Wednesday, December 27, 2006

MySpace Plagued With Identity Thieves

I've posted before on social networking sites and how people can become victims of identity theft by revealing too much online. It seems now the site hit most with identity theft is the most popular site, MySpace. MySpace users are now being hit by a band of identity thieves who are stealing user names, passwords and personal information and using them dishonestly. Many users are being spammed with junk emails and links to certain sites or being impersonated online.

While being impersonated online can be a serious pain to remedy, this isn't the most damaging problem. Personal information is being stolen, and identity thieves are accessing data on users' personal computers. According to this article, thieves are using different methods of to commit their crimes. One popular one is providing a link to download a media player or another kind of file, and when the user does this, a worm is installed on his/her computer.

NewsCorp, parent company of MySpace, is reportedly taking steps to slow down the identity theft, but MySpace users continue to be attacked. I can't emphasize this enough. Take extra precautions when using MySpace. It can be fun and safe if you are careful. Have a look at my former post and take the suggested precautions. Not everyone on the web is willing to play nice. Be safe.

Thursday, December 21, 2006

Dumpster Diver Charged With Identity Theft of Almost 90 MLB players

Some identity thieves go for the average consumer, preferably someone with good enough credit to make it worth their while. Others may go for those with deeper pockets. This one seems to have set the bar a bit higher. Police in Lake County outside Chicago found the personal information of almost 90 current and retired Major League Baseball players in the home of David Dright.

The information is believed to have come from trash bins of SFX Baseball Inc., a sports agency that represents major and minor league baseball players headed by Pat Rooney and Fern Cuza. The information he recovered includes dates of birth, Social Security numbers, canceled paychecks, and infant death records. The evidence was found in Dright's apartment after someone reported that Dright stole his identity. Whether any of the players have been affected is being investigated, but potential victims are being contacted.

Remember: Anyone can be a victim of identity theft. I hope this will be a lesson to SFX to be more careful when handling client data. These players trust this company, so their information should be treated with more care. I suppose I shouldn't be surprised by the careless practices of such companies. Reminder number two: Shred those documents before throwing them away.

Sunday, December 17, 2006

Secret Chat Rooms for Identity Thieves

Have you ever wondered how so many identity thieves obtain the information necessary to take over someone's finances. Sure, many will do the foot work using the methods I've discussed earlier such as mail theft, phishing scams, card skimmers, dumpster diving, etc. However, it isn't always necessary to go to that kind of trouble when you can use the information someone else has obtained and sold. There are online communities that do just that. Sell identities.

There are online message boards and chat rooms where social security numbers, birth dates, credit card numbers, and bank account details are exchanged. These websites are nearly impossible for the even the most savvy of web users to find, but they exist with hackers selling identifying information amongst one another. A skilled identity thief can cost a victim thousands of dollars while only being charged a few dollars for a credit card number.

While this is obviously disturbing, it doesn't surprise me. Identity theft becomes easier with our current technology. So those collecting more information than they can use will gladly pass it along for a few extra dollars, and entire underground communities are doing this. It makes me hope my information is being sold on these sites.

Thursday, December 14, 2006

Boeing Laptop Theft Puts Thousands at Risk

Company laptop thefts are usually the result of carelessness on the part of the employee. This was the case with the latest Boeing laptop theft. The laptop was stolen earlier this month when an employee left it unattended. The stolen laptop contained the names, addresses, and Social Security numbers of 382,000 current and former Boeing employees, leaving these people at risk of identity theft.

A Boeing spokesman insisted that the laptop was turned off at the time of the theft, and required a password to access files so the information could not be accessed easily. How comforting is that for current and former Boeing employees? It wouldn't be enough for me, and the company is taking the necessary steps for those who feel the same way. Boeing has not only contacted those whose information may be compromised but also offered them credit monitoring for the next three years. Boeing has not said whether or not disciplinary action has been taken against the employee in question (I'd hope they are).

However, the most disturbing thing about it is that this is not the first such occurrence from Boeing in recent years, but the third. This is obvious carelessness. Employees handling sensitive information need to be trained in proper security procedures and punished when these procedures are not followed.

Tuesday, December 12, 2006

Security Breach at UCLA

Your information is only as safe as the databases it's kept in. You can take every precaution to secure your private information, but if there is a security breach at your job, bank, school, etc., you are still at risk. As I've said in the past, everyone is a potential identity theft victim. The best we can do is secure things at our end and try to minimize the damage if we are hit by identity thieves.

Most companies and institutions are aware of the sensitivity of customer and employee data and take precautions to keep this information out of the wrong hands. Unfortunately, they are not always successful (as we know from my insider identity theft post). The most recent breach was detected at UCLA. A hacker has gained access to a restricted UCLA database containing names and personal information of current and former students, faculty and staff, applicants for financial aid, and more. UCLA is notifying those who have information in that database and are investigating how much information the hacker gained and whether or not it has been fraudulently used. They have set up a website for those who were in the database as well as anyone else who feels they have been affected by this breach, and they recommend certain precautions be taken to protect one's credit.

While this is definitely not a positive thing, UCLA seems to be handling it properly. Notifying potential victims and recommending security precautions, such as placing a fraud alert on one's credit report to prevent or at least minimize fraudulent accounts being opened, is a good way to keep consumers' trust despite security issues. Now, let's see if they can take the precautions to prevent this from happening again.

If you are a current or former student of UCLA or think your name may have been in this database, check out this site.

