Newsletter article for consumer information website for IDT911, an identity theft protection company:
Growing Pains: Kids are the perfect targets for identity thieves
(August 2010 - article link here)
By Todd Murphy
Kimberly Reed panicked when a state health worker told her that her son wouldn’t be eligible to renew his free health care because he made too much money.
The strange part: Her son Cory* was only 2 years old. Someone had used his Social Security number to receive $548 in paychecks from a business in the Pacific Northwest. The boy had become a victim of a troubling category of identity crime: child identity theft
Reed was fortunate to detect the crime so early: It allowed her to take the necessary steps to resolve the problem. In most cases, child identity theft remains undiscovered for years until victims are teenagers or in their 20s, and are applying for a student loan or their first credit card. By then, they can encounter horrible credit ratings and histories or thousands of dollars of debt in their names.
Reed acted quickly. Her insurance company referred her to Identity Theft 911. Sandra Ayala was the fraud specialist assigned to the case. She called the Social Security Administration to ask for a statement that showed earnings associated with Cory’s Social Security number. That statement would serve as evidence that the boy’s identity was misused.
On Reed’s behalf, Ayala wrote letters to the three primary credit bureaus explaining the fraud and requesting a suppression on Cory’s SSN. That means no one can take out a loan or get credit on a Social Security number until the individual is 18 years old. Fortunately, no one had used the boy’s identity information to obtain loans or credit.
Ayala also advised Reed to contact her local police department, which filed an incident report that Reed could use as further proof of the identity theft.
“It’s quite the ordeal—not really how I wanted to spend the beginning part of my summer,” said Reed, who was grateful to have Ayala’s help. “She did a lot of things that I didn’t think of—she was very helpful.”
The efforts paid off. State health services officials acknowledged the fraud and renewed Cory’s free health care.
If identity theft is suspected, parents should contact the credit bureaus to see whether their child has a credit report; put a suppression on the account so no credit can be extended under that Social Security number; and continue to watch for credit card and other offers that might come in the mail in their child’s name, Ayala said.
“I would have never thought to check my 2-year-old’s credit report,” said Reed, who has also suppressed her 7-month-old daughter’s SSN. “I’ve called all my friends and family to tell them to block their children’s Social Security numbers.”
Newsletter article for consumer information website for IDT911, an identity theft protection company:
Is the Office Copier, Printer a Security Risk? Most Companies Don’t Erase Hard Drives
(June 2010 - see full newsletter here)
By Todd Murphy
They sit in warehouses across the country, waiting to be sold to anyone who walks in with a few hundred dollars.
The buyer doesn’t only get a used copy machine. He often gets access to documents the machine has copied, scanned or e-mailed many of which can contain personal identifiable information (PII) such as Social Security numbers and employee records from pay stubs, employee forms, medical records and state IDs.
For an identity thief, it’s a jackpot. And most people—even those who care deeply about traditional computer security—don’t even realize the jackpot exists.
Whether we’re at work, a home office or even a FedEx Office, we typically use copiers and printers with internal hard drives that retain sensitive information. Yet 60 percent of Americans are unaware of this fact, according to a 2008 survey commissioned by Sharp. Only now, after a recent spate of data breaches, are businesses and consumers catching on to the dangers of unsecured machines.
The same security challenges apply to portable devices that have internal or external data storage—smart phones, other handheld PDAs (personal digital assistants) and USB flash drives. They store more sensitive information than most people realize.
Companies typically have policies in place for desktop and laptop computers. It’s a good idea to develop safety practices for
copiers, printers and portable devices as well, experts say.
“When you open a document in your BlackBerry, it’s going to download, and the document now resides on that BlackBerry,” says Ondrej Krehel, Identity Theft 911’s information security officer.
So, Krehel asks, was your company’s top-level executive’s BlackBerry securely wiped before IT sent it in for repairs? Were additional storage cards removed? They should have been, he says.
Still, for sheer volume of potentially sensitive information, nothing beats the humdrum copying machine.
Most companies lease copiers and are continually being updated with the latest models. So the older ones go back to the manufacturers, who eventually sell them—often to foreign markets, often for only $300 or $400 per machine.
Prospective buyers can saunter through the warehouse and print out stored data on the copiers without even buying one. If they choose to buy, “you sign the paperwork, load it onto the truck, and it’s all yours,” Krehel says. “There’s no illegal activity here. You just bought a copier.
And because you own the machine, you actually have access to the information stored on the machine.”
For many copiers, that information could include sensitive documents.
