November 15th, 2013
Allison here. It’s hard enough to deal with identity theft. It can be even harder to deal with when the one committing the identity theft is a family member.
This has been the case for one young person (gender is unknown); whose mother has opened several credit cards in this person’s name. For the first card, the young person consented because it was supposed to help pay for college. However, over the next several years, the mother opened five additional credits cards in the child’s name. The young person only knew about the first card, and when learning of the others, asked his/her mother for all of the credit cards repeatedly. To date, this young person hasn’t received the cards, and after receiving the login information for them, learned that each of the cards still have large balance.
What to do if this happens to you
The best way to handle family member identity theft, according to the article, is to report it to the police right away. This can be difficult for two reasons. One, it’s a tough decision to file a police report on a family member. Making that decision is never easy, but it may be the only way to successfully resolve the problem. Two, the longer the ID theft continues, the harder it may be to fix. The longer the problem goes on, the less likely (right or wrong) law enforcement is to believe that you didn’t receive any benefits from the situation. Investigators will also have a hard time figuring out what charges they can attach to your family member, and which ones are legitimate charge made by you.
After reporting it to the police, watch your credit reports and watch them closely. In the case of family member ID theft, where this person has much more access to your personal information, it is possible for new debts to appear in the future. It’s also possible that there’s more to the problem than you initially reported. Make sure that you go over your financial records carefully after you detect any initial problems, as there may be more fraudulent charges than you realized. While family member ID theft is a very delicate matter, it is important to take the proper steps to restore your credit and regain financial security.
June 12th, 2013
Allison here. It’s scary to be an identity theft victim. You might not know who did it, when it started, the extent of the damage, or how long it will take to clean up the mess. However, I’ve come across a story about something scarier than being an identity theft victim: having someone not believe you are an identity theft victim.
Case Study: Pat Callanan
That’s the case with Pat Callanan in Surprise, Ariz., who was surprised to find out that she had an outstanding bill with Maricopa Community Colleges for classes she took in 2007. The trouble was, she didn’t take those classes and was a victim of identity theft. However, MCC wouldn’t believe Callanan’s story, and was somewhat resistant to her requests for verification of the debt and any other information they had on this ‘Pat Callanan.’ Even a letter from a lawyer didn’t get them to budge or to communicate.
To further complicate matters, the MCC took Callanan’s state tax refund to help pay off some of the debt. State agencies can do this if you are delinquent on a debt, even in cases such as this, in which there is a dispute over the legitimacy of the claim. According to the school (and id theft statistics for the region), identity theft has become such a large problem in Arizona that many people falsely claim they are victims to avoid paying off a debt, so they reserve a certain amount of skepticism when people claim they are victims of id theft.
In the end, the MCC decided, in good faith, to wipe out the remaining balance owed and refund Callanan most of the state refund it confiscated. While this may be an extreme example of id theft, cases such as this one highlight the importance of checking your credit reports and financial statements regularly, to catch any instances of id theft or fraud before they have the chance to grow into bigger problems.
June 7th, 2013
Chris here, with AllClear ID Investigations. Illinois is set to become the fourth state to issue driver’s licenses to undocumented immigrants, joining New Mexico, Utah, and Washington State. The new law will allow an estimated 250,000 immigrants residing in the state to apply for a three year temporary driver’s license, and should take effect in October of this year. While this recent measure seems to have several positive implications for the state, such as being able to document the previously undocumented immigrants, required training and testing of immigrant drivers, and requiring all immigrant drivers to have insurance, others are concerned that the law will be abused and result in higher fraud rates.
Concerns about the Bill
Opponents of the new law have cited hundreds of cases of fraud that have already occurred in the other three states that have enacted similar laws. A recent article written by Regina Garcia Cano cites an Associated Press investigation that looked into immigrant driver’s license fraud in New Mexico. The report suggested that “immigrants tried to game the system to obtain a license. In one instance, 48 foreign-born individuals claimed to live at a smoke shop in Albuquerque to fulfill a state residency condition.” Regina goes on to write, “Authorities also busted a fraud ring last year that forged documents for illegal immigrants to use after driving from as far as Illinois and North Carolina to obtain a New Mexico license.”
One of the main things causing concern about the law is the fact that Illinois will not require fingerprints in order to obtain one of the new driver’s licenses, raising concerns identity fraud assoicated with immigrants obtaining fraudulent licenses. The state will, however, require that all photos from the licenses be run through the state’s facial recognition software, and the Illinois Secretary of State’s Office has assured the public that the facial recognition software is highly sophisticated and accurate. Henry Haupt, a spokesman for the offices said, “The integrity of our driver’s license system is a priority.” Utah also did not require fingerprints for immigrant licenses under its original law, but in 2011 amended it so that fingerprints now are required.
While the law’s affect on fraud rates in the state remain to be seen, the bill’s sponsor, Rep. Edward Acevedo, said “state roads will be safer because undocumented immigrants will receive training and be tested before obtaining a license. They also will be required to purchase insurance, an aspect that would save millions for currently insured drivers.”
