First, I would like to dedicate this blog posting to all the Identity Theft Perpetrators - this information is being posted so that you will have less success in your life of crime, less victims to victimize and so that this information will hopefully be useful in your capture and full prosecution that you will face in a court a law.
Secondly, I would like to dedicate this blog posting to all the victims of Identity Theft. It is my sincerest hope that you will find resolution, justice and ultimately peace of mind.
At the end of this reposting from the USDOJ website, I will offer some strategies that will allow you to be able to mitigate the wrongs that have been perpetrated against you.
What Are Identity Theft and Identity Fraud?
"But he that filches from me my good name/Robs me of that which not enriches him/And makes me poor indeed."
- Shakespeare, Othello, act iii. Sc. 3.
The short answer is that identity theft is a crime. Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. These Web pages are intended to explain why you need to take precautions to protect yourself from identity theft. Unlike your fingerprints, which are unique to you and cannot be given to someone else for their use, your personal data especially your Social Security number, your bank account or credit card number, your telephone calling card number, and other valuable identifying data can be used, if they fall into the wrong hands, to personally profit at your expense. In the United States and Canada, for example, many people have reported that unauthorized persons have taken funds out of their bank or financial accounts, or, in the worst cases, taken over their identities altogether, running up vast debts and committing crimes while using the victims's names. In many cases, a victim's losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.
In one notorious case of identity theft, the criminal, a convicted felon, not only incurred more than $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and handguns in the victim's name, but called his victim to taunt him -- saying that he could continue to pose as the victim for as long as he wanted because identity theft was not a federal crime at that time -- before filing for bankruptcy, also in the victim's name. While the victim and his wife spent more than four years and more than $15,000 of their own money to restore their credit and reputation, the criminal served a brief sentence for making a false statement to procure a firearm, but made no restitution to his victim for any of the harm he had caused. This case, and others like it, prompted Congress in 1998 to create a new federal offense of identity theft.
What Are The Most Common Ways To Commit Identity Theft or Fraud?
Many people do not realize how easily criminals can obtain our personal data without having to break into our homes. In public places, for example, criminals may engage in "shoulder surfing" watching you from a nearby location as you punch in your telephone calling card number or credit card number or listen in on your conversation if you give your credit-card number over the telephone to a hotel or rental car company.
Even the area near your home or office may not be secure. Some criminals engage in "dumpster diving" going through your garbage cans or a communal dumpster or trash bin -- to obtain copies of your checks, credit card or bank statements, or other records that typically bear your name, address, and even your telephone number. These types of records make it easier for criminals to get control over accounts in your name and assume your identity.
If you receive applications for "preapproved" credit cards in the mail, but discard them without tearing up the enclosed materials, criminals may retrieve them and try to activate the cards for their use without your knowledge. (Some credit card companies, when sending credit cards, have adopted security measures that allow a card recipient to activate the card only from his or her home telephone number but this is not yet a universal practice.) Also, if your mail is delivered to a place where others have ready access to it, criminals may simply intercept and redirect your mail to another location.
In recent years, the Internet has become an appealing place for criminals to obtain identifying data, such as passwords or even banking information. In their haste to explore the exciting features of the Internet, many people respond to "spam" unsolicited E-mail that promises them some benefit but requests identifying data, without realizing that in many cases, the requester has no intention of keeping his promise. In some cases, criminals reportedly have used computer technology to obtain large amounts of personal data.
With enough identifying information about an individual, a criminal can take over that individual's identity to conduct a wide range of crimes: for example, false applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent use of telephone calling cards, or obtaining other goods or privileges which the criminal might be denied if he were to use his real name. If the criminal takes steps to ensure that bills for the falsely obtained credit cards, or bank statements showing the unauthorized withdrawals, are sent to an address other than the victim's, the victim may not become aware of what is happing until the criminal has already inflicted substantial damage on the victim's assets, credit, and reputation.
What's The Department Of Justice Doing About Identity Theft And Fraud?
The Department of Justice prosecutes cases of identity theft and fraud under a variety of federal statutes. In the fall of 1998, for example, Congress passed the Identity Theft and Assumption Deterrence Act . This legislation created a new offense of identity theft, which prohibits knowingly transfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
18 U.S.C. § 1028(a)(7). This offense, in most circumstances, carries a maximum term of 15 years' imprisonment, a fine, and criminal forfeiture of any personal property used or intended to be used to commit the offense.
Schemes to commit identity theft or fraud may also involve violations of other statutes such as identification fraud (18 U.S.C. § 1028), credit card fraud (18 U.S.C. § 1029), computer fraud (18 U.S.C. § 1030), mail fraud (18 U.S.C. § 1341), wire fraud (18 U.S.C. § 1343), or financial institution fraud (18 U.S.C. § 1344). Each of these federal offenses are felonies that carry substantial penalties in some cases, as high as 30 years' imprisonment, fines, and criminal forfeiture.
Federal prosecutors work with federal investigative agencies such as the Federal Bureau of Investigation, the United States Secret Service, and the United States Postal Inspection Service to prosecute identity theft and fraud cases.
Here are some examples of recent cases:
Central District of California. A woman pleaded guilty to federal charges of using a stolen Social Security number to obtain thousands of dollars in credit and then filing for bankruptcy in the name of her victim. More recently, a man was indicted, pleaded guilty to federal charges and was sentenced to 27 months' imprisonment for obtaining private bank account information about an insurance company's policyholders and using that information to deposit $764,000 in counterfeit checks into a bank account he established.
Central District of California. Two of three defendants have pleaded guilty to identity theft, bank fraud, and related charges for their roles in a scheme to open bank accounts with both real and fake identification documents, deposit U.S. Treasury checks that were stolen from the mail, and withdraw funds from those accounts.
Middle District of Florida. A defendant has been indicted on bank fraud charges for obtaining names, addresses, and Social Security numbers from a Web site and using those data to apply for a series of car loans over the Internet.
Southern District of Florida. A woman was indicted and pleaded guilty to federal charges involving her obtaining a fraudulent driver's license in the name of the victim, using the license to withdraw more than $13,000 from the victim's bank account, and obtaining five department store credit cards in the victim's name and charging approximately $4,000 on those cards.
District of Kansas. A defendant pleaded guilty to conspiracy, odometer fraud, and mail fraud for operating an odometer "rollback" scheme on used cars. The defendant used false and assumed identities, including the identities of deceased persons, to obtain false identification documents and fraudulent car titles.
What Can I Do About Identity Theft And Fraud?
To victims of identity theft and fraud, the task of correcting incorrect information about their financial or personal status, and trying to restore their good names and reputations, may seem as daunting as trying to solve a puzzle in which some of the pieces are missing and other pieces no longer fit as they once did. Unfortunately, the damage that criminals do in stealing another person's identity and using it to commit fraud often takes far longer to undo than it took the criminal to commit the crimes.
What Should I Do To Avoid Becoming A Victim Of Identity Theft?
To reduce or minimize the risk of becoming a victim of identity theft or fraud, there are some basic steps you can take. For starters, just remember the word "SCAM":
Be stingy about giving out your personal information to others unless you have a reason to trust them, regardless of where you are:
At Home.
Start by adopting a "need to know" approach to your personal data. Your credit card company may need to know your mother's maiden name, so that it can verify your identity when you call to inquire about your account. A person who calls you and says he's from your bank, however, doesn't need to know that information if it's already on file with your bank; the only purpose of such a call is to acquire that information for that person's personal benefit. Also, the more information that you have printed on your personal bank checks -- such as your Social Security number or home telephone number -- the more personal data you are routinely handing out to people who may not need that information.
If someone you don't know calls you on the telephone and offers you the chance to receive a "major" credit card, a prize, or other valuable item, but asks you for personal data -- such as your Social Security number, credit card number or expiration date, or mother's maiden name -- ask them to send you a written application form.
If they won't do it, tell them you're not interested and hang up.
If they will, review the application carefully when you receive it and make sure it's going to a company or financial institution that's well-known and reputable. The Better Business Bureau can give you information about businesses that have been the subject of complaints.
On Travel.
If you're traveling, have your mail held at your local post office, or ask someone you know well and trust another family member, a friend, or a neighbor to collect and hold your mail while you're away.
If you have to telephone someone while you're traveling, and need to pass on personal financial information to the person you're calling, don't do it at an open telephone booth where passersby can listen in on what you're saying; use a telephone booth where you can close the door, or wait until you're at a less public location to call.
C Check your financial information regularly, and look for what should be there and what shouldn't:
What Should Be There.
If you have bank or credit card accounts, you should be receiving monthly statements that list transactions for the most recent month or reporting period.
If you're not receiving monthly statements for the accounts you know you have, call the financial institution or credit card company immediately and ask about it.
If you're told that your statements are being mailed to another address that you haven't authorized, tell the financial institution or credit card representative immediately that you did not authorize the change of address and that someone may be improperly using your accounts. In that situation, you should also ask for copies of all statements and debit or charge transactions that have occurred since the last statement you received. Obtaining those copies will help you to work with the financial institution or credit card company in determining whether some or all of those debit or charge transactions were fraudulent.
What Shouldn't Be There.
If someone has gotten your financial data and made unauthorized debits or charges against your financial accounts, checking your monthly statements carefully may be the quickest way for you to find out. Too many of us give those statements, or the enclosed checks or credit transactions, only a quick glance, and don't review them closely to make sure there are no unauthorized withdrawals or charges.
If someone has managed to get access to your mail or other personal data, and opened any credit cards in your name or taken any funds from your bank account, contact your financial institution or credit card company immediately to report those transactions and to request further action.
A Ask periodically for a copy of your credit report.
Your credit report should list all bank and financial accounts under your name, and will provide other indications of whether someone has wrongfully opened or used any accounts in your name.
M Maintain careful records of your banking and financial accounts.
Even though financial institutions are required to maintain copies of your checks, debit transactions, and similar transactions for five years, you should retain your monthly statements and checks for at least one year, if not more. If you need to dispute a particular check or transaction especially if they purport to bear your signatures your original records will be more immediately accessible and useful to the institutions that you have contacted.
Even if you take all of these steps, however, it's still possible that you can become a victim of identity theft. Records containing your personal data -- credit-card receipts or car-rental agreements, for example -- may be found by or shared with someone who decides to use your data for fraudulent purposes.
What Should I Do If I've Become A Victim Of Identity Theft?
If you think you've become a victim of identity theft or fraud, act immediately to minimize the damage to your personal funds and financial accounts, as well as your reputation. Here's a list -- based in part on a checklist prepared by the California Public Interest Research Group (CalPIRG) and the Privacy Rights Clearinghouse -- of some actions that you should take right away:
Contact the Federal Trade Commission (FTC) to report the situation, whether Online, By telephone toll-free at 1-877-ID THEFT (877-438-4338) or TDD at 202-326-2502, or
By mail to Consumer Response Center, FTC, 600 Pennsylvania Avenue, N.W., Washington, DC 20580.
Under the Identity Theft and Assumption Deterrence Act , the Federal Trade Commission is responsible for receiving and processing complaints from people who believe they may be victims of identity theft, providing informational materials to those people, and referring those complaints to appropriate entities, including the major credit reporting agencies and law enforcement agencies. For further information, please check the FTC's identity theft Web pages . You can also call your local office of the FBI or the U.S. Secret Service to report crimes relating to identity theft and fraud.
You may also need to contact other agencies for other types of identity theft:
Your local office of the Postal Inspection Service if you suspect that an identity thief has submitted a change-of-address form with the Post Office to redirect your mail, or has used the mail to commit frauds involving your identity;
The Social Security Administration if you suspect that your Social Security number is being fraudulently used (call 800-269-0271 to report the fraud);
The Internal Revenue Service if you suspect the improper use of identification information in connection with tax violations (call 1-800-829-0433 to report the violations).
Call the fraud units of the three principal credit reporting companies:
Equifax:
To report fraud, call (800) 525-6285 or write to P.O. Box 740250, Atlanta, GA 30374-0250.
To order a copy of your credit report ($8 in most states), write to P.O. Box 740241, Atlanta, GA 30374-0241, or call (800) 685-1111.
To dispute information in your report, call the phone number provided on your credit report.
To opt out of pre-approved offers of credit, call (888) 567-8688 or write to Equifax Options, P.O. Box 740123, Atlanta GA 30374-0123.
Experian(formerly TRW)
To report fraud, call (888) EXPERIAN or (888) 397-3742, fax to (800) 301-7196, or write to P.O. Box 1017, Allen, TX 75013.
To order a copy of your credit report ($8 in most states): P.O. Box 2104, Allen TX 75013, or call (888) EXPERIAN.
To dispute information in your report, call the phone number provided on your credit report.
To opt out of pre-approved offers of credit and marketing lists, call (800) 353-0809 or (888) 5OPTOUT or write to P.O. Box 919, Allen, TX 75013.
Trans Union
To report fraud, call (800) 680-7289 or write to P.O. Box 6790, Fullerton, CA 92634.
To order a copy of your credit report ($8 in most states), write to P.O. Box 390, Springfield, PA 19064 or call: (800) 888-4213.
To dispute information in your report, call the phone number provided on your credit report.
To opt out of pre-approved offers of credit and marketing lists, call (800) 680-7293 or (888) 5OPTOUT or write to P.O Box 97328, Jackson, MS 39238.
Contact all creditors with whom your name or identifying data have been fraudulently used. For example, you may need to contact your long-distance telephone company if your long-distance calling card has been stolen or you find fraudulent charges on your bill.
Contact all financial institutions where you have accounts that an identity thief has taken over or that have been created in your name but without your knowledge. You may need to cancel those accounts, place stop-payment orders on any outstanding checks that may not have cleared, and change your Automated Teller Machine (ATM) card, account, and Personal Identification Number (PIN).
Contact the major check verification companies (listed in the CalPIRG-Privacy Rights Clearinghouse checklist) if you have had checks stolen or bank accounts set up by an identity thief. In particular, if you know that a particular merchant has received a check stolen from you, contact the verification company that the merchant uses:
CheckRite -- (800) 766-2748
ChexSystems -- (800) 428-9623 (closed checking accounts)
CrossCheck -- (800) 552-1900
Equifax -- (800) 437-5120
National Processing Co. (NPC) -- (800) 526-5380
SCAN -- (800) 262-7771
TeleCheck -- (800) 710-9898
Where Can I Find Out More About Identity Theft And Fraud?
A number of government and private organizations have information about various aspects of identity theft and fraud: how it can occur, what you can do about it, and how to guard your privacy. To help you learn more about the problem and its solutions, we've attached a list of Web sites that you might find interesting and informative on identity theft and related topics.
[Note: All Web sites to which these pages cross-link are included as a service for the reader. Cross-links to non-governmental sites do not constitute an endorsement or approval of their content, or of the organizations responsible for that content, by the Department of Justice.]
Government
United States:
California Department of Consumer Affairs
Federal Bureau of Investigation
Federal Deposit Insurance Corporation
Federal Trade Commission - Congressional Testimony
Federal Trade Commission - Fighting Back Against ID Theft
United States Postal Inspection Service
United States Secret Service
Canada:
Ontario Information and Privacy Commissioner
Non-Government
United States:
American Association of Retired Persons
Better Business Bureau - Alert
Better Business Bureau -- Eastern Massachusetts/Maine/Vermont
CalPIRG
Center for Democracy and Technology
National Association of Attorneys General
National Consumers League
National Fraud Information Center
Privacy Rights Clearinghouse
Smart Solutions can help victims of Identity Theft in the following ways:
We use the an ID Theft Affidavit to help resolve identity theft issues. Additionally, in the event a commercial account has been opened with your forged signature or checks (bearing your forged signature) can be countered with a Forgery & Signature Match Affidavit.
It is my thought that if you have had your identity stolen for medical purposes (normally to receive an expensive operation or medical procedure) that you visit the doctor who did the procedure and have him sign some sort of statement to the effect that you were not involved in the medical events. You may need to get an attorney to help you with this.
