social engineering & fraud to accomplish nearly anything. They can even get replacement documents such as your birth certificate or license, depending how good they are.