April 22nd, 2013
Allison here. Celebrities don’t’ get a lot of privacy, and that’s expected when you hit it big in entertainment. After Aerosmith front man Steven Tyler became fed up with the constant invasion of his privacy by photographers and paparazzi on the Hawaiian island of Maui, he pushed for reform and his efforts seem to have worked. Two weeks ago, the Hawaii Senate passed the ‘Steven Tyler Act’ on privacy.
The bill would open up photographers, videographers and distributors to civil lawsuits if they take, sell, or disseminate photos or videos of someone during private or family moments “in a manner that is offensive to a reasonable person.” Tyler approached Sen. Kalani English after unwanted photographs were taken and published of Tyler and his girlfriend in his multimillion dollar home on Maui.
Although a state bill, the legislation received national attention as celebrities like Britney Spears, Avril Lavigne, Neil Diamond, and the Osborne family supported the bill. However, national media organizations such as the National Press Photographers Association and the Society of Professional Journalists were oppose the new law, citing infringement on the freedom of the press. There are also concerns that there isn’t an exemption for law enforcement doing investigations, or an exemption for public places. Next, the Bill will go to the House to see if it will become a law, but it remains unknown when the legislation will come to a vote there. If the legislation were to pass, it appears that it would apply to everyone, not just celebrities, and may be a useful measure for id protection. What do you think about this proposed legislation? Share your thoughts and comments with us.
March 18th, 2013
Jackie here. Have you ever used a “Customer Only” bathroom without making a purchase? One woman in Tennessee did, and was surprised to later receive a bill for $5 from the local restaurant. It turns out the sheriff ran the woman’s license plate to get her home address as a favor for the restaurant owner, who was tired of stocking and cleaning a restroom for non-customers.
At first glance, this story can be a bit humorous. As someone who has been known to pop in to a fast food restaurant for a bathroom break on a long car trip, I am no stranger to using restrooms without purchasing. I can only imagine the surprise that this woman must have felt when she later received a bill. It was probably one of the last things she expected to get in the mail that day.
Once the initial humor wears off, however, this story raises some privacy concerns. We know that law enforcement needs access to our personal information to fight crime and keep us safe, but where is the line between public safety and personal privacy? What responsibilities does law enforcement have to protect our information?
The woman in the story was especially concerned about law enforcement’s use of her information. In the past, she had taken out a restraining order against someone, and was worried that her privacy, and potentially her safety, would be compromised if strangers were allowed to get a hold of her personal information without her consent.
In a world with constantly evolving technologies and blurred lines between public and private information, it can be difficult to know if a situation constitutes a breach of privacy. Nevertheless, it is important to be aware of the fact that id theft isn’t the only way that people may be able to gain access to your personal information, such as your home address.
Read the full story here.
February 25th, 2013
Allison here. Your salary is one of the last few bits of personal information that’s considered taboo to discuss with others. You probably don’t talk about it with most people, especially not at work or with coworkers. Most of the time, this information is not even posted on job openings, and is considered to be incredibly private. So, how would you feel knowing that Equifax has the salary and employment records of more than 1/3 of U.S adults? How would you feel if Equifax got that information directly, and willingly, from the company you work for?
Here’s the kicker: although it may feel like an immense privacy breach, it’s perfectly legal.
One third of Americans is a huge chunk of the country, especially considering that debt collectors only call one in 10 Americans every year. While it may be helpful for such a large credit agency to know the salary of a person who may be in debt, chances are this does nothing to ease the feeling that a credit agency should not have access to this information without your consent.
How Did This Happen?
Many employers, including the federal government and Fortune 500 companies allow Equifax direct access to their employee data so they can always have the latest employment information. In addition, Equifax can easily purchase this information through an Equifax-owned company called The Work Number, an employment and income verification service that does everything from helping hiring managers verify employment history, to helping landlords verify whether someone can afford a house or apartment they applied for. In many cases, they have access to week-by-week paystubs for individuals, and even have other information such as healthcare providers, or whether or not an individual has dental insurance. They have then compiled a database with the salary and personal information of millions of consumers.
Equifax denied to NBC News that salary information is sold to third parties, but did confirm that “pay rate” information is shared with third parties, including “mortgage, auto, and other financial services credit grantors.” They also said that debt collectors and other third parties need permissible grounds to request employment information.
What Can Be Done?
While there is no denying that debt collectors and credit agencies may need salary information to correctly evaluate particular cases, there is some debate as to whether or not consumers should need to give permission, or at least be notified, that salary information about them is going to be shared with third parties. Although Equifax said that “a consumer grants verifiers (creditors) and their assigned debt collectors the right to verify employment should the consumer default on their account,” many people feel there should be a system to gain permission from the employee. At the very least, others argue, there should be some sort of notification for the consumer.
If you’re interested in seeing what information is exists about you, and whether it’s been sold to anyone within the past 24 months, you can visit this page on the TheWorkNumber.com to view your report. While many reports are available online, some consumers may have to fill out a form and mail it to The Work Number in order to receive a report. Because the data is considered a credit report, consumers are entitled to one free report every year.