Tuesday, December 05, 2006

Password Habits and Identity Theft

For many products and services we buy or use on the web, registration is required, and we create a user name and password for each account. This is done for security purposes, so others can't purchase goods and services with your account or access your email. How secure are your passwords? Is it a word that could easily be guessed or associated with you? We tend create passwords that will be easy for to remember, which makes perfect sense, but it shouldn't be easy for someone else to guess or figure out. For instance, don't use your login name as your password, or easy to guess number sequences like "12345." Also avoid using any part of your name or your birthday. The digits of your passwords should include both letters and numbers, and they should be changed regularly. If your password can be easily guessed, you are at greater risk of becoming an identity theft victim.

Another common password habit we often develop is using the same password for multiple purposes. Once again, it seems convenient since it would be a royal pain to have to remember dozens of different passwords for all of the purposes we need them for. But how does this help your online security? Once your password is cracked, an identity thief can log into any or all of your accounts. According to a report published by the International Telecommunications Union, more and more people continue to use the same passwords for different accounts, and in doing so, putting themselves at greater risk of identity theft.

Sure, varying our passwords might seem inconvenient, but it is definitely worth the extra effort. Also, it might be a good idea for companies to do their part to prevent identity theft by coming up with another way to verify a user's identification.

Monday, December 04, 2006

LimeWire and Identity Theft

There's been a great deal of talk lately about peer-to-peer file sharing and identity theft. The reason, as you may have heard, is popular file sharing network LimeWire having recently been used to access files on users computers and open fraudulent accounts with this information. On Friday, eight people were indicted fo using LimeWire to help with their identity theft ring. The three key players, Michael Sarrasin, Shawn Adams and Tamara Stesneyr, were indicted on November 30 on 115 charges. They allegedly accessed personal account information of LimeWire users and used the information to open fraudulent accounts at Denver banks. The victims' losses are estimated at about $70,000.

Now, I'm not going into my thoughts on peer-to-peer file sharing (that's not what this blog is for), but we all know our computers and the data on them become more vulnerable when we go online, which is why we have all our anti-virus software and firewall. However, when you participate in peer-to-peer networks such as LimeWire, you give other users access to certain data on your computer (supposedly the folders designated for it), and you may want to take extra precautions to protect sensitive data. Encryption programs like PGP and TrueCrypt are recommended.

I'm not going to tell people what to do online, but I will tell you to protect your private information.

Thursday, November 30, 2006

Identity Theft Through Email

As I've discussed in earlier posts, there are many ways you can become an identity theft victim. By now we know that your identity can be stolen if someone is able to access your credit card numbers, bank account numbers, and Social Security number. It may be simpler than that. What if someone else gains access to your personal email?

This can be more dangerous than it sounds. We send and receive sensitive information in our email more and more often. What is at risk here? When you sign up for an online vendor, don't you often receive an email confirming your user name and password? If you have a Paypal account, you log into it with your email address. What's to stop an identity thief from clicking on, "forgot password" and entering your email address. You might also be reminded that your Paypal account can only be confirmed with your bank account. What about Amazon? Once you order, they keep your credit card number on file. Your thief won't even need the credit card number to start spending. He'd just need to re-route the order as a gift delivery to have it sent elsewhere. I could go on, but you probably get the point by now. And if you're not convinced, check out this woman's experience after leaving her Hotmail account open on a public computer.

So what's to be done? That actually depends. Do you use free web-based email accounts? Do you use them for signing up for membership on the web and making online purchases? If so, you may not want to access them from a public computer. Sure, it's convenient, but at what cost? You may also consider changing your password often, and being careful to log out every time you use it. What about your personal email on your home computer? Do you have it set to automatically open when you start up your computer? That's something else you may want to consider. Anyone who enters your home (with or without permission) and sits down in front of your computer can view your email without even the benefit of a password.

Keeping your identity secure is not always convenient, but it pays off in the long run.

Monday, November 27, 2006

Identity Theft Methods: Shoulder Surfing

You never know who is watching. Most people who appear to be minding their own business while you are conducting your own business probably mean you no harm. But that's not the case for everyone. Some are watching, waiting for you to reveal important information. This identity theft method can be an effective way to gather information. Shoulder surfing involves the identity thief observing and/or eavesdropping on a potential victim to gather information such as PINs, account numbers, credit card numbers, passwords, etc.

The shoulder surfer will stand behind you at the grocery store or ATM, watching carefully as pull out your credit card or type in your PIN, maybe even taking pictures with a camera phone. Or he could be watching from farther off with binoculars. The shoulder surfer may also be sitting nearby at your favorite coffee shop, stealing glances at your fingers as you type in passwords on your laptop and eavesdroping on cell phone conversations for useful information. While most people around you are not trying to steal your identity, it is always best to act with some degree of caution.

If your identity thief has some hi-tech surveillance gear, it may be hard to hide from him, but here are a few tips to make it harder for the average shoulder surfer to steal your information:

* Do not write down passwords and PINs. As soon as you pull out that slip of paper, you make the shoulder surfing so much easier.

* Be aware of your surroundings and make note of those around you.

* If you are using a laptop in public, try to point the screen away from public view.

* Computer users should make user names and passwords as long and difficult as possible. Changing passwords frequently is also wise.

* While many ATMs are now modified to combat shoulder surfing, it is best to use the ATM as quickly as possible, and do not leave receipts behind.

It's always best to be cautious when it comes to your personal information. After all, you never know who is watching your back.

