Monday, September 29, 2008

Business Identity Theft

Most of the posts on this blog deal with data breaches that may lead to ID theft and scams leading to personal/individual identity theft. However, this is by no means the limit in regards to identity theft. A business can have its “identity” stolen just like an individual can. In fact, for the identity thief, targeting a company rather than an individual can be much more profitable. After all, a business will have a higher credit limit since a company will need to make more large purchases than one consumer would. Needless to say, identity thieves sophisticated enough to pull it off will be targeting this bigger payoff.

Scammers are more likely to target small businesses that will not have the budget or resources to protect its accounts and sensitive customer information that a larger company will. But since even a small company will have a high enough credit limit to be worth a thief's time, fraudulent charges will be more likely to blend in with other company purchases, especially if the scammer is purchasing software or other products that would not look unusual to an accounting department. A scammer can also steal a business's identity by posing as that company and ripping off customers.

Like individual ID theft, business identity theft can be devastating to a company as well, but for different reasons. Obviously, identity theft will affect the business financially, but it can also do major damage to the company's reputation, especially when the fraud is being committed in the company's name. Recovering from identity theft is a difficult process, whether you are an individual consumer or a company.

Friday, September 26, 2008

Identity Theft and Treatment of Applications

We've all had to fill out an application at some time or another. In fact, with applications required for loans, leases, college, and many jobs, many have probably lost track of how many applications they have completed. Do you know how the company taking your application stores it until it is reviewed? What do they do with them after they review them? How do they store or dispose of them? Think about the information most applications require: full name, Social Security number, date of birth, possibly employment or educational history. If this document falls into the wrong hands, you have provided someone with more than enough information to commit identity theft.

Since identity theft is a growing problem, many applicants are more hesitant to disclose sensitive information. And who can blame them? This New York Times article discusses a few Manhattan firms' handling of the customer applications for the purchase of condos. These companies goes to great lengths to keep the applicants' sensitive information out of the wrong hands and require secure storage before the applications are reviewed and careful destruction of the documents afterward. Are the companies you do business with handling your information in a secure manner? If not, they are making you an easy target for identity theft.

Next time you complete an application, find out before hand what they will do with the information and what will be done with the document afterward. If you have concerns about identity theft, do not hesitate to express them, and don't be afraid to ask questions. It's better to take your business elsewhere if you have doubts than to pay the price as an identity theft victim later.

Thursday, September 25, 2008

Identity Theft and Hurricane Relief

While no one will find scammers a particularly endearing bunch, certain types of fraud repulse me more than others. These include those who target children and senior citizens. I'm adding to the list identity thieves who target disaster victims. I mentioned in an earlier post that hurricane season is a time when those who need to evacuate because of a tropical storm or hurricane are at risk of identity theft since their identifying documents could be stolen while they evacuate or when they are at a shelter.

A press release from the Federal Trade Commission warns that in the aftermath of Hurricane Ike, people need to be cautious of different types of fraud that spring up disguised as disaster relief. Among these, as you may have guessed, is identity theft. People recovering from losses caused by a natural disaster like a hurricane will need to provide their personal information in order to receive disaster relief. This gives identity thieves opportunities to acquire information to commit identity theft by claiming to be a government official or a volunteer representing a charity. Make sure you confirm who is asking for your information before giving it.

The press release also warns of other types of fraud to watch for following a major hurricane. One of them, charity fraud, takes advantage of those looking to donate money to help hurricane victims. The Federal Trade Commission offers advice regarding donating to charities without being scammed. The others, home repair scams, target those who are looking to rebuild after seeing their homes lost or damaged after the hurricane. Check identification and references carefully before hiring a contractor and read the FTC's website carefully to avoid being scammed. While these are not identity theft, they are still fraud, and you will need to be on your guard against multiple types of fraud.

Wednesday, September 24, 2008

Beware of Voter Registration Fraud and Identity Theft

With the presidential election approaching, many will be registering to vote. Identity thieves take advantage of this time to gain personal information from new voters who may not be knowledgeable of the registration process. If you are registering to vote, be aware of these methods thieves may use to make you an identity theft victim.

Email
The phishing scam has proved to be an effective identity theft tool in other situations, so why would identity thieves pass up a chance to scam a new voter? These emails may ask you to click on a link to register to vote or to resolve an issue with your voter registration.

In Person
Registration drives will have volunteers go door to door or set up tables in public areas to recruit new voters. Obviously this offers opportunities for any identity thief to set up a table with forms to collect some useful private information. Make sure the volunteer can provide proof as to which organization he or she is with. Also, look over the form carefully. Some states may require your Social Security number on the form, but none will ask for a credit card number. Avoid being an identity theft victim by refusing to complete suspicious looking forms.

By Telephone
Pretexting does not need to be done via email as a phishing scam. As we all know, many scammers will contact potential identity theft victims by phone. Be suspicious of anyone calling to claim there is a problem with your voter registration and asking you to confirm some identifying informtation. Voter registration problems are not resolved in this manner.

