Archive for the ‘Identity Theft’ Category

The Federal Trade Commission (FTC) is warning victims of Hurricane Ike and Gustav, and donors to the recovery, to beware of identity theft scams.

The FTC works to prevent fraudulent, deceptive and unfair business practices, and to educate consumers about these practices. One such warning involves being extra cautious in the wake of current events, particularly those that pull at your heart strings. Many people will take advantage of natural disasters like Ike and Gustav to create bogus fund-raising operations.

The FTC advises consumers to give to charities that have been around for some time, as they are best prepared to delivery assistance, and to ensure (among other things) that you are donating to the charity you intended to. They recommend a checklist of things to do to prevent becoming a victim of fraud.

In addition to charity fraud, victims of Hurricane Ike and Gustav are cautioned against becoming victims of home repair fraud. They recommend taking the time to check the references of your contractors and to be responsible with your payment process. The FTC reminds consumers not to sign an insurance check over to a contractor.

In order to get relief benefits or replacement documents, victims of the hurricanes will need to share personal information. Be cautious of scams of people claiming to be government officials - check their IDs and know that the government never charges application fees.

Here are some resources from the FTC:

• FTC Charity Checklist – to ensure your donation dollars benefit the people and organizations you want to help
• FTC Hurricane Recovery Resources (Charity Fraud, Home Repair Fraud, Identity Protection)
• Hurricane Recovery Consumer Information – more information about a slew of scams to beware of

Via MarketWatch ; Image: NASA by Jesse Allen

Identity Theft 911 has published a white paper about Identity Theft in California [PDF]. The white paper examines identity theft within the state and what steps are being taken by the government officials and businesses to combat the issue.

In 2007, California was ranked as the second-worst state in terms of identity theft complaints per capita, according to Federal Trade Commission (FTC) data. From 2002-2006, it held the third position on this list, so it’s clear that identity theft is a growing and persistent issue in California.

“Each year, more and more consumers fall victim to various forms of this insidious crime. This report puts a spotlight on California, highlighting several issues that are likely responsible for driving up these numbers in the state,” said Judd Rousseau, Chief Fraud Officer of Identity Theft 911.

According to the FTC, 1.5 million Californians were victims of identity theft in 2007 (out of a population of 36.5 million). The most common forms of identity theft were credit card fraud and employment-related fraud. The incidents of 2007 cost an estimated $749 million in out-of-pocket expenses for victims (and 6 million hours in resolution time). That’s an astronomical figure.

California has been responding to the issues of identity theft at the government level. New legislation has been passed, including breach notification laws, prohibitions for the public display of Social Security Numbers, and restrictions on the sharing / selling of personally identifiable information. The white paper outlines various other types of legislation that might mitigate the identity theft issue in California.

Via press release

The Identity Theft Enforcement and Restitution Act (H.R. 5938) has been amended and was passed by the Senate on July 30, 2008. The bill, championed by Senate Judiciary Committee Chairman Patrick Leahy, was originally introduced and approved by the Senate in November. The bill stalled in the House, and was therefore amended and returned to the House for consideration.

Leahy, who has introduced a number of cyber crime bills (including S. 495, The Personal Data Privacy and Security Act), has combined HR 5938’s cyberattack & identity theft motives with an amendment that would give Secret Service protection to former US vice presidents. The revised bill has the support of the Department of Justice, the Secrete Service, and industry and consumer groups such as the US Chamber of Commerce and the AARP.

Identity Theft Enforcement and Restitution Act (HR 5938) would:

• Give identity theft victims the ability to seek restitution
• Ensure cyber criminals posing as businesses can be prosecuted
• Make it a felony to employ spyware or keyloggers that damage 10+ computers
• Extend cybercrime definitions to include cyberextortion cases

This legislation would not enact federal data breach notification standards, but it would be a first step in the right direction.

Via SC Magazine Tags: leahy, cybercrime, cyber crime, identity theft, id theft, legislation, hr 5938, federal legislation

The Identity Theft Resource Center (ITRC) has released their 5th annual Aftermath Study, looking into the impacts of identity theft on its victims. The study is both qualitative and quantitative, involving the experiences of identity theft victims. The study seeks to understand all the impacts, from emotional impacts to the financial loss suffered.

Highlights of the 2007 ITRC Aftermath Study:

• Types of identity theft crime: 78% financial, 2% criminal, 2% government (the remaining as combination cases)
• 57% of victims had their information used to open new lines of credit
• For non-financial identity theft, 62% had thieves commit financial crimes that resulted in their names being issued in warrants
• Nearly 1/3 of identity theft were started by a person known to the victim (5-yr data)
• 82% of victims found out about the theft through an adverse action (10% found out from proactive measures by businesses, 8% saw it on their credit report)
• Victims spent an average of $550.39 in out-of-pocket expenses for damage done to existing accounts (for new accounts, an average of $1,865.27) and 116 hours to repair the damage (158 for new accounts)
• 19% of victims indicate it took more than 2 years to resolve their case (70% resolve in up to 12 months)
• Credit agencies cause delays in fixing records – 31% of victims complain of negative information being put back, 32% of it not being removed, 22% of SSNs being tied to another person’s file, 19% of a fraud alert being ignored
• 49% of victims report stressed family life

The ITRC trends indicate that obtaining new credit lines, as an avenue for fraud, may be becoming more difficult. They predict that check fraud and debit card fraud, which are increasing, may see further growth as these trends continue.