Thursday, November 16, 2006

Chicago Man Charged With 800-Number Scam

Apparently, not all identity thieves call their potential victims to ask for information. Normally, pretexting fraudsters contact or approach potential victims. This Chicago man simply let them contact him. Harris Jones set up an 800 number in his home, claiming to be a Nextel representative. People would call information services for a Nextel rep and would be given his number. When they'd call, he would ask for their personal information, like Social Security numbers, birth dates, credit card numbers, and the victims, thinking they were talking to a sales rep, didn't think twice about giving him this information.

When Jones was arrested, he was found possessing 17 names, dates of birth, and Social Security numbers, but an estimated 200 people called his 800-number. Jones is being charged with identity theft and deceptive practice.

Identity theft is definitely a crime of innovation. Thieves are coming up with new scams and new variations on older ones. In this case, people obtained this number from a reliable source, but were scammed because the number was registered as a Nextel number. If you are calling or otherwise contacting a company where credit card numbers or other personal information may be involved, verify the information at the company's website to be sure the person you are calling does, in fact, work for that company.

Monday, November 13, 2006

'Tis the Season to be Cautious: Holiday Identity Theft

With the holiday shopping season just around the corner, this seemed to be an appropriate topic. The holiday season tends to make us more generous and stressed about finding that perfect gift, planning parties and getting everything done on time, but it also makes us a bit less cautious than we'd normally be. With so many people shopping in stores, making online purchases, receiving packages and invoices, etc., this is also a profitable time for those who commit identity theft. I can't place enough emphasis on this. Take extra precautions when shopping this season. Watch transactions in stores (especially, with your credit cards), order gifts only from reputable vendors with secure order forms ("https" instead of "http"); and if your purse or wallet is stolen while shopping, report it immediately.

While you shouldn't let this compromise your holiday spirit or generosity toward friends and family, you should remain vigilant to protect your information. After all, identity thieves know people will be distracted at this time and will capitalize. Your personal information (Social Security number, account numbers, PINs) is priceless, and once compromised, repairing your finances and credit can take months, even years. Be careful who you share this information with, even if its a family member (identity theft can be committed by someone you know).

Here's an early wish for a happy and secure holiday season!

Friday, November 03, 2006

Child Identity Theft Increasing

Anyone can be an identity theft victim. You'll see that in any book, article or web page you read about the crime. Old or young, rich or poor, living or deceased, you are always a potential victim. The most obvious potential victim would be a child, and why not? A child will have no credit history (no credit cards, loans or any other services in his/her name), so stealing a child's identity gives the thief a clean slate to apply for as much credit as possible before the child's credit history is ruined. The fortunate child will have a parent notice something amiss (bills or preapproved credit offers arriving in a son/daughter's name) and look into it.

The less fortunate child won't know he/she is a victim of identity theft until trying to rent an apartment or apply for a credit card or student loan, and the even less fortunate ones will find that they have been living with their identity thief without even realizing it. Yes, there are parents who will steal their children's identities, often out of financial desperation. Imagine choosing between absorbing the debt and accepting the bad credit or reporting your mom or dad to the police as an identity thief. Fortunately, most parents don't put their children in that situation.

According to news reports, child identity theft is becoming more common, but parents can take precautionary measures to prevent this or at least catch it early. Watch for suspicious mail showing up in your son/daughter's name, and occasionally obtain copies of your child's credit report. Children, under normal circumstances, will have no credit history. Watch for people who ask for Social Security numbers in situations where they shouldn't be needed (like sports and other after school activities), and observe your child's online activities. It's my opinion that only the lowest identity thief would victimize a child, but this can be stopped early and even prevented. Be vigilant.

Thursday, November 02, 2006

Firefox 2.0 Helps Protect From Identity Theft

Mozilla's open source web browser Firefox has grown in popularity since its launch. It has become a major thorn in Microsoft's side and has gained the support of many of the software giant's competitors. While sporting many popular features and extensions, what makes Firefox most appealing is security. Firefox has proved to be less vulnerable to viruses, spyware and adware than Microsoft's Internet Explorer, hence making the data on the user's computer less accessible for a tech savvy identity thief. Don't just take my word for it. This article explains Firefox's security including stats from Secunia, a security and vulnerability reporting site.

If that isn't enough, Firefox is continuing to protect users' computers while they are online and adding extra defense against identity theft. Just days after the October 19 release of Internet Explorer 7, Firefox 2.0 is hoping to compete and gain a larger share of the market. One feature that Mozilla is boasting in its new release is protection from phishing scams with a tool that will alert users that websites they are encountering are potential forgeries, which are designed to extract their personal information.

Identity theft can be a high tech as well as low tech crime. Be sure you are protecting yourself in every aspect of your life. Your files, the personal and financial data you store on your computer, are too important to be compromised. Is the convenience of using the browser that came with your operating system worth the risk of this information falling into malicious hands? If you haven't already done so, switch to Firefox.

Firefox 2.0 can be downloaded here.

Tuesday, October 31, 2006

Many Americans Ignorant About ID Theft: Disturbing Statistics

While there are times when ignorance is bliss, that's not the case when it comes to identity theft. Ignorance regarding ID theft (how to protect yourself against it or what to do if you become a victim) can have long-lasting affects on your financial future as well as possibly affecting your criminal record. Despite this fact, many Americans are misinformed about the financial devastation of identity theft as well as the steps required if they become victims, according to a survey by Capital One and Consumer Action. The statistics reported in this survey are quite disturbing.