It's sad that we can't trust people these days. While most people we encounter are who they say they are, we need to excercise a little extra caution to protect ourselves from identity theft. Be extra cautious when you register to vote that you are not giving private information to someone who will use it fraudulently. Check out the Federal Trade Commission and other resources for further information on protecting yourself from identity theft.

Saturday, September 20, 2008

Time Warner Customers Targets of Recent Phishing Scam

Millions of people in the United States depend on Time Warner for cable television, Internet, or both. While Time Warner customers may not be surprised by the occasional email from their cable company and Internet service provider, an email claiming to be from Time Warner is targeting the company's customers is asking people to provide their personal information or risk losing their cable service.

Now, most people by now will recognize this as a phishing scam, but it might hit home for some customers, especially those who may depend on Time Warner's Internet services for business purposes. I know I'd be set back a great deal if I lost my Internet access for an extended period of time. But remember that Time Warner, like most legitimate companies, will not ask for this type of information in an email. This is an identity theft tool used to gain private information that you would otherwise be reluctant to share. If you suspect their is a problem with your cable account, call the company directly with the phone number provided on your monthly bill. Do not fall for this phishing scam. It could cost you a lot of time and money fixing the problem later.

However, even if you don't fill in the information, it is recommended in the article reporting this story not to click on the link. Even that could give an attacker access to your computer that would help him/her commit identity theft. The site might download a cookie onto your computer, which will help the attacker keep track of your surfing habits including online purchases. The best thing you can do with this or any other phishing scam email is delete it.

Thursday, September 18, 2008

House Passes Identity Theft and Restitution Act! But Will the President Sign It?

The Senate and House of Representatives have passed the Identity Theft and Restitution Act. This bill offers more flexibility to identity theft victims, such as allowing them to seek restitution for indirect losses like time and money spent rebuilding credit. Currently, the identity theft victim is only compensated for direct losses (charges on a credit card or money taken from a bank account).

The other provisions are more computer related and refer specifically to cyber crimes, particularly those that result in identity theft. For example, it enables prosecution of those who steal personal information from a computer when the victim's computer is in the same state as the identity thief's computer (now there can only be prosecution when the thief uses interstate communication). There are other provisions involving the use of keyloggers and damage to a victim's computer.

The Senate and House have already passed it, and it awaits President Bush's signature. While this bill has some good provisions to help identity theft victims recover and law enforcement punish thieves, this will not necessarily slow down the rate of ID theft much. After all, many identity theft crimes are not reported, and most identity thieves are never caught. Punishment will not deter a crime if the thief knows he is not likely to get caught.

Tuesday, September 16, 2008

Forever 21 Reports Thousands of Cards Compromised in Data Breach

It appears another company has been affected in the TJX security breach that was reported back in August. Nearly 99,000 payment cards used at Forever 21 stores may have been compromised during data thefts beginning back in 2004. The company released a statement saying that they discovered the thefts after being notified by the U.S. Department of Justice on August 5. They did not, however, say why they waited over a month to announce this.

Forever 21 was notified that they were among the companies victimized in the TJX data breach that lead to the arrest of 11 suspects. They received a disk containing the potentially compromised data. Later forensic evidence revealed that more than 98,000 credit and debit card numbers had been illegally accessed.

Forever 21 pointed out that nearly half of the illegally accessed card numbers are either inactive or expired. While this may be true, this doesn't explain why Forever 21 waited so long to disclose this information when other companies involved in the breach announced it back in August.

Thursday, September 11, 2008

Identity Theft and the Deceased

As with many other crimes, with identity theft nothing is sacred. You do not have to be alive to have your identity stolen. Just like burglars who search the obituaries so they can rob homes of grieving families during funerals, there are identity thieves who use information on death certificates to steal the identity of the deceased. Sound impossible? It takes a while for businesses to remove someone who has died from their lists (my mother was receiving sales calls for my father several months after he passed away), so if someone steals and completes a preapproved credit card form or applies for credit online in the name of the deceased, the company may not have it in their records that the person has died and will not find it suspicious.

How can this be stopped when death certificates are public record? Anyone can request one, and now some counties make them available to be viewed online. However, identity theft has become such a big problem in Arizona that one county has decided to remove them from their website.

While this may slowdown the problem, it will not stop it. But this is by no means new. People have been crime victims beyond the grave for centuries, and what can be easier than taking advantage of someone who has died? They aren't going to be checking credit reports or reviewing credit card statements. That makes identity theft so much easier. The surviving family members may eventually discover the problem when they start receiving bills and notices from debt collection agencies.

Wednesday, September 10, 2008

Memorial University Investigates Security Breach

As I've mentioned before, college students have plenty reasons to be concerned about identity theft. Applications for admissions, scholarships, honors programs, and financial aid require a wealth of personal identifying information that needs to be protected. And the students trust that their information will not be mishandled or compromised. However, that is not necessarily the case. Some students (and possibly former students) at Memorial University found their information was not as secure as they thought.

Memorial University is now having nearly 50,000 computer files checked after a student discovered a security breach that exposed financial information that dated back over 4 years. The problem was discovered when someone working in a password-protected portion of the student aid application site found that changing characters in the URL gave access to someone else's data. While the student raised alarm regarding the issue right away, the university fears that the vulnerability was noticed earlier and exploited. The security breach has been fixed, but they believe that the personal information of at least 90 people was accessed by an unauthorized party. An investigation is underway.

