While there are times when ignorance is bliss, that's not the case when it comes to identity theft. Ignorance regarding ID theft (how to protect yourself against it or what to do if you become a victim) can have long-lasting affects on your financial future as well as possibly affecting your criminal record. Despite this fact, many Americans are misinformed about the financial devastation of identity theft as well as the steps required if they become victims, according to a survey by Capital One and Consumer Action. The statistics reported in this survey are quite disturbing.
Some information reported includes that 44% of consumers did not realize that their personal identifying information can be used to apply for a mortgage, and 32% put themselves at risk by carrying their Social Security cards in their wallets. However, the most vulnerable consumers fall in the oldest and youngest age brackets. For instance, 41% of older Americans (70 and over) did not know identity thieves can obtain ID cards with their information while 54% of younger Americans (18 and 19) were unaware of this fact. For more details, this release provides more complete results from the study.
I think I fell somewhere in between those who were ignorant and those who were cautious. I was aware that identity theft existed, but didn't take it seriously until after it happened to me. You don't have to learn the hard way. While I don't recommend living in fear of an identity thief, this crime should not be taken lightly. Consumers should be regularly checking credit reports, monitoring bank and credit card statements, and taking other necessary precautions.
Tuesday, October 31, 2006
Friday, October 27, 2006
Another Shredding Option
It is my opinion that, if possible, consumers should purchase their own paper shredders, so documents with sensitive information will be destroyed before they leave your home. However, some situations don't allow you this convenience. Perhaps for some reason your shredder is not working or you are traveling and don't have direct access to a shredder, you look to other options. There are always shredding services, but those companies are usually used by businesses with a large quantity of documents to shred. However, recently ShredStation claims to offer quality of professional shredding services that are conveniently accessible.
ShredStation units are placed in convenient locations, like banks, drug stores, grocery stores and office buildings. Secure ShredStation deposit boxes are made of commercial grade steel and bolted to the floor at each location. These deposit boxes are said to be fully automated and fully secure with electronic payment method that alerts ShredStation Licensed Agents that there are contents in the box that require destruction, which is done onsite using industrial cross cut mobile shredding trucks. For a more detailed description, check out this press release.
While this service sounds good and efficient, it is not yet widespread as I discovered when I checked to see if there is a location nearby. I still recommend shredding at home unless you have a large quantity of documents to shred, but however you choose to do so, shred those documents before disposal.
ShredStation units are placed in convenient locations, like banks, drug stores, grocery stores and office buildings. Secure ShredStation deposit boxes are made of commercial grade steel and bolted to the floor at each location. These deposit boxes are said to be fully automated and fully secure with electronic payment method that alerts ShredStation Licensed Agents that there are contents in the box that require destruction, which is done onsite using industrial cross cut mobile shredding trucks. For a more detailed description, check out this press release.
While this service sounds good and efficient, it is not yet widespread as I discovered when I checked to see if there is a location nearby. I still recommend shredding at home unless you have a large quantity of documents to shred, but however you choose to do so, shred those documents before disposal.
Thursday, October 26, 2006
Couple Faces Charges For Stealing 150 Identities
If my mail theft blog wasn't warning enough, this real life situation should be enough to convince you that you need to protect your mail.
Modesto, CA, couple Davis Warren and his wife Mary Elizabeth Warren face several charges of identity theft and conspiracy for crimes occurring between June and September 2005 victimizing 150 people.
They first stole mail from their victims, and then used the website PeopleFinder.com to find more personal information. The Warrens withdrew money and made online purchases in victims' names, having the packages sent to the victims' homes, where they would be waiting to pick them up. Victims began reporting packages they didn't order and mailboxes being broken into. Police finally got their first lead when they were able to trace the IP address for one of the purchases.
This is definitely proof enough that all an identity thief needs is a few key mail items, and the rest of the information can be obtained fairly easily and affordably. You should do what you can to protect your mail. An open mailbox is most vulnerable. Even if a locked box is broken into or stolen, you will know and can report it right away.
Modesto, CA, couple Davis Warren and his wife Mary Elizabeth Warren face several charges of identity theft and conspiracy for crimes occurring between June and September 2005 victimizing 150 people.
They first stole mail from their victims, and then used the website PeopleFinder.com to find more personal information. The Warrens withdrew money and made online purchases in victims' names, having the packages sent to the victims' homes, where they would be waiting to pick them up. Victims began reporting packages they didn't order and mailboxes being broken into. Police finally got their first lead when they were able to trace the IP address for one of the purchases.
This is definitely proof enough that all an identity thief needs is a few key mail items, and the rest of the information can be obtained fairly easily and affordably. You should do what you can to protect your mail. An open mailbox is most vulnerable. Even if a locked box is broken into or stolen, you will know and can report it right away.
Wednesday, October 25, 2006
Medical Identity Theft
While most types of identity theft are damaging to your credit, reputation or criminal record, this one is potentially life threatening. The medical identity thief will use a name Social Security number and insurance information and impersonate the victim to obtain medical goods and services. This will result in false information being entered into the victim's medical record, possibly causing the victim to receive the wrong treatment or medication for a medical condition he/she never had. I don't think I need to explain what makes this life threatening. The worst part of this is that older people are often targeted because they will most likely have some kind of public insurance like Medicare.
