Archive for the ‘Identity Theft’ Category

It’s September and, with so many students returning to school, this is a great time to check out LoJack for Laptops’ Student Laptop Security site.

There is a wealth of information to be found from laptop basics to helpful resources. 

Some great featured content include:

• 10 Proven Ways to Protect Your Laptop at School: Students might not even think about the possible dangers but schools are among the top five locations where laptops are stolen.  Read more about how to protect yours!
• Discovering Your Laptop’s True Value:  Did you know that your laptop will probably increase in value the more you use it?  Find out how!
• School Laptop Shopping Guide: Buying a new laptop can be a tough decision.  This shopping guide will provide helpful suggestions for picking the right machine to meet your needs.
• Stolen Laptop! What Should I Do?: Your laptop is missing and aside from panicking, do you know what you should do?  There are a number of things that you can do to protect yourself.  Read more about what steps to take in the unfortunate event that your laptop is stolen.

For regular updates, you can also follow them on Twitter @lojackforlaptop (corporate customers can also follow updates on Twitter @absolutecorp).

The number of users affected by identity theft through malware has jumped by 600% in comparison with the data from this time last year.   The increase could be the result of the current economic crisis with so many people being affected by the crunch.

The numbers are staggering.  Every day, PandaLabs gets almost 37,000 samples of various types of internet threats and a whopping 71% are Trojans designed to steal banking and credit card information as well as passwords for commercial services.  An estimated three percent of users have been victimized by these silent threats since they normally don’t have any idea they’ve been affected until it’s too late.

There are some steps that users can take to protect themselves:

1. Be wary of any requests for personal data since most banks, payment services (i.e. Paypal) or social networks would never ask for that type of information in an informal way.  Never respond to requests for login information, for example, if they came in the form of an email or text message.

2. Avoid looking up your bank or online store websites through a search engine.   Type the address directly into your browser and double check that it is correct before hitting “enter.” 

3. Verify that the page has valid security certificates which are typically easy to identify by a “locked padlock” icon somewhere in the browser.  Banking websites might have the padlock image right beneath the login fields (see image below at left) whereas the little symbol appears at the end of the address bar in Internet Explorer (image at right). 

Sites like Paypal might also have the padlock above the login fields but you can also look for Verisign Identity Protection icon at the bottom of web pages.

4. Arm your computer with up-to-date security solutions such as Computrace LoJack for laptops.

5. Trust your instincts.  If something looks suspicious, contact the site’s customer service line.  Never enter your personal information if you think something looks wrong.

6. Look into getting identity theft insurance if you regularly shop or bank online.  This will provide coverage if you become the victim of identity fraud.

The Houston Family Examiner has written an article entitled “Tips to protect senior citizens from elder abuse identity theft”. In this article, I was pointed to the AARP as one of the sources for information on identity theft for the elderly. There, I found a wealth of useful information to pass along.

The AARP writes articles regulary on Identity theft, such as this one. This article suggests great preventative measures for identity theft including: checking your credit report once a year, never giving out your Social Security Number, shredding personal information (including credit offers), cutting back the number of cards you carry, hiding your PIN when you key it in, keeping information in your home secure (consider a safe) and never giving out your credit card or banking information to anyone unless you independently can confirm they are a legitimate business.

The AARP also offers an Identity Theft Course to help you understand and identify identity theft. The course will help you:

• Know what identity theft is
• Do a wallet check to protect yourself from identity theft
• Take steps to protect yourself from identity theft in your home and on the road
• Recognize early warnings of identity theft
• Take the first steps if you’re a victim of identity theft
• Have the numbers to call to get help or more information

Start the course here!

Hat tip to I’ve Been Mugged

Two researchers at Heinze College, Carnegie Mellon University, were able to successfully predict Social Security Numbers using only publicly available information. The study by Alessandro Acquisti and Ralph Gross, Predicting Social Security Numbers from Public Data, will be published in the ‘Proceedings of the National Academy of Sciences‘ and will be presented this July at the BlackHat convention.

Social Security Numbers (SSNs) are a primary piece of personal information sought by identity thieves, so it has always been cautioned that individuals and companies protect this sensitive information closely. However, this new study indicates that SSNs can be predicted from publicly available data.

Based on patterns in SSNs visible in the “Death Master File” (a database with SSNs of people who have died), Alessandro and Ralph were able to determine that date of birth and state of birth could be used to predict a narrow range of values likely to contain the individual’s assigned SSN. This information becomes more accurate for individuals born after 1988.

Within 2 attempts, the researchers were able to correctly guess the first 5 digits of SSNs for 60% of deceased individuals; within 1000 attempts, they could identify all 9 digits for 8.5% of the group (a number that would inevitably go up with more attempts). A hacker could then create a process to exploit existing services to test and verify SSNs.