February 13th, 2013
Allison here. I’m sure you’ve all probably heard something about the girlfriend hoax involving Notre Dame football player Manti Te’o. If you haven’t, here’s a quick recap: an acquaintance of Manti Te’o created a fake Facebook account for a woman; photos included, and allegedly began an online relationship with Te’o. Now that the story has received national news attention, Diane O’Meara, the woman whose photo was used in the hoax, is claiming identity theft, as her photo was used without her permission. What are O’Meara’s claims for identity theft, and do they stand? Or is this another case of online impersonation?
O’Meara says that her photo was taken from her Facebook profile and used to represent Lennay Kekua, the fake girlfriend, for over a year, despite the fact that O’Meara says she has never spoken or contacted Te’o in any way. Te’o stated that he had no idea Lennay Kekua wasn’t a real person, and only learned of the hoax when he received a phone call from the impersonator claiming the whole thing was made up.
The perpetrator of the hoax, Ronaiah Tuiasosopo, could possibly face identity theft charges. O’Meara did admit that she had given Tuiasosopo a picture of herself in December 2011, but did not know anything about Lennay Kekua or the hoax until reporters uncovered the story and called her.
Is There a Case for Identity Theft?
AllClear ID defines identity fraud as “unauthorized use of another person’s personal information to achieve illicit financial gain” and considers it slightly different from identity theft. We define identity theft as, “a fraud committed or attempted using the identifying information of another person, without authority to do so.” According to this definition, O’Meara is indeed an identity theft victim, even though it was only her photo that was used.
This raises an interesting consideration for identity theft victims. When using many definitions of identity theft, a victim who has a simple photo used without his or her permission fall into the same category as a person who has sensitive financial information stolen. This does not mean, however, that these crimes are viewed the same under the law. While the federal government defines identity theft and identity fraud as “crimes in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain,” which doesn’t necessarily require economic motives, almost every state has differing levels of punishments for different types of id theft. This means that, under the law, stealing and using someone else’s photo is usually very different from stealing and using someone else’s financial or personal information, regardless of the definition of identity theft.
February 12th, 2013
Allison here, with AllClear ID. A recent news story tells of a 70-year old woman in New York who received a $3,300 bill for Apple products, which were purchased using an instant-credit financial plan. No, this woman didn’t get carried away with the new iPhone and the iPad Mini. She was victim of identity theft.
The victim actually had her identity stolen two years prior, and is still working to clean up the mess. Luckily, there were fraud flags in her credit history, and the credit agency knew she had been a victim of id theft. However, the thief had the right personal information, and therefore was able to get an unsecured line of credit through Barclaycard, which partners with Apple for financing.
It says right on the application page that you can get a decision in 30 seconds, that you can “use your card to make a purchase today”. Considering what happened to the victim in our story, it appears as if some measures that protect against id theft, such as placing fraud alerts on your accounts, may not work when it comes to these instant financing options.
Instant Credit and Financing Options
A quick online search found that Apple isn’t the only company allowing consumers to apply online for financing. Amazon.com and furniture retailer Raymour and Flanigan also allow this, but it’s unknown whether or not this credit is instant. There are also at least six online retailers that offer instant credit, and although some of the sites themselves don’t specify a timeline for when credit is approved, Gettington does say that you can “get a result right now.” USADiscounters also says on its site in the fine print that “military and civil service employees are automatically approved.” At this point, it is unknown if any of these retailers (called instant credit catalogs) take any precaution against issuing credit to an id thief, or in cross-referencing the information with credit agencies.
However, on the application to some of these entities, it does say that, “U.S. Federal law requires financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: when you open an account, we will ask for your name, address, date of birth and other information that will allow us to identify you. We may also ask to see your driver’s license or other identifying documents.”
Unfortunately, these measures do not safeguard against id thieves who possess enough of your stolen personal information to pose as you when applying for instant credit. Time will tell if creditors and agencies take steps to make applying for instant credit more secure, so for now, continue to monitor you credit reports and accounts for any charges or purchases you do not recognize, and dispute them immediately should they arise. .
February 8th, 2013
Jackie here. The recent debates across the country and in our nation’s capital about gun control have brought some interesting privacy issues to light. The government possesses a great deal of information about its citizens; what information should it protect and what information should be public knowledge? Many states have recently introduced legislation designed to protect the privacy of gun owner’s permit and gun registration information.
The debate about gun ownership and privacy was thrust into the spotlight after a New York news site published an interactive map online showing the names and addresses of registered handgun permit holders in select counties across the state. The information was obtained by the newspaper legally using a public records request. Gun owners appearing on the registry worried that the disclosure of this information violated rights and increased their risk for theft, harassment, etc. There were even reports of burglaries related to the information published.
Since that time New York included provisions to protect gun owner privacy in their recently passed new gun legislation. In addition to new gun control regulations, gun owners can request that their personal information be protected from open records requests. Privacy bills for gun owners are in process in various other states including Michigan and California.
Protecting your identity from id theft is very important, and a critical part of protecting yourself is understanding how companies, agencies and even governments that have your information will use and disclose it. With the dramatic increase in data that the government and companies collect, ranging from your address, credit card information, SSN, birthday, and even your likes and dislikes, government and corporate responsibility to protect such information has become a hot-button issue in recent times. Where do you stand on this issue? What information should the government share and what should it protect?