Social Security: Visit the office and talk to staff and proceed under their direction.
Department of Motor Vehicles: Visit the office and advise them that your license has been stolen.
For more information contact:
Michael L Hathman
VP - Smart Solutions Financial Services, LLC
12141 Natural Bridge Road
Bridgeton, MO 63044
(888) 955-3340 Toll-Free
(636) 533-4070 Office
(314) 754-2660 Fax
Info@SmartSolutionsFS.com
www.SmartSolutionsCreditRepair.com
Saturday, December 4, 2010
Friday, December 3, 2010
Smart Solutions Advice: How To Avoid Top Money Scams!
Foreclosure Prevention Scams...
The housing market in the United States may not be thriving, but business is booming for foreclosure rescue and loan modification scammers.
The US Government Accountability Office (GAO) released a report in July 2010 entitled "Home Ownership Preservation". It says that: "The current foreclosure crisis has provided persons who may perpetrate mortgage foreclosure rescue and loan modification schemes with unprecedented opportunities to profit from homeowners desperate to save their homes. In March 2010, we reported that national default and foreclosure rates rose sharply from 2005 through 2009, to the highest level in 29 years. The most recent data from the Mortgage Bankers Association, which are for the first quarter of 2010, show that the number of home loans with payments more than 60 days past due, and therefore potentially facing foreclosure, is 2.7 million."
The GAO report says there are two main types of foreclosure rescue and loan modification scams: advance-fee loan modification schemes and sales-leaseback schemes, with advance-fee schemes being the most common. In an advance-fee scheme, someone charges you a fee in advance to negotiate a deal with your mortgage lender. They may even offer a money-back guarantee. But the usual outcome is that they take your money (the average is about $3,000), provide little or no service, and then refuse to refund the fee. In a sales-leaseback scheme, the scammer persuades you to transfer your deed to them by offering to assume your payments and let you pay rent while you get your affairs in order. They promise to sell the property back to you once your financial situation improves, but, of course, they don't. Often they take out another loan on the home or even sell it out from under you.
The Federal Trade Commission reports on a new twist on the advance-fee scam that's showing up this year, a "forensic mortgage loan audit." The scammer offers to find regulatory violations in your original mortgage that will help you avoid foreclosure or even cancel your loan. There's no evidence that anyone has ever succeeded in modifying their loan using this approach.
Here are some “red flags” that at-risk homeowners should watch out for when looking for foreclosure help, courtesy of the FTC. You should avoid any business that:
*guarantees to stop the foreclosure process – no matter what your circumstances
*instructs you not to contact your lender, lawyer, or credit or housing counselor
*collects a fee before providing you with any services
*accepts payment only by cashier’s check or wire transfer
*encourages you to lease your home so you can buy it back over time
*tells you to make your mortgage payments directly to it, rather than your lender tells you to transfer your property deed or title to it
*offers to buy your house for cash at a fixed price that is not set by the housing market at the time of sale
*offers to fill out paperwork for you
*pressures you to sign paperwork you haven’t had a chance to read thoroughly or that you don’t understand.
Dating Scams...
The Federal Trade Commission, the nation’s consumer protection agency, warns that scammers sometimes use online dating and social networking sites to try to convince people to send money in the name of love. In a typical scenario, the scam artist creates a fake profile, gains the trust of an online love interest, and then asks that person to wire money—usually to a location outside the United States.
Here are some warning signs that someone you met online could be in it for the money:
*Wanting to leave the dating site immediately and use personal e-mail or IM accounts.
*Claiming instant feelings of love.
*Claiming to be from the United States but currently overseas.
*Planning to visit, but being unable to do so because of a tragic event.
*Asking for money to pay for travel, visas or other travel documents, medication, a child or other relative’s hospital bills, recovery from a temporary financial setback, or expenses while a big business deal comes through.
*Making multiple requests for more money.
The FTC warns consumers that wiring money to someone they haven’t met is the same as sending cash. Once it’s gone, it can’t be recovered.
For more information on Online Dating Scams visit OnGuardOnline.gov, the federal government’s online safety website. OnGuardOnline provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. OnGuardOnline.gov is a partnership of more than a dozen federal agencies and the technology industry.
The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a new video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad.
MEDIA CONTACT:
Office of Public Affairs
202-326-2180
The ATM Scam...
ATMs are under siege more than ever from skimming. Skimming, where ATM thieves steal your PIN and account number using remote devices, is increasing dramatically. Often done by sophisticated crime rings from the Eastern bloc countries, ATM skimming is becoming a high-tech art that's hard to detect.
That's bad news for consumers. Experts say that losses from skimming are approaching $1 billion. Nearly one in five fraud victims reported having their credit card PIN or debit card ATM PIN information stolen in 2009, according to Javelin Strategy & Research. And Robert Vamosi, an analyst handling risk, fraud and security at Javelin, sees ATM skimming continuing to rise this year and next.
"Consumers aren't aware of ATM tampering," he says. "ATMs have 40 years of trust."
Skimming isn't new. It's been around for at least 10 years. What has changed is that the "technology of the bad guy is getting better and better every year," says Robert Siciliano, a security expert based in Boston. "It's up to consumers to watch their own backs."
Typically, ATM thieves use two devices to capture your PIN and card data. One device sits near where you swipe your card and reads the magnetic stripe on your card with your account number. Even more confusing, the device mimics the card slot. "The technology has evolved to a point where the molded plastic fits like it belongs there," says Siciliano. Devices are even readily available over the Internet for as little as $300.
A camera, hidden from view, captures the PIN. "You can get the data in real time," says Siciliano. "You can be in your car with a laptop remotely accessing the device."
Thieves then burn the data onto a blank card to access your money.
U.S. Secret Service spokesman Max Milien wants consumers to be warned. "The public is notified after an event," he says. And don't take bank security for granted. Fraud can occur at any bank in any part of the country. Thieves are even sending out false text alerts to get consumer data.
Banks, they say, are slow to adopt anti-skimming measures. When Javelin surveyed 25 banks, four stood out, though, for their anti-theft measures. They are Bank of America, Chase, Citibank and Wells Fargo.
advertisementExperts add that debit card users are most at risk. Typically, consumers must report fraudulent charges within two days, limiting your liability to $50. If you report ATM skimming fraud within 60 days, you're liable for the first $500 of any transaction. Siciliano adds that thieves carefully orchestrate ATM withdrawals, maxing out cash withdrawals one day and waiting until after midnight for the next stash, which quickly adds up.
Here are four tips to help you protect your account.
1. Cover your password with your hand
Hidden cameras are disguised so they can pick up your password. By protecting it, ATM thieves can't access your account.
2. Use familiar ATMs and limit your visits
ATMs in dimly lighted spots or used late at night could be more susceptible to fraud, while ATMs under video surveillance can be safer. Stay away from ATMs at retail stores or restaurants, adds Siciliano. Recently, skimming devices were found on ATMs in a popular grocery store in central Florida. Airports, convenience stores or kiosks are equally vulnerable to ATM thieves. Still, even highly trafficked ATMs outside a bank branch have been targeted by thieves.
Also, try to limit your visits to the ATM. "With frequency, there's risk," says Siciliano.
3. Check bank balances frequently
Given the two-day window for reporting fraud, it pays to check your account frequently. If you don't report fraud within 60 days, you have unlimited liability. "Sign up for alerts and notice unusual withdrawals," says Vamosi.
With credit cards there are more protections in place, and you can dispute charges."You have at least a billing cycle," says Siciliano.
4. Observe the ATM
Vamosi cautions consumers to look at an ATM to make sure a card slot is "legitimate and not tacked on." Look for things that strike you, he says. "Some people have felt that when they inserted their card, something went awry," he says. In that case, try another ATM.
When protecting your account against ATM thieves, "it's all about awareness, paying attention and understanding risks," says Sicilano. "There are 400,000 ATMs and every one of them is susceptible to fraud. The speed and convenience of technology has replaced the security of technology."
The Junked Copier Fraud...
Digital Copier Identity Theft
In our office we have a copier that can make your copy into a PDF document that you can receive via email at your desk. It’s a really great feature but recently I saw how that feature could turn potentially ugly with the push of a few wrong buttons.
A person accidentally sent a PDF copy of his license and social security card to a few people in the office because he mistakenly highlighted more names than his own. This could have been an identity theft situation that would have cost this person a lot of time and money to reclaim the stolen identity.
But the problem doesn’t stop there. If this person was using a digital copier, there is another risk that has nothing to do with human error. Did you know that digital copiers store what you’ve copied on a hard drive that if not wiped clean, can be retrieved when that copier is re-sold or junked after it is no longer useful to the company?
It is scary to think about how much personal and company data could be on your organization’s copier hard drive. Fortunately, there are some ways you can try to protect that information by working with your IT staff. An article by Consumeraffairs.com has some easy to follow steps you can take in your office.
As scary as this is, the number one way people become victims of identity theft is still through their own lapses in judgment. Don’t be careless with your personal information. Learn how to be identity smart with the brochure,Identity Smart: A Guide for Consumers to Help Protect Against Identity Theft, by LifeLock and the National Crime Prevention Council.
Ten simple tips to secure your identity:
• Do not give out personal information over the phone, through the mail, or over the Internet unless you have initiated the contact or know with whom you’re dealing.
• Shred all documents, including preapproved credit applications, insurance forms, bank checks and statements you are discarding, and other financial information.
• Protect your computer from Internet intruders—use firewalls. Also use anti-virus software and keep it up-to-date. Create hard-to-guess passwords that cannot be found in any dictionary. Select passwords with at least eight characters and that include a mix of numbers and both uppercase and lowercase letters.
• Minimize the identification information and the number of cards you carry. Take only what you’ll actually need. Make a list of all your credit card account numbers and bank account numbers with customer service phone numbers, and keep it in a safe place.
• Do not put your Social Security number on your checks or your credit receipts. If a business requests your Social Security number, give an alternate number.
• Be careful when using ATM machines and long-distance phone cards. Someone may look over your shoulder and get your PIN numbers. You also have to be careful of ATM skimmer machines. Do not use an ATM if it looks like it’s been tampered with.
• Never submit your credit card number to a website unless it is encrypted on a secured site. Look at the bottom of the screen for a padlock symbol. Do not select to save your information on the site for future transactions.
• Pay attention to your billing cycles. Follow up with creditors if bills don’t arrive on time. A missing credit card bill could mean an identity thief has taken over your credit account and changed your address.
• Cancel all credit cards you have not used in the last six months. Open credit is a prime target for an identity thief. Also, you might consider signing up for a monitoring service so you can be alerted to any unusual activity.
• Order your credit report at least twice a year from the three major credit bureaus: Equifax (www.equifax.com), Experian (www.experian.com), and Trans Union (www.transunion.com). The Fair Credit Reporting Act allows you to get one free credit report from each of the three major credit bureaus once per year. Visit www.annualcreditreport.com. Correct all mistakes on your credit report in writing. Send a letter to the credit reporting agency identifying the problems item by item, include a copy of the credit report, and send the letter return receipt requested.
Health Care Fraud...
A pharmaceutical company marketed four drugs to doctors. The drugs had been approved by the Food and Drug Administration (FDA) for specific medical conditions—like rheumatoid arthritis, schizophrenia, and neuropathic pain—but the company promoted the drugs for other uses as well—like post-operative pain, dementia, and migraines—and sometimes in larger doses than the FDA allowed. In some cases, the company even paid kickbacks to doctors to prescribe the drugs for these other uses.
What this company did is known as off-label marketing of prescription drugs, and it’s both illegal and potentially harmful to consumers. After an investigation involving the FBI and our federal and state partners, the company pled guilty to misbranding the drugs and agreed to pay $2.3 billion to settle criminal and civil violations…the largest U.S. health care fraud settlement ever.
Latest Schemes, Shams, Scams & Frauds
As part of its health care fraud program, the Bureau is looking at various fraud schemes involving:
- Home health care;
- Infusion therapy; and
- Durable medical equipment.
We’re also focused on other health care fraud-related crime problems impacting public safety, such as:
- Off-label marketing of prescription drugs;
- Drug diversion (prescription drugs diverted from legitimate supply sources for illicit distribution and abuse); and
- Internet pharmacies.
Partnerships are key. A tried-and-true method of leveraging resources is establishing partnerships. And we’ve done just that—with federal agencies like the FDA and the Drug Enforcement Administration, various state and local agencies, and private insurance groups like the National Health Care Anti-Fraud Association.
Our most recent joint endeavor? Our participation in the Department of Justice/Health and Human Services’ (HHS) Health Care Fraud Prevention and Enforcement Action Team, or HEAT, and its Medicare Fraud Strike Forces located in several major metropolitan areas.
The HEAT initiative includes senior Justice, FBI, and HHS officials who are focusing their efforts to reduce Medicare and Medicaid fraud through enhanced cooperation. And the strike forces, which use a data-driven approach to identify unexplainable billing patterns by health care providers and then investigate these providers for possible fraudulent activity, are a vital part of the initiative. As a result of strike force efforts, more than 300 cases have been filed and close to 600 defendants charged.
Health care fraud facts:
■Health care fraud schemes come in all forms—fraudulent billings, medically unnecessary services or prescriptions, kickbacks, duplicate claims, etc.
■Schemes target large health care programs—both public and private—as well as health care beneficiaries. (Medicare and the Medicaid are the largest programs, so they are targeted more often.)
■Schemes are committed by health care providers, owners of medical facilities and laboratories, suppliers of medical equipment, organized crime groups, corporations, and even sometimes by the beneficiaries themselves.
■FBI health care fraud cases sometimes cross over into other investigative areas, like organized crime, gangs, and cyber crime, where we see criminals beginning to use the proceeds from health care fraud schemes to fund their operations.
Tips to help avoid being victimized:
■Protect your health insurance information card like a credit card.
■Beware of free health services—are they too good to be true?
■Review your medical bills, like your “explanation of benefits,” after receiving health care.
Stay tuned for more exciting stories on mass money fraud so you can protect yourself from being scammed.
Michael L. Hathman
VP - Smart Solutions Financial Services, LLC
12141 Natural Bridge Road
Bridgeton, MO 63044
(888)955-3340 - Toll-Free
(636)533-4070 - Office
Info@SmartSolutionsFS.com
www.SmartSolutionsCreditRepair.com
The housing market in the United States may not be thriving, but business is booming for foreclosure rescue and loan modification scammers.
The US Government Accountability Office (GAO) released a report in July 2010 entitled "Home Ownership Preservation". It says that: "The current foreclosure crisis has provided persons who may perpetrate mortgage foreclosure rescue and loan modification schemes with unprecedented opportunities to profit from homeowners desperate to save their homes. In March 2010, we reported that national default and foreclosure rates rose sharply from 2005 through 2009, to the highest level in 29 years. The most recent data from the Mortgage Bankers Association, which are for the first quarter of 2010, show that the number of home loans with payments more than 60 days past due, and therefore potentially facing foreclosure, is 2.7 million."
The GAO report says there are two main types of foreclosure rescue and loan modification scams: advance-fee loan modification schemes and sales-leaseback schemes, with advance-fee schemes being the most common. In an advance-fee scheme, someone charges you a fee in advance to negotiate a deal with your mortgage lender. They may even offer a money-back guarantee. But the usual outcome is that they take your money (the average is about $3,000), provide little or no service, and then refuse to refund the fee. In a sales-leaseback scheme, the scammer persuades you to transfer your deed to them by offering to assume your payments and let you pay rent while you get your affairs in order. They promise to sell the property back to you once your financial situation improves, but, of course, they don't. Often they take out another loan on the home or even sell it out from under you.
The Federal Trade Commission reports on a new twist on the advance-fee scam that's showing up this year, a "forensic mortgage loan audit." The scammer offers to find regulatory violations in your original mortgage that will help you avoid foreclosure or even cancel your loan. There's no evidence that anyone has ever succeeded in modifying their loan using this approach.