Some information reported includes that 44% of consumers did not realize that their personal identifying information can be used to apply for a mortgage, and 32% put themselves at risk by carrying their Social Security cards in their wallets. However, the most vulnerable consumers fall in the oldest and youngest age brackets. For instance, 41% of older Americans (70 and over) did not know identity thieves can obtain ID cards with their information while 54% of younger Americans (18 and 19) were unaware of this fact. For more details, this release provides more complete results from the study.

I think I fell somewhere in between those who were ignorant and those who were cautious. I was aware that identity theft existed, but didn't take it seriously until after it happened to me. You don't have to learn the hard way. While I don't recommend living in fear of an identity thief, this crime should not be taken lightly. Consumers should be regularly checking credit reports, monitoring bank and credit card statements, and taking other necessary precautions.

Friday, October 27, 2006

Another Shredding Option

It is my opinion that, if possible, consumers should purchase their own paper shredders, so documents with sensitive information will be destroyed before they leave your home. However, some situations don't allow you this convenience. Perhaps for some reason your shredder is not working or you are traveling and don't have direct access to a shredder, you look to other options. There are always shredding services, but those companies are usually used by businesses with a large quantity of documents to shred. However, recently ShredStation claims to offer quality of professional shredding services that are conveniently accessible.

ShredStation
units are placed in convenient locations, like banks, drug stores, grocery stores and office buildings. Secure ShredStation deposit boxes are made of commercial grade steel and bolted to the floor at each location. These deposit boxes are said to be fully automated and fully secure with electronic payment method that alerts ShredStation Licensed Agents that there are contents in the box that require destruction, which is done onsite using industrial cross cut mobile shredding trucks. For a more detailed description, check out this press release.

While this service sounds good and efficient, it is not yet widespread as I discovered when I checked to see if there is a location nearby. I still recommend shredding at home unless you have a large quantity of documents to shred, but however you choose to do so, shred those documents before disposal.

Thursday, October 26, 2006

Couple Faces Charges For Stealing 150 Identities

If my mail theft blog wasn't warning enough, this real life situation should be enough to convince you that you need to protect your mail.

Modesto, CA, couple Davis Warren and his wife Mary Elizabeth Warren face several charges of identity theft and conspiracy for crimes occurring between June and September 2005 victimizing 150 people.

They first stole mail from their victims, and then used the website PeopleFinder.com to find more personal information. The Warrens withdrew money and made online purchases in victims' names, having the packages sent to the victims' homes, where they would be waiting to pick them up. Victims began reporting packages they didn't order and mailboxes being broken into. Police finally got their first lead when they were able to trace the IP address for one of the purchases.

This is definitely proof enough that all an identity thief needs is a few key mail items, and the rest of the information can be obtained fairly easily and affordably. You should do what you can to protect your mail. An open mailbox is most vulnerable. Even if a locked box is broken into or stolen, you will know and can report it right away.

Wednesday, October 25, 2006

Medical Identity Theft


While most types of identity theft are damaging to your credit, reputation or criminal record, this one is potentially life threatening. The medical identity thief will use a name Social Security number and insurance information and impersonate the victim to obtain medical goods and services. This will result in false information being entered into the victim's medical record, possibly causing the victim to receive the wrong treatment or medication for a medical condition he/she never had. I don't think I need to explain what makes this life threatening. The worst part of this is that older people are often targeted because they will most likely have some kind of public insurance like Medicare.

Chances are the victim may not discover the scam unless he/she receives a bill, and these cases are often difficult to resolve, as with Ryan's case in this article, because privacy policies would not allow him to see the file or allow him to know what kind of surgery he supposedly had. Ryan suffered a great deal of financial damage while the hospital took two years to waive the fee.

This form of identity theft is clearly the most dangerous to the victim. It should receive more attention and investigation than it does, especially when the outcome can result in physical harm or loss of life due to an incorrect medical treatment.

Tuesday, October 24, 2006

Jury Duty Scam

I am trying to address some of the "popular" scams in this blog, and this one has apparently been fairly active and has had some success during the past few years. It is commonly called the jury duty scam, as mentioned in the title. The fraudster's method is relatively simple. He/she will call you to let you know that since you failed to report for jury duty, there is a warrant for your arrest and there is an officer on his way to your house to arrest you. You, never recalling receiving a summons, tell the caller just that. Well, in that case, the caller is all too willing to help you clear this up, and asks for your Social Security number and other identifying information.

It's no secret as to the reason why this works. No one wants to be arrested for a ignoring a summons that was never received, and when caught off guard like that, you don't usually take the time to think this through. First of all, if you don't report to jury duty after a summons, you will be contacted by mail, not telephone, and you would not be asked to reveal information like your Social Security number to the courts over the phone. They already have this information, and besides, if there were really a warrant for your arrest, simply supplying your SSN is not going to clear it up.

Obviously, you should be suspicious if you receive such a call. Do not supply information to "verify" anything unless you initiated the call. In fact, hang up. It may seem rude, but this person wants to keep you on the line to hurt you, not help you.

Monday, October 23, 2006

Social Security Number on ID Cards

With ID theft on the rise, there is a concern with Social Security numbers being printed on various identification cards. In many states, you had to request that your SSN be left off your driver's license, but The Intelligence Reform and Terrorism Prevention Act of 2004, which went into effect in December 2005, now prohibits printing the number on your license at all. However, other forms of ID may still display your Social Security number. Employee ID cards, student ID cards and insurance cards are a few that may still display your SSN.