Chances are the victim may not discover the scam unless he/she receives a bill, and these cases are often difficult to resolve, as with Ryan's case in this article, because privacy policies would not allow him to see the file or allow him to know what kind of surgery he supposedly had. Ryan suffered a great deal of financial damage while the hospital took two years to waive the fee.
This form of identity theft is clearly the most dangerous to the victim. It should receive more attention and investigation than it does, especially when the outcome can result in physical harm or loss of life due to an incorrect medical treatment.
Tuesday, October 24, 2006
Jury Duty Scam
I am trying to address some of the "popular" scams in this blog, and this one has apparently been fairly active and has had some success during the past few years. It is commonly called the jury duty scam, as mentioned in the title. The fraudster's method is relatively simple. He/she will call you to let you know that since you failed to report for jury duty, there is a warrant for your arrest and there is an officer on his way to your house to arrest you. You, never recalling receiving a summons, tell the caller just that. Well, in that case, the caller is all too willing to help you clear this up, and asks for your Social Security number and other identifying information.
It's no secret as to the reason why this works. No one wants to be arrested for a ignoring a summons that was never received, and when caught off guard like that, you don't usually take the time to think this through. First of all, if you don't report to jury duty after a summons, you will be contacted by mail, not telephone, and you would not be asked to reveal information like your Social Security number to the courts over the phone. They already have this information, and besides, if there were really a warrant for your arrest, simply supplying your SSN is not going to clear it up.
Obviously, you should be suspicious if you receive such a call. Do not supply information to "verify" anything unless you initiated the call. In fact, hang up. It may seem rude, but this person wants to keep you on the line to hurt you, not help you.
It's no secret as to the reason why this works. No one wants to be arrested for a ignoring a summons that was never received, and when caught off guard like that, you don't usually take the time to think this through. First of all, if you don't report to jury duty after a summons, you will be contacted by mail, not telephone, and you would not be asked to reveal information like your Social Security number to the courts over the phone. They already have this information, and besides, if there were really a warrant for your arrest, simply supplying your SSN is not going to clear it up.
Obviously, you should be suspicious if you receive such a call. Do not supply information to "verify" anything unless you initiated the call. In fact, hang up. It may seem rude, but this person wants to keep you on the line to hurt you, not help you.
Monday, October 23, 2006
Social Security Number on ID Cards
With ID theft on the rise, there is a concern with Social Security numbers being printed on various identification cards. In many states, you had to request that your SSN be left off your driver's license, but The Intelligence Reform and Terrorism Prevention Act of 2004, which went into effect in December 2005, now prohibits printing the number on your license at all. However, other forms of ID may still display your Social Security number. Employee ID cards, student ID cards and insurance cards are a few that may still display your SSN.
Many companies and universities are taking concerns about identity theft seriously. When I worked for a local library as a student, my employee number was not my Social Security number but instead a separate number that was displayed on my time card and pay stubs. And my local university stopped printing SSNs on student IDs in 2000. This doesn't mean that everybody is switching over. Some are still resisting. One particular institution is Ohio University, which is being forced thanks to Chapter 1347.05 of the Ohio Revised Code, to switch over to a new system. It seems the resistance is caused by the inconvenience of changing over. After all, your SSN is your national identifier that is not unique to any state or company, but is unique to you.
I'm sure we'll see more stories like this as more states require protection for your Social Security number.
Many companies and universities are taking concerns about identity theft seriously. When I worked for a local library as a student, my employee number was not my Social Security number but instead a separate number that was displayed on my time card and pay stubs. And my local university stopped printing SSNs on student IDs in 2000. This doesn't mean that everybody is switching over. Some are still resisting. One particular institution is Ohio University, which is being forced thanks to Chapter 1347.05 of the Ohio Revised Code, to switch over to a new system. It seems the resistance is caused by the inconvenience of changing over. After all, your SSN is your national identifier that is not unique to any state or company, but is unique to you.
I'm sure we'll see more stories like this as more states require protection for your Social Security number.
Saturday, October 21, 2006
Study Shows More Consumers Fall for Phishing Scams
I've covered phishing scams in an earlier post and mentioned that until recently I didn't think people would respond to these emails. But they wouldn't continue to use this method if it wasn't successful.
According to a study by the University of Indiana's Informatics department, these scams might have more takers than they originally thought. The way these scammers make their killing is by spamming as many email addresses as possible, hoping to find a percentage of consumers who both have an account with the institution being imitated and will submit the information out of concern for their account. Earlier reports showed about 3%, but according to this university survey, it could be as high as 14%.
The study involved simulating the phishing attack on Ebay customers, and when someone clicked on the link, they were directed to Ebay's login page. Researchers were notified of the customer logins but not passwords and other private information.
As the attacks become more hi-tech, the methods of research will need to follow. This was definitely an effective survey method. Other methods don't take into account that many people are too embarrassed about being scammed to admit to it.
According to a study by the University of Indiana's Informatics department, these scams might have more takers than they originally thought. The way these scammers make their killing is by spamming as many email addresses as possible, hoping to find a percentage of consumers who both have an account with the institution being imitated and will submit the information out of concern for their account. Earlier reports showed about 3%, but according to this university survey, it could be as high as 14%.