January 24th, 2013
Jackie here. A few days ago on Facebook we shared a link to an article talking about the Java security flaw. If you haven’t had a chance to read it yet, check it out here and make sure that you check in on our Facebook page from time to time for the latest id theft news and updates.
Recently, the Department of Homeland Security urged all computer users to disable Java, citing a security flaw that is present in all versions of the program. Hackers can exploit this flaw and use Java to gain access to all information stored on the host computer including banking information, user names, passwords, etc.
After the news broke, Oracle (the company that runs Java) has provided an updated version of Java 7 that should fix some of the security flaws, but experts indicate that this isn’t enough and that computer users should keep Java disabled until a more comprehensive fix is available.
If you are running Java on your computer (and you probably are) and you haven’t disabled it yet, now is a great time. One of the easiest ways to disable the program is to uninstall it from your computer and reinstall later when the issue has been resolved. If you aren’t sure whether or not your computer has Java enabled you can check on Java’s website by selecting “Do I have Java?” from the main screen.
Checking if you have Java, and temporarily disabling it if you do, is a quick and easy way to keep your identity safer, and to protect your valuable information from id theft.
January 14th, 2013
Jenna here with AllClear ID. If you ask almost any child, and many adults, what their dream vacation would be, a majority of them will give you the same answer: Walt Disney World. The fantasyland has long been a favorite destination of families across the world, offering rides, shows, amusements, and an experience that everyone enjoys. Disney recently announced that they plan to take park guest’s experience to the next level with their MyMagic+ system, a combination of website, app, and interactive bracelet that will allow people to almost completely customize their experience at a Disney park.
How does it work?
Before they even leave for the airport, vacationers can log into their Disney account and begin to customize their vacation plans, adding personal information such as birthdays, special needs, and credit card information to their Disney profile. Once they have arrived at Disney World, guests will receive interactive RFID bracelets, called MagicBands, which will serve as their room keys, method of payment once inside the park, and will also track virtually their every move, allowing Disney to give more customized offerings to each customer in the future. Perhaps the most anticipated feature of the new systems is that it will allow guests to select which rides they want to ride in advance, and it will send a smartphone alert when it is time to ride, no waiting in line necessary.
While the MyMagic+ system will undoubtedly revolutionize the way we visit Walt Disney World in the future, there are some privacy concerns raised by the use of so much personal customer data. While Disney has expressed awareness of privacy concerns, they have not yet mentioned the details of customer data storage—how long data will be stored, what it will be used for, systems in place to protect customer privacy—an important concern for customers visiting the park. While you can choose not to use the MyMagic+ system, it is unclear exactly how much choice you have in terms of what data the bracelets collect once you are inside the park. In addition, Disney plans to retrain employees regarding how to handle lost or stolen bracelets, but the methods for protecting against fraudulent purchases or unauthorized access to personal data have not yet been tested.
Ultimately, the Disney MyMagic+ system will need to begin to be used before we will know all of the implications for your privacy. Disney plans to start rolling out various features of the program as soon as this spring, so we will keep you updated with any new details as they emerge.
December 19th, 2012
Allison here with AllClear ID. While tax season is just around the corner, tax fraud is a year-round enterprise. One of the more recent tax fraud stories in the news involves a former resident of St. Louis who is accused of participating in a $1.5 million tax identity theft scam. Allegedly, the woman was taking the information of the recently deceased and using it to obtain their tax refunds. A federal investigation in late November found that 191 fraudulent tax returns were filed from her computer using the stolen identities.IRS,
Upon further investigation, authorities discovered that 27 of those refund checks were sent to three different states (Maryland, Missouri, and Florida), indicating that this woman was possibly the ringleader of a large network of people using these identities. In return for sharing the personal information of the deceased, the alleged ringleader was sharing the proceeds from the returns. During the investigation, a number of items were seized, such as $5,000 in cash, multiple notebooks containing the personal information of others, debit cards, and MoneyGram receipts. The woman admitted that these items were part of an identity theft scheme.
Tax fraud by means of identity theft is a growing problem because of how tax returns for the deceased are handled. In an effort to legitimize the process of claiming returns for a deceased taxpayer, the IRS requires that tax returns for the dead are accompanied by a form that describes the person filing the form. However, now scammers and thieves are often stealing the identity of the person filing the form and filing for tax returns under that name.
The rise in tax fraud involving the deceased serves as a reminder to all of us that we need to be protective of the identities of our deceased loved ones, double checking their reports and perhaps handling their tax returns right away. It’s now more possible than ever that these identities will be used by a thief.
December 17th, 2012
Allison here with AllClear ID. As defined by the Department of Justice, identity theft includes, “crimes in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain.” Using this definition, online impersonation can technically be considered identity theft, but is there more to the story? Should there be one kind of penalty for identity theft and another kind of penalty for online impersonation? Let’s take a closer look.
A recent news story talked about a Texas woman who started to receive phone calls of a sexual nature from unknown men. When she finally asked one how he got her number, he replied that he saw it in an ad on Craigslist. As it turns out, the ad was posted by the girlfriend of her ex-husband, who claimed she posted the ad as a “joke” when she was confronted about it. The girlfriend was ultimately charged with online impersonation, but many people may think this was an act of identity theft as well.