Victims of identity theft do suffer greatly, and it takes a great deal of both time and money to resolve the issues. Some issues, according to the report, may continue to linger long after credit reports are cleared. For example, insurance & credit card rates may go up. Others face an inability to get credit (64%) or to have credit agencies still calling. In some cases, victims have difficulty getting jobs or in clearing their criminal records (when their identity is used in a crime).

You can download the full report here [PDF]

Tags: id theft, identity theft, aftermath, breach, financial theft, fraud, id theft victims

CTV is running a four-part series looking into the “epidemic of identity theft” in Vancouver, part of which is due to the volume of stolen mail in the city.

Sgt. Ken Athans, who runs the Vancouver Police Department’s identity theft task force, says identity theft is huge business in Vancouver, and only getting bigger.

“It’s high gain and low risk, more people are going to get into it and that’s what’s happening in Vancouver,” Ken Athans said.

Areas like Yaletown and the West End are prime targets for mail thieves, where the affluent lifestyle attracts people to search for credit card applications or bank statements to initiate fraud. Peter Stabler, a crown prosecutor, convicts an identity thief every other business day in the city. That said, there is a high proportion of repeat offenders who view jail time as part of the “job.”

Vancouver is the mail theft capital of Canada, and CTV has learned that Canada Post has delayed the replacement of improperly secured mail boxes for as many as five years. Only about a third of improperly security mailboxes have been replaced, leaving many open to theft by easily forged keys.

Canada Post does not record statistics of stolen mail, only undelivered mail. This makes it difficult to understand the extent of the problem. Once mail is delivered, Canada Post will no longer claim responsibility for it, and it’s up to local law enforcement to investigate the theft of what, at that point, is personal property. You can read some of what Canada Post had to say here.

What do you think about the issue? Does Canada Post have a responsibility to protect the mail, even after its been delivered?

Image: maps.google.com ; Tags: mail theft, vancouver, id theft, identity theft, security, mail security, mail, canada post, ctv

I opened up my mail this week to see a flyer from the Canadian Conservative Government via our MP Stockwell Day. The front of the flyer is shown above. There is a quote on the back as follows:

“This Government is following through on its commitment to give police the tools they need to better protect Canadians by stopping identity-theft activity before the damage is done.” – Rob Nicholson, Minister of Justice

According to the flip side, the Canadian Conservative Government is putting forward tough new laws to prevent identity theft, to compensate victims, and to put identity thieves behind bars. I am supposed to cut out the bottom half of this flyer and return it with the answer to this question as “Yes” or “No”:

“Do you support the Conservative Government’s tougher laws against identity theft?”

Sounds great – proactive, right? I have a problem with it though. There is no information about what these laws are, what they do, or where I can learn about them. No website, nothing. I have absolutely no idea to which law the flyer refers.

So, if a member of the Conservative Government would like to fill the public in on which of the multiple identity theft bills before Parliament they are referring to, I’d be happy to answer their survey.

Tags: id theft, id theft survey, canada, identity theft, parliament, laws, legal system, conservative government, stockwell day

The black market for data is much more sophisticated than most people realize. It’s not a “one price fits all” scenario. There are price points, just like in any advanced market. And, just like the same markets, there are services provided to prospective customers.

Francois Paget of McAfee’s Avert Labs blog has shared a discovery about the prices going on different “quality” levels of data on the black market.

Avert Labs has discovered a “price list” for everything from credit card numbers to bank account logins and other personal data that is sold in the underground economy. A tip led them to a website that was auctioning off data, including bank logons and credit card information, with prices such as:

• Washington Mutual (US), balance $14,400 (sell price 600 euros/$924)
• Citibank (UK), balance 10,044 pounds/$19,626 (sell price 850 euros/$1,310)

If you buy a bank account login, and the data owner has cancelled the account within 24 hours, they’ll even give you a replacement stolen account.

So, the black market is an organized system with value for quality, and even customer service. The same website sold information in “bundle prices” and offers free data only a daily basis, as “goodies” to entice their sale.

Visit the Avert Labs site for more information and screen shots of the system in question.

Via CNet Tags: black market, data, data resale, underground economy, data breach, personal data, data resale, identity theft, fraud

Bankrate’s recent poll about the consumer knowledge of identity theft indicates that 80% of Americans are worried about identity theft.

Gfk Roper America conducted a random survey of American households, compiling results from 1006 adults (524 women, 482 men). According to the survey, respondents who know someone who has been a victim of identity theft (34% of the respondents) are more likely to fear becoming victims of identity theft themselves.