The study involved simulating the phishing attack on Ebay customers, and when someone clicked on the link, they were directed to Ebay's login page. Researchers were notified of the customer logins but not passwords and other private information.
As the attacks become more hi-tech, the methods of research will need to follow. This was definitely an effective survey method. Other methods don't take into account that many people are too embarrassed about being scammed to admit to it.
Friday, October 20, 2006
Identity Theft Methods: Credit Card Skimming
This method is particularly devious. You can be handing over your information to your identity thief without even realizing it. It can happen in a restaurant, store or anywhere your credit card leaves your possession for swiping, and he/she needs to do is an extra swipe. It is called credit card skimming.
Example: You hand your waiter at a restaurant your credit card to pay your bill. He walks away with the credit card, and once the card is out of your site he can make his swipes. He will first swipe it though a small hand-held device called a skimmer. This gadget will record the information the thief needs from your card. He will then swipe it again to pay your bill and return to your table with your receipt. He will probably make several swipes throughout the evening. He will then download the information to his computer where he will use the information to have a counterfeit card made or he will just use the information to make online purchases before you discover what happened.
These skimming devices have also been attached to ATM machines for the same purpose, and some of them with cameras to record PIN numbers.
This one can be hard to protect yourself against. The best defense is to keep an eye on the card whenever possible, or do as much as possible using cash instead of a credit card. Go over your monthly credit card bills every month just in case. While should not fear and distrust everyone, it doesn't hurt to be vigilant.
Thursday, October 19, 2006
Posting Online Resumes: Is It Safe?
Posting an online resume can be a little sticky, especially if you are currently employed. You don't know who's looking. I've always avoided it for fear of my current employer accidentally stumbling across it by accident. A copy of my updated resume complete with the skills and projects I acquired in position with the company? I would definitely have some explaining to do. Unfortunately, there are other damaging reasons to be cautious about posting your resume online. As I said before, you don't know who's looking.
According to this article, identity thieves consider online jobseekers an easy target. After all, your contact information is right there for the world to see. They contact jobseekers posing as a potential employer, requesting more information (like a Social Security number), and our jobseeker is all too eager to turn over this information, thinking it is for a background check. Once they have this information, ID thieves can apply for credit cards and take out loans in the jobseeker's name.
The identity thief can also use the information you have provided to impersonate you professionally. He/she will literally use your education and employment history to get a job in your field under your name. And guess who the IRS looks for when the income is not reported?
Obviously, the best way to find a new job is do some research and contact a company of interest directly, but if you must post your resume online, do so with caution. Do not provide too much information unless you are sure the person requesting it is who he claims to be. A legitimate employer will only request a background check if you are a serious candidate for the position, and will probably request one after an interview. Practice safe job-hunting, and you'll be more likely to find the job you want without any unnecessary disasters.
According to this article, identity thieves consider online jobseekers an easy target. After all, your contact information is right there for the world to see. They contact jobseekers posing as a potential employer, requesting more information (like a Social Security number), and our jobseeker is all too eager to turn over this information, thinking it is for a background check. Once they have this information, ID thieves can apply for credit cards and take out loans in the jobseeker's name.
The identity thief can also use the information you have provided to impersonate you professionally. He/she will literally use your education and employment history to get a job in your field under your name. And guess who the IRS looks for when the income is not reported?
Obviously, the best way to find a new job is do some research and contact a company of interest directly, but if you must post your resume online, do so with caution. Do not provide too much information unless you are sure the person requesting it is who he claims to be. A legitimate employer will only request a background check if you are a serious candidate for the position, and will probably request one after an interview. Practice safe job-hunting, and you'll be more likely to find the job you want without any unnecessary disasters.
Wednesday, October 18, 2006
Identity Thieves More Likely to Use Yahoo! Email
Those of you making purchases online with Yahoo! or other web-based email accounts may want to make note of this.
According to a recent report from checkmyfile.com, that identity thieves tend to use popular web-based email services like Yahoo! or Hotmail when making fraudulent online purchases. Yahoo! seems to be the favorite since 82% of suspected identity theft attempts have been made using this service. It doesn't surprise me that identity thieves would prefer these types of email accounts. After all, they are free, and you can open as many as you want under any number of different names. And they are difficult to trace because you can login from anywhere.
Problem? Those of us legitimate consumers who use these email services to place orders online are more likely to be blacklisted as identity thieves, or many companies may stop accepting orders from customers with these addresses since identity thieves use them. While I understand the concern, it seems a little extreme to label anyone who has placed an order with a Yahoo! account an identity thief. There are other reasons someone might place an order with a web-based account. I personally have been placing orders with my Yahoo! account for years because I don't want my main email account bombarded with promotions from these vendors. I know other people who use them because they share a main account with a relative or spouse.
Although I'm not pleased with this development, I can't blame them. Whatever can be done to at least slow down identity theft should be considered. Meanwhile, I'd better go change my Amazon account.