Many companies and universities are taking concerns about identity theft seriously. When I worked for a local library as a student, my employee number was not my Social Security number but instead a separate number that was displayed on my time card and pay stubs. And my local university stopped printing SSNs on student IDs in 2000. This doesn't mean that everybody is switching over. Some are still resisting. One particular institution is Ohio University, which is being forced thanks to Chapter 1347.05 of the Ohio Revised Code, to switch over to a new system. It seems the resistance is caused by the inconvenience of changing over. After all, your SSN is your national identifier that is not unique to any state or company, but is unique to you.

I'm sure we'll see more stories like this as more states require protection for your Social Security number.

Saturday, October 21, 2006

Study Shows More Consumers Fall for Phishing Scams

I've covered phishing scams in an earlier post and mentioned that until recently I didn't think people would respond to these emails. But they wouldn't continue to use this method if it wasn't successful.

According to a study by the University of Indiana's Informatics department, these scams might have more takers than they originally thought. The way these scammers make their killing is by spamming as many email addresses as possible, hoping to find a percentage of consumers who both have an account with the institution being imitated and will submit the information out of concern for their account. Earlier reports showed about 3%, but according to this university survey, it could be as high as 14%.

The study involved simulating the phishing attack on Ebay customers, and when someone clicked on the link, they were directed to Ebay's login page. Researchers were notified of the customer logins but not passwords and other private information.

As the attacks become more hi-tech, the methods of research will need to follow. This was definitely an effective survey method. Other methods don't take into account that many people are too embarrassed about being scammed to admit to it.

Friday, October 20, 2006

Identity Theft Methods: Credit Card Skimming


This method is particularly devious. You can be handing over your information to your identity thief without even realizing it. It can happen in a restaurant, store or anywhere your credit card leaves your possession for swiping, and he/she needs to do is an extra swipe. It is called credit card skimming.

Example: You hand your waiter at a restaurant your credit card to pay your bill. He walks away with the credit card, and once the card is out of your site he can make his swipes. He will first swipe it though a small hand-held device called a skimmer. This gadget will record the information the thief needs from your card. He will then swipe it again to pay your bill and return to your table with your receipt. He will probably make several swipes throughout the evening. He will then download the information to his computer where he will use the information to have a counterfeit card made or he will just use the information to make online purchases before you discover what happened.

These skimming devices have also been attached to ATM machines for the same purpose, and some of them with cameras to record PIN numbers.

This one can be hard to protect yourself against. The best defense is to keep an eye on the card whenever possible, or do as much as possible using cash instead of a credit card. Go over your monthly credit card bills every month just in case. While should not fear and distrust everyone, it doesn't hurt to be vigilant.

Thursday, October 19, 2006

Posting Online Resumes: Is It Safe?

Posting an online resume can be a little sticky, especially if you are currently employed. You don't know who's looking. I've always avoided it for fear of my current employer accidentally stumbling across it by accident. A copy of my updated resume complete with the skills and projects I acquired in position with the company? I would definitely have some explaining to do. Unfortunately, there are other damaging reasons to be cautious about posting your resume online. As I said before, you don't know who's looking.

According to this article, identity thieves consider online jobseekers an easy target. After all, your contact information is right there for the world to see. They contact jobseekers posing as a potential employer, requesting more information (like a Social Security number), and our jobseeker is all too eager to turn over this information, thinking it is for a background check. Once they have this information, ID thieves can apply for credit cards and take out loans in the jobseeker's name.

The identity thief can also use the information you have provided to impersonate you professionally. He/she will literally use your education and employment history to get a job in your field under your name. And guess who the IRS looks for when the income is not reported?

Obviously, the best way to find a new job is do some research and contact a company of interest directly, but if you must post your resume online, do so with caution. Do not provide too much information unless you are sure the person requesting it is who he claims to be. A legitimate employer will only request a background check if you are a serious candidate for the position, and will probably request one after an interview. Practice safe job-hunting, and you'll be more likely to find the job you want without any unnecessary disasters.

Wednesday, October 18, 2006

Identity Thieves More Likely to Use Yahoo! Email

Those of you making purchases online with Yahoo! or other web-based email accounts may want to make note of this.

According to a recent report from checkmyfile.com, that identity thieves tend to use popular web-based email services like Yahoo! or Hotmail when making fraudulent online purchases. Yahoo! seems to be the favorite since 82% of suspected identity theft attempts have been made using this service. It doesn't surprise me that identity thieves would prefer these types of email accounts. After all, they are free, and you can open as many as you want under any number of different names. And they are difficult to trace because you can login from anywhere.

Problem? Those of us legitimate consumers who use these email services to place orders online are more likely to be blacklisted as identity thieves, or many companies may stop accepting orders from customers with these addresses since identity thieves use them. While I understand the concern, it seems a little extreme to label anyone who has placed an order with a Yahoo! account an identity thief. There are other reasons someone might place an order with a web-based account. I personally have been placing orders with my Yahoo! account for years because I don't want my main email account bombarded with promotions from these vendors. I know other people who use them because they share a main account with a relative or spouse.

Although I'm not pleased with this development, I can't blame them. Whatever can be done to at least slow down identity theft should be considered. Meanwhile, I'd better go change my Amazon account.

Tuesday, October 17, 2006

Identity Theft Methods: Phishing

We've all received these emails at some point. It will look like an email from your bank, Ebay, or Paypal, saying that you needed to confirm or update your information or that your account has been suspended, and with it a link is conveniently provided. If you click on the link, you are taken to a page with a number of fields asking for account information, passwords, your Social Security number and other identifying information. Here's one I received last week.



