It’s a story that shocked even the most grizzled fraud fighters: The Miami-Dade County Attorney’s Office filed charges against four criminals who stole the identities of five (possibly more) deceased victims of the Champlain Towers South condominium that collapsed on June 24, 2021, in Surfside, Florida.
While ghosting – using the identities of deceased victims – occurs thousands of times per day, this case of ghosting was particularly callous. Most of the time, these schemes are carried out by local individuals or groups who have identified their victims through obituaries. In this case, the alleged criminals probably pounced before the obituaries were even written.
“For most of us and most of America, this unbelievable tragedy tore at our very hearts, but for a group of alleged identity thieves, it was a time to make some money,” Miami-Dade County State Attorney Katherine Fernandez Rundle said at a news conference.
While bereaved friends and relatives were trying to come to grips with their loss, the band of thieves was changing passwords and contact information, porting phone numbers, making card requests, transferring money, making purchases, creating fake drivers’ licenses and Social Security cards, and more.
“I was home writing the eulogy,” Nicole Ortiz, the sister of one of the identity theft victims, told the Miami Herald. “I don’t know why, but I looked down. I saw notifications from Wells Fargo. I saw emails with money transfers.… It was crazy. These people are professional. Who would do something like this?”
One of the hot topics in the fraud-fighting industry is how to best stave off the relentless barrage of bot attacks waged by multi-national criminal enterprises. But because the automation doesn’t target specific individuals, like ghosting does, we often think of the business – financial institution, retailer, healthcare company, etc. – as the victim. After all, the business can suffer significant financial and reputational damage.
This incident in Miami-Dade reminds us that whether the identity fraud attack is large or small, automated or manual, the true victims are individuals – our relatives, friends, coworkers, and neighbors. They may not be liable for financial losses, but there is indeed loss to reckon with. Victims often lose their sense of security and wellbeing, and face feelings of helplessness, anger, isolation, betrayal, rage, and even embarrassment.
The hard truth is that some financial institution leaders still think about fraud in purely financial terms, including the maximum fraud rate the institution can tolerate without effecting P&L. Sadly, customers/victims are sometimes left out of the calculus; they absolutely deserve to be part of the equation.