Here are some “red flags” that at-risk homeowners should watch out for when looking for foreclosure help, courtesy of the FTC. You should avoid any business that:
*guarantees to stop the foreclosure process – no matter what your circumstances
*instructs you not to contact your lender, lawyer, or credit or housing counselor
*collects a fee before providing you with any services
*accepts payment only by cashier’s check or wire transfer
*encourages you to lease your home so you can buy it back over time
*tells you to make your mortgage payments directly to it, rather than your lender tells you to transfer your property deed or title to it
*offers to buy your house for cash at a fixed price that is not set by the housing market at the time of sale
*offers to fill out paperwork for you
*pressures you to sign paperwork you haven’t had a chance to read thoroughly or that you don’t understand.
Dating Scams...
The Federal Trade Commission, the nation’s consumer protection agency, warns that scammers sometimes use online dating and social networking sites to try to convince people to send money in the name of love. In a typical scenario, the scam artist creates a fake profile, gains the trust of an online love interest, and then asks that person to wire money—usually to a location outside the United States.
Here are some warning signs that someone you met online could be in it for the money:
*Wanting to leave the dating site immediately and use personal e-mail or IM accounts.
*Claiming instant feelings of love.
*Claiming to be from the United States but currently overseas.
*Planning to visit, but being unable to do so because of a tragic event.
*Asking for money to pay for travel, visas or other travel documents, medication, a child or other relative’s hospital bills, recovery from a temporary financial setback, or expenses while a big business deal comes through.
*Making multiple requests for more money.
The FTC warns consumers that wiring money to someone they haven’t met is the same as sending cash. Once it’s gone, it can’t be recovered.
For more information on Online Dating Scams visit OnGuardOnline.gov, the federal government’s online safety website. OnGuardOnline provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. OnGuardOnline.gov is a partnership of more than a dozen federal agencies and the technology industry.
The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a new video, How to File a Complaint, at ftc.gov/video to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad.
MEDIA CONTACT:
Office of Public Affairs
202-326-2180
The ATM Scam...
ATMs are under siege more than ever from skimming. Skimming, where ATM thieves steal your PIN and account number using remote devices, is increasing dramatically. Often done by sophisticated crime rings from the Eastern bloc countries, ATM skimming is becoming a high-tech art that's hard to detect.
That's bad news for consumers. Experts say that losses from skimming are approaching $1 billion. Nearly one in five fraud victims reported having their credit card PIN or debit card ATM PIN information stolen in 2009, according to Javelin Strategy & Research. And Robert Vamosi, an analyst handling risk, fraud and security at Javelin, sees ATM skimming continuing to rise this year and next.
"Consumers aren't aware of ATM tampering," he says. "ATMs have 40 years of trust."
Skimming isn't new. It's been around for at least 10 years. What has changed is that the "technology of the bad guy is getting better and better every year," says Robert Siciliano, a security expert based in Boston. "It's up to consumers to watch their own backs."
Typically, ATM thieves use two devices to capture your PIN and card data. One device sits near where you swipe your card and reads the magnetic stripe on your card with your account number. Even more confusing, the device mimics the card slot. "The technology has evolved to a point where the molded plastic fits like it belongs there," says Siciliano. Devices are even readily available over the Internet for as little as $300.
A camera, hidden from view, captures the PIN. "You can get the data in real time," says Siciliano. "You can be in your car with a laptop remotely accessing the device."
Thieves then burn the data onto a blank card to access your money.
U.S. Secret Service spokesman Max Milien wants consumers to be warned. "The public is notified after an event," he says. And don't take bank security for granted. Fraud can occur at any bank in any part of the country. Thieves are even sending out false text alerts to get consumer data.
Banks, they say, are slow to adopt anti-skimming measures. When Javelin surveyed 25 banks, four stood out, though, for their anti-theft measures. They are Bank of America, Chase, Citibank and Wells Fargo.
advertisementExperts add that debit card users are most at risk. Typically, consumers must report fraudulent charges within two days, limiting your liability to $50. If you report ATM skimming fraud within 60 days, you're liable for the first $500 of any transaction. Siciliano adds that thieves carefully orchestrate ATM withdrawals, maxing out cash withdrawals one day and waiting until after midnight for the next stash, which quickly adds up.
Here are four tips to help you protect your account.
1. Cover your password with your hand
Hidden cameras are disguised so they can pick up your password. By protecting it, ATM thieves can't access your account.
2. Use familiar ATMs and limit your visits
ATMs in dimly lighted spots or used late at night could be more susceptible to fraud, while ATMs under video surveillance can be safer. Stay away from ATMs at retail stores or restaurants, adds Siciliano. Recently, skimming devices were found on ATMs in a popular grocery store in central Florida. Airports, convenience stores or kiosks are equally vulnerable to ATM thieves. Still, even highly trafficked ATMs outside a bank branch have been targeted by thieves.
Also, try to limit your visits to the ATM. "With frequency, there's risk," says Siciliano.
3. Check bank balances frequently
Given the two-day window for reporting fraud, it pays to check your account frequently. If you don't report fraud within 60 days, you have unlimited liability. "Sign up for alerts and notice unusual withdrawals," says Vamosi.
With credit cards there are more protections in place, and you can dispute charges."You have at least a billing cycle," says Siciliano.
4. Observe the ATM
Vamosi cautions consumers to look at an ATM to make sure a card slot is "legitimate and not tacked on." Look for things that strike you, he says. "Some people have felt that when they inserted their card, something went awry," he says. In that case, try another ATM.
When protecting your account against ATM thieves, "it's all about awareness, paying attention and understanding risks," says Sicilano. "There are 400,000 ATMs and every one of them is susceptible to fraud. The speed and convenience of technology has replaced the security of technology."
The Junked Copier Fraud...
Digital Copier Identity Theft
In our office we have a copier that can make your copy into a PDF document that you can receive via email at your desk. It’s a really great feature but recently I saw how that feature could turn potentially ugly with the push of a few wrong buttons.
A person accidentally sent a PDF copy of his license and social security card to a few people in the office because he mistakenly highlighted more names than his own. This could have been an identity theft situation that would have cost this person a lot of time and money to reclaim the stolen identity.
But the problem doesn’t stop there. If this person was using a digital copier, there is another risk that has nothing to do with human error. Did you know that digital copiers store what you’ve copied on a hard drive that if not wiped clean, can be retrieved when that copier is re-sold or junked after it is no longer useful to the company?
It is scary to think about how much personal and company data could be on your organization’s copier hard drive. Fortunately, there are some ways you can try to protect that information by working with your IT staff. An article by Consumeraffairs.com has some easy to follow steps you can take in your office.
As scary as this is, the number one way people become victims of identity theft is still through their own lapses in judgment. Don’t be careless with your personal information. Learn how to be identity smart with the brochure,Identity Smart: A Guide for Consumers to Help Protect Against Identity Theft, by LifeLock and the National Crime Prevention Council.
Ten simple tips to secure your identity:
• Do not give out personal information over the phone, through the mail, or over the Internet unless you have initiated the contact or know with whom you’re dealing.
• Shred all documents, including preapproved credit applications, insurance forms, bank checks and statements you are discarding, and other financial information.
• Protect your computer from Internet intruders—use firewalls. Also use anti-virus software and keep it up-to-date. Create hard-to-guess passwords that cannot be found in any dictionary. Select passwords with at least eight characters and that include a mix of numbers and both uppercase and lowercase letters.
• Minimize the identification information and the number of cards you carry. Take only what you’ll actually need. Make a list of all your credit card account numbers and bank account numbers with customer service phone numbers, and keep it in a safe place.
• Do not put your Social Security number on your checks or your credit receipts. If a business requests your Social Security number, give an alternate number.
• Be careful when using ATM machines and long-distance phone cards. Someone may look over your shoulder and get your PIN numbers. You also have to be careful of ATM skimmer machines. Do not use an ATM if it looks like it’s been tampered with.
• Never submit your credit card number to a website unless it is encrypted on a secured site. Look at the bottom of the screen for a padlock symbol. Do not select to save your information on the site for future transactions.
• Pay attention to your billing cycles. Follow up with creditors if bills don’t arrive on time. A missing credit card bill could mean an identity thief has taken over your credit account and changed your address.
• Cancel all credit cards you have not used in the last six months. Open credit is a prime target for an identity thief. Also, you might consider signing up for a monitoring service so you can be alerted to any unusual activity.
• Order your credit report at least twice a year from the three major credit bureaus: Equifax (www.equifax.com), Experian (www.experian.com), and Trans Union (www.transunion.com). The Fair Credit Reporting Act allows you to get one free credit report from each of the three major credit bureaus once per year. Visit www.annualcreditreport.com. Correct all mistakes on your credit report in writing. Send a letter to the credit reporting agency identifying the problems item by item, include a copy of the credit report, and send the letter return receipt requested.
Health Care Fraud...
A pharmaceutical company marketed four drugs to doctors. The drugs had been approved by the Food and Drug Administration (FDA) for specific medical conditions—like rheumatoid arthritis, schizophrenia, and neuropathic pain—but the company promoted the drugs for other uses as well—like post-operative pain, dementia, and migraines—and sometimes in larger doses than the FDA allowed. In some cases, the company even paid kickbacks to doctors to prescribe the drugs for these other uses.
What this company did is known as off-label marketing of prescription drugs, and it’s both illegal and potentially harmful to consumers. After an investigation involving the FBI and our federal and state partners, the company pled guilty to misbranding the drugs and agreed to pay $2.3 billion to settle criminal and civil violations…the largest U.S. health care fraud settlement ever.
Latest Schemes, Shams, Scams & Frauds
As part of its health care fraud program, the Bureau is looking at various fraud schemes involving:
- Home health care;
- Infusion therapy; and
- Durable medical equipment.
We’re also focused on other health care fraud-related crime problems impacting public safety, such as:
- Off-label marketing of prescription drugs;
- Drug diversion (prescription drugs diverted from legitimate supply sources for illicit distribution and abuse); and
- Internet pharmacies.
Partnerships are key. A tried-and-true method of leveraging resources is establishing partnerships. And we’ve done just that—with federal agencies like the FDA and the Drug Enforcement Administration, various state and local agencies, and private insurance groups like the National Health Care Anti-Fraud Association.
Our most recent joint endeavor? Our participation in the Department of Justice/Health and Human Services’ (HHS) Health Care Fraud Prevention and Enforcement Action Team, or HEAT, and its Medicare Fraud Strike Forces located in several major metropolitan areas.
The HEAT initiative includes senior Justice, FBI, and HHS officials who are focusing their efforts to reduce Medicare and Medicaid fraud through enhanced cooperation. And the strike forces, which use a data-driven approach to identify unexplainable billing patterns by health care providers and then investigate these providers for possible fraudulent activity, are a vital part of the initiative. As a result of strike force efforts, more than 300 cases have been filed and close to 600 defendants charged.
Health care fraud facts:
■Health care fraud schemes come in all forms—fraudulent billings, medically unnecessary services or prescriptions, kickbacks, duplicate claims, etc.
■Schemes target large health care programs—both public and private—as well as health care beneficiaries. (Medicare and the Medicaid are the largest programs, so they are targeted more often.)
■Schemes are committed by health care providers, owners of medical facilities and laboratories, suppliers of medical equipment, organized crime groups, corporations, and even sometimes by the beneficiaries themselves.
■FBI health care fraud cases sometimes cross over into other investigative areas, like organized crime, gangs, and cyber crime, where we see criminals beginning to use the proceeds from health care fraud schemes to fund their operations.
Tips to help avoid being victimized:
■Protect your health insurance information card like a credit card.
■Beware of free health services—are they too good to be true?
■Review your medical bills, like your “explanation of benefits,” after receiving health care.
Stay tuned for more exciting stories on mass money fraud so you can protect yourself from being scammed.
Michael L. Hathman
VP - Smart Solutions Financial Services, LLC
12141 Natural Bridge Road
Bridgeton, MO 63044
(888)955-3340 - Toll-Free
(636)533-4070 - Office
Info@SmartSolutionsFS.com
www.SmartSolutionsCreditRepair.com
Friday, November 26, 2010
Smart Solutions Advice: How To Avoid Latest ID Theft Scams
The FBI, Federal Trade Commission (FTC) and Earthlink have jointly issued a warning on how the growing ranks of Internet crooks are using new tricks called "phishing" and "spoofing" to steal your identity.
In an FBI press release, Assistant Director of the agency's Cyber Division, Jana Monroe says, "Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet.
The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony "Customer Service" type of web site. Assistant Director Monroe said that the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.
"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case. Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.
In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.
"IP Spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.
"Link alteration" involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail requesting him/her to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet Service Provider, or a commercial site like EBay or PayPal, there is an increasing chance that the individual will follow through in submitting their personal and/or credit information.
FBI Offers Tips on How to Protect Yourself
•If you encounter an unsolicited e-mail that asks you, either directly, or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.
•If you need to update your information online, use the normal process you've used before, or open a new browser window and type in the website address of the legitimate company's account maintenance page.
•If a website address is unfamiliar, it's probably not real. Only use the address that you have used before, or start at your normal homepage.
•Always report fraudulent or suspicious e-mail to your ISP.
•Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.
•Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long strong of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.
•If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is legitimate.
•If you've been victimized, you should contact your local police or sheriff's department, and file a complaint with the FBI's Internet Fraud Complaint Center at http://www.IFCCFBI.gov.
Additionally,
The Jury Duty Scam...
The FBI and U.S. Courts are warning consumers to be alert for an increasingly common -- and effective -- telephone-based identity theft threat known as "the jury duty scam."
In the jury duty scam, the scammer, posing as a local court worker, tells you that a warrant has been issued for your arrest because you failed to report for jury duty. Since you probably had not received a jury duty notice, you will say so. At this point, the scammer will ask for your date of birth and Social Security number so that he or she can "verify" your jury duty notice. Of course, a Social Security number and date of birth are all the identity thief needs to make your life downright miserable. But wait, there's more. Depending on your willingness to give up your basic information, the emboldened scammer may go on to ask you for credit your card information.
The jury duty scam works on the victims' emotions. The shock of being told they are about to be arrested will place most people off guard and less vigilant about protecting their personal information.
Real U.S. court officials want you to know that the courts never ask for any personal information over the telephone. In reality, courts typically follow up with prospective and no-show jurors by conventional mail, rarely, if ever, by telephone.
The jury duty scam has been reported sporadically since fall of 2005 in Michigan, Ohio, Texas, Arizona, Illinois, Pennsylvania, Minnesota, Oregon and Washington state. The scam has most recently been reported in California. Warnings about the jury duty scam have been posted on both the FBI and U.S. Courts Websites.
Protecting yourself against telephone-based identity theft is really simple. Unless you have initiated the call, and intend to do so, never give out your personal information over the telephone.
Banking Information Verification Scam...
Emails falsely claiming to be from the likes of Citibank, NatWest, and other reputable banking entities attempt to entice recipients into divulging their ATM/Debit card and PIN numbers. Those who click on the link will be directed to an authentic banking site, but a small window asking for pertinent account info will also be displayed. This small window is not from the banking site. Instead, it captures the sensitive data and sends it to the miscreants behind the malicious email.
Following is a sample of one such email:
Dear Citibank Member,
This email was sent by the Citibank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM. This is done for your protection -I- because some of our members no longer have access to their email addresses and we must verify it.
To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL)p, copy and paste the link into the address bar of your web browser.
Unsuspecting users who click the link and enter the information requested into the small popup window will risk having their bank accounts compromised.
This banking scam is widespread throughout the world, affecting a large number of banks and their customers.
To protect yourself from such scams, remember the following:
•A legitimate financial institution will never ask for your account information via an email
•Do not follow links provided in an email requesting any form of financial information
•Call your local bank and ask for verification before responding to any form of electronic correspondence alleging to be from your bank
E-Bay & Pay Pal Scams...
