“Don’t be toly.” In December 2014 the Civil Guard launched a strong message to warn of the danger of sending the scanned ID over the internet. Doing so, they said, implied that anyone could sign up contracts in your name.
The dangers are obvious, and the experts explain how that photocopied ID that we send to make purchases – the request in Wallapop is known – or in reservations can be used to commit crimes. It can get us in big trouble, but there are ways to minimize risks using Photoshop or any other image editing application to modify that ID.
The Wallapop scam, increasingly widespread
On platforms such as Wallapop, MilAnuncios – with nightmarish cases like those of bookmakers – it is quite common for the buyer to ask the seller for the ID, often after offering an item at a bargain price. If the price is good and they ask for your ID, be suspicious, because it may all be a scam destined to get that ID and then commit crimes with it.
– Civil Guard 🇪🇸 (@guardiacivil) December 2, 2014
The scammer may not even need to put a great price for the product: he sends you his ID to prove his ID so that you can send him yours. Of course, the ID that he sends you is not his, but has previously succeeded in another scam.
Yesterday I attended 2 investigated for a crime of fraud with 22 injured. An investigator did not know what the story was about, but acknowledged that months ago he sent a photocopy of his ID by Wallapop. PLEASE stop doing that. It will avoid you a transfer through the courts.
– David Álvarez (@abogadodavid_) March 11, 2021
How they counted our colleagues in Genbeta, Sending your ID can end up getting you into the nightmare of identity theft. The scammer can register contracts, make purchases or commit crimes using that document and implicating you, and proving that someone has indeed impersonated your identity is not easy.
Scams in this sense are frequent: we have cases from recent years such as those reported in The Voice of Cádiz, in La Vanguardia, in El Confidencial, if, in EuropaPress O in the Diario de Sevilla, and not long ago a report revealed that 88% of cybercrimes corresponds to scams linked to digital payments.
Not even the Public Administration can ask us for a photocopy of the DNI
The Spanish Data Protection Agency (AEPD) itself also warned in its crime prevention guide (PDF) of how “identity theft can be due to different reasons, such as undermine or destroy the reputation of the impersonator, coerce, harass, cheat, etc.”.
In Engadget we have contacted Samuel Parra (@Samuel_Parra), an expert lawyer in privacy, cybersecurity and data protection. He also recommended that “before providing a copy of the DNI we ask the other person what they want or need the copy of the DNI for.”
Not only that. Parra stressed that “in cases of identity theft by a Public Administration, it could also be remembered that, with respect to the procedures before the General Administration of the State, it is forbidden to ask us for a photocopy of the DNI since Royal Decree 522/2006, of April 28, which abolishes the provision of photocopies of identity documents in the administrative procedures of the General State Administration and its related or dependent public bodies, therefore if any organ of the General State Administration were asking us, we would automatically have to distrust because maybe it is a case of phishing“.
If we make that mistake, they explained in Damn, It is convenient to report and also notify friends, family and contacts on social networks. The AEPD itself has a mechanism to submit claims there but as always, better safe than sorry. If you have to send the DNI, do not do it as is: there are some tips that will help minimize risks.
Three tips before sending your ID
There are legitimate cases in which they can ask us to send the DNI. There are procedures that are part of the legal obligation by an entity when it comes to avoiding money laundering.
Even in those cases, the most normal thing is that we do not have to send a photocopy, photo or scan of the DNI as is, and we can identify ourselves with a modified DNI so that nobody can use it to impersonate our identity.
To modify the DNI we will need Photoshop, for example, but any image editing application can be used to perform three simple modifications on the image of the original DNI:
- Pixelate the photoAlthough some entities may request the original photo, I have already carried out several procedures with the pixelated photo and without the entity giving problems in this regard. It is enough to select the region of the DNI in which the photo is and pixelate it or, as I do in my case, use the Photoshop filter ‘Crystallize’ so that the features appear much less defined. Another option is to cover the eyes with a black rectangle or even a very bright color.
- Pixelate the signature: in the same way that it is a good idea to pixelate our face on the DNI, it is also a good idea to pixelate the signature to avoid falsifications of it.
- Watermark: Another very useful way to minimize risks is to use watermarks, which are nothing more than superimposed texts in which we indicate what the modified copy of the DNI is intended for. We can even add an additional text that indicates that no other use is authorized for that copy of the DNI.
These tips will serve to minimize the risk that our ID can be used fraudulently, but again the important thing in these cases is to detect potential scams and never send the DNI as it is to whoever asks us for it, especially in trading platforms.