Most of you probably know by now that this is a scam. And to be honest, I never thought anyone actually took these seriously. After all, my bank would not ask me to submit information they already have. However, after doing some research, I found that thousands of people have been hit by identity thieves after responding to these requests for information.

The term for this method of harvesting information for identity theft is called phishing. Phishing scammers will claim to be from a financial institution in an effort to trick people into surrendering important identifying information. The website will look legitimate, and with the proper Java script commands, they can alter the web address in the address bar. By spamming enough people, these scammers will reach a percentage of people who have accounts at these institutions and will be all too willing to provide the requested information. Obviously, the best way to avoid the scam is not to respond at all, and be suspicious of any "company" that requests this information in an email. The Federal Trade Commission has a list of suggestions here. If you are concerned that there might be a problem with your account, type in your bank's url yourself before logging in or call your bank directly.

There are organizations that are set up to help combat phishing like Antiphishing.org and PhishTank.

Monday, October 16, 2006

Data Theft at Government Agencies More Common than Reported

As consumers, security breaches and data leaks at our financial institutions are always a great concern to us. After all, sensitive personal and financial information such as Social Security numbers and account numbers are falling into the possession of those who may misuse them. But what about our government agencies? Can't we trust confidential data to be kept secure by Uncle Sam? Apparently, it's not as secure as we'd like to think.

According to a congressional report released on Friday, October 13, incidents of lost or stolen data at government agencies occurs more frequently than they thought. These security breaches affect millions of Americans and 19 government departments. The report states that out of nearly 800 incidents, most of them have not been reported to the public, and most of these incidents involved outright thefts of computers or disks containing personal identifying information like Social Security numbers. An investigation began after reports of numerous high profile data losses, including a stolen laptop from an employee of Veterans Affairs, and the investigation revealed security breaches with several other government agencies like the Social Security Administration, the Department of Health, the Defense Department and the Department of Education, just to name a few.

Perhaps more emphasis should be placed on securing the personal information of private citizens. Government employees should be trained to handle our data with care, and when there is a problem, they should be more efficient about letting the public know about potential identity theft issues.

Saturday, October 14, 2006

Identity Theft Methods: "The Insider"

This method of identity theft is difficult, if not impossible, to prevent yourself. You just have to hope the employees at the companies you do business with are honest.

"The insider" is an employee at your bank, insurance company, doctor's office or anywhere your personal or financial information can be easily accessed. Identity thieves find personnel at these companies, usually ones who aren't paid well, and bribe them to turnover important client information. Names, social security numbers and account numbers will be handed over in exchange for cash (or other favors, as this particular article implies). It doesn't stop here. Insiders have also been known to create false documents (such as birth certificates) or alter documents for a price.

Another way identity thieves can access information is to become "the insider" by getting a job at a company or agency where he/she will have access to confidential information. With direct access to this information, the savvy thief will take whatever information he/she needs and most likely quit the job before any illegal activity is detected.

Obviously, it would be impossible to cover every possible scenario here, but you get the point. This isn't something you the consumer can't control, but if you are concerned, you can always ask the companies you do regular business with about the methods they use to screen employees. If you think the proper precautions are not being taken, you may want to go elsewhere. Order copies of your credit reports at least twice a year. That's the best way to be sure your credit isn't being used fraudulently.

Friday, October 13, 2006

Former Police Officer Faces Identity Theft Charges

When companies hire a security guard, they hope to protect employees, customers and whatever products or information within the company. Needless to say, the guard in this case may not be recommended for future security work.

Former New York City police officer Ronnie Artis, who worked as a security guard for Suffolk County Community College's Selden Campus, has been charged with stealing the identities of faculty members and students. With his job as security guard, Artis was able to gain access to offices that contained the information he needed to steal identities. Police found personal identifying information of instructors and students in the former officer's home. According to police, Artis used this information to make online purchases and had them shipped to his home (something a more savvy identity thief would never do).

So how long will it take before the employees and students at this college are willing to trust another security guard?

It's sad to see someone in a position to protect people using his job to steal from them instead. Perhaps his former colleagues in New York City should check their credit reports. His sloppy methods are not a reflection of a career identity thief, but you never know.

Thursday, October 12, 2006

"Low-tech" Identity Theft Methods: Dumpster Diving


So what's in your trash? This question may seem irrelevant, or even silly, but what you throw away may be a gold mine for an identity thief.

I've mentioned dumpster diving in my junk mail post, but it's important enough to repeat for emphasis. Once your trash reaches the dumpster or curb, it is no longer private, and the dumpster diver is free to do just as the term implies, rummage through your trash for whatever treasure he/she is seeking. In the case of the identity thief, he is looking for anything that can be used to steal your identity. Some examples include stubs from bills, old bank statements, credit card offers, junk mail or anything with any kind of personal identifying information and account numbers. These items are gems that should not just be thrown away.

Make it a point never to throw any of your paper products away. If you don't already have one, invest in a shredder, preferably a cross cut shredder which will render any shredded documents impossible to reassemble. While businesses are expected to shred confidential documents, more people are keeping personal shredders in their homes. This is an inexpensive way of protecting you personal and financial information from the dumpster diving identity thief. Please shred all mail and paper work before it gets to the curb. Never assume you are not vulnerable.