Reputable firms such as eBay and PayPal have been besieged by email scammers attempting to pilfer valuable credit card details from unsuspecting customers. These emails often are quite well-done and look very authentic. However, a seasoned eye can quickly ferret out the truth. Those less savvy may want to follow a simple bit of advice: never follow a link in email unless you absolutely trust the sender. If you'd like to move from unsavvy to seasoned, here's how to ferret out malformed link scams.
Understanding HTML links
HTML is the programming language that tells a browser how to render a web page. You can use HTML in email and many people do. However, doing so makes it very easy for links in email to appear to point to one site, when in fact they point to another.
Links in HTML are created by a special tag. There are two components to the tag, the real link (i.e. the target) and the displayed text for that link.
Michael Hathman
VP - Smart Solutions Financial Services, LLC
12141 Natural Bridge Road
Bridgeton, MO 63044
(888) 955-3340 - Toll-Free
(636) 533-4070 - Office
Info@SmartSolutionsFS.com
www.SmartSolutionsCreditRepair.com
In an FBI press release, Assistant Director of the agency's Cyber Division, Jana Monroe says, "Bogus e-mails that try to trick customers into giving out personal information are the hottest, and most troubling, new scam on the Internet.
The FBI's Internet Fraud Complaint Center (IFCC) has seen a steady increase in complaints that involve some form of unsolicited e-mail directing consumers to a phony "Customer Service" type of web site. Assistant Director Monroe said that the scam is contributing to a rise in identity theft, credit card fraud, and other Internet frauds.
"Spoofing," or "phishing," frauds attempt to make Internet users believe that they are receiving e-mail from a specific, trusted source, or that they are securely connected to a trusted web site, when that is not the case. Spoofing is generally used as a means to convince individuals to provide personal or financial information that enables the perpetrators to commit credit card/bank fraud or other forms of identity theft.
In "E-mail spoofing" the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to get recipients to open and possibly even respond to their solicitations.
"IP Spoofing" is a technique used to gain unauthorized access to computers, whereby the intruder sends a message to a computer with an IP address indicating that the message is coming from a trusted source.
"Link alteration" involves altering the return address in a web page sent to a consumer to make it go to the hacker's site rather than the legitimate site. This is accomplished by adding the hacker's address before the actual address in any e-mail, or page that has a request going back to the original site. If an individual unsuspectingly receives a spoofed e-mail requesting him/her to "click here to update" their account information, and then are redirected to a site that looks exactly like their Internet Service Provider, or a commercial site like EBay or PayPal, there is an increasing chance that the individual will follow through in submitting their personal and/or credit information.
FBI Offers Tips on How to Protect Yourself
•If you encounter an unsolicited e-mail that asks you, either directly, or through a web site, for personal financial or identity information, such as Social Security number, passwords, or other identifiers, exercise extreme caution.
•If you need to update your information online, use the normal process you've used before, or open a new browser window and type in the website address of the legitimate company's account maintenance page.
•If a website address is unfamiliar, it's probably not real. Only use the address that you have used before, or start at your normal homepage.
•Always report fraudulent or suspicious e-mail to your ISP.
•Most companies require you to log in to a secure site. Look for the lock at the bottom of your browser and "https" in front of the website address.
•Take note of the header address on the web site. Most legitimate sites will have a relatively short internet address that usually depicts the business name followed by ".com," or possibly ".org." Spoof sites are more likely to have an excessively long strong of characters in the header, with the legitimate business name somewhere in the string, or possibly not at all.
•If you have any doubts about an e-mail or website, contact the legitimate company directly. Make a copy of the questionable web site's URL address, send it to the legitimate business and ask if the request is legitimate.
•If you've been victimized, you should contact your local police or sheriff's department, and file a complaint with the FBI's Internet Fraud Complaint Center at http://www.IFCCFBI.gov.
Additionally,
The Jury Duty Scam...
The FBI and U.S. Courts are warning consumers to be alert for an increasingly common -- and effective -- telephone-based identity theft threat known as "the jury duty scam."
In the jury duty scam, the scammer, posing as a local court worker, tells you that a warrant has been issued for your arrest because you failed to report for jury duty. Since you probably had not received a jury duty notice, you will say so. At this point, the scammer will ask for your date of birth and Social Security number so that he or she can "verify" your jury duty notice. Of course, a Social Security number and date of birth are all the identity thief needs to make your life downright miserable. But wait, there's more. Depending on your willingness to give up your basic information, the emboldened scammer may go on to ask you for credit your card information.
The jury duty scam works on the victims' emotions. The shock of being told they are about to be arrested will place most people off guard and less vigilant about protecting their personal information.
Real U.S. court officials want you to know that the courts never ask for any personal information over the telephone. In reality, courts typically follow up with prospective and no-show jurors by conventional mail, rarely, if ever, by telephone.
The jury duty scam has been reported sporadically since fall of 2005 in Michigan, Ohio, Texas, Arizona, Illinois, Pennsylvania, Minnesota, Oregon and Washington state. The scam has most recently been reported in California. Warnings about the jury duty scam have been posted on both the FBI and U.S. Courts Websites.
Protecting yourself against telephone-based identity theft is really simple. Unless you have initiated the call, and intend to do so, never give out your personal information over the telephone.
Banking Information Verification Scam...
Emails falsely claiming to be from the likes of Citibank, NatWest, and other reputable banking entities attempt to entice recipients into divulging their ATM/Debit card and PIN numbers. Those who click on the link will be directed to an authentic banking site, but a small window asking for pertinent account info will also be displayed. This small window is not from the banking site. Instead, it captures the sensitive data and sends it to the miscreants behind the malicious email.
Following is a sample of one such email:
Dear Citibank Member,
This email was sent by the Citibank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM. This is done for your protection -I- because some of our members no longer have access to their email addresses and we must verify it.
To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link (or if you use AOL)p, copy and paste the link into the address bar of your web browser.
Unsuspecting users who click the link and enter the information requested into the small popup window will risk having their bank accounts compromised.
This banking scam is widespread throughout the world, affecting a large number of banks and their customers.
To protect yourself from such scams, remember the following:
•A legitimate financial institution will never ask for your account information via an email
•Do not follow links provided in an email requesting any form of financial information
•Call your local bank and ask for verification before responding to any form of electronic correspondence alleging to be from your bank
E-Bay & Pay Pal Scams...
Reputable firms such as eBay and PayPal have been besieged by email scammers attempting to pilfer valuable credit card details from unsuspecting customers. These emails often are quite well-done and look very authentic. However, a seasoned eye can quickly ferret out the truth. Those less savvy may want to follow a simple bit of advice: never follow a link in email unless you absolutely trust the sender. If you'd like to move from unsavvy to seasoned, here's how to ferret out malformed link scams.
Understanding HTML links
HTML is the programming language that tells a browser how to render a web page. You can use HTML in email and many people do. However, doing so makes it very easy for links in email to appear to point to one site, when in fact they point to another.
Links in HTML are created by a special tag. There are two components to the tag, the real link (i.e. the target) and the displayed text for that link.
Michael Hathman
VP - Smart Solutions Financial Services, LLC
12141 Natural Bridge Road
Bridgeton, MO 63044
(888) 955-3340 - Toll-Free
(636) 533-4070 - Office
Info@SmartSolutionsFS.com
www.SmartSolutionsCreditRepair.com
Thursday, September 2, 2010
So, It's OK To Bump That Appraisal, Right?
Something known as "appraisal bumping" has been around in the real estate business for years. Basically, this happens when the Appraiser agrees to increase the value of the appraisal.
So, the question is, "When does 'appraisal bumping' become an ethical and/or illegal matter?"
The guideline is typically, the appraisal opinion must be "reasonably supported" by fair market values. This "evidence" can be supported by a CMA (Comparison Market Analysis).
And while this definition is fine and dandy, that still leaves the question open as to whether a true valuation can be supported by the necessary comparison values. In my opinion, so long as the valuation is "reasonably fair and accurate" and the appraisal will support additional valuation, then the matter is probably acceptable.
It's also important to understand that there is an "appraisal review committee" that works at most banks. If an appraisal seems "overvalued" the committee will review the matter and render a decision based on its own findings. These findings may also incorporate a "Broker Price Opnion" (BPO) in order to substantiate whether the valuation is fair or not.
It is illegal and unethical to overvaluate a property. This typically can happen when an overvaluation is is extreme, unreasonable or unacceptable. That's usually when the trouble can start for an appraiser, buyer and loan officer. HUD, the FBI, Banking Investigators all start looking into these matters.
My recommendation is don't get carried away with bumping - just make sure you and your appraiser are keeping things reasonable.
Michael Hathman
VP - Smart Solutions Financial Services, LLC
888-955-3340 - Toll-Free
www.SmartSolutionsCreditRepair.com
Info@SmartSolutionsFS.com
So, the question is, "When does 'appraisal bumping' become an ethical and/or illegal matter?"
The guideline is typically, the appraisal opinion must be "reasonably supported" by fair market values. This "evidence" can be supported by a CMA (Comparison Market Analysis).
And while this definition is fine and dandy, that still leaves the question open as to whether a true valuation can be supported by the necessary comparison values. In my opinion, so long as the valuation is "reasonably fair and accurate" and the appraisal will support additional valuation, then the matter is probably acceptable.
It's also important to understand that there is an "appraisal review committee" that works at most banks. If an appraisal seems "overvalued" the committee will review the matter and render a decision based on its own findings. These findings may also incorporate a "Broker Price Opnion" (BPO) in order to substantiate whether the valuation is fair or not.
It is illegal and unethical to overvaluate a property. This typically can happen when an overvaluation is is extreme, unreasonable or unacceptable. That's usually when the trouble can start for an appraiser, buyer and loan officer. HUD, the FBI, Banking Investigators all start looking into these matters.
My recommendation is don't get carried away with bumping - just make sure you and your appraiser are keeping things reasonable.
Michael Hathman
VP - Smart Solutions Financial Services, LLC
888-955-3340 - Toll-Free
www.SmartSolutionsCreditRepair.com
Info@SmartSolutionsFS.com
Monday, August 23, 2010
Smart Financial Matters: Facts vs Opinions
Ever wonder if you are getting a fact or is it just an opinion on important matters? Knowing what to look for and how to spot what the truth is are two very different yet important distinctions that need to be addressed if you need to have the empowering information to make progress in life.
Consider this: A boss says, I think your services for what you do in this particular line of work is X amount of dollars. That's one person's opinion. Want the straight facts? Visit: www.salary.com and find out what statistics are saying.
Consider this: An appraiser opines that your house is worth X amount of dollars. The "appraisal" is one man's opinion. Want to know for sure? Check out www.Zillow.com and see what the houses are running in your neighborhood or ask a qualified real estate agent who specializes in residential real estate for an second opinion.
Consider this: A used car dealer says he'll give you a trade in on your car and says it's only worth $1,500. Visit www.kelleybluebook.com to get a good assessment.
There's a lot to be said when it comes to considering opinions and looking at facts. Make sure you check your facts before settling with an opinion. Otherwise, it might cost you more than you realize.
Michael L Hathman
VP - Smart Solutions Financial Services, LLC
636-533-4070
www.SmartSolutionsCreditRepair.com
Info@SmartSolutionsFS.com
Consider this: A boss says, I think your services for what you do in this particular line of work is X amount of dollars. That's one person's opinion. Want the straight facts? Visit: www.salary.com and find out what statistics are saying.
Consider this: An appraiser opines that your house is worth X amount of dollars. The "appraisal" is one man's opinion. Want to know for sure? Check out www.Zillow.com and see what the houses are running in your neighborhood or ask a qualified real estate agent who specializes in residential real estate for an second opinion.
Consider this: A used car dealer says he'll give you a trade in on your car and says it's only worth $1,500. Visit www.kelleybluebook.com to get a good assessment.
There's a lot to be said when it comes to considering opinions and looking at facts. Make sure you check your facts before settling with an opinion. Otherwise, it might cost you more than you realize.
Michael L Hathman
VP - Smart Solutions Financial Services, LLC
636-533-4070
www.SmartSolutionsCreditRepair.com
Info@SmartSolutionsFS.com
Tuesday, August 17, 2010
The Fair & Accurate Credit Transactions Act (FACTA)
When it comes to identity theft and credit, everyone should know their rights. So, as a courtesy, I am reposting the FACTA here. If you don't understand your rights under the law, please consult with a licensed attorney who is familiar with consumer law.
Here it is (in summary):
IDENTITY THEFT RED FLAGS AND ADDRESS DISCREPANCIES UNDER THE FAIR AND
ACCURATE CREDIT TRANSACTIONS ACT OF 2003
On November 9, 2007, the Federal Trade Commission published final rules implementing part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA)regarding the duties of creditors, card issuers and users of consumer reports with respect to the prevention of identity theft. These new regulations went into effect on January 1, 2008 and compliance is required by November 1, 2008. The regulations are organized in three parts which are summarized in this memo.
I. Duties of Users of Consumer Reports Regarding Address Discrepancies
This regulation is set forth at 16 CFR 681.1 and applies to users of consumer reports that are subject to administrative enforcement of the Fair Credit Reporting Act (FCRA) by the Federal Trade Commission (FTC) pursuant to 15 U.S.C. 1681s(a)(1). A user is someone who obtains a consumer report from a consumer reporting agency for a purpose permitted by FCRA, such as for employment or credit purposes. A university that obtains consumer reports would be subject to this regulation.
A user of consumer reports has the following duties:
1. A user must develop and implement reasonable policies and procedures designed to
enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it has requested the report, when the user receives a notice of address discrepancy. A notice of address discrepancy means a notice sent to a user by a consumer reporting agency, that informs the user of a substantial difference between the address for the consumer that the user provided to request the consumer report and the address(es) in the agency's file for the consumer.
Examples of reasonable policies and procedures that a user may implement to enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it has requested the report are:
(i) Comparing the information in the consumer report provided by the consumer
reporting agency with information the user:
(A) Obtains and uses to verify the consumer's identity;
(B) Maintains in its own records, such as applications, change of address
notifications, or other customer account records; or
(C) Obtains from third-party sources; or
(ii) Verifying the information in the consumer report provided by the consumer
reporting agency with the consumer.
2. A user must develop and implement reasonable policies and procedures for furnishing an address for the consumer that the user has reasonably confirmed is accurate to the consumer reporting agency from whom it received the notice of address discrepancy when the user:
(i) Can form a reasonable belief that the consumer report relates to the consumer
about whom the user requested the report;
(ii) Establishes a continuing relationship with the consumer; and
(iii) Regularly and in the ordinary course of business furnishes information to the
consumer reporting agency from which the notice of address discrepancy relating to the consumer was obtained.
The user may reasonably confirm an address is accurate by:
(i) Verifying the address with the consumer about whom it has requested the report;
(ii) Reviewing its own records to verify the address of the consumer;
(iii) Verifying the address through third-party sources; or
(iv) Using other reasonable means.
3. The policies and procedures developed in accordance with paragraph 2 above must
provide that the user will furnish the consumer's address that the user has reasonably confirmed is accurate to the consumer reporting agency as part of the information the user regularly furnishes for the reporting period in which it establishes a relationship with the consumer.
II. Duties of Creditors Regarding the Detection, Prevention, and Mitigation of Identity Theft. This regulation is set forth at 16 CFR 681.2 and applies to financial institutions and creditors that are subject to administrative enforcement of the FCRA by the FTC pursuant to 15 U.S.C. 1681s(a)(1). The term ``creditor'' means any person who regularly extends, renews, or continues credit; any person
who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit. 15 U.S.C. 1681a(r)(5). The term ``credit'' means the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefor. 15
U.S.C. 1681a(r)(5). A university that meets the definition of a creditor would be subject to this regulation.
1. Each creditor must periodically determine whether it offers or maintains covered
accounts. As a part of this determination, a creditor must conduct a risk assessment to determine whether it offers or maintains covered accounts. An Account means a
continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. A covered account is:
(i) An account that a creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or
transactions, such as a credit card account, mortgage loan, automobile loan,
margin account, cell phone account, utility account, checking account, or savings
account; and
(ii) Any other account that the creditor offers or maintains for which there is a
reasonably foreseeable risk to customers or to the safety and soundness of the
creditor from identity theft, including financial, operational, compliance,
reputation, or litigation risks.
