Tuesday, February 24, 2009

SBA Warns of Economic Stimulus Scam

Most of the scams discussed on this blog target individual consumers, but as I've mentioned in an earlier post, businesses can be scammed and even have identities stolen as well. The U.S. Small Business Administration is warning small business owners about a recent scam that involves the economic stimulus package.

The scammers sent letters to small businesses across the country on what appears to be SBA letterhead. The letter claims that the recipient business is eligible for a tax rebate under the Economic Stimulus Act. The letter goes on to say that the SBA is assessing eligibility and then asks for bank account information.

Obviously, the SBA did not send these letters, and the agency advises businesses not to respond.

This is apparently another attempt to take advantage of the difficult economic times and exploit the financial difficulties some businesses may be experiencing because of it.

Wednesday, February 18, 2009

Over 20,000 Wyndham Customers at Risk of Identity Theft

Adding to the many data breaches reported at the end of 2008, Wyndham Hotels & Resorts announce a data breach that may have put 21,000 guests at risk of identity theft. Wyndham reported the data breach to the Florida attorney general's office back in December and said they contacted the customers whose data had been compromised during the unauthorized access.

The data accessed included customer names and credit and debit card information. So far, Wyndham does not think that any of the compromised customer data has resulted in identity theft. However, the Florida attorney general still encourages consumers to alert and report any suspicious charges on their bank or credit card accounts. Those affected by the data breach should place fraud alerts on their credit reports and follow the advice in Wyndham's letter.

Review your credit card and bank statements carefully. You will also want to continue monitoring you credit by requesting a copy of your credit report twice a year. It is possible to minimize the affects of identity theft on your credit by catching and reporting it early.

Tuesday, February 17, 2009

New Phishing Scam Uses IRS Form

As I've mentioned in my last post, tax season is an ideal time for identity thieves. After all, there is a wealth of private financial information floating around. Tax documents show up in mailboxes, and refund checks as well. The option of a direct deposit of your tax refund requires submitting bank account information. What's wrong with this? I mean, a lot of trust is required during tax time, right? After all, many of us hire someone else to prepare our income tax forms. True, but make sure the people you are dealing with are, in fact, working for the IRS.

A current phishing scam disguises itself as an e-mail from the IRS requesting information. The e-mail claims to be from the Internal Revenue Service and has two attachments. One claiming that the recipient is a non-resident alien and the other is an actual IRS form the recipient is asked to fill out, most likely to prove that he or she is not an "non-resident alien." The form requests a Social Security number, bank account information, and even a photocopy of a drivers license to be faxed to a provided number. This is an identity theft scam, not an actual e-mail from the IRS.

The IRS does not request private information in an e-mail. Any e-mail claiming to be from the Internal Revenue Service and asking for a reply with private information is an attempt at identity theft. Don't become the next victim. If you receive one of these e-mail messages, forward it to phishing@irs.gov.

Friday, February 13, 2009

Identity Theft During Tax Season

I can think of many reasons why people dread tax season, especially those of us business owners who know it's not a matter of whether or not you owe, but how much. If that's not reason enough, identity theft can also be a problem during tax season. While most problems can be avoided by only working with a trustworthy, reputable accounting firm, trusting your personal financial information with yet another person is not the only identity theft problem you can face during tax season.

Tax season can also be the time of year when people discover that they've been victims of identity theft when the IRS lets them know they can only file once (that someone has reported income and possibly collected a refund in his or her name). This is what happened to one man who had his taxes done at Memphis branch of H&R Block. He received a call from H&R Block one morning saying that the IRS contacted them regarding his return. Apparently, someone filed using his name and Social Security number in New York.

This is not an isolated incident either. The IRS opened a special office last year to handle the identity theft cases involving tax returns. For more information, visit irs.gov or call (800) 908-4490.

Tax season is stressful no matter what, but finding out that you are an identity theft victim can turn it into a nightmare. If you are unfortunate enough to discover that you are among those hit by identity theft, be sure to immediately take the steps to report it. Only then can you stop the abuse of your name and finances and begin recovery.

Thursday, February 12, 2009

Data Breach Affecting Kaiser Permanente Employees

While data breaches continued last year, Kaiser Permanente has announced one that took place last year. While no customers were affected, the private information (names, addresses, dates of birth, Social Security numbers) of nearly 30,000 Kaiser employees in northern California has been compromised.

The person illegally possessing the information, Mia Garza, was arrested in late December, and she is now facing two charges of forgery, two counts of receiving stolen property, and two counts of identity theft. At this point, investigators don't know how she obtained the computer files, and the original source of the breach is still unknown.

While only a few are known to be victims of identity theft from this breach, Kaiser Permanente recommends that employees place fraud alerts on their credit lines, and Kaiser is also offering one year of free credit monitoring to the northern California employees affected.

Once again, data breaches continue to haunt us. When large companies like Kaiser are hit, it serves a grim reminder that even companies of this size that can afford the resources to keep security tight are still vulnerable. Feel free to check out Kaiser's comments on the breach.

Thursday, November 06, 2008

Most Companies Don't Properly Delete Sensitive Data

In a previous post, I emphasized that simply deleting a file from a hard drive before disposing of it or selling it is not enough. If the file is not securely wiped from the hard drive with digital shredding software, the file may be retrieved if it falls into the hands of someone tech savvy enough. This may not seem like a big deal, but with people doing their banking and making purchases on their computers or storing tax records, it is extremely important that your data is securely removed before the computer or hard drive changes hands. Otherwise, the information you leave on the machine can be used to make you an identity theft victim.

This is even more important for companies that use computers to store credit card numbers, insurance information, or medical records. Companies that upgrade must be sure that old data is securely wiped before the machine is given away or sold. According to ScienceDaily, the number of second-hand hard drives that have been securely wiped has fallen to 33%. This puts the customers with information on those machines at risk of identity theft.

I'm not sure whether to be disappointed or extremely concerned. Granted, companies don't need to upgrade their computer hardware everyday, but the fact that we have second hand computers out there containing credit card or insurance information isn't exactly encouraging. After all, more and more people are acquiring the technical skills that would help them retrieve this information, especially kids growing up in this information age.

Keep your data safe and wipe those hard drives before getting rid of them. It's a small price to pay to prevent identity theft.

Friday, October 31, 2008

State Department Announces 400 at Risk of Identity Theft

The State Department announced that it has notified nearly 400 passport applicants of a security breach that may have put them at risk of identity theft. Most of the applicants at risk are in the Washington, D.C. area, and their passport applications may have been illegally accessed and used to open fraudulent credit card accounts. The applications contained identifying information, including Social Security numbers. More potential identity theft victims may be notified as the investigation continues.

Most of the people contacted have not become identity theft victims at this point, but they have all been offered free credit monitoring for a year. The breach was discovered when a man was arrested with 19 credit cards in different names and eight completed passport applications. While the State Department declines to comment on how he obtained these applications, it was confirmed that one State Department employee has been fired as a result of this breach.

The department has since stepped up its security for passport records management. While specifics about the method of this security breach have not been disclosed, it is no less disturbing. We don't know how many people were involved, but it's definitely possible that many of these people may already be victims of identity theft and not even know it.