Most copier manufacturers use hard drives within the machines that are based on Windows or Mac operating systems, Krehel says. A buyer with very basic knowledge can pull the hard drive from the machines, and use data recovery software available for free on the Internet to pull off much of the data from the machine. Copiers with common operating systems are usually not patched, which also makes them an easy target for intrusion and network worm propagation—malware that spreads through a network to multiple hosts.
Because of the various ways a scanned or copied document might be stored on the copier, “there is a likelihood you could recover 60 to 80 percent of the documents,” Krehel says.
No one knows how much identity theft has occurred because of this mostly unknown danger. “It’s an area that hasn’t been monitored, which makes it hard to track,” Krehel says. But many people believe identity fraud has occurred in this way.
The first step in combating the problem is basic understanding—becoming aware, as a technology user, of the dangers within copiers and portable devices.
The second step is ensuring that sensitive information isn’t accessible on the machines—when they are lost, stolen, or disposed of.
In part, that might mean you should reconsider the sort of information you are willing to store on such devices—and delete information that doesn’t need to be there.
And for the information that does need to remain, use data encryption or other data protection techniques to safeguard it.
At the very least, use some of the basic protections that are built into the machines.
“Quite often, good security features come with the device, but they are not enabled,” Krehel says.
In other words, when your door has a lock on it, use it.
Newsletter article for consumer information website for IDT911, an identity theft protection company:
The Vultures of Summer: Identity crooks want to ruin your vacation — don’t let them
(May 2010 - see full newsletter here)
By Todd Murphy
Summer vacation season is almost here, and fraudsters are counting on travelers to be carefree, and a little careless, when away from home.
They’re ready to strike at restaurants, hotels, gas stations, Internet cafes, and car and recreation-equipment rental locations. That’s because tourist destinations are notoriously easy hunting grounds for criminals — both old-school purse-snatchers and a new breed of sophisticated hackers. And though part of getting away means relaxing, experts say the key to avoiding a vacation nightmare is to be aware of the latest crime trends and to never let your guard down.
“Basically, what you’re looking at here is you’re looking at the potential of being ripped off in a variety of ways,” says Jay Foley, executive director of the Identity Theft Resource Center, a non-profit based in San Diego. “(Using) the wireless from the hotel. Cards cloned from the hotel. Personal information lifted from the hotel. Someone cleaning your room—and you don’t have any idea who they are.”
The main spot where travelers are most vulnerable? Their hotel. Theft not only happens in rooms and lobbies, but on hotels’ computerized payment systems.
Hackers steal credit card data from hotels more than any other industry, according to a February report by cybersecurity firm Trustwave. Some 38 percent of the company’s data breach investigations in 2009 occurred at hotels, compared with a distant second place of 19 percent for financial services firms. That’s a significant increase in hotel hacking from the year before, Trustwave officials said.
The report noted that it took a jaw-dropping average of 156 days for a business to realize it had been hacked.
Travelers become vulnerable the moment they give their credit card to the hotel for more basic reasons. Suddenly, every employee in the hotel may have access to the guest’s information.
In hotel bars and restaurants, be on the lookout for skimmers. Someone—maybe a waiter or someone distracting the waiter collecting a credit or debit card for a dinner bill—can take it and quickly run it through a small data storage device. The card’s information has been loaded onto the device. The perpetrators can download the information later to make a brand new card, or several, which can be used around the country before the fraud is discovered.
Mark Fullbright, a fraud specialist with Identity Theft 911, says gas stations and services near hotels are another prime spot for skimming—often done by the low-paid employees of the businesses. The skimmers know many customers are likely to be travelers, who may be leaving town soon and unable to file police reports. And it may take weeks or more before they even discover the fraud.
But there are ways to make it harder for thieves to access your personal information, experts say.
Try to carry a PIN-based ATM card, which requires entering a PIN number with every purchase, instead of a debit card. Bring two credit cards, and watch all card activity closely (checking accounts by phone or a secure computer, if possible) for any unauthorized charges.
Avoid accessing personal accounts on public computers. They’re a common source of identity theft because they have a high volume of usage on unprotected signals. And be wary of people hovering near you. They may be using cell phones to photograph your personal information.
“Being a little prepared . . . lets you have a better trip altogether,” Fullbright says.
TIPS for a fun — and safe — family vacation
• Use a PIN-based ATM card instead of a debit card.
• Leave your checkbook, debit card and all but two credit cards at home.
• Closely watch who has your credit cards and for how long. Frequently check credit card and bank account activity on a secure computer or by phone.
• Tell your banks and credit card companies about your travel plans, and give them your cell phone number in case they notice unusual charges.
• Don’t access personal or financial information on public computers, and make sure, when using your own laptop, that the wireless system you’re using is legitimate and secure.