Such risk assessment should take into consideration:
(i) The methods it provides to open its accounts;
(ii) The methods it provides to access its accounts; and
(iii) Its previous experiences with identity theft.
2. Each creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Program must be appropriate to the size and complexity of the creditor and the nature and scope of its activities. The Program must include reasonable policies and procedures to:
(i) Identify relevant Red Flags for the covered accounts that the creditor offers or
maintains, and incorporate those Red Flags into its Program. A Red Flag
means a pattern, practice, or specific activity that indicates the possible existence
of identity theft;
(ii) Detect Red Flags that have been incorporated into the Program of the creditor;
(iii) Respond appropriately to any Red Flags that are detected to prevent and mitigate
identity theft; and
(iv) Ensure the Program (including the Red Flags determined to be relevant) is
updated periodically, to reflect changes in risks to customers and to the safety
and soundness of the creditor from identity theft.
3. Each creditor that is required to implement a Program must provide for the continued administration of the Program and must:
(i) Obtain approval of the initial written Program from either its board of directors
or an appropriate committee of the board of directors;
(ii) Involve the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development,
implementation and administration of the Program;
(iii) Train staff, as necessary, to effectively implement the Program; and
(iv) Exercise appropriate and effective oversight of service provider arrangements.
4. Each creditor that is required to implement a Program must consider the guidelines in Appendix A of the regulations and include in its Program those guidelines that are appropriate.
III. Duties of Card Issuers Regarding Changes of Address.
This regulation is set forth at 16 CFR 681.3 and applies to a person described in 681.2 that issues a debit or credit card (card issuer). The term debit card'' means any card issued by a financial institution to a consumer for use in initiating an electronic fund transfer from the account of the consumer at such financial institution, for the purpose of transferring money between accounts or obtaining money,property, labor, or services. 15 U.S.C. 1681a(r)(3). The term ``financial institution'' means a State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person that, directly or indirectly, holds a transaction account (as defined in
section 461(b) of title 12) belonging to a consumer. The term ``transaction account'' means a deposit or account on which the depositor or account holder is permitted to make withdrawals by negotiable or transferable instrument, payment orders of withdrawal, telephone transfers, or other similar items for the
purpose of making payments or transfers to third persons or others. To the extent a University issues campus cards which can be used as debit cards to make electronic funds transfers from a transaction account to off-campus merchants, such a University would be subject to this regulation.
1. A card issuer must establish and implement reasonable policies and procedures to assess the validity of a change of address if it receives notification of a change of address for a consumer's debit or credit card account and, within a short period of time afterwards (during at least the first 30 days after it receives such notification), the card issuer receives a request for an additional or replacement card for the same account. Under these circumstances, the card issuer may not issue
an additional or replacement card, until, in accordance with its reasonable policies and procedures and for the purpose of assessing the validity of the change of address, the card issuer:
(i) Notifies the cardholder of the request:
(A) At the cardholder's former address; or
(B) By any other means of communication that the card issuer and the cardholder
have previously agreed to use; and
(C) Provides to the cardholder a reasonable means of promptly reporting incorrect
address changes; or
(ii) Otherwise assesses the validity of the change of address in accordance with the policies
and procedures the card issuer has established pursuant to section II above.
2. A card issuer may satisfy the requirements of paragraph 1 of this section if it validates an address pursuant to the methods in paragraph (1)(i) or (1)(ii) of this section when it receives an address change notification, before it receives a request for an additional or replacement card.
3. Any written or electronic notice that the card issuer provides under this paragraph must be clear and conspicuous and provided separately from its regular correspondence with the cardholder
Here it is (in summary):
IDENTITY THEFT RED FLAGS AND ADDRESS DISCREPANCIES UNDER THE FAIR AND
ACCURATE CREDIT TRANSACTIONS ACT OF 2003
On November 9, 2007, the Federal Trade Commission published final rules implementing part of the Fair and Accurate Credit Transactions Act of 2003 (FACTA)regarding the duties of creditors, card issuers and users of consumer reports with respect to the prevention of identity theft. These new regulations went into effect on January 1, 2008 and compliance is required by November 1, 2008. The regulations are organized in three parts which are summarized in this memo.
I. Duties of Users of Consumer Reports Regarding Address Discrepancies
This regulation is set forth at 16 CFR 681.1 and applies to users of consumer reports that are subject to administrative enforcement of the Fair Credit Reporting Act (FCRA) by the Federal Trade Commission (FTC) pursuant to 15 U.S.C. 1681s(a)(1). A user is someone who obtains a consumer report from a consumer reporting agency for a purpose permitted by FCRA, such as for employment or credit purposes. A university that obtains consumer reports would be subject to this regulation.
A user of consumer reports has the following duties:
1. A user must develop and implement reasonable policies and procedures designed to
enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it has requested the report, when the user receives a notice of address discrepancy. A notice of address discrepancy means a notice sent to a user by a consumer reporting agency, that informs the user of a substantial difference between the address for the consumer that the user provided to request the consumer report and the address(es) in the agency's file for the consumer.
Examples of reasonable policies and procedures that a user may implement to enable the user to form a reasonable belief that a consumer report relates to the consumer about whom it has requested the report are:
(i) Comparing the information in the consumer report provided by the consumer
reporting agency with information the user:
(A) Obtains and uses to verify the consumer's identity;
(B) Maintains in its own records, such as applications, change of address
notifications, or other customer account records; or
(C) Obtains from third-party sources; or
(ii) Verifying the information in the consumer report provided by the consumer
reporting agency with the consumer.
2. A user must develop and implement reasonable policies and procedures for furnishing an address for the consumer that the user has reasonably confirmed is accurate to the consumer reporting agency from whom it received the notice of address discrepancy when the user:
(i) Can form a reasonable belief that the consumer report relates to the consumer
about whom the user requested the report;
(ii) Establishes a continuing relationship with the consumer; and
(iii) Regularly and in the ordinary course of business furnishes information to the
consumer reporting agency from which the notice of address discrepancy relating to the consumer was obtained.
The user may reasonably confirm an address is accurate by:
(i) Verifying the address with the consumer about whom it has requested the report;
(ii) Reviewing its own records to verify the address of the consumer;
(iii) Verifying the address through third-party sources; or
(iv) Using other reasonable means.
3. The policies and procedures developed in accordance with paragraph 2 above must
provide that the user will furnish the consumer's address that the user has reasonably confirmed is accurate to the consumer reporting agency as part of the information the user regularly furnishes for the reporting period in which it establishes a relationship with the consumer.
II. Duties of Creditors Regarding the Detection, Prevention, and Mitigation of Identity Theft. This regulation is set forth at 16 CFR 681.2 and applies to financial institutions and creditors that are subject to administrative enforcement of the FCRA by the FTC pursuant to 15 U.S.C. 1681s(a)(1). The term ``creditor'' means any person who regularly extends, renews, or continues credit; any person
who regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew, or continue credit. 15 U.S.C. 1681a(r)(5). The term ``credit'' means the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefor. 15
U.S.C. 1681a(r)(5). A university that meets the definition of a creditor would be subject to this regulation.
1. Each creditor must periodically determine whether it offers or maintains covered
accounts. As a part of this determination, a creditor must conduct a risk assessment to determine whether it offers or maintains covered accounts. An Account means a
continuing relationship established by a person with a financial institution or creditor to obtain a product or service for personal, family, household or business purposes. A covered account is:
(i) An account that a creditor offers or maintains, primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or
transactions, such as a credit card account, mortgage loan, automobile loan,
margin account, cell phone account, utility account, checking account, or savings
account; and
(ii) Any other account that the creditor offers or maintains for which there is a
reasonably foreseeable risk to customers or to the safety and soundness of the
creditor from identity theft, including financial, operational, compliance,
reputation, or litigation risks.
Such risk assessment should take into consideration:
(i) The methods it provides to open its accounts;
(ii) The methods it provides to access its accounts; and
(iii) Its previous experiences with identity theft.
2. Each creditor that offers or maintains one or more covered accounts must develop and implement a written Identity Theft Prevention Program (Program) that is designed to detect, prevent, and mitigate identity theft in connection with the opening of a covered account or any existing covered account. The Program must be appropriate to the size and complexity of the creditor and the nature and scope of its activities. The Program must include reasonable policies and procedures to:
(i) Identify relevant Red Flags for the covered accounts that the creditor offers or
maintains, and incorporate those Red Flags into its Program. A Red Flag
means a pattern, practice, or specific activity that indicates the possible existence
of identity theft;
(ii) Detect Red Flags that have been incorporated into the Program of the creditor;
(iii) Respond appropriately to any Red Flags that are detected to prevent and mitigate
identity theft; and
(iv) Ensure the Program (including the Red Flags determined to be relevant) is
updated periodically, to reflect changes in risks to customers and to the safety
and soundness of the creditor from identity theft.
3. Each creditor that is required to implement a Program must provide for the continued administration of the Program and must:
(i) Obtain approval of the initial written Program from either its board of directors
or an appropriate committee of the board of directors;
(ii) Involve the board of directors, an appropriate committee thereof, or a designated employee at the level of senior management in the oversight, development,
implementation and administration of the Program;
(iii) Train staff, as necessary, to effectively implement the Program; and
(iv) Exercise appropriate and effective oversight of service provider arrangements.
4. Each creditor that is required to implement a Program must consider the guidelines in Appendix A of the regulations and include in its Program those guidelines that are appropriate.
III. Duties of Card Issuers Regarding Changes of Address.
This regulation is set forth at 16 CFR 681.3 and applies to a person described in 681.2 that issues a debit or credit card (card issuer). The term debit card'' means any card issued by a financial institution to a consumer for use in initiating an electronic fund transfer from the account of the consumer at such financial institution, for the purpose of transferring money between accounts or obtaining money,property, labor, or services. 15 U.S.C. 1681a(r)(3). The term ``financial institution'' means a State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person that, directly or indirectly, holds a transaction account (as defined in
section 461(b) of title 12) belonging to a consumer. The term ``transaction account'' means a deposit or account on which the depositor or account holder is permitted to make withdrawals by negotiable or transferable instrument, payment orders of withdrawal, telephone transfers, or other similar items for the
purpose of making payments or transfers to third persons or others. To the extent a University issues campus cards which can be used as debit cards to make electronic funds transfers from a transaction account to off-campus merchants, such a University would be subject to this regulation.
1. A card issuer must establish and implement reasonable policies and procedures to assess the validity of a change of address if it receives notification of a change of address for a consumer's debit or credit card account and, within a short period of time afterwards (during at least the first 30 days after it receives such notification), the card issuer receives a request for an additional or replacement card for the same account. Under these circumstances, the card issuer may not issue
an additional or replacement card, until, in accordance with its reasonable policies and procedures and for the purpose of assessing the validity of the change of address, the card issuer:
(i) Notifies the cardholder of the request:
(A) At the cardholder's former address; or
(B) By any other means of communication that the card issuer and the cardholder
have previously agreed to use; and
(C) Provides to the cardholder a reasonable means of promptly reporting incorrect
address changes; or
(ii) Otherwise assesses the validity of the change of address in accordance with the policies
and procedures the card issuer has established pursuant to section II above.
2. A card issuer may satisfy the requirements of paragraph 1 of this section if it validates an address pursuant to the methods in paragraph (1)(i) or (1)(ii) of this section when it receives an address change notification, before it receives a request for an additional or replacement card.
3. Any written or electronic notice that the card issuer provides under this paragraph must be clear and conspicuous and provided separately from its regular correspondence with the cardholder
Friday, August 6, 2010
How to Avoid the Latest ID Theft Scams
The risks for identity theft are everywhere you turn. Your mail, your computer, your credit cards, even your trash; all present opportunities for criminals to gain access to your personal information. To prevent identity theft, you must constantly be aware of the ways that criminals will use to gain access to your personal, identifying information.
One place that identity thieves often focus their attention is on your computer. Web sites and emails can put you at risk for identity theft. Learn how to recognize the most common computer-based scams.
Recognize a Phish-y Email
Millions of emails like this one, that are designed to help a criminal steal identities, go out every single day. These are called phishing scams. Follow along with me as I show you how to spot a phishing scam so you'll never fall victim to another one.
It starts with opening the email message. As soon as you open a message, you should begin noticing some things aren't quite right. For example, this message is from a well-known banking institution--Capital One. Most banking institutions today don't send emails requesting that customers click on links or provide information.
Protect Your Computer from Spyware
Spyware is one of the most prevalent methods that identity thieves use to collect the information needed to steal your identity. It’s such a problem that some experts estimate that nearly 80 percent of personal computers are infected with spyware. It’s also a problem that shows few signs of slowing down.
What is Spyware?
Spyware is a pretty common term, as it relates to identity theft. But what exactly is it? The easy answer is any malicious software that collects your personal information. But that answer really is too easy.
A more accurate description of spyware is that it is a group of software applications designed to collect your personal information or change the configuration of your computer without your consent. These applications can be downloaded to your computer by way of an infected file, planted without your knowledge when you visit a web site, or installed along with another software application.
What Does It Do?
Once a piece of spyware has been installed on your computer, it does one of two things: it either sits quietly in the background collecting information like account numbers, usernames, and passwords or it changes the configuration of your computer to allow a hacker access to your machine.
In the first case, the spyware is often called a keylogger – an application that logs every keystroke that you make when you’re using your keyboard. Once downloaded to your computer, keyloggers create a file where all of your keystrokes are stored, then each time you connect to the Internet a copy of that file is sent to a server somewhere else on the Web. Criminals then download that file and extract any valuable information that it might contain.
For example, if there’s a keylogger installed on your computer and you pay your bills online, order products from a Website, and fill out a registration form while you’re online, all of that information will be collected by the keylogger. Then that information is sent to the storage facility where the criminal later grabs it and separates the important stuff – your usernames, account numbers, passwords, date-of-birth, and credit card numbers. That information is then sold to another criminal who uses it for a variety of different illegal activities, including identity theft.
The other use of spyware is to change the configuration of your computer. When criminals use spyware in this manner, the program is installed on your computer and then it changes the configuration of your computer to allow that criminal to gain access to your machine, even if you’re protected by a firewall or other security software. Essentially, it’s like opening a door to your hard drive.
The criminal can then hack into your computer and either access personal information that’s stored on the computer or lock you out of the computer and use it connected to a group of other hi-jacked computers – called a botnet – to conduct some other criminal activity online. Criminals may even use your computer to send spyware and other malicious software, out to others.
Recognizing Spyware
One of the most difficult aspects of controlling spyware is that sometimes it’s hard to spot. Some spyware distributors have become so adept at disguising their programs that you can be infected and never know it. But more often than not there is at least one symptom of a spyware infection.
Some of the indicators that you may experience if you’ve been infected with spyware include:
Endless pop-up windows that open one right after another as you close them.
You type one Web address into your browser’s address bar but are redirected to another.
New, unexpected toolbars appear in your web browser.
New, unexpected icons appear in the task tray at the bottom of your screen.
Your browser's home page is suddenly changed and each time you try to change it back the effort fails.
Random Windows error messages begin to appear without explanation.
The operations of your computer slow dramatically when you’re opening programs or processing tasks such as saving files.
The only way to know for sure if your computer has been infected with spyware, however, is to scan your hard drive using an anti-spyware application.
Protecting Your Computer
Anti-spyware applications work in much the same way that anti-virus applications work. Once you install the anti-spyware application on your computer, you can set it up to scan your files regularly. There’s just one catch: the anti-spyware program has to be up-to-date to do any good.
Here’s a truth about any malicious software that poses a threat to you: criminals are constantly updating, changing, and improving the software so that it will be undetected by protection programs. An anti-spyware application that’s not up-to-date can miss the most recent threats, leaving you vulnerable.