This was obviously carelessness in the design of the website. While the problem has been remedied, it may be too late for some since their information has already been compromised. Those who believe their information may have been taken should take the necessary precautions for those who think they may be victims of identity theft, such as carefully reviewing bank and credit card statement for fraudulent charges.

Monday, September 08, 2008

Bank Data Breach Could Affect More Than 12 Million Customers

Last week, the Bank of New York Mellon reported that a data breach discovered earlier this year may affect more customers than they originally anticipated. The bank reported back in May that back-up storage tapes from Bank of New York Mellon shareowners service had been "lost," exposing millions to potential identity theft, and notifications were sent to the 4.5 million people whose information was believed to be on the back-up tapes. After further investigation, the bank announced that the number of individuals affected may be as high as 12.5 million.

The bank has taken steps to enhance security and has instituted stringent new standards for the transport of personal data, but this is probably no comfort for those whose data has been compromised. The Bank of New York Mellon is offering affected customers two years of free credit monitoring through Experian as well as identity theft insurance and reimbursement for the placement and removal of a credit freeze on credit reports.

Affected customers can find more information at a website that the Bank of New York Mellon has dedicated for the purpose of informing customers of the data breach and what they are doing about it. Those concerned about the breach and possible identity theft should visit the website and contact the bank if you have more questions.

Friday, September 05, 2008

Keep Your Identity Safe During Hurricane Season

In the Southeastern part of the United States, what's commonly known as "Hurricane Season" has already begun. This is a time when many people in states prone to hurricanes will be keeping a close eye on the weather and possibly making preparations in case they have to evacuate. However, other problems lurk in the wake of natural disasters. A hurricane disaster area can also be an area ripe for identity theft if you don't take the proper precautions.

If you must evacuate, do not leave sensitive identifying documents (like birth certificates, Social Security cards, bank account, numbers, insurance papers) in easily accessible places in your home. They may be destroyed if your home is damaged in the storm or stolen by looters looking for information useful for committing identity theft. Make sure they are locked in a safe place where you can find them when you return.

Keep photocopies of these documents with you at all times and heavily guarded during evacuation and don't let them out of your site. You are especially vulnerable to identity theft when you are away from home. The Identity Theft Resource Center gives specific guidelines regarding protecting yourself from identity theft during hurricanes and other disasters, especially when evacuation is required.

Thursday, September 04, 2008

Computer Theft at Oakland Schools' Offices Place Employees at Risk of Identity Theft


There's nothing quite like coming into the office to find your computer has been stolen. How do I know? It happened to me a few years ago at a former job. Fortunately for the company, my computer was the only one stolen, and it contained no sensitive information like employee records or customer credit card numbers, putting no one at risk of identity theft. Unfortunately, that doesn't appear to be the case with the recent computer theft at the Oakland School District's main office.

Ten desktop computers were stolen from the second-floor Human Resources Department of the Oakland School district. They appear to be the only items stolen from the office. However, that may be more than enough to do some damage to any employees whose records were on those machines. While officials won't comment as to what information specifically was on those machines, they did confirm that there was personal information that was provided to the district when the employees were hired, which makes these employees potential identity theft victims. The employees whose information may have been compromised will be notified of the incident and their risk of identity theft.

If the thieves who took my old office computer were looking to commit identity theft, they would have been disappointed. However, with this Oakland computer theft, identity theft is very much a possibility. Whether the thieves were after the data specifically, the potential is still there, whether they take advantage of the data themselves or sell it to someone else.

Tuesday, September 02, 2008

Ohio Joins Other States in Embracing the Credit Freeze


Many states are embracing the credit freeze as a way for people to protect themselves from identity theft. This time Ohio is joining the states that allow residents to freeze their credit beginning Labor Day 2008. For $5 per credit bureau, Ohio residents can purchase a credit freeze to keep their credit reports from being viewed without them making the reports available by "thawing" them.

While no method of identity theft protection is completely fool proof, a credit freeze is definitely a helpful tool in protecting yourself from financial ID theft. What the credit freeze does is locks your credit report from anyone trying to extend credit to you. No potential creditor can view you credit report without you "thawing" it for them (something you would do if you apply for a loan or a credit card). So if an identity thief applies for credit in your name, he or she will be turned down since the company will not be able to view your credit report.

What can a credit freeze not prevent? As I said, there is no perfect identity theft prevention service. It doesn't protect your existing accounts. Current bank and credit card accounts will still need to be reviewed carefully and regularly. Also, some service accounts can be opened without a credit check, like phone and other utilities. Finally, it won't prevent unauthorized use of medical insurance (medical identity theft) or someone giving your name during an arrest (criminal identity theft).

Yes, it's limited, but unlike many so-called identity theft protection services, a credit freeze can actually protect you rather than just monitor your credit and alert you to unauthorized activity. I don't usually don't encourage people to purchase services, but for Ohio residents, this could be the best $15 you spend in a while.