According to a recent report from checkmyfile.com, that identity thieves tend to use popular web-based email services like Yahoo! or Hotmail when making fraudulent online purchases. Yahoo! seems to be the favorite since 82% of suspected identity theft attempts have been made using this service. It doesn't surprise me that identity thieves would prefer these types of email accounts. After all, they are free, and you can open as many as you want under any number of different names. And they are difficult to trace because you can login from anywhere.
Problem? Those of us legitimate consumers who use these email services to place orders online are more likely to be blacklisted as identity thieves, or many companies may stop accepting orders from customers with these addresses since identity thieves use them. While I understand the concern, it seems a little extreme to label anyone who has placed an order with a Yahoo! account an identity thief. There are other reasons someone might place an order with a web-based account. I personally have been placing orders with my Yahoo! account for years because I don't want my main email account bombarded with promotions from these vendors. I know other people who use them because they share a main account with a relative or spouse.
Although I'm not pleased with this development, I can't blame them. Whatever can be done to at least slow down identity theft should be considered. Meanwhile, I'd better go change my Amazon account.
Tuesday, October 17, 2006
Identity Theft Methods: Phishing
We've all received these emails at some point. It will look like an email from your bank, Ebay, or Paypal, saying that you needed to confirm or update your information or that your account has been suspended, and with it a link is conveniently provided. If you click on the link, you are taken to a page with a number of fields asking for account information, passwords, your Social Security number and other identifying information. Here's one I received last week.
Most of you probably know by now that this is a scam. And to be honest, I never thought anyone actually took these seriously. After all, my bank would not ask me to submit information they already have. However, after doing some research, I found that thousands of people have been hit by identity thieves after responding to these requests for information.
The term for this method of harvesting information for identity theft is called phishing. Phishing scammers will claim to be from a financial institution in an effort to trick people into surrendering important identifying information. The website will look legitimate, and with the proper Java script commands, they can alter the web address in the address bar. By spamming enough people, these scammers will reach a percentage of people who have accounts at these institutions and will be all too willing to provide the requested information. Obviously, the best way to avoid the scam is not to respond at all, and be suspicious of any "company" that requests this information in an email. The Federal Trade Commission has a list of suggestions here. If you are concerned that there might be a problem with your account, type in your bank's url yourself before logging in or call your bank directly.
There are organizations that are set up to help combat phishing like Antiphishing.org and PhishTank.
Most of you probably know by now that this is a scam. And to be honest, I never thought anyone actually took these seriously. After all, my bank would not ask me to submit information they already have. However, after doing some research, I found that thousands of people have been hit by identity thieves after responding to these requests for information.
The term for this method of harvesting information for identity theft is called phishing. Phishing scammers will claim to be from a financial institution in an effort to trick people into surrendering important identifying information. The website will look legitimate, and with the proper Java script commands, they can alter the web address in the address bar. By spamming enough people, these scammers will reach a percentage of people who have accounts at these institutions and will be all too willing to provide the requested information. Obviously, the best way to avoid the scam is not to respond at all, and be suspicious of any "company" that requests this information in an email. The Federal Trade Commission has a list of suggestions here. If you are concerned that there might be a problem with your account, type in your bank's url yourself before logging in or call your bank directly.
There are organizations that are set up to help combat phishing like Antiphishing.org and PhishTank.
Monday, October 16, 2006
Data Theft at Government Agencies More Common than Reported
As consumers, security breaches and data leaks at our financial institutions are always a great concern to us. After all, sensitive personal and financial information such as Social Security numbers and account numbers are falling into the possession of those who may misuse them. But what about our government agencies? Can't we trust confidential data to be kept secure by Uncle Sam? Apparently, it's not as secure as we'd like to think.
According to a congressional report released on Friday, October 13, incidents of lost or stolen data at government agencies occurs more frequently than they thought. These security breaches affect millions of Americans and 19 government departments. The report states that out of nearly 800 incidents, most of them have not been reported to the public, and most of these incidents involved outright thefts of computers or disks containing personal identifying information like Social Security numbers. An investigation began after reports of numerous high profile data losses, including a stolen laptop from an employee of Veterans Affairs, and the investigation revealed security breaches with several other government agencies like the Social Security Administration, the Department of Health, the Defense Department and the Department of Education, just to name a few.
Perhaps more emphasis should be placed on securing the personal information of private citizens. Government employees should be trained to handle our data with care, and when there is a problem, they should be more efficient about letting the public know about potential identity theft issues.
According to a congressional report released on Friday, October 13, incidents of lost or stolen data at government agencies occurs more frequently than they thought. These security breaches affect millions of Americans and 19 government departments. The report states that out of nearly 800 incidents, most of them have not been reported to the public, and most of these incidents involved outright thefts of computers or disks containing personal identifying information like Social Security numbers. An investigation began after reports of numerous high profile data losses, including a stolen laptop from an employee of Veterans Affairs, and the investigation revealed security breaches with several other government agencies like the Social Security Administration, the Department of Health, the Defense Department and the Department of Education, just to name a few.
Perhaps more emphasis should be placed on securing the personal information of private citizens. Government employees should be trained to handle our data with care, and when there is a problem, they should be more efficient about letting the public know about potential identity theft issues.
Saturday, October 14, 2006
Identity Theft Methods: "The Insider"
This method of identity theft is difficult, if not impossible, to prevent yourself. You just have to hope the employees at the companies you do business with are honest.