Since SSNs are considered a primary form of identification, upon which you can apply for additional identification or for credit, there are troubling consequences to this discovery. From the executive summary of the study:

Since SSNs are predictable from public data, identity theft could occur even without events such as data breaches. Some of the implications are that 1) the SSA should randomize the entire SSN assignment process; 2) current policy initiatives in the area of SSN and identity theft should be reconsidered: most policy-making currently focuses on removing SSNs from databases or redacting their digits, so that they can still be used as “confidential information” – however, since SSNs are predictable from otherwise publicly available data, SSNs cannot be kept confidential even if they are removed from databases, and therefore those initiatives may be ineffective; 3) since SSNs can be predicted and are therefore, in a sense, semi-public information, consumers should not be required by private sector entities to use SSNs as passwords or for authentication.

The report makes some recommendations to government agencies, policy-makers, credit and financial institutions, online services and consumers regarding SSNs. You can read them here.

Via Wired ; Image: imelenchon

Robert L. Mitchell of Computerworld decided to tackle his own identity online to see just what information about himself he could dig up. After a privacy activist was able to retrieve his Social Security number, full name, address and a digital image of his signature online, Robert was both concerned and intrigued about what else could be out there.

Robert spent a few weeks combing through public and private resources (some paid) on the web to build up a dossier on himself. He spoke with everyone from private investigators to privacy experts. And in the end, Robert found that there was a vast amount of information about him online, and not all of it accurate. Many states have not taken adequate steps to redact sensitive information from the documents, such as mortgage documents, they make available to the public.

Robert put his full findings online, also breaking down the information by type of source. His first source was government records, that let him pull up his full legal name, address, Social Security number, spouse’s name and Social Security number, price paid for home, mortgage documents, and signature. Robert continued his search with free people searches, search engines, image searches, social network searches, and paid searches. And that may only be the “tip of the iceberg”, in terms of what else is easily accessible.

“Of the information available about me on the Internet, the most troubling was my Social Security number, blatantly posted online by my own county government, for the convenience of lawyers, insurance agents — and petty criminals interested in identity theft. Today, you need more than just a Social Security number to commit identity fraud, but a criminal who has that number is off to a great start.”

I was surprised to learn from this article that public records that contain Social Security numbers are not well regulated, and that if the government makes those records public, it can open that information to republishing without repercussions. You can read more about that in the call-out box at the bottom of this page. 

Robert’s search was very revealing, and certainly had him reviewing all the information available about him online. He’s taken steps to redact his Social Security number from government records online and has gone so far as to call his credit card and bank companies to test their authentication policies. In some cases, he was authenticated using this information he found online and, to his credit, he’s suggested those companies review their authentication protocols. We mostly consider identity theft the result of lost or stolen information, but this exercise shows that you may be at risk already.

Have you found your Social Security number or other sensitive information online? Let us know in the comments.

Also check out this 3D artistic representation of security threats. Makes all these horrible threats seem almost beautiful!

image: mconnors @morguefile

A new survey from Nationwide indicates that consumers impacted today from identity theft may not have enough money in reserve to get through the recovery process.

The survey, conducted with 400 adults in December of 2008, looked both to identity theft victims and to unaffected consumers in equal proportion. According to the survey, 10% of identity theft victims polled missed payments due to the crime. 80% say that they suffered serious repercussions as a result of identity theft, including lower credit scores, utilities shut off, bankruptcy, vehicle repossession, home foreclosure or jail time.

A previous survey talked about here indicates the average consumer cost per fraud incident was $496, but this does not include the time needed to recover from the fraud, which is likely increasing the odds of not being able to financially cope with the burden.

“If the identity theft involves your credit cards you can often resolve the problems quickly. However, if the fraud involves a debit card, a loan or your health insurance, the impact can be costly and time consuming. With so many Americans losing their savings and investments, people have less money to fall back on during the time it takes to stop the bleeding.” – Kirk Herath, Chief Privacy Officer for Nationwide Insurance

The survey found that most identity theft victims surveyed tend to be Caucasian, female, ages 35-54, college-educated, married, and employed full time. Those separated or divorced, and in high income households, are more likely to be affected.

Previous Nationwide surveys found that victims spend an average of 81 hours recovering from identity theft, with some going much longer. Other surveys have found similar average resolution times

Hat tip to George ; Image: clipart

I know you’ve seen the advertisements for “FreeCreditReport.com,” the catchy commercials prompting people to avoid being victims of identity theft by monitoring their credit reports. The catch – that site wasn’t free, the credit report came free in exchange for a monthly credit-monitoring cost from Experian. According to the Fair Credit Reporting Act, all the consumer reporting companies (Equifax, Experian, TransUnion) are required to provide you a free credit report upon request every year. As the FTC notes:

The Federal Trade Commission has received complaints from consumers who thought they were ordering their free annual credit report, but instead paid hidden fees or agreed to unwanted services. Don’t be fooled by TV ads, email offers, or online search results. Go to the authorized source when you request your free report.