Anti-spyware applications look for spyware based on a signature – that’s an indicator that it might not be a safe program. However, different anti-spyware programs look for different signatures. So, a piece of spyware that is detected by one program may go undetected by another.
To help combat that, I recommend installing at least two different anti-spyware programs on your computer. Use caution when setting them up, however. Make sure that each program is set to scan your computer at a different time or the programs may conflict with each other.
Spyware represents one of the most dangerous threats to your computer if you spend any time online. Take the time to install and configure anti-spyware applications to protect your computer. Without this protection, it’s not a matter of if you’ll be infected, but when and how much damage will be done.
The New Threat: Spear Phishing
Most people have heard about phishing – the practice of using fraudulent emails to gain access to personal information for the purpose of identity theft. But like any activity, an occasional update in the process is needed. Spear phishing is the new black in identity theft.
The term phishing was coined because of the way that criminals try to gain access to personal information – basically, they cast out a bunch of bait in the form of fraudulent emails, and wait to see who bites. Spear phishing, however, is more targeted.
Just a fisherman would use a spear to target a single fish, spear phishing targets individuals. Whereas criminals might send a single, mass e-mail to a couple hundred thousand people in a phishing attack, spear phishing attacks are customized and sent to a single person at a time.
The spear phishing email usually contains personal information such as a name or some tidbit about employment. They are also unique emails, rather than being the mass “your bank account has been compromised,” type emails that are more common in phishing.
For example, one instance of spear phishing targeted corporate executives with personalized emails about a legal case in which the recipient of the message was allegedly being sued. It was a new scam, so it was easy for executives to assume that it was legitimate and click the link provided in the message. And that’s the point at which the spear pierces the target.
How It Works
A spear phishing email usually includes a link that leads to a spoofed, or fake, web site that requests personal information. It all looks very legitimate, and sometimes even the experts are fooled by spear phishing emails. When the recipient of the message clicks through the link they’re taken to a page on the Web that looks so legitimate it can be hard for even seasoned security professionals to tell it’s a setup.
Other spear phishing emails may contain a downloadable file. They’re just as convincing, often appearing to come from an employer or someone else that’s equally legitimate. But the file contains malware of some kind that, once downloaded to your computer, collects your personal information and transmits it to the criminal when you’re online.
Spear phishing is a difficult scam to catch because the criminals that use this method of stealing identities put extra time and effort into the process. It requires research to gain access to enough information to make you believe the spear phishing email is real, plus it takes time to put together the web sites and messages that are used as bait. The pay-off however, is usually much greater than the rewards of a simple phishing attack.
So, how do you protect yourself?
There’s no guarantee that you can protect yourself from a spear phishing attack. The criminals that use this method are intent on gaining access to your identity, and they’re willing to put in the hard work to reach pay-off. And that means that spear phishing emails are very difficult to tell from any other email that might land in your in-box.
There is good news. At this time, spear phishing attacks seem to be limited to corporate targets. Nearly all of the spear phishing complaints that have been investigated have come from corporate employees. That’s no reason to let your guard down, though.
As criminals become more adept at spear phishing attacks, their targeting will widen, and individuals will fall into the target zone. It would not be surprising, however, to find that spear phishing was limited to the upper class and the upper middle class. This group of people typically has more resources available, and that’s ultimately what spear phishers are looking for.
For a criminal to be willing to put forth the effort needed to successfully use a spear phishing campaign, the draw has to be big – far more than the $31,000 average for most identity theft cases. That means that if you don’t fall into that group of people who are in the upper and upper-middle class, your chances of becoming a victim are much smaller.
Of course, all of the standard cautions apply: never open attachments for stranger, never click through a link in an email, never assume that just because you know the address the email was sent from means it’s safe. In this day, with identity theft literally running rampant, criminals will use whatever email address they can gain access to.
Also never open an attachment, even from friends, colleagues, or co-workers unless you’re expecting it. An email with an attachment that arrives unexpectedly could certainly contain malware, even if it’s not spear phishing malware. Simply requesting that your friends and co-workers notify you before they send an attachment will reduce your risk of becoming an identity theft victim.
Don’t take any chances; if you receive a message or a phone call that seems out of place, scan it for viruses and keep a close watch on your credit reports. It will be frustrating in the beginning, but it will become a habit, just like locking your doors when you leave. And the damage to your identity that you can save over time will more than make up for the initial inconvenience.
Web Page Spoofing
Web page spoofing is an activity that hackers use to direct Web site visitors to a Web site that looks like the one they believe they are visiting. The actual site, however, is hosted in a different location, usually for the purpose of gathering personal or confidential information that is used in identity theft.
Spoofed Web sites are often used in conjunction with spoofed emails or phishing emails. The messages contain a link to the site, then when a visitor logs onto the site, they are prompted to provide account information, usernames and passwords, or a Social Security Number or date of birth.
A spoofed Web site appears identical to the Web site that is being copied, although it may have a different URL. However, hackers can also disguise the URL, which makes it very hard to distinguish a spoofed site from the real one.
Also Known As: Hoax Web Sites or Hoax Sites
Email Spoofing
Email spoofing is a technique used by hackers to fraudulently send email messages in which the sender address and other parts of the email header are altered to appear as though the email originated from a source other than its actual source. Hackers use this method to disguise the actual email address from which phishing and spam messages are sent and often use email spoofing in conjunction with Web page spoofing to trick users into providing personal and confidential information.
Software is usually used to collect or generate the email addresses that are spoofed. Hackers may create a virus that examines the contact information on an infected computer. That information is collected and sent to the hacker who then uses another piece of software -- a mass email program -- to send out bogus emails using the addresses collected.
Alternatively, hackers may use software that generates random email addresses to use to disguise the actual origin of the message being sent.
Jake's Identity Theft Blog
I've known about the Nigerian Letter Scam for a long time. I think the first time that I received some iteration of that scam was in 1993, not long after I first got Internet service in my home. I don't think anything of the strange letters, emails, and fake checks that come in my mail.
A woman in Alaska recently got a variation of the Nigerian Letter Scam that might have caught me, though. The elaborate scam started as what's common for this type of scam, but it seems the scammers just kept plugging away, hoping they would get to her by claiming at one point to be foreign government officials trying to ease ruffled feathers by making a restitution payment.The scary thing is, this kind of scam is just going to continue to get more elaborate.
Also, here are another few basics with regard to identity theft:
Sometimes, restaurant workers will use the card and copy the information and bring it back to the table. So, you never know if that info has been lifted.
The ATM cover scam: ID Theives are using an ATM slip over ATM machines. The cover actually goes over the ATM card insert and records that card info. Sometimes, a bulky camera will be placed over the keypad to record keystrokes on PIN codes that are entered. Later the information can be used to empty the account of available funds.
Medical Info scam: Many times (particularly family members) will steal a relative's info to get medical access especially where surgery is concerned.
CDL scam: This is committed by truckers stealing the licenses of other commercial drivers in order to get out of paying tickets.
Dumpster Diving Dangers
So many ways exist for thieves to grab your identity, it’s hard to believe sometimes that the ‘old-fashioned’ methods are still some of the most popular. For example, you mail box and your trash are two of the greatest risks to your identity. Mail scams happen all the time.
As the old saying goes, ’One man’s trash is another man’s treasure.’ And it’s so very true. One of the most notorious cases of identity theft prosecuted was a case of dumpster diving. Dumpster diving is when someone goes looking through other people’s trash for items that can be used or sold.
In most cases, a dumpster diver is looking for items: gently used clothing, knick-knacks, CDs, movies, or anything else that can be recycled, reused, or sold to someone else. People throw away perfectly good stuff all the time. If it’s in the trash and it’s still good, why shouldn’t someone get some use out of it, right?
That’s a great theory, except for one small loophole. People also throw away a lot of paper. In fact, the average individual throws away about 860 lbs of paper a year; paper that’s often printed with personal information like account numbers, dates of birth, and Social Security Numbers.
Identity Theft Waiting to Happen
It’s in trash that Stephen Massey, the leader of one of the most notorious identity theft rings to date, found his niche. Massey, a meth addict and petty criminal, stumbled on the idea of stealing identities for profit while he was dumpster diving to support his meth habit. In a dump, completely unprotected, he came across barrels of recycled paper that included names, birth dates, Social Security Numbers, and addresses. Everything you need to steal an identity.
That was back in late 90s, and Massey and his partner-in-crime were sentenced to prison in 2000. Massey received a two year prison sentence; his partner received one year. Since then, how corporate paper is handled has changed a little. Legislation like the Identity Theft and Assumption Deterrence Act of 1998 or the Personal Information Protection and Electronic Documents Act have forced some organizations to be more responsible about the storage and disposal of personal information.
Of course, changing the way that corporations handle your information is helpful, but what about the way you handle your own information? Many people don’t even think about the junk mail they toss in the trash, the old bank statements, or even personal correspondence. Every piece of paper that has information about you on it can put you at risk.
Consider pre-approved credit card and mortgage loans, for example. On average, Americans receive four or more of these per week. And most of those people just toss them in the trash. They may not ever even open them up.
Identity thieves can then come behind you, pull the approvals out of the trash along with the birthday card you received from Aunt Tessie, a copy of your bank statement or a credit card statement, and have nearly all of the information they need about you. It really is that simple.
It’s Not Illegal
What surprises most victims of dumpster diving is that the crime isn’t really a crime if the trash is left in a public place. For example, put a bag of trash out on the curb and anyone has the right to pick it up and carry it away. Even public dumpsters, like those found in apartment complexes aren’t off limits.
Dumpster diving becomes a crime when someone steals trash that is considered to be concealed. For example, the trash can that you collect your trash bags in, back by the garage, is considered concealed. Thieves can’t help themselves to that trash without risking theft charges if caught.
Grab and Go Identities
To you, the idea of sifting through someone’s trash sounds simply disgusting. To an identity thief, it’s an ordeal worth going through. On average, a victim is worth about $31,000 dollars to a thief. Some may be worth less, others worth much more. But wouldn’t you be willing to sift through a little trash if you knew you would most likely find about $31,000?
Once a thief has your trash, it’s just a matter of separating your valuable information from everything else. Then the criminal takes that information and uses it to create new accounts, funnel money from existing accounts, and even to take over more personal aspect of your life. It’s much easier to do than you might imagine.
By the time you discover the theft, the damage is done. All that’s left to do is try to undo the damage. And that’s a task that can take as much as two years to accomplish, so it’s much easier to protect yourself from the start.
Protecting Your Identity
It’s scary to realize that everything that you throw away could put you at risk. You can protect yourself, though. And it’s easier than you think.
The best way to ensure that dumpster diving thieves don’t gather enough information about you to steal your identity is to shred every piece of paper that you throw away. Shredding something doesn’t meant to tear it into little pieces. It’s also not wise to use a straight-cut shredder.
Straight-cut shredders cut paper only length-wise. With enough time and patience, a dumpster diver and put the pieces of your document back together, much like putting a puzzle together. Your best protection is a cross-cut shredder. Cross cut shredders cut both length-wise and width-wise, creating confetti out of your personal information that is too difficult and time consuming for criminals to want to put it back together.
Dumpster diving is more a threat than you realize. It’s easy for criminals to get at your personal information if you just throw it away. So protect yourself. Shred everything.
You’re Identity’s In the Mail
The U.S. Postal Service handles more than 207 billion pieces of mail each month. That's 207 billion opportunities for identity thieves to obtain information that can be used to steal people's identities. And those criminals take advantage of as many of those opportunities as they can.
In fact, your mailbox is the riskiest non-technological point for identity theft, according to a study released in October 2007. The study, an assessment of closed U.S. Secret Service cases between 2000 and 2006 which had components of identity theft and identity fraud, showed the top two methods of non-technological identity theft were re-routing of mail and mail theft. In other words, your mailbox is a serious threat to your identity.
Where'd My Mail Go?
Re-routing of mail topped the list of non-technology threats for identity theft. The re-routing is usually accomplished by Change of Address. Placing a change of address with the U.S. Postal Service is as easy as filling out a form online or mailing in a card that can be picked up at the post office.
Identity thieves collect addresses. They may drive by your residence, go through the phone book, or collect trash that contains your address. Then requesting a change of address takes just a matter of minutes.
Most post offices make change of address cards available in easy-access displays in customer service areas. And the electronic change of address can be found on the U.S. Postal Service Website. With the electronic method, however, there is a verification procedure required.
The verification process is simple enough, but also tends to make criminals use other methods to change your address. When using the online form, a valid credit card with a billing address that matches the old address must be used for verification. Not a problem if the thief already has access to your credit card account numbers, but otherwise it presents a bit of a tripping point.
Watch Your Mailbox
The two crimes – fraudulently changing addresses and stealing mail – look different from the victim’s point of view. But if you’re paying attention to your mail delivery, both should be easy to spot.
If a criminal fraudulently changes your mailing address, it’s going to be obvious within a few days. A change of address stops mail from being delivered to one location and re-routes it to another location. The first thing you notice is that suddenly you’re not getting any mail at all.
You probably won’t notice it for the first day or two. No mail usually means no bills and no junk, so on those rare days when we don’t receive anything, most of us just accept it as a blessing and move on. If you notice that you’re not getting mail for several days in a row, however, you should be suspicious of a deeper problem.
Exceptions do exist. A few people still have time periods, sometimes days, when they don’t receive any mail at all. If this is you, monitor those time periods so you’ll know what’s normal and what’s not. When you get past a normal length of time without mail, then it’s time to worry.
The issue is a little less obvious when someone is stealing your mail. Mail theft can take place one time or over a period of time. Some criminals steal mail because the opportunity presents itself.
Other criminals target individuals and even businesses, and then steal mail over time. They grab a piece here and there – both incoming and outgoing – until they have all the information they need. Still others create elaborate schemes to steal mail from multiple people over time.
One example of a mail theft scheme was a 2002 case where criminals used stolen Postal uniforms to impersonate mail carriers. Instead of leaving mail for residents, however, the counterfeit carriers were picking mail out of delivery boxes. Eventually, a Postal customer realized she had seen mail delivery twice in one day and reported the incident.
The real issue with mail theft of this type, however, is that you don’t know what mail you’re getting before it arrives (in most cases) so you have no idea what’s missing. That makes it vitally important that you pay attention to your mail delivery schedule, get to know your mail carrier, and even consider not using the mailbox at the street for mail transactions.
Protecting Your Mail and Your Identity
Since your mailbox is your greatest point of threat in the real world, knowing how to protect your mail is your first line of defense. It starts with being attentive. Know your mail carrier, know his schedule, and know normal delivery patterns for the mail that you receive.
In addition, put some safe mail handling practices in place:
Don’t leave mail in your box. Incoming or outgoing mail should never sit in your mailbox for an extended amount of time. For example, when you mail bills out, don’t place them in the mailbox as you leave for work in the morning. Instead, drop them at the Post Office. Also don’t leave mail sitting in your box after delivery.
Use a locking mailbox when possible. If you must leave mail sitting in your box, consider investing in a locking mailbox. These boxes allow Postal carriers to place mail in the box, but only a person with a key can remove it.
Rent a Post Office box. A Post Office box is the safest way to have your mail delivered, and they’re not expensive if you rent one through the Postal Service. If you can’t be around when mail is delivered to your street box, then renting a Post Office box is best way to protect your mail.
Use electronic payments and banking when possible. Sounds contradictory, doesn’t it? You would think that paying your bills online or using your online banking services would put you at greater risk for identity theft, but nothing could be further from the truth. When you’re conducting financial transactions online – safely – you’re far more protected than when you send checks through the mail that can be stolen, washed, and re-used. If you haven’t set up electronic payments, now is a good time.
Protecting your mail, and your identity, really is just a matter of changing the way you think. It used to be safe to leave your mail in the mailbox all day. But then, it also used to be safe to leave your doors unlocked all the time.
We don’t live in that world anymore. So take some time to think about the mail habits that you have that could put you at risk. Then change them. You’ll have one less point of risk when identity thieves come calling.