Texas law defines online impersonation as “creat[ing] a webpage or send[ing] an email or an instant message on the Internet using the name or domain name of another person with the intent to harm, defraud, intimidate or threaten another person or persons.” The way the law is phrased outlines a key difference between identity theft and online impersonation: identity theft is meant to benefit the thief, while online impersonation is meant to harm someone other than the impersonator.
Furthermore, identity theft typically involves stealing very specific personal information, like a social security number or a credit card number. It often involves much more than using the name or telephone number of another, and usually necessitates some credit report cleanup on the part of the victim.
While these distinctions do not make either identity theft or online impersonation easier to deal with, there is one more distinct difference between the two crimes: the ability of consumers to take proactive measures to protect themselves. With identity theft, there are a variety of measures someone can take to secure their personal information and to prevent it from ending up in the wrong hands. We’ve talked about many of these before. Online impersonation is much more difficult to safeguard against, since theoretically all someone needs is a name and possibly a phone number to impersonate another person over the internet. Both identity theft and online impersonation can have serious consequences for the victims, and should therefore be criminalized under the law. However, the aftermath of identity theft is often much more far-reaching than that of online impersonation, which raises the question as to whether the two crimes should require different penalties for perpetrators.
December 12th, 2012
Jackie here. When you think about online privacy, you are probably most concerned about keeping your credit card number safe from identity thieves and unreliable retailers, but those aren’t your only risks. Data brokerage companies are also gathering your personal information and selling it to others. This isn’t the same as thieves selling your credit card numbers on the black market. Data brokerage is perfectly legal and no matter how careful you are with your personal information, there is probably a file out there in the data universe with your information in it. So, what privacy concerns are associated with data brokerage and what you do to protect yourself?
In July The New York Times featured a story about “Big Data”. The story discussed one of the data brokerage companies and how they operate. With increasing detail, data companies are collecting consumer information about almost everything from your age, income, and marital status, to your buying habits and health concerns in your household, just to name a few.
The story caused concern among some members of Congress who sent a letter to several of these companies to learn more about the business and their privacy practices. Experian responded with a letter of their own.
In their letter, Experian states that while they do collect information, it is possible to opt-out of their marketing services (which are offered by a company known as Experian Marketing Services or EMS) by visiting the opt-out website. We’ve searched, however, and haven’t been able to find the specific opt-out site mentioned in the Experian letter. If it is difficult to opt-out, odds are that few people will.
What Can You Do?
As we mentioned earlier, opting out is possible, but it may be a lot of work. There are many data companies out there; Experian is by no means the only one. Each has separate opt-out practices and requirements. Many store their opt-out notices in your cookies, which means that if you clear your cookies, you’ll have to go through the opt-out process all over again. It can be somewhat tedious, but it is an important step in taking control of your data. The less information about you that is made public, the safer your identity is. ID thieves rely on data and without it they can do almost nothing to steal your identity.
Acxiom, the big data company discussed in The New York Times article, allows you to opt-out of their services using this link. It will reduce the amount of telemarketing, direct mail, email offers, etc. that you receive. Additionally, opting out can have an impact on the offers you do receive from companies you do business with since services will not be specifically targeted to your buying habits.
In a time of increasing availability of information, protecting yourself from identity theft requires you to be informed and proactive and always on the lookout for potential problems.
December 10th, 2012
Allison here with AllClear ID. Just after the Thanksgiving holiday, press release distribution service PRWeb transmitted the news that Google purchased Wi-Fi provider ICOA for $400 million. Turns out, the story was fake, planted by someone posing as an employee of ICOA. PRWeb issued an apology for spreading the false news and not catching it sooner, saying, “even with reasonable safeguards identity theft occurs, on occasion, across all of the major wire services.”
There are many names for this type of situation: a hoax, a SNAFU, a gaffe, fraud even. It’s now known that the fake press release originated in Aruba from an email that was meant to look like a legitimate ICOA email. It’s also suspected that the hoax was meant to inflate ICOA’s stock prices, even just for a few hours. Tellingly, there was an array of issues with the press release itself, ranging from grammatical errors and a fake phone number, to a lack of information about the companies and virtually no quotes from insiders involved with the deal. This fake press release may be misleading, but is this identity theft?
Wikipedia defines identity theft as, “a form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources or obtain credit and other benefits in that person’s name.” No individual person’s identity was stolen here, as the fake press release didn’t include contact information for either Google or ICOA. However, it can be argued that ICOA’s identity was stolen, as someone posed as an ICOA employee or representative to access resources (the momentary gain from the higher stock prices, if that was the motive), or to have the benefit of having his or her ruse work. In this instance, the fake press release would be considered identity theft, albeit a highly unusual version.
From a different perspective, labeling this mistake “identity theft” could be viewed as a way to deflect blame and to minimize the lack of investigation done before publishing the press release. Many people made a mistake here, and saying that it all started with an instance of identity theft makes the situation much more favorable for those involved. In this case, individuals involved in the creation of the fake press release were able to take advantage of the Internet news economy where breaking a story first takes priority over getting it right. Even when a story is able to get through any safeguards and make its rounds online, sooner or later (sooner in the case of PRWeb) it will be discovered to be a false story, and the situation will be easily remedied.