Respondents who are concerned about identity theft are more likely to be taking steps to prevent it. These steps include shredding documents and monitoring credit reports.

Surprisingly, 35% of people who are concerned about identity theft have taken no steps to avoid identity theft. This number shows a great deal more avoidance of the issue than I expected. Indeed, for people not concerned about identity theft, only 19% haven’t made any changes to avoid identity theft. So, the data is indicating that although some people concerned with identity theft go above and beyond to protect themselves, in some cases the knowledge of identity theft leads to an increase in the "head in the sand" approach.

In terms of defining which avenue of identity theft most scares the respondents, information obtained over the web (45%) and information obtained from a business (25%) dominated the results. The data indicates a strong fear of e-commerce as leading to identity theft, which is largely unsupported by the data breaches happening today.

"Consumers tend to blame security breaches and incidents on the ‘Internet’ and they are more likely to change their online behavior than their behavior in the physical world as a result. This reaction is not based on the facts. The fact is that the large security breaches are happening at brick-and-mortar companies like TJX and Hannaford." – Avivah Litan, VP and Analyst, Gartner

Identity theft is misunderstood by consumers - both how it happens and what the consequences are. Much more consumer education is needed, in addition to safeguards that service providers can put in place to proactively protect consumers.

Via I’ve Been Mugged Tags: identity theft, id theft, id theft prevention, theft prevention, breach, security, online security, internet security, data security

Even the most carefully laid plans can go awry. Federal prosecutors charged a Southern Californian woman this week with aggravated identity theft after she used a genealogy website to locate people who had recently died and to take over their credit cards.

Tracy June Kirkland was using Rootsweb.com to find the names, Social Security numbers and birth dates of people who had died. She would then call credit card companies randomly to see if "she" had an account, if "she" did, she would request a mailing address change and, in some cases, would add her own name as an authorized user. Ms. Kirkland repeated this scheme at least 100 times between October, 2005 and last month.

Rootsweb.com is a genealogical research site that, amongst other services, reproduces the Social Security Administration’s Death Index, which is a public list of people who have died, along with their birth dates and Social Security Numbers. The government publishes this list with such detail in order that banks can prevent people from applying for credit under any deceased people’s identities. The information is made public by the Freedom of Information Act.

Tracy Kirkland has found a loophole in the system by, instead of applying for new credit, simply co-opting existing credit accounts. This is the first time this exploit has been found, according to a spokesperson for the Social Security Administration.

"The reason the Social Security Administration has it out there is to prevent fraud, and when it’s used to perpetrate fraud it’s because not all the checks and balances were in place on the financial institution’s end."

So, what do you think? Should the Social Security Numbers be reported on the Death Index? Do you think the benefits to the prevention of identity theft outweigh the risks shown here?

You can feel the full court indictment here [PDF]

Via wired ; Logo: Rootsweb, a part of Ancestry.com and MyFamily.com Inc.Tags: rootsweb, identity theft, id theft, death index, breach

You know about thieves stealing your credit cards, or even accessing your bank statements. But did you know that your tax refund is also at risk?

The Seattle Post Intelligencer has exposed the story of a woman who found a case of fraudulent tax return under her name – a thief who has filed taxes under her Social Security Number that would result in a refund. It could be that many other people will find themselves the victims of identity theft this tax season.

An unnamed woman sat down at her computer to file her taxes, but they kept being rejected with an error that a tax return had already been filed under her Social Security Number. After calling the Social Security Administration and the IRS, she found that the tax return had been filed under a different address – not hers.

The thief had filed a fraudulent tax return under her name – this tax return would yield a cash refund. And so, the woman now has to file a police report, a complaint with the FTC, put a fraud alert on her credit report, and to go through the process to prove her identity in order to submit her real tax return.

An earlier Seattle PI story painted a dire picture of the process: another tax preparer who found herself a victim of identity theft was unable to receive her tax refund until two months, and many calls, later. And she may have been lucky. Finance Committee Chairman Max Baucus says that it takes a year, on average, for the IRS to sort out the real tax payer and to issue a refund.

According to a new audit [PDF] out from the Treasury Inspector General for Tax Administration, fraudulent tax returns are becoming all too common. Complaints of this type jumped 579% in the five years leading to 2007, with 20,000 complaints in 2007.

Sadly, the report found that the IRS is doing very little to stop or to prosecute those who commit this form of identity theft. Prosecution is only pursued if the identity theft occurs in conjunction with other criminal offenses.

IRS policy is that the actual crime of identity theft will only be investigated by the Criminal Investigation Division if it is committed in conjunction with other criminal offenses having a large tax effect.

Such a lack of prosecution may explain the huge jump in incidents seen over the last few years.

image: penywise via morguefile ; Tags: identity theft, id theft, fraud, tax fraud, identity fraud, irs, government, irs policy, taxes, tax, criminal