"The insider" is an employee at your bank, insurance company, doctor's office or anywhere your personal or financial information can be easily accessed. Identity thieves find personnel at these companies, usually ones who aren't paid well, and bribe them to turnover important client information. Names, social security numbers and account numbers will be handed over in exchange for cash (or other favors, as this particular article implies). It doesn't stop here. Insiders have also been known to create false documents (such as birth certificates) or alter documents for a price.
Another way identity thieves can access information is to become "the insider" by getting a job at a company or agency where he/she will have access to confidential information. With direct access to this information, the savvy thief will take whatever information he/she needs and most likely quit the job before any illegal activity is detected.
Obviously, it would be impossible to cover every possible scenario here, but you get the point. This isn't something you the consumer can't control, but if you are concerned, you can always ask the companies you do regular business with about the methods they use to screen employees. If you think the proper precautions are not being taken, you may want to go elsewhere. Order copies of your credit reports at least twice a year. That's the best way to be sure your credit isn't being used fraudulently.
"The insider" is an employee at your bank, insurance company, doctor's office or anywhere your personal or financial information can be easily accessed. Identity thieves find personnel at these companies, usually ones who aren't paid well, and bribe them to turnover important client information. Names, social security numbers and account numbers will be handed over in exchange for cash (or other favors, as this particular article implies). It doesn't stop here. Insiders have also been known to create false documents (such as birth certificates) or alter documents for a price.
Another way identity thieves can access information is to become "the insider" by getting a job at a company or agency where he/she will have access to confidential information. With direct access to this information, the savvy thief will take whatever information he/she needs and most likely quit the job before any illegal activity is detected.
Obviously, it would be impossible to cover every possible scenario here, but you get the point. This isn't something you the consumer can't control, but if you are concerned, you can always ask the companies you do regular business with about the methods they use to screen employees. If you think the proper precautions are not being taken, you may want to go elsewhere. Order copies of your credit reports at least twice a year. That's the best way to be sure your credit isn't being used fraudulently.
Friday, October 13, 2006
Former Police Officer Faces Identity Theft Charges
When companies hire a security guard, they hope to protect employees, customers and whatever products or information within the company. Needless to say, the guard in this case may not be recommended for future security work.
Former New York City police officer Ronnie Artis, who worked as a security guard for Suffolk County Community College's Selden Campus, has been charged with stealing the identities of faculty members and students. With his job as security guard, Artis was able to gain access to offices that contained the information he needed to steal identities. Police found personal identifying information of instructors and students in the former officer's home. According to police, Artis used this information to make online purchases and had them shipped to his home (something a more savvy identity thief would never do).
So how long will it take before the employees and students at this college are willing to trust another security guard?
It's sad to see someone in a position to protect people using his job to steal from them instead. Perhaps his former colleagues in New York City should check their credit reports. His sloppy methods are not a reflection of a career identity thief, but you never know.
Former New York City police officer Ronnie Artis, who worked as a security guard for Suffolk County Community College's Selden Campus, has been charged with stealing the identities of faculty members and students. With his job as security guard, Artis was able to gain access to offices that contained the information he needed to steal identities. Police found personal identifying information of instructors and students in the former officer's home. According to police, Artis used this information to make online purchases and had them shipped to his home (something a more savvy identity thief would never do).
So how long will it take before the employees and students at this college are willing to trust another security guard?
It's sad to see someone in a position to protect people using his job to steal from them instead. Perhaps his former colleagues in New York City should check their credit reports. His sloppy methods are not a reflection of a career identity thief, but you never know.
Thursday, October 12, 2006
"Low-tech" Identity Theft Methods: Dumpster Diving
So what's in your trash? This question may seem irrelevant, or even silly, but what you throw away may be a gold mine for an identity thief.
I've mentioned dumpster diving in my junk mail post, but it's important enough to repeat for emphasis. Once your trash reaches the dumpster or curb, it is no longer private, and the dumpster diver is free to do just as the term implies, rummage through your trash for whatever treasure he/she is seeking. In the case of the identity thief, he is looking for anything that can be used to steal your identity. Some examples include stubs from bills, old bank statements, credit card offers, junk mail or anything with any kind of personal identifying information and account numbers. These items are gems that should not just be thrown away.
Make it a point never to throw any of your paper products away. If you don't already have one, invest in a shredder, preferably a cross cut shredder which will render any shredded documents impossible to reassemble. While businesses are expected to shred confidential documents, more people are keeping personal shredders in their homes. This is an inexpensive way of protecting you personal and financial information from the dumpster diving identity thief. Please shred all mail and paper work before it gets to the curb. Never assume you are not vulnerable.
Wednesday, October 11, 2006
"Low-tech" Methods of Identity Theft: Mail Theft
There was a time when people could place outgoing mail in their mailbox, lift the red flag and not give it a second thought. Unfortunately, we no longer live in such innocent times. With so many people away from home at the time of mail delivery, your mailbox becomes a primary target for thieves. I've mentioned mail theft in an earlier post because it's a common "low-tech" way for an identity thief to obtain information about you without stealing directly from inside your home or being computer saavy enough to use more high tech methods. What are they looking for? Outgoing checks are more than enough to let someone inflict serious damage. After all, checks are very easy to alter, and they provide your bank's name and your account number. Other valuable items include bank statements, credit card bills, utility bills, pre-approved credit applications and other junk mail. Anything with personal or financial information is fair game to help them access current accounts or open new ones in your name.