Wednesday, October 11, 2006

"Low-tech" Methods of Identity Theft: Mail Theft


There was a time when people could place outgoing mail in their mailbox, lift the red flag and not give it a second thought. Unfortunately, we no longer live in such innocent times. With so many people away from home at the time of mail delivery, your mailbox becomes a primary target for thieves. I've mentioned mail theft in an earlier post because it's a common "low-tech" way for an identity thief to obtain information about you without stealing directly from inside your home or being computer saavy enough to use more high tech methods. What are they looking for? Outgoing checks are more than enough to let someone inflict serious damage. After all, checks are very easy to alter, and they provide your bank's name and your account number. Other valuable items include bank statements, credit card bills, utility bills, pre-approved credit applications and other junk mail. Anything with personal or financial information is fair game to help them access current accounts or open new ones in your name.

So what can you do to protect your mail? First of all, you can protect your outgoing mail by dropping it off at the post office directly, an official USPS postal collection box or hand it to your mail carrier directly. For incoming mail, consider a more secure mail collection method like a locked mailbox or a front door slot, or if you have a post office box, you may consider having your bills sent there. I've already offered suggestions to eliminate junk mail from your box here.

If you suspect that your mail has been stolen, contact the USPS for a Postal Inspector to investigate. You may also want to order a copy of your credit reports to check for fraudulent accounts opened in your name.

I'll continue posting different ID theft methods and how to protect yourself from them. Some have been mentioned in earlier posts, but all of them deserve some expanding on to give you a better picture of what you are dealing with.

Tuesday, October 10, 2006

Social Networking Site Users at Higher Risk for ID Theft

I've always been cautious about how much information I post online. The very idea of posting my pictures and personal details on the web for the entire world to see still gives me the creeps, especially since I don't know how this information will be used. I know most people are there to have fun, but not everyone is going to play nice. Apparently, I'm not just being paranoid. According to a survey by CA and the National Cyber Security Alliance (NCSA), those who surf social networking sites like MySpace, Friendster and Facebook are at greater risk for identity theft and other cybercrimes. Users of these sites have been cautioned in the past for making themselves vulnerable to physical criminals like sexual predators. This survey, however, focuses on users' behavior in relation to threats of identity theft, fraud, and computer viruses.

Some of information revealed in the survey will definitely cause concern. While more than half of those surveyed are concerned about becoming victims of cybercrimes, they still divulge personal information, like the the 74% who have revealed full names, birthdays and email addresses, information that can be useful to identity thieves. Others open their computers up to malware attacks by downloading unknown files from other users' profiles (83%). Perhaps the most disturbing numbers are the parents who know their children use sites MySpace or Facebook and do little or no monitoring.

Before those of you who enjoy using these sites get too upset with me, I'm not blaming MySpace or any of these other sites for the actions of cybercriminals. Like any other technology, it's not uncommon for someone to take a tool most people use for fun or convenience and use it instead for dishonest purposes. These sites all let you control what information you reveal, so be careful. Some of the suggested precautions from the survey include never providing your address, date of birth, Social Security number or any financial account numbers. When it comes to downloading files from anothe user's profile, proceed with caution since it contain a virus or spyware, and be sure to protect your computer with the necessary firewall, anti-virus and anti-spyware software. I highly recommend reading the article for more details and recommendations.

Monday, October 09, 2006

Former HP Chairwoman Charged with Identity Theft

If you didn't think anyone can be an identity thief, or at least charged with identity theft, the recent Hewlett-Packard scandal may prove otherwise. Former HP chairwoman Patricia Dunn resigned after it emerged that she was involved in hiring investigators who used legally questionable methods to spy on members of the HP board and the media to discover a leak of confidential information, and she, along with HP ethics chief Kevin Hunsaker and the investigators they hired, face charges of conspiracy, wrongful use of computer data, identity theft, and engaging in fraudulent wire communications.

Dunn claims she is innocent of any wrong doing. The investigators allegedly concocted fictional emails to send to certain reporters with a tracer attached, a method that involves "pretexting," which is an illegal method also employed by identity thieves and hackers. Now, one may question whether or not Dunn herself is guilty of identity theft. Identity theft, by definition, is "when someone wrongfully acquires or uses another person's personal data" which is normally done for financial gain (but other motives obviously exist). According to this definition, identity theft has occurred, but whether or not Dunn is an identity thief herself is still questionable depending on whether or not she authorized the use of pretexting in the investigation or if she was aware of this at all.

While the investigation itself was overstepping boundaries and Dunn's resignation was appropriate, we will hopefully learn more as the trial approaches, whether or not these charges are accurate in Dunn's case. Personally, I'm not really buying that Dunn was so naive. Considering what private investigators charge, being completely oblivious to the methods being used or whether or not they were legal seems unlikely. A gray area perhaps? We'll see.

Apparently, with the proper motivation, anyone, even an executive at a high profile company, can be a potential identity thief.

Friday, October 06, 2006

Junk Mail Must Go, but Don't Throw it Away


Junk mail is a part of life these days, guaranteed, like death and taxes. Pre-approved credit card offers, catalogs you never order from, magazine subscription offers, and my personal favorite, those "you could be a winner" sweepstakes generally fall under the umbrella of items labeled "junk mail." Does a day go by when at least one of these items does not grace your mailbox with its presence? If the answer is "no," you are leaving yourself at the mercy of potential identity thieves.