Point of Threat: Credit Cards
Identity theft and credit card fraud are not the same crime, though the two are often lumped together as one. Identity theft is much more far-reaching than credit card fraud. When a criminal steals you identity, they may have financial motivation, but you'll suffer more than fraudulent charges on your credit cards.
Identity thieves may change account information, create new accounts, use your identity to commit crimes, and even use your identity to establish a new life. Credit card fraud, on the other hand, is limited to charges on stolen credit card numbers. A criminal gains access to your account number and then uses it to purchase products online or in person and then resells those goods to get the cash.
So, if credit card fraud is not identity theft, why address it? The simple answer is because credit card fraud can be an element of identity theft. It can also lead to identity theft.
Preventing Credit Card Fraud
Credit card fraud is a crime that can often be prevented. For example, something as simple as a signature on the back of your card could prevent the card from being used if it’s been stolen. Even better, put the letters CID (which stands for See ID) on the back of the card. Then when a merchant attempts to verify the signature on the receipt with the card, they’ll request to see your identification.
Everyone is familiar with the basics of protecting your credit card. Don’t loan it out. Don’t leave it laying. And don’t give the number to someone you don’t know without first verifying they are legitimate.
But there are lesser known strategies for protecting your credit cards and card numbers, too. And these are the strategies that you should know well and use constantly.
Keep your card in sight. Whenever possible, keep your credit card where you can see it. Some places, like restaurants, take your card away and then bring it back after they’ve secured authorization for a transaction. It’s when the card is out of your sight that it’s often swiped through a card reader that stores the information from the magnetic strip for criminals to use to create a duplicate card later.
Ask about multiple swipes. It’s not uncommon when you hand a merchant your card for them to swipe it more than once. Usually, this happens because the card reader doesn’t read the magnetic stripe on the back of the card, but savvy criminals will also use a second swipe as a method to copy the information from the magnetic stripe to a storage device to later be transferred to a duplicate card. If your card is swiped more than one time, always ask why.
Never use your credit card on an unsecured Web site. A secured Web site will have a small lock in the lower right corner of the page, or the status bar for the page. If the lock doesn’t appear there, then the site is not secure. Don’t use your card on an unsecure site, because anyone with a little skill can capture the number and use it for their own purposes.
Never carry multiple cards. If you lose your wallet or purse, you lose everything that’s in it. Another danger here is that someone will go through your wallet or purse when it’s left unattended and steal just one card. Leave any card you won’t be using at home, and try to stick to putting all of your purchases on just one card.
Never give out your credit card number while you’re on your cell phone. Cell phones have become such a large part of our society that we often forget everyone around us can hear our conversations. If you need to provide your credit card number for a purchase while on the cell phone either request to call the company back from your own home, or find a place that’s private (like inside your car, alone) to provide the number.
Consider purchasing pre-paid credit cards for online shopping. Pre-paid credit cards are one of the best ways to protect yourself. You load the card with a set amount and then use it just as you would a regular credit card. The good news is, if the number is stolen or the card is lost, your liability and the amount of damage that’s done is limited by the money that’s available on the card. As an added bonus, there’s no interest on a pre-paid card since technically you’re spending your own money, anyway.
Credit card fraud may not be actual identity theft, but it’s often a step along the way. And even if the criminal that fraudulently charges your card isn’t interested in your identity, the expense and frustration of dealing with credit card fraud is reason enough to protect yourself.
Be smart. Use caution. And always be aware of how your credit card is being handled by someone else.
Data breaches are so common that more than 167 breaches were reported during the first three months of 2008. Unfortunately, you can't prevent a data breach. Sure, you can refuse to give your personal information to some organizations, and at times you should. But sometimes you have no choice but to provide personal information to some companies. So, what do you do if you learn that a company storing your personal information falls victim to a data breach? Use these five steps to protect yourself.
1. Contact the organization that suffered the breach.The organization should have a hot line set up and manned with staffers who can answer your questions about what protection the company plans to provide and to what extent your personal information is at risk.
2. Contact any affected financial companies.If your bank accounts, credit card accounts, or investment accounts are affected, immediately contact the companies and request that the account be closed and a new one opened. Alternatively, you can place a fraud alert on the account, but understand that those alerts won’t be affected by opening new accounts.
3. Monitor your banking and credit statements closely.Check every item on your bank statements and credit card statements to be sure they are legitimate charges and expenditures. If you find something that doesn’t match your receipts, call the company immediately and file a fraudulent charge notification.
4. File a fraud alert with all three credit reporting agencies.The credit reporting agencies – TransUnion, Equifax, and Experian -- are required by law to flag your credit report for 90 days if you file a fraud alert. Then if someone tries to open a new account using your credit information, you should be contacted for verification.
5. Sign up for any free credit report monitoring that’s offered.Because breaches have become so common these days, it’s not uncommon for companies to offer a one year credit monitoring service for free. If the company that compromised your information offers this program, sign up for it immediately and then use it to monitor your credit regularly.
Vishing
Definition:
A technique, much like phishing, that allows criminals to maliciously gain access to your personal information for the purposes of identity theft. Vishing scams use a combination social engineering and phishing to find victims that can be tricked into providing credit card or personally identifying information. Typically, the criminal sends the victim some kind of notice or leaves a message, requesting that the victim returns a call to verify an account or some similar ploy. When the victim returns the call, they are asked to provide account and identifying information under the guises of "updating" the account.
Once the criminal has access to that information, it is used for credit card or banking fraud, or as the first step in a stolen identity. Vishing also allows criminals to spoof caller-id, making a vishing scam hard to detect because everything appears to be legitimate.
Social Engineering
Definition: The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized.
Also Known As: Con Games
Examples: Using social engineering techniques, the hacker managed to get the network administrator to provide him the username and password needed to gain access to the company's server.
Excellent sources for these and other topics: http://www.about.com/ & http://www.bankrate.com/. Some of the information is a repost from other sources.
Michael L. Hathman
VP - Smart Solutions Financial Services, LLC
888-605-5181 Toll-Free
http://www.smartsolutionscreditrepair.com/
Info@SmartSolutionsFS.com
One place that identity thieves often focus their attention is on your computer. Web sites and emails can put you at risk for identity theft. Learn how to recognize the most common computer-based scams.
Recognize a Phish-y Email
Millions of emails like this one, that are designed to help a criminal steal identities, go out every single day. These are called phishing scams. Follow along with me as I show you how to spot a phishing scam so you'll never fall victim to another one.
It starts with opening the email message. As soon as you open a message, you should begin noticing some things aren't quite right. For example, this message is from a well-known banking institution--Capital One. Most banking institutions today don't send emails requesting that customers click on links or provide information.
Protect Your Computer from Spyware
Spyware is one of the most prevalent methods that identity thieves use to collect the information needed to steal your identity. It’s such a problem that some experts estimate that nearly 80 percent of personal computers are infected with spyware. It’s also a problem that shows few signs of slowing down.
What is Spyware?
Spyware is a pretty common term, as it relates to identity theft. But what exactly is it? The easy answer is any malicious software that collects your personal information. But that answer really is too easy.
A more accurate description of spyware is that it is a group of software applications designed to collect your personal information or change the configuration of your computer without your consent. These applications can be downloaded to your computer by way of an infected file, planted without your knowledge when you visit a web site, or installed along with another software application.
What Does It Do?
Once a piece of spyware has been installed on your computer, it does one of two things: it either sits quietly in the background collecting information like account numbers, usernames, and passwords or it changes the configuration of your computer to allow a hacker access to your machine.
In the first case, the spyware is often called a keylogger – an application that logs every keystroke that you make when you’re using your keyboard. Once downloaded to your computer, keyloggers create a file where all of your keystrokes are stored, then each time you connect to the Internet a copy of that file is sent to a server somewhere else on the Web. Criminals then download that file and extract any valuable information that it might contain.
For example, if there’s a keylogger installed on your computer and you pay your bills online, order products from a Website, and fill out a registration form while you’re online, all of that information will be collected by the keylogger. Then that information is sent to the storage facility where the criminal later grabs it and separates the important stuff – your usernames, account numbers, passwords, date-of-birth, and credit card numbers. That information is then sold to another criminal who uses it for a variety of different illegal activities, including identity theft.
The other use of spyware is to change the configuration of your computer. When criminals use spyware in this manner, the program is installed on your computer and then it changes the configuration of your computer to allow that criminal to gain access to your machine, even if you’re protected by a firewall or other security software. Essentially, it’s like opening a door to your hard drive.
The criminal can then hack into your computer and either access personal information that’s stored on the computer or lock you out of the computer and use it connected to a group of other hi-jacked computers – called a botnet – to conduct some other criminal activity online. Criminals may even use your computer to send spyware and other malicious software, out to others.
Recognizing Spyware
One of the most difficult aspects of controlling spyware is that sometimes it’s hard to spot. Some spyware distributors have become so adept at disguising their programs that you can be infected and never know it. But more often than not there is at least one symptom of a spyware infection.
Some of the indicators that you may experience if you’ve been infected with spyware include:
Endless pop-up windows that open one right after another as you close them.
You type one Web address into your browser’s address bar but are redirected to another.
New, unexpected toolbars appear in your web browser.
New, unexpected icons appear in the task tray at the bottom of your screen.
Your browser's home page is suddenly changed and each time you try to change it back the effort fails.
Random Windows error messages begin to appear without explanation.
The operations of your computer slow dramatically when you’re opening programs or processing tasks such as saving files.
The only way to know for sure if your computer has been infected with spyware, however, is to scan your hard drive using an anti-spyware application.
Protecting Your Computer
Anti-spyware applications work in much the same way that anti-virus applications work. Once you install the anti-spyware application on your computer, you can set it up to scan your files regularly. There’s just one catch: the anti-spyware program has to be up-to-date to do any good.
Here’s a truth about any malicious software that poses a threat to you: criminals are constantly updating, changing, and improving the software so that it will be undetected by protection programs. An anti-spyware application that’s not up-to-date can miss the most recent threats, leaving you vulnerable.
Anti-spyware applications look for spyware based on a signature – that’s an indicator that it might not be a safe program. However, different anti-spyware programs look for different signatures. So, a piece of spyware that is detected by one program may go undetected by another.
To help combat that, I recommend installing at least two different anti-spyware programs on your computer. Use caution when setting them up, however. Make sure that each program is set to scan your computer at a different time or the programs may conflict with each other.
Spyware represents one of the most dangerous threats to your computer if you spend any time online. Take the time to install and configure anti-spyware applications to protect your computer. Without this protection, it’s not a matter of if you’ll be infected, but when and how much damage will be done.
The New Threat: Spear Phishing
Most people have heard about phishing – the practice of using fraudulent emails to gain access to personal information for the purpose of identity theft. But like any activity, an occasional update in the process is needed. Spear phishing is the new black in identity theft.
The term phishing was coined because of the way that criminals try to gain access to personal information – basically, they cast out a bunch of bait in the form of fraudulent emails, and wait to see who bites. Spear phishing, however, is more targeted.
Just a fisherman would use a spear to target a single fish, spear phishing targets individuals. Whereas criminals might send a single, mass e-mail to a couple hundred thousand people in a phishing attack, spear phishing attacks are customized and sent to a single person at a time.
The spear phishing email usually contains personal information such as a name or some tidbit about employment. They are also unique emails, rather than being the mass “your bank account has been compromised,” type emails that are more common in phishing.
For example, one instance of spear phishing targeted corporate executives with personalized emails about a legal case in which the recipient of the message was allegedly being sued. It was a new scam, so it was easy for executives to assume that it was legitimate and click the link provided in the message. And that’s the point at which the spear pierces the target.
How It Works
A spear phishing email usually includes a link that leads to a spoofed, or fake, web site that requests personal information. It all looks very legitimate, and sometimes even the experts are fooled by spear phishing emails. When the recipient of the message clicks through the link they’re taken to a page on the Web that looks so legitimate it can be hard for even seasoned security professionals to tell it’s a setup.
Other spear phishing emails may contain a downloadable file. They’re just as convincing, often appearing to come from an employer or someone else that’s equally legitimate. But the file contains malware of some kind that, once downloaded to your computer, collects your personal information and transmits it to the criminal when you’re online.
Spear phishing is a difficult scam to catch because the criminals that use this method of stealing identities put extra time and effort into the process. It requires research to gain access to enough information to make you believe the spear phishing email is real, plus it takes time to put together the web sites and messages that are used as bait. The pay-off however, is usually much greater than the rewards of a simple phishing attack.
So, how do you protect yourself?
There’s no guarantee that you can protect yourself from a spear phishing attack. The criminals that use this method are intent on gaining access to your identity, and they’re willing to put in the hard work to reach pay-off. And that means that spear phishing emails are very difficult to tell from any other email that might land in your in-box.
There is good news. At this time, spear phishing attacks seem to be limited to corporate targets. Nearly all of the spear phishing complaints that have been investigated have come from corporate employees. That’s no reason to let your guard down, though.
As criminals become more adept at spear phishing attacks, their targeting will widen, and individuals will fall into the target zone. It would not be surprising, however, to find that spear phishing was limited to the upper class and the upper middle class. This group of people typically has more resources available, and that’s ultimately what spear phishers are looking for.
For a criminal to be willing to put forth the effort needed to successfully use a spear phishing campaign, the draw has to be big – far more than the $31,000 average for most identity theft cases. That means that if you don’t fall into that group of people who are in the upper and upper-middle class, your chances of becoming a victim are much smaller.
Of course, all of the standard cautions apply: never open attachments for stranger, never click through a link in an email, never assume that just because you know the address the email was sent from means it’s safe. In this day, with identity theft literally running rampant, criminals will use whatever email address they can gain access to.
Also never open an attachment, even from friends, colleagues, or co-workers unless you’re expecting it. An email with an attachment that arrives unexpectedly could certainly contain malware, even if it’s not spear phishing malware. Simply requesting that your friends and co-workers notify you before they send an attachment will reduce your risk of becoming an identity theft victim.
Don’t take any chances; if you receive a message or a phone call that seems out of place, scan it for viruses and keep a close watch on your credit reports. It will be frustrating in the beginning, but it will become a habit, just like locking your doors when you leave. And the damage to your identity that you can save over time will more than make up for the initial inconvenience.
Web Page Spoofing
Web page spoofing is an activity that hackers use to direct Web site visitors to a Web site that looks like the one they believe they are visiting. The actual site, however, is hosted in a different location, usually for the purpose of gathering personal or confidential information that is used in identity theft.
Spoofed Web sites are often used in conjunction with spoofed emails or phishing emails. The messages contain a link to the site, then when a visitor logs onto the site, they are prompted to provide account information, usernames and passwords, or a Social Security Number or date of birth.
A spoofed Web site appears identical to the Web site that is being copied, although it may have a different URL. However, hackers can also disguise the URL, which makes it very hard to distinguish a spoofed site from the real one.
Also Known As: Hoax Web Sites or Hoax Sites
Email Spoofing
Email spoofing is a technique used by hackers to fraudulently send email messages in which the sender address and other parts of the email header are altered to appear as though the email originated from a source other than its actual source. Hackers use this method to disguise the actual email address from which phishing and spam messages are sent and often use email spoofing in conjunction with Web page spoofing to trick users into providing personal and confidential information.
Software is usually used to collect or generate the email addresses that are spoofed. Hackers may create a virus that examines the contact information on an infected computer. That information is collected and sent to the hacker who then uses another piece of software -- a mass email program -- to send out bogus emails using the addresses collected.
Alternatively, hackers may use software that generates random email addresses to use to disguise the actual origin of the message being sent.
Jake's Identity Theft Blog
I've known about the Nigerian Letter Scam for a long time. I think the first time that I received some iteration of that scam was in 1993, not long after I first got Internet service in my home. I don't think anything of the strange letters, emails, and fake checks that come in my mail.
A woman in Alaska recently got a variation of the Nigerian Letter Scam that might have caught me, though. The elaborate scam started as what's common for this type of scam, but it seems the scammers just kept plugging away, hoping they would get to her by claiming at one point to be foreign government officials trying to ease ruffled feathers by making a restitution payment.The scary thing is, this kind of scam is just going to continue to get more elaborate.