So what can you do to protect your mail? First of all, you can protect your outgoing mail by dropping it off at the post office directly, an official USPS postal collection box or hand it to your mail carrier directly. For incoming mail, consider a more secure mail collection method like a locked mailbox or a front door slot, or if you have a post office box, you may consider having your bills sent there. I've already offered suggestions to eliminate junk mail from your box here.
If you suspect that your mail has been stolen, contact the USPS for a Postal Inspector to investigate. You may also want to order a copy of your credit reports to check for fraudulent accounts opened in your name.
I'll continue posting different ID theft methods and how to protect yourself from them. Some have been mentioned in earlier posts, but all of them deserve some expanding on to give you a better picture of what you are dealing with.
Tuesday, October 10, 2006
Social Networking Site Users at Higher Risk for ID Theft
I've always been cautious about how much information I post online. The very idea of posting my pictures and personal details on the web for the entire world to see still gives me the creeps, especially since I don't know how this information will be used. I know most people are there to have fun, but not everyone is going to play nice. Apparently, I'm not just being paranoid. According to a survey by CA and the National Cyber Security Alliance (NCSA), those who surf social networking sites like MySpace, Friendster and Facebook are at greater risk for identity theft and other cybercrimes. Users of these sites have been cautioned in the past for making themselves vulnerable to physical criminals like sexual predators. This survey, however, focuses on users' behavior in relation to threats of identity theft, fraud, and computer viruses.
Some of information revealed in the survey will definitely cause concern. While more than half of those surveyed are concerned about becoming victims of cybercrimes, they still divulge personal information, like the the 74% who have revealed full names, birthdays and email addresses, information that can be useful to identity thieves. Others open their computers up to malware attacks by downloading unknown files from other users' profiles (83%). Perhaps the most disturbing numbers are the parents who know their children use sites MySpace or Facebook and do little or no monitoring.
Before those of you who enjoy using these sites get too upset with me, I'm not blaming MySpace or any of these other sites for the actions of cybercriminals. Like any other technology, it's not uncommon for someone to take a tool most people use for fun or convenience and use it instead for dishonest purposes. These sites all let you control what information you reveal, so be careful. Some of the suggested precautions from the survey include never providing your address, date of birth, Social Security number or any financial account numbers. When it comes to downloading files from anothe user's profile, proceed with caution since it contain a virus or spyware, and be sure to protect your computer with the necessary firewall, anti-virus and anti-spyware software. I highly recommend reading the article for more details and recommendations.
Some of information revealed in the survey will definitely cause concern. While more than half of those surveyed are concerned about becoming victims of cybercrimes, they still divulge personal information, like the the 74% who have revealed full names, birthdays and email addresses, information that can be useful to identity thieves. Others open their computers up to malware attacks by downloading unknown files from other users' profiles (83%). Perhaps the most disturbing numbers are the parents who know their children use sites MySpace or Facebook and do little or no monitoring.
Before those of you who enjoy using these sites get too upset with me, I'm not blaming MySpace or any of these other sites for the actions of cybercriminals. Like any other technology, it's not uncommon for someone to take a tool most people use for fun or convenience and use it instead for dishonest purposes. These sites all let you control what information you reveal, so be careful. Some of the suggested precautions from the survey include never providing your address, date of birth, Social Security number or any financial account numbers. When it comes to downloading files from anothe user's profile, proceed with caution since it contain a virus or spyware, and be sure to protect your computer with the necessary firewall, anti-virus and anti-spyware software. I highly recommend reading the article for more details and recommendations.
Monday, October 09, 2006
Former HP Chairwoman Charged with Identity Theft
If you didn't think anyone can be an identity thief, or at least charged with identity theft, the recent Hewlett-Packard scandal may prove otherwise. Former HP chairwoman Patricia Dunn resigned after it emerged that she was involved in hiring investigators who used legally questionable methods to spy on members of the HP board and the media to discover a leak of confidential information, and she, along with HP ethics chief Kevin Hunsaker and the investigators they hired, face charges of conspiracy, wrongful use of computer data, identity theft, and engaging in fraudulent wire communications.
Dunn claims she is innocent of any wrong doing. The investigators allegedly concocted fictional emails to send to certain reporters with a tracer attached, a method that involves "pretexting," which is an illegal method also employed by identity thieves and hackers. Now, one may question whether or not Dunn herself is guilty of identity theft. Identity theft, by definition, is "when someone wrongfully acquires or uses another person's personal data" which is normally done for financial gain (but other motives obviously exist). According to this definition, identity theft has occurred, but whether or not Dunn is an identity thief herself is still questionable depending on whether or not she authorized the use of pretexting in the investigation or if she was aware of this at all.