Mail theft is a major method these thieves use to steal your identity, and why junk mail when a credit card bill or bank statement would be so much better? While bills and financial statements are valuable to accessing your existing accounts, junk mail is a good target because you are less likely to miss it if it doesn't show up. Besides, of all your junk mail, those pre-approved credit card offers are the items your thief wants most because he/she can open use them to open credit accounts in your name. Therefore, they must be the first to go. The three major credit bureaus (Equifax, Experian and TransUnion) have a toll free number to "opt-out" of these pre-approved offers for two years. The number is 1-888-5-OPTOUT (567-8688). You'll need to take further steps to eliminate the rest of your junk mail. The Direct Marketing Association's (DMA) Mail Preference Service allows you to opt out of receiving direct mail marketing from numerous national companies for five years, but this will only stop junk mail from companies registered with the DMA's Mail Preference Service. To opt-out, send a letter to:

Direct Marketing Association
Mail Preference Service
P.O. Box 643
Carmel, NY 10512

Any other companies will have to be called directly, so you can ask them to remove you from their mailing list.

So what happens to the junk mail you already have? If you are like I was, it would be thrown on a vacant desk or coffee table until it piled up enough to become annoying and then was thrown away. Or does it just go right to the trash? Either way, you are making yourself a target for identity theft. If it sits around the house, it is vulnerable to be taken by any one who enters your home, welcome or not, and then used to obtain credit in your name. But if you just throw it away, you make it available to the sinister dumpster diver who will also make use of it. The best way to handle your current unwanted mail is to shred it before disposing of it. If you don't have a paper shredder, buy one. This is an investment that will help protect your credit and financial future.

Eliminating junk mail from your box is just one step towards a more secure lifestyle.

Thursday, October 05, 2006

College Campus for Identity Thieves

College students tend to be targets for identity theft since they are young and trying to establish credit or start careers, and identity thieves often obtain the information they need by approaching the students claiming to represent a major bank or potential employer. A similar incident was reported in Sacramento, CA. According to the State Hornet Online, two unidentified men on the campus of California State University, Sacramento, entered at least five classrooms over the course of a week, and claimed to be career center employees. They claimed to be recruiting students for an internship, but didn't say with whom. The men obtained names and contact information. The campus police are still investigating whether or not social security numbers were obtained. The men have not been apprehended, and the incident is still under investigation.

The method used here is called pretexting, or obtaining information under false pretenses. Pretexting is normally done over the phone, but it is apparently just as effective in person. If someone asks for information but does not tell what they are using it for, you should approach the situation with suspicion. Parents should teach their children early on not to give out their personal information freely and warn them of the dangers of identity theft, so when they are on their own in college, they will already be stingy with their information. In this case, the fact that these men were promoting an internship and asked for information but failed to identify the company that would be receiving this information should have been a warning. Incidents like this one can be nipped in the bud with the proper preparation.

Wednesday, October 04, 2006

Best Banks for Handling Identity Theft

Anyone who has been a victim of identity theft knows that once you discover that someone has used your name, credit cards, or other personal and financial information for fraudulent purposes, the road to restoring your good name and credit is long and difficult.

However, dealing with a cooperative bank can make this uphill battle a bit easier. A recent survey by Javelin Strategy & Research rated banks based on their ability to prevent, detect and resolve identity theft. Out of 24 of the top banks in the United States, Bank of America, JP Morgan Chase and Washington Mutual topped the list.

Most banks, by now, should be able to handle identity theft complaints. Detection and prevention will set a bank ahead of the rest. According to the study, Bank of America took the biggest step toward prevention with two-factor authentication, a method others will probably soon adopt since multiple-factor authentication was recommended by the Federal Financial Institutions Examination Council. Other suggested prevention and detection methods suggested include sending alerts and encouraging frequent online monitoring for one's own account.

So how does your bank do in your opinion? Does your bank practice secure methods and encourage customers to do the same? While my bank is a regional bank rather than a large national one, my identity theft complaint was handled promptly, and I was refunded in a timely manner. They went over their online banking instructions with me personally and encouraged me to log in often to check on my own account, and the bank manager called me at home twice to make sure I wasn't having any further trouble with my accounts. While they are too small to make a national list, I am highly satisfied with their services and would personally award them with a high rating.

Tuesday, October 03, 2006

Identity Theft Blog: An Introduction

I'm not a big fan of introductions, but I might as well start somewhere. While we may not know one another, the fact that you are reading this tells me we have some common ground. Primarily, you are concerned about the spread of identity theft and would like to protect your personal information from being sold, shared or otherwise spread to those who wish to use it dishonestly. As a security-minded individual myself, I share those concerns with you.

As a victim of identity theft, I have spent hours doing my part to fix what was broken, and try to prevent it from happening again. But it may not be over yet. I didn't lose enough money for the police or bank to investigate, so my thief is still out there. While he's probably moved on to my next victim by now, that doesn't exactly give me peace of mind. More needs to be done to encourage individuals, families, and businesses to adopt secure practices, especially when it comes to personal information and the information of their customers. Most of us are aware of the threat of identity theft but think, “It won't happen to me. After all, I'm careful...” I thought I was careful... How careful are you?

Hence, this blog. Since my experience, I've spent many hours researching identity theft as well as prevention and recovery methods. My goal is to share what I've learned as well as keeping you up to speed on the latest that identity theft news. That way you will not only be armed with the knowledge you need to protect yourself, your family and your business, but you will also know if a major bank or company you do business with has had an information leak. After all, if my bank's records have been compromised, I want to know about it.

I'll continue to add resources to my links section to lead you to resources on the web that will help arm you against identity thieves. If have any questions or recommendations or anything else you may want to add, feel free to comment. I welcome a discussion.