Sending a fake press release can create a commotion, and can at times even be malicious, depending on the release’s content. Posing as someone else, or as a company, is misleading, and a crime in some contexts. These cases are not, however, instances of identity theft.
November 13th, 2012
Jackie here. If you’re anything like me, payday is day worth looking forward to. I love checking my bank account and seeing my balance finally go up instead of down like it usually does. Payday is an important day at my house and I can’t imagine what I would do if my electronically deposited check never arrived. Unfortunately for four military families stationed at Ft. Bragg, their paychecks were diverted to accounts that weren’t theirs as a result of identity theft.
Here’s what happened. One soldier stationed at Ft. Bragg was checking his leave and earnings statement a few days before his scheduled payroll deposit. He noticed the deposit was heading to Bancorp Bank, rather than his usual account at USAA. He alerted the government and an attempt was made to retrieve the money before the deposit, but it was unsuccessful. The entire paycheck was sent to the wrong bank where it was promptly transferred to a prepaid Visa card. Similar stories occurred to three other soldiers stationed at the same base.
Experts assume that this id theft occurred as a result of keystroke logging malware. The military uses a system called MyPay to manage paychecks, leave, etc. If the login information for the military’s MyPay system was compromised, the thieves could log in to others’ accounts and change direct deposit information. It is also possible that the victims willingly (although unknowingly) provided the information through an email phishing scam. Whatever the case, it is unknown who will be financially responsible for the loss, the government or the soldiers.
Technically anyone with a direct deposit paycheck could fall victim to a scam like this. Whether you are in the military or not it is important to protect your banking and other financial passwords carefully. Check your accounts regularly and always be on the lookout for signs of id theft. You learn more about the Ft. Bragg story here.
November 1st, 2012
Jackie here. With the election fast approaching we’ve all got voting on our minds, but one thing you probably don’t think about when you head to the polls is how identity theft can affect this cherished privilege. Of course every situation is different, but in some cases identity theft (especially criminal identity theft) can make it tricky to vote.
We found an interesting story on PilotOnline.com about a man struggling to register to vote after becoming an ID theft victim. The victim, Alfonzo Reynolds, was denied voting privileges for a felony conviction that isn’t his. He was a victim of ID theft five years prior and the perpetrator had used Reynolds name for traffic tickets, arrests and even a felony jail term. Since you can’t vote with a felony conviction, Reynolds’ application to vote in the upcoming election was denied.
Getting his voting privileges restored and resolving the ID theft was a complicated matter that took months. Reynolds had to provide fingerprints to various police departments to have charges removed from his record. He even had to enlist legal help to get some of the records expunged. It was a long battle and at times it seemed that things wouldn’t be resolved in time for the registration deadline for this year’s election.
The effects of identity theft run deep and take a great deal of time and money to resolve. Luckily for Reynolds the matter has now been taken care of and he is registered to vote in the upcoming election. As we prepare to vote and study the issues, keep in mind that voting is indeed a privilege and that protecting yourself from identity theft can help you avoid problems like this.
Read more about Alfonzo Reynolds’ story here.
August 30th, 2012
Jackie here, with AllClear ID. Have you ever thought about the privacy implications behind a parking ticket? I hadn’t either until I stumbled across this article on Wired. A federal appeals court recently reinstated a class action lawsuit against Palatine Village (a Chicago suburb) ruling that putting too much information on a parking ticket is a privacy violation.
The lawsuit started when a motorist with a parking ticket sued. Palatine Village’s parking tickets list the vehicle owners name, address, gender, height, weight and driver’s license number. The driver sued using the Driver’s Privacy Protection Act of 1994, a law that protects DMV records from being openly shared. In addition to personal information being shared on the ticket, personal information is also visible on the exterior of the mailing envelope when the fine is paid by mail.
The court ruling is good news for identity protection. The information found on these parking tickets could potentially provide id thieves with bits of personal data that could be used to access your identity. Driver’s license numbers specifically are on the list of things to protect along with your Social Security number and mother’s maiden name.
Since parking tickets are left on the windshield of the offending vehicle, the information contained in them can be easily accessed by any passerby, including identity thieves.
August 28th, 2012
Jackie here, with AllClear ID. We often talk about the importance of choosing strong passwords and keeping your passwords safe once you have chosen them, but no password is entirely secure. Passwords are compromised every day through various means like hacking, social engineering or the simple guess until it cracks method. Besides using your best judgment and common password safety tips, there isn’t much else you can do to keep your password safe– but this may someday change.
The Defense Advanced Research Projects Agency (part of the US Defense Department) hopes to someday eliminate passwords and instead identify computer users by their typing style. Everyone types differently from the amount of time in between keystrokes to the length of time a particular key remains depressed; this could someday lead to a unique way to identify yourself that can’t be compromised as easily as a password. According to a New York Times article, DARPA is planning to provide research money to make this a reality. Several universities are researching this technology including Carnegie Mellon, Pace University and Columbia.