• Use a hotel safe when available. Your hotel is not your castle. Assume your locked door will never be truly “locked.” Many people you don’t know will have access to your room.
• Never leave personal information in a rental car.
• Never share specific vacation plans on social networking sites.
Newsletter article for consumer information website for IDT911, an identity theft protection company:
When Your Life is an Open (Face)book: Survey says young people most vulnerable
(April 2010 - see full newsletter here)
By Todd Murphy
Zach Gonzalez, a game designer based in Irvine, Calif., was scanning his Facebook home page
when an instant message popped up. It was an elementary school friend asking for a couple
hundred dollars: “Hey dude, I’m stuck in Vegas and I have no one else to call.”
“Yeah, right,” thought Gonzalez, 27. Although they were friends on Facebook, they weren’t close in real life and hadn’t seen each other in at least five years. Gonzalez called the man’s brother, who hadn’t heard anything about a Vegas trip gone awry. As Gonzalez suspected, the story was bogus. His old friend’s Facebook page had been taken over by a scammer.
Gonzalez was savvy enough to smell a rat. But many social media users — particularly young people — are blissfully unaware of the potential for fraud. Like Gonzalez’s friend, they fall prey to account hijackings when they unwittingly give phishers their user names and passwords. Others post the kinds of information that makes them more vulnerable to identity theft. Oversharing — giving away too much information about oneself, such as favorite hangouts, movies and shared experiences — can be exploited by con artists hoping to get just close enough to lure a trusting “friend” into trouble.
An Identity Theft 911 survey shows that people age 18-24 are the heaviest users of social media, and this demographic also tends to be the most oblivious about the dangers. More troubling, as a group they also don’t seem to be particularly bothered about surrendering their privacy so easily and so quickly.
The survey, conducted by GfK Roper Public Affairs & Media Omnibus Services from March 5-7, found that 84.6 percent of young people belonged to an online social network, like Facebook, MySpace or Bebo, compared with 28.3 percent of those age 50-64.
This younger age group also was more likely to post information potentially useful to scammers. (Some 81 percent posted their birth dates, for example.)
Thieves mine social networking profiles for information they can use to guess passwords or answers to security questions (“What is my favorite band’s name?”) on accounts and Web sites. Or they use something as simple as a birth date in conjunction with other
information they already have to open credit card accounts.
Criminals who specialize in breaking and entering might have reason to take interest in the 28 percent of young people surveyed who post their travel plans (thus alerting outsiders when their home might be vacant). Some 20 percent posted a specific time when they would be at a specific place. Meanwhile, about 8 percent of people age 50-64 shared travel plans and only 5 percent revealed specific locations.
Young people were more likely than other age groups to have experienced problems with social media Web sites, like the takeover of Gonzalez’s friend’s account. While 17 percent of total respondents had social media accounts misused, about 27 percent of young people had that happen.
Despite their problems online, young people like Alysha Nakamoto of Peoria, Ariz., seemed least concerned about fraud through social networking.
Unless she’s playing volleyball or sleeping, Nakamoto is on Facebook via her Blackberry. The 17-year-old updates her status “probably 20 times a day” for more than 500 friends, she says.
But she and her friends think little about potential risks associated with sharing information, like a full birth date, so freely.
“To be honest, we just don’t worry about [oversharing],” she says. “We feel like we’re invincible on the Internet.”
Jason Boone, a research assistant at the National White Collar Crime Center, says he believes older adults are more careful about privacy issues.
“The age group around 30 or 35 and under ... they are all just a little less aware of how all of this has changed from 30 or 40 years ago,” Boone says.
Kathy Hubbell, a public relations consultant who teaches a social media class as an adjunct professor at Oregon’s Marylhurst University, agrees.
She says students in her class range from their 20s to their 60s. And one noteworthy difference among the younger ones and older ones, she says, is how they feel about privacy issues in social media and on the Internet in general.
“The older students understand a lot more about privacy,” she says. “They remember what it was like when it existed.”
TIPS - Social Media 101:
• Use strong passwords made up of numbers, letters and symbols and change them often. Use different passwords for your social Web sites, personal life and financial life.
• Don’t accept friend requests from strangers simply to try to have higher “friend” numbers on Facebook.
• Be careful about clicking on links on social media Web sites. They could lead to malicious code being automatically installed on your computer. And be aware that even photos can contain viruses and other things that can do damage.
• Log out of any social-networking site when not in use. Use different log-ins for various sites.
• Consider how much of your identifying information is posted on these sites. Are there photos that show the entire layout of your apartment and everything in it? Is your full birth date disclosed? Over-sharing is a bad idea for many reasons.