Well, the Federal Trade Commission (FTC) decided to start up their own service, a free one, no catches. Their website? AnnualCreditReport.com. Yeah, if that’s not enough, their ads also parody the Experian ones.

Here’s the same FreeCreditReport.com ad overlaid with warnings to be aware of deals like these:

Checking your credit once per year gives you an opportunity to make sure the information is accurate and up-to-date. Not only that, it helps you spot identity theft. Because your credit is used to evaluate insurance, employment and more, it’s an important step to take in safeguarding your identity.

Via dunning letter, philly.com

According to a new report from Gartner, 7.5% of Americans were victims of financial fraud in 2008. Data breaches were the main cause of the financial losses.

Gartner, in its survey of 5,000 adults, showed that 70% of respondents had never been a victim of identity theft / fraud. For those who have, the breakdown includes 14% of respondents who had their credit card data used, 7% had their debit card used, 6% had a new account opened in their name, 5% were the victims of money transfer fraud and 4% had checks forged.

Of those who had been victims of fraud, 19% cited a data breach as the cause. That is the highest figure cited, after which were wallet theft (16%) and online scams (13%). This data clearly shows that data breaches are leading to incidents of identity theft and fraud.

Victims of certain types of fraud are able to recover more easily than others. The cost of most credit card fraud, for example, is not borne by the consumer. However, the survey found that bank account fraud can damage credit rating, sometimes with damage that lasts for more than a year.

The survey indicates that less than one-third of victims reported these crimes to law enforcement and only 5% reported it to the Federal Trade Commission.

Via pogowasright, finextra, CNET ; Image: morguefile / penywise

Javelin Strategy & Research have released the results of their 2009 Identity Fraud Survey Report. The result confirms that the number of identity fraud victims rose by 22% to 9.9 million adults in the US for 2008. The total annual fraud amount, the amount criminals were able to obtain illegally, went up to $48 billion.

The report, which is based upon a survey of 24,000 US respondents, aims to help understand identity fraud and the success rates of methods in prevention, detection and resolution. Highlights from the study include:

• Identity fraud incidents increased by 22% to 9.9 million victims, levels not seen since the survey began 2004 (attributed to economic uncertainty)
• Cost to consumers for identity fraud is down to $496 (from $718)
• 71% of fraud incidents began occurring less than 1 week from when the data was stolen (up from 33%)
• Women were 26% more likely to be victims of identity fraud; it also took women nearly twice as long to catch fraud. This points to a lack of education of fraud detection.
• Lost or stolen wallets, checkbooks and credit/debit cards were most likely avenues of attack (43%), when access was known
• Average fraud amount, per incident, is $4,849 (the amount criminals obtained illegally)

As the result of better means of fraud detection and resolution, fraud is being detected and resolved more quickly. Thus, although the identity fraud victims went up (a bad thing), the consumer cost per incident went down by 31% to $496 per incident. I think consumers would agree that this is still a high cost and one which doesn’t even account for the time and anxiety such an incident would cause.

The Javelin report is available in two versions, one for consumers and one for industry professionals. The consumer report offers best practices for protection while the professional report looks at trends and on impacts to consumer behavior. You can download either report here.

Also check out Absolute Software’s recent study with the Ponemon Institute: The Human Factor in Laptop Encryption.

Children are increasingly becoming the targets of identity theft. Although the problem is not new, it is possible the issue is more common than was previously realized.

Children become targets by identity thieves for a number of reasons: the stolen Social Security Number can become associated with crimes, lines of credit, or for work purposes. Most people do not consider that their children are at risk for these crimes, so many go undetected for long periods of time. From 2005 – 2007, more than 34,000 reports of identity theft involving minors under age 18 were reported to the Federal Trade Commission.

With adults, identity fraud can usually be detected more quickly. Children, however, are not attempting to apply for loans or credit cards, and so don’t have that trigger situation to highlight the issues. Sadly, in about 50% of cases, the thief is someone known to the child.

Randy Waldron Jr., now 27, has spent the last 10 years trying to clean up his reputation after his father abused his Social Security Number to run up millions of dollars in debt.

Some tips to protect your child’s identity include:

• Shred all papers that contain Social Security Numbers
• Store Social Security cards in a safe place – don’t carry it
• Investigate if your child receives pre-approved credit applications
• Ask for a credit report for your child – there shouldn’t be one yet for minors, so if there is, it may be problematic
• Be wary when providing documentation to anyone that could be used for fraud

Via AP, AP ; Image: Microsoft Office Clipart / iStockphoto.com