Although everyone has a unique typing style, it can vary from day-to-day. How will computers know it is actually you, and not someone else? In the New York Times article, one researcher makes an analogy to music that really hits this idea home. He compares your core typing style to the core rhythm of a song. You can usually easily identify a popular song even if it is played poorly by an amateur group. This technology will seek to find your typing rhythm which can’t be easily copied.
The USNews reports on this technology in action. This technology verifies users at log in based on their typing style when entering a username and password. This could potentially make stolen passwords useless, since only half of the needed equation would be obtained. The technology isn’t yet perfected; longer passwords can make reproducing typing style difficult, even for the same user. Read more here.
July 30th, 2012
Jackie here, with AllClear ID. Do you need to change your email password? For those of you that have Yahoo email accounts, you might be aware of the recent Yahoo breach that rocked the fortune-500 company, and impacted many more affiliated—such as Gmail, Hotmail, and AOL users.
If you are worried that you might have been one of the 450,000 compromised users in the breach, worry no more. There is a simple way to check and see if you have been impacted. Head on over to Sucuri Labs’ Yahoo Leak Password Checker.
The checker is easy to use and will give you a peace of mind if your account is safe, or motivation to make some password changes if your password has been exposed.
What To Do
All you need to do is enter in your email address into the box provided and click, “Check Email”. You’ll get a response in seconds.
It’s that easy. If you do end up changing your password, make sure that you check out this article on password tips from the AllClear ID blog first. Use different passwords for each account to increase your safety. This password meter tool will help you determine the strength of your passwords and will show you some areas where you can improve your password strength. A strong password is an essential identity theft prevention tool.
July 21st, 2012
Allison here, with AllClear ID. If someone calls your house, or comes to your door telling you that the federal government can pay your utility bills, don’t believe them! It’s a scam, and it’s one that has claimed tens of thousands of victims in several states across the country.
The scam was first reported in May, when Dallas-based Atmos Energy warned its 3 million customers across 12 states about the scheme. The scammers notify people by email, text message, social media, phone and/or door-to-door about the “program,” and then ask for a Social Security number in order to enroll. Those who provide their information are given bogus bank account information, and don’t realize what’s happened until the payment doesn’t go through and the bank information doesn’t work. By this time, victims have given up their Social Security number– the most valuable information an identity thief can have.
Although government programs do exist to help lower-income families with their utility bills, blanket grants or programs similar to the one the scammers are peddling don’t exist. Part of how this scam is getting so many people is that the scammers say this program is new, so victims may believe what they first hear about it. The scammers are also adding President Obama’s name to the scheme, which could be luring victims into a sense of legitimacy. Also, more people are in need of help with their utility bills, given the bad economy and the recent heat wave that is driving up everyone’s bills. The door-to-door element is also scary, since it not only adds legitimacy to the scheme, but it also opens up the possibility that those who are visiting houses may not be aware that they are peddling a scam.
Reports of victimization have surfaced in Florida, New Jersey, North Carolina, Indiana, Pennsylvania, and Utah. As of July 16, warnings of the scam have been given in Iowa, North Dakota, Minnesota, Missouri and Texas, particularly since President Obama visited the Lone Star state for private fundraising events this past Tuesday. Even if your state hasn’t been hit, or warned, be mindful as the reason why this scam is spreading is because it is working. Thousands of people have already become victims of identity theft, and the fact that it hasn’t hit your state yet isn’t an excuse to be lax on the precautions against identity theft.
If you, or someone you know may be a victim of this scam, contact law enforcement immediately. If you’ve been approached or contacted by someone offering something similar, don’t give away any personal information or comply with their demands. Your utility company would never ask for this information in person or over the phone in the manner that these scammers are doing. Hang up the phone or shut the door, and contact your utility company and law enforcement right away. Both need to be aware of the situation so they can warn others and focus on helping those who may have already been scammed.
July 20th, 2012
Jackie here, with AllClear ID. Identity thieves can wreak havoc on your life and your finances, but rarely does id theft get in the way of getting a marriage license. We found an interesting story in the New York Post that shows that id theft can take on many faces and in some cases even result in a phony marriage or two.
Rosa Vargas, a 37 year old New Yorker, lost her birth certificate in her twenties. This was the start of her identity theft problems, although she wouldn’t realize it for many years to come. Ms. Vargas first noticed her id theft a few weeks before her wedding in 2004. She went to apply for a marriage license and had her application rejected. Records indicated that Ms. Vargas was already married– twice actually. Both of the marriages occurred several years prior in 1996. One was to a man from Ecuador and the other to a man from Mexico.
Rather than call off or postpone the wedding she decided to marry in a different jurisdiction at the advice of her priest and lawyer. She married her fiancé as planned.
A few years later in 2009 she was served with divorce papers, not by her husband, but by the man from Ecuador. She refused to sign and hired a lawyer. The man later arrived at her mother-in-law’s house where he was informed that he had tracked down the wrong woman.
After this incident Ms. Vargas decided to clear her name and resolve the fraudulent marriages with the courts. Both marriages were nullified.
A third fraudulent marriage in Ms. Vargas’ name has been discovered- and at the time of the Post story- was still being resolved.