Also, here are another few basics with regard to identity theft:
Sometimes, restaurant workers will use the card and copy the information and bring it back to the table. So, you never know if that info has been lifted.
The ATM cover scam: ID Theives are using an ATM slip over ATM machines. The cover actually goes over the ATM card insert and records that card info. Sometimes, a bulky camera will be placed over the keypad to record keystrokes on PIN codes that are entered. Later the information can be used to empty the account of available funds.
Medical Info scam: Many times (particularly family members) will steal a relative's info to get medical access especially where surgery is concerned.
CDL scam: This is committed by truckers stealing the licenses of other commercial drivers in order to get out of paying tickets.
Dumpster Diving Dangers
So many ways exist for thieves to grab your identity, it’s hard to believe sometimes that the ‘old-fashioned’ methods are still some of the most popular. For example, you mail box and your trash are two of the greatest risks to your identity. Mail scams happen all the time.
As the old saying goes, ’One man’s trash is another man’s treasure.’ And it’s so very true. One of the most notorious cases of identity theft prosecuted was a case of dumpster diving. Dumpster diving is when someone goes looking through other people’s trash for items that can be used or sold.
In most cases, a dumpster diver is looking for items: gently used clothing, knick-knacks, CDs, movies, or anything else that can be recycled, reused, or sold to someone else. People throw away perfectly good stuff all the time. If it’s in the trash and it’s still good, why shouldn’t someone get some use out of it, right?
That’s a great theory, except for one small loophole. People also throw away a lot of paper. In fact, the average individual throws away about 860 lbs of paper a year; paper that’s often printed with personal information like account numbers, dates of birth, and Social Security Numbers.
Identity Theft Waiting to Happen
It’s in trash that Stephen Massey, the leader of one of the most notorious identity theft rings to date, found his niche. Massey, a meth addict and petty criminal, stumbled on the idea of stealing identities for profit while he was dumpster diving to support his meth habit. In a dump, completely unprotected, he came across barrels of recycled paper that included names, birth dates, Social Security Numbers, and addresses. Everything you need to steal an identity.
That was back in late 90s, and Massey and his partner-in-crime were sentenced to prison in 2000. Massey received a two year prison sentence; his partner received one year. Since then, how corporate paper is handled has changed a little. Legislation like the Identity Theft and Assumption Deterrence Act of 1998 or the Personal Information Protection and Electronic Documents Act have forced some organizations to be more responsible about the storage and disposal of personal information.
Of course, changing the way that corporations handle your information is helpful, but what about the way you handle your own information? Many people don’t even think about the junk mail they toss in the trash, the old bank statements, or even personal correspondence. Every piece of paper that has information about you on it can put you at risk.
Consider pre-approved credit card and mortgage loans, for example. On average, Americans receive four or more of these per week. And most of those people just toss them in the trash. They may not ever even open them up.
Identity thieves can then come behind you, pull the approvals out of the trash along with the birthday card you received from Aunt Tessie, a copy of your bank statement or a credit card statement, and have nearly all of the information they need about you. It really is that simple.
It’s Not Illegal
What surprises most victims of dumpster diving is that the crime isn’t really a crime if the trash is left in a public place. For example, put a bag of trash out on the curb and anyone has the right to pick it up and carry it away. Even public dumpsters, like those found in apartment complexes aren’t off limits.
Dumpster diving becomes a crime when someone steals trash that is considered to be concealed. For example, the trash can that you collect your trash bags in, back by the garage, is considered concealed. Thieves can’t help themselves to that trash without risking theft charges if caught.
Grab and Go Identities
To you, the idea of sifting through someone’s trash sounds simply disgusting. To an identity thief, it’s an ordeal worth going through. On average, a victim is worth about $31,000 dollars to a thief. Some may be worth less, others worth much more. But wouldn’t you be willing to sift through a little trash if you knew you would most likely find about $31,000?
Once a thief has your trash, it’s just a matter of separating your valuable information from everything else. Then the criminal takes that information and uses it to create new accounts, funnel money from existing accounts, and even to take over more personal aspect of your life. It’s much easier to do than you might imagine.
By the time you discover the theft, the damage is done. All that’s left to do is try to undo the damage. And that’s a task that can take as much as two years to accomplish, so it’s much easier to protect yourself from the start.
Protecting Your Identity
It’s scary to realize that everything that you throw away could put you at risk. You can protect yourself, though. And it’s easier than you think.
The best way to ensure that dumpster diving thieves don’t gather enough information about you to steal your identity is to shred every piece of paper that you throw away. Shredding something doesn’t meant to tear it into little pieces. It’s also not wise to use a straight-cut shredder.
Straight-cut shredders cut paper only length-wise. With enough time and patience, a dumpster diver and put the pieces of your document back together, much like putting a puzzle together. Your best protection is a cross-cut shredder. Cross cut shredders cut both length-wise and width-wise, creating confetti out of your personal information that is too difficult and time consuming for criminals to want to put it back together.
Dumpster diving is more a threat than you realize. It’s easy for criminals to get at your personal information if you just throw it away. So protect yourself. Shred everything.
You’re Identity’s In the Mail
The U.S. Postal Service handles more than 207 billion pieces of mail each month. That's 207 billion opportunities for identity thieves to obtain information that can be used to steal people's identities. And those criminals take advantage of as many of those opportunities as they can.
In fact, your mailbox is the riskiest non-technological point for identity theft, according to a study released in October 2007. The study, an assessment of closed U.S. Secret Service cases between 2000 and 2006 which had components of identity theft and identity fraud, showed the top two methods of non-technological identity theft were re-routing of mail and mail theft. In other words, your mailbox is a serious threat to your identity.
Where'd My Mail Go?
Re-routing of mail topped the list of non-technology threats for identity theft. The re-routing is usually accomplished by Change of Address. Placing a change of address with the U.S. Postal Service is as easy as filling out a form online or mailing in a card that can be picked up at the post office.
Identity thieves collect addresses. They may drive by your residence, go through the phone book, or collect trash that contains your address. Then requesting a change of address takes just a matter of minutes.
Most post offices make change of address cards available in easy-access displays in customer service areas. And the electronic change of address can be found on the U.S. Postal Service Website. With the electronic method, however, there is a verification procedure required.
The verification process is simple enough, but also tends to make criminals use other methods to change your address. When using the online form, a valid credit card with a billing address that matches the old address must be used for verification. Not a problem if the thief already has access to your credit card account numbers, but otherwise it presents a bit of a tripping point.
Watch Your Mailbox
The two crimes – fraudulently changing addresses and stealing mail – look different from the victim’s point of view. But if you’re paying attention to your mail delivery, both should be easy to spot.
If a criminal fraudulently changes your mailing address, it’s going to be obvious within a few days. A change of address stops mail from being delivered to one location and re-routes it to another location. The first thing you notice is that suddenly you’re not getting any mail at all.
You probably won’t notice it for the first day or two. No mail usually means no bills and no junk, so on those rare days when we don’t receive anything, most of us just accept it as a blessing and move on. If you notice that you’re not getting mail for several days in a row, however, you should be suspicious of a deeper problem.
Exceptions do exist. A few people still have time periods, sometimes days, when they don’t receive any mail at all. If this is you, monitor those time periods so you’ll know what’s normal and what’s not. When you get past a normal length of time without mail, then it’s time to worry.
The issue is a little less obvious when someone is stealing your mail. Mail theft can take place one time or over a period of time. Some criminals steal mail because the opportunity presents itself.
Other criminals target individuals and even businesses, and then steal mail over time. They grab a piece here and there – both incoming and outgoing – until they have all the information they need. Still others create elaborate schemes to steal mail from multiple people over time.
One example of a mail theft scheme was a 2002 case where criminals used stolen Postal uniforms to impersonate mail carriers. Instead of leaving mail for residents, however, the counterfeit carriers were picking mail out of delivery boxes. Eventually, a Postal customer realized she had seen mail delivery twice in one day and reported the incident.
The real issue with mail theft of this type, however, is that you don’t know what mail you’re getting before it arrives (in most cases) so you have no idea what’s missing. That makes it vitally important that you pay attention to your mail delivery schedule, get to know your mail carrier, and even consider not using the mailbox at the street for mail transactions.
Protecting Your Mail and Your Identity
Since your mailbox is your greatest point of threat in the real world, knowing how to protect your mail is your first line of defense. It starts with being attentive. Know your mail carrier, know his schedule, and know normal delivery patterns for the mail that you receive.
In addition, put some safe mail handling practices in place:
Don’t leave mail in your box. Incoming or outgoing mail should never sit in your mailbox for an extended amount of time. For example, when you mail bills out, don’t place them in the mailbox as you leave for work in the morning. Instead, drop them at the Post Office. Also don’t leave mail sitting in your box after delivery.
Use a locking mailbox when possible. If you must leave mail sitting in your box, consider investing in a locking mailbox. These boxes allow Postal carriers to place mail in the box, but only a person with a key can remove it.
Rent a Post Office box. A Post Office box is the safest way to have your mail delivered, and they’re not expensive if you rent one through the Postal Service. If you can’t be around when mail is delivered to your street box, then renting a Post Office box is best way to protect your mail.
Use electronic payments and banking when possible. Sounds contradictory, doesn’t it? You would think that paying your bills online or using your online banking services would put you at greater risk for identity theft, but nothing could be further from the truth. When you’re conducting financial transactions online – safely – you’re far more protected than when you send checks through the mail that can be stolen, washed, and re-used. If you haven’t set up electronic payments, now is a good time.
Protecting your mail, and your identity, really is just a matter of changing the way you think. It used to be safe to leave your mail in the mailbox all day. But then, it also used to be safe to leave your doors unlocked all the time.
We don’t live in that world anymore. So take some time to think about the mail habits that you have that could put you at risk. Then change them. You’ll have one less point of risk when identity thieves come calling.
Point of Threat: Credit Cards
Identity theft and credit card fraud are not the same crime, though the two are often lumped together as one. Identity theft is much more far-reaching than credit card fraud. When a criminal steals you identity, they may have financial motivation, but you'll suffer more than fraudulent charges on your credit cards.
Identity thieves may change account information, create new accounts, use your identity to commit crimes, and even use your identity to establish a new life. Credit card fraud, on the other hand, is limited to charges on stolen credit card numbers. A criminal gains access to your account number and then uses it to purchase products online or in person and then resells those goods to get the cash.
So, if credit card fraud is not identity theft, why address it? The simple answer is because credit card fraud can be an element of identity theft. It can also lead to identity theft.
Preventing Credit Card Fraud
Credit card fraud is a crime that can often be prevented. For example, something as simple as a signature on the back of your card could prevent the card from being used if it’s been stolen. Even better, put the letters CID (which stands for See ID) on the back of the card. Then when a merchant attempts to verify the signature on the receipt with the card, they’ll request to see your identification.
Everyone is familiar with the basics of protecting your credit card. Don’t loan it out. Don’t leave it laying. And don’t give the number to someone you don’t know without first verifying they are legitimate.
But there are lesser known strategies for protecting your credit cards and card numbers, too. And these are the strategies that you should know well and use constantly.
Keep your card in sight. Whenever possible, keep your credit card where you can see it. Some places, like restaurants, take your card away and then bring it back after they’ve secured authorization for a transaction. It’s when the card is out of your sight that it’s often swiped through a card reader that stores the information from the magnetic strip for criminals to use to create a duplicate card later.
Ask about multiple swipes. It’s not uncommon when you hand a merchant your card for them to swipe it more than once. Usually, this happens because the card reader doesn’t read the magnetic stripe on the back of the card, but savvy criminals will also use a second swipe as a method to copy the information from the magnetic stripe to a storage device to later be transferred to a duplicate card. If your card is swiped more than one time, always ask why.
Never use your credit card on an unsecured Web site. A secured Web site will have a small lock in the lower right corner of the page, or the status bar for the page. If the lock doesn’t appear there, then the site is not secure. Don’t use your card on an unsecure site, because anyone with a little skill can capture the number and use it for their own purposes.
Never carry multiple cards. If you lose your wallet or purse, you lose everything that’s in it. Another danger here is that someone will go through your wallet or purse when it’s left unattended and steal just one card. Leave any card you won’t be using at home, and try to stick to putting all of your purchases on just one card.
Never give out your credit card number while you’re on your cell phone. Cell phones have become such a large part of our society that we often forget everyone around us can hear our conversations. If you need to provide your credit card number for a purchase while on the cell phone either request to call the company back from your own home, or find a place that’s private (like inside your car, alone) to provide the number.
Consider purchasing pre-paid credit cards for online shopping. Pre-paid credit cards are one of the best ways to protect yourself. You load the card with a set amount and then use it just as you would a regular credit card. The good news is, if the number is stolen or the card is lost, your liability and the amount of damage that’s done is limited by the money that’s available on the card. As an added bonus, there’s no interest on a pre-paid card since technically you’re spending your own money, anyway.
Credit card fraud may not be actual identity theft, but it’s often a step along the way. And even if the criminal that fraudulently charges your card isn’t interested in your identity, the expense and frustration of dealing with credit card fraud is reason enough to protect yourself.
Be smart. Use caution. And always be aware of how your credit card is being handled by someone else.
Data breaches are so common that more than 167 breaches were reported during the first three months of 2008. Unfortunately, you can't prevent a data breach. Sure, you can refuse to give your personal information to some organizations, and at times you should. But sometimes you have no choice but to provide personal information to some companies. So, what do you do if you learn that a company storing your personal information falls victim to a data breach? Use these five steps to protect yourself.
1. Contact the organization that suffered the breach.The organization should have a hot line set up and manned with staffers who can answer your questions about what protection the company plans to provide and to what extent your personal information is at risk.
2. Contact any affected financial companies.If your bank accounts, credit card accounts, or investment accounts are affected, immediately contact the companies and request that the account be closed and a new one opened. Alternatively, you can place a fraud alert on the account, but understand that those alerts won’t be affected by opening new accounts.
3. Monitor your banking and credit statements closely.Check every item on your bank statements and credit card statements to be sure they are legitimate charges and expenditures. If you find something that doesn’t match your receipts, call the company immediately and file a fraudulent charge notification.
4. File a fraud alert with all three credit reporting agencies.The credit reporting agencies – TransUnion, Equifax, and Experian -- are required by law to flag your credit report for 90 days if you file a fraud alert. Then if someone tries to open a new account using your credit information, you should be contacted for verification.
5. Sign up for any free credit report monitoring that’s offered.Because breaches have become so common these days, it’s not uncommon for companies to offer a one year credit monitoring service for free. If the company that compromised your information offers this program, sign up for it immediately and then use it to monitor your credit regularly.
Vishing
Definition:
A technique, much like phishing, that allows criminals to maliciously gain access to your personal information for the purposes of identity theft. Vishing scams use a combination social engineering and phishing to find victims that can be tricked into providing credit card or personally identifying information. Typically, the criminal sends the victim some kind of notice or leaves a message, requesting that the victim returns a call to verify an account or some similar ploy. When the victim returns the call, they are asked to provide account and identifying information under the guises of "updating" the account.
Once the criminal has access to that information, it is used for credit card or banking fraud, or as the first step in a stolen identity. Vishing also allows criminals to spoof caller-id, making a vishing scam hard to detect because everything appears to be legitimate.
Social Engineering
Definition: The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized.
Also Known As: Con Games
Examples: Using social engineering techniques, the hacker managed to get the network administrator to provide him the username and password needed to gain access to the company's server.
Excellent sources for these and other topics: http://www.about.com/ & http://www.bankrate.com/. Some of the information is a repost from other sources.
Michael L. Hathman
VP - Smart Solutions Financial Services, LLC
888-605-5181 Toll-Free
http://www.smartsolutionscreditrepair.com/
Info@SmartSolutionsFS.com
Subscribe to:
Posts (Atom)