While the investigation itself was overstepping boundaries and Dunn's resignation was appropriate, we will hopefully learn more as the trial approaches, whether or not these charges are accurate in Dunn's case. Personally, I'm not really buying that Dunn was so naive. Considering what private investigators charge, being completely oblivious to the methods being used or whether or not they were legal seems unlikely. A gray area perhaps? We'll see.
Apparently, with the proper motivation, anyone, even an executive at a high profile company, can be a potential identity thief.
Dunn claims she is innocent of any wrong doing. The investigators allegedly concocted fictional emails to send to certain reporters with a tracer attached, a method that involves "pretexting," which is an illegal method also employed by identity thieves and hackers. Now, one may question whether or not Dunn herself is guilty of identity theft. Identity theft, by definition, is "when someone wrongfully acquires or uses another person's personal data" which is normally done for financial gain (but other motives obviously exist). According to this definition, identity theft has occurred, but whether or not Dunn is an identity thief herself is still questionable depending on whether or not she authorized the use of pretexting in the investigation or if she was aware of this at all.
While the investigation itself was overstepping boundaries and Dunn's resignation was appropriate, we will hopefully learn more as the trial approaches, whether or not these charges are accurate in Dunn's case. Personally, I'm not really buying that Dunn was so naive. Considering what private investigators charge, being completely oblivious to the methods being used or whether or not they were legal seems unlikely. A gray area perhaps? We'll see.
Apparently, with the proper motivation, anyone, even an executive at a high profile company, can be a potential identity thief.
Friday, October 06, 2006
Junk Mail Must Go, but Don't Throw it Away
Junk mail is a part of life these days, guaranteed, like death and taxes. Pre-approved credit card offers, catalogs you never order from, magazine subscription offers, and my personal favorite, those "you could be a winner" sweepstakes generally fall under the umbrella of items labeled "junk mail." Does a day go by when at least one of these items does not grace your mailbox with its presence? If the answer is "no," you are leaving yourself at the mercy of potential identity thieves.
Mail theft is a major method these thieves use to steal your identity, and why junk mail when a credit card bill or bank statement would be so much better? While bills and financial statements are valuable to accessing your existing accounts, junk mail is a good target because you are less likely to miss it if it doesn't show up. Besides, of all your junk mail, those pre-approved credit card offers are the items your thief wants most because he/she can open use them to open credit accounts in your name. Therefore, they must be the first to go. The three major credit bureaus (Equifax, Experian and TransUnion) have a toll free number to "opt-out" of these pre-approved offers for two years. The number is 1-888-5-OPTOUT (567-8688). You'll need to take further steps to eliminate the rest of your junk mail. The Direct Marketing Association's (DMA) Mail Preference Service allows you to opt out of receiving direct mail marketing from numerous national companies for five years, but this will only stop junk mail from companies registered with the DMA's Mail Preference Service. To opt-out, send a letter to:
Direct Marketing Association
Mail Preference Service
P.O. Box 643
Carmel, NY 10512
Any other companies will have to be called directly, so you can ask them to remove you from their mailing list.
So what happens to the junk mail you already have? If you are like I was, it would be thrown on a vacant desk or coffee table until it piled up enough to become annoying and then was thrown away. Or does it just go right to the trash? Either way, you are making yourself a target for identity theft. If it sits around the house, it is vulnerable to be taken by any one who enters your home, welcome or not, and then used to obtain credit in your name. But if you just throw it away, you make it available to the sinister dumpster diver who will also make use of it. The best way to handle your current unwanted mail is to shred it before disposing of it. If you don't have a paper shredder, buy one. This is an investment that will help protect your credit and financial future.
Eliminating junk mail from your box is just one step towards a more secure lifestyle.
Thursday, October 05, 2006
College Campus for Identity Thieves
College students tend to be targets for identity theft since they are young and trying to establish credit or start careers, and identity thieves often obtain the information they need by approaching the students claiming to represent a major bank or potential employer. A similar incident was reported in Sacramento, CA. According to the State Hornet Online, two unidentified men on the campus of California State University, Sacramento, entered at least five classrooms over the course of a week, and claimed to be career center employees. They claimed to be recruiting students for an internship, but didn't say with whom. The men obtained names and contact information. The campus police are still investigating whether or not social security numbers were obtained. The men have not been apprehended, and the incident is still under investigation.
The method used here is called pretexting, or obtaining information under false pretenses. Pretexting is normally done over the phone, but it is apparently just as effective in person. If someone asks for information but does not tell what they are using it for, you should approach the situation with suspicion. Parents should teach their children early on not to give out their personal information freely and warn them of the dangers of identity theft, so when they are on their own in college, they will already be stingy with their information. In this case, the fact that these men were promoting an internship and asked for information but failed to identify the company that would be receiving this information should have been a warning. Incidents like this one can be nipped in the bud with the proper preparation.
The method used here is called pretexting, or obtaining information under false pretenses. Pretexting is normally done over the phone, but it is apparently just as effective in person. If someone asks for information but does not tell what they are using it for, you should approach the situation with suspicion. Parents should teach their children early on not to give out their personal information freely and warn them of the dangers of identity theft, so when they are on their own in college, they will already be stingy with their information. In this case, the fact that these men were promoting an internship and asked for information but failed to identify the company that would be receiving this information should have been a warning. Incidents like this one can be nipped in the bud with the proper preparation.