This story really illustrates the complexity of identity theft; no two cases are the same. Read more about Ms. Vargas’ story here.
July 18th, 2012
Jackie here, with AllClear ID. The Treasury Department has stopped selling paper savings bonds in banks and has switched to an entirely electronic system on the TreasuryDirect website. The new program which took effect January 1, 2012 is expected to save taxpayers $70 million in the first five years.
Buying the electronic savings bonds is easy. They have been available online since 2002. The purchasing process is quite different from buying paper bonds in the bank, but there is a video demo available to walk new users through the process.
One of the biggest changes that accompanies the transition to electronic only bonds will affect only those involved in giving and receiving savings bonds as gifts. Savings bonds require a social security number for purchase and redemption. Previously the purchaser could buy the bonds using their SSN and the recipient could later supply their number upon redemption. Electronic savings bonds do not have this option. The purchaser of the bond must supply the recipient’s SSN to make a purchase.
Any time social security numbers are involved there is a risk for id theft. This new electronic savings bond system makes it more difficult for savings bonds to be purchased and requires the recipient to share their SSN in order to receive a bond. Be careful who choose to share this number with and if you do choose to provide your social security number to a friend or family member for a savings bond gift, make sure they protect your number just as carefully as you do. Learn more at the TreasuryDirect website.
July 7th, 2012
Allison here, with AllClear ID. A two-year undercover operation came to an end a few weeks ago when authorities in 13 countries arrested 24 people who have been accused of cybercrime. Operation Card Shop, as it was called, involved a site called Carder Profit that seemed like a place for hackers and identity thieves to get credit card numbers and software to spy on computers. However, that website was actually a fake set up by the FBI.
The idea for the website came from other forums that were used – and have been caught – as hubs for hackers and identities thieves to purchase personal information, financial data, and software to commit these crimes. These people use these websites to offer specialized services and to help each other, which would make it easier for organizations like the FBI to catch a whole group of hackers instead of just one or two people.
“These guys represent the complete ecosystem of Internet fraud,” said one senior law enforcement official to the New York Times, who requested anonymity because of the confidentiality of the investigation. “We drew them out of the shadows with the Web site as bait.” In this case, the ecosystem existed all over the world, in countries such as Germany, Norway, the United States, Bulgaria, and Bosnia.
The insight and dialogue that took place on the FBI website, Carder Profit, helped authorities to crack down on these criminal organizations, which have become increasingly important as instances of credit card fraud and other computer crimes have exploded within the past few years.
Officials said that this operation prevented over $200 million in losses, as well as the possibility of 400,000 people becoming victims of credit card fraud. Long-term efforts like this operation are what it takes to find these hackers and identity thieves and bring them to justice. It’s unlikely they will stop on their own, and they will always be looking for new ways to get around the laws and to hide their own identity.
July 6th, 2012
Allison here, with AllClear ID. If you haven’t done so already, please do a quick check for malware today! According to the Federal Bureau of Investigation, about 277,000 people worldwide could lose their ability to go online on Monday, July 9 because of malware contracted through an online advertising scam.
Although the number of those affected are well below the initial 570,000 when the malware was initially discovered, there are those who still have the malware, and will have to call their service provider in order to delete the malware and restore their Internet connection. The reason for the loss of connection is that the FBI set up a safety-net upon discovering this malware. It was then realized that turning off the malicious servers on which this malware was hosted would result in the loss of Internet service. The safety-net servers will be shut off on Monday.
The malware, called DNS Changer, was found on November 8 in an international capture of several cybercriminals. Also known as TDSS, Alureon, TidServe, and TDL4 – the malware works by essentially providing infected users with an altered version of the Internet. It has the infected computers point to malicious servers and data centers, where it alters user searches and promotes fake and dangerous products.
About 64,000 of those people who are still infected live in the United States. Some Internet providers have already issued notices to customers or have set up a solution to keep these people online. However, since many of the 64,000 don’t know they’ve even been affected, they might not realize there is a problem until it’s too late. Other symptoms of this malware include slower Internet speeds and a disabled antivirus program, so it’s possible these people could have other problems with their computer as well.
If you already have an anti-malware program in place, such as Malwarebytes Anti-Malware, it would be best to do a quick scan, even if you haven’t encountered any problems. Running any antivirus program will work as well. If you don’t have anything in place, this specific anti-malware program has a free version that you can download to do a scan. The FBI has also set up a website that you can use to check to see if your computer is infected.
If it turns out that you are infected, you will need to get your computer fixed by a professional. Using a program like those mentioned above will not be enough. First, make sure to backup all your important files, as part of the repair process could involve wiping the hard drive clean. Second, make sure to change the passwords on any and all online accounts, as it’s possible this malware could have captured keystrokes and acted as a proxy for traffic to sensitive sites. Third, check bank statements and credit reports for anything suspicious, and take appropriate action if there is something unfamiliar.
June 28th, 2012
Jackie here, with AllClear ID. The Colorado High Park Fire near Ft. Collins, Colorado brought much destruction and devastation to the mountainous state during the last couple of weeks. The fire started on June 9th due to lightning and quickly spread across the state. As of