Wednesday, October 04, 2006
Best Banks for Handling Identity Theft
Anyone who has been a victim of identity theft knows that once you discover that someone has used your name, credit cards, or other personal and financial information for fraudulent purposes, the road to restoring your good name and credit is long and difficult.
However, dealing with a cooperative bank can make this uphill battle a bit easier. A recent survey by Javelin Strategy & Research rated banks based on their ability to prevent, detect and resolve identity theft. Out of 24 of the top banks in the United States, Bank of America, JP Morgan Chase and Washington Mutual topped the list.
Most banks, by now, should be able to handle identity theft complaints. Detection and prevention will set a bank ahead of the rest. According to the study, Bank of America took the biggest step toward prevention with two-factor authentication, a method others will probably soon adopt since multiple-factor authentication was recommended by the Federal Financial Institutions Examination Council. Other suggested prevention and detection methods suggested include sending alerts and encouraging frequent online monitoring for one's own account.
So how does your bank do in your opinion? Does your bank practice secure methods and encourage customers to do the same? While my bank is a regional bank rather than a large national one, my identity theft complaint was handled promptly, and I was refunded in a timely manner. They went over their online banking instructions with me personally and encouraged me to log in often to check on my own account, and the bank manager called me at home twice to make sure I wasn't having any further trouble with my accounts. While they are too small to make a national list, I am highly satisfied with their services and would personally award them with a high rating.
However, dealing with a cooperative bank can make this uphill battle a bit easier. A recent survey by Javelin Strategy & Research rated banks based on their ability to prevent, detect and resolve identity theft. Out of 24 of the top banks in the United States, Bank of America, JP Morgan Chase and Washington Mutual topped the list.
Most banks, by now, should be able to handle identity theft complaints. Detection and prevention will set a bank ahead of the rest. According to the study, Bank of America took the biggest step toward prevention with two-factor authentication, a method others will probably soon adopt since multiple-factor authentication was recommended by the Federal Financial Institutions Examination Council. Other suggested prevention and detection methods suggested include sending alerts and encouraging frequent online monitoring for one's own account.
So how does your bank do in your opinion? Does your bank practice secure methods and encourage customers to do the same? While my bank is a regional bank rather than a large national one, my identity theft complaint was handled promptly, and I was refunded in a timely manner. They went over their online banking instructions with me personally and encouraged me to log in often to check on my own account, and the bank manager called me at home twice to make sure I wasn't having any further trouble with my accounts. While they are too small to make a national list, I am highly satisfied with their services and would personally award them with a high rating.
Tuesday, October 03, 2006
Identity Theft Blog: An Introduction
I'm not a big fan of introductions, but I might as well start somewhere. While we may not know one another, the fact that you are reading this tells me we have some common ground. Primarily, you are concerned about the spread of identity theft and would like to protect your personal information from being sold, shared or otherwise spread to those who wish to use it dishonestly. As a security-minded individual myself, I share those concerns with you.
As a victim of identity theft, I have spent hours doing my part to fix what was broken, and try to prevent it from happening again. But it may not be over yet. I didn't lose enough money for the police or bank to investigate, so my thief is still out there. While he's probably moved on to my next victim by now, that doesn't exactly give me peace of mind. More needs to be done to encourage individuals, families, and businesses to adopt secure practices, especially when it comes to personal information and the information of their customers. Most of us are aware of the threat of identity theft but think, “It won't happen to me. After all, I'm careful...” I thought I was careful... How careful are you?
Hence, this blog. Since my experience, I've spent many hours researching identity theft as well as prevention and recovery methods. My goal is to share what I've learned as well as keeping you up to speed on the latest that identity theft news. That way you will not only be armed with the knowledge you need to protect yourself, your family and your business, but you will also know if a major bank or company you do business with has had an information leak. After all, if my bank's records have been compromised, I want to know about it.
I'll continue to add resources to my links section to lead you to resources on the web that will help arm you against identity thieves. If have any questions or recommendations or anything else you may want to add, feel free to comment. I welcome a discussion.
As a victim of identity theft, I have spent hours doing my part to fix what was broken, and try to prevent it from happening again. But it may not be over yet. I didn't lose enough money for the police or bank to investigate, so my thief is still out there. While he's probably moved on to my next victim by now, that doesn't exactly give me peace of mind. More needs to be done to encourage individuals, families, and businesses to adopt secure practices, especially when it comes to personal information and the information of their customers. Most of us are aware of the threat of identity theft but think, “It won't happen to me. After all, I'm careful...” I thought I was careful... How careful are you?
Hence, this blog. Since my experience, I've spent many hours researching identity theft as well as prevention and recovery methods. My goal is to share what I've learned as well as keeping you up to speed on the latest that identity theft news. That way you will not only be armed with the knowledge you need to protect yourself, your family and your business, but you will also know if a major bank or company you do business with has had an information leak. After all, if my bank's records have been compromised, I want to know about it.
I'll continue to add resources to my links section to lead you to resources on the web that will help arm you against identity thieves. If have any questions or recommendations or anything else you may want to add, feel free to comment. I welcome a discussion.
Subscribe to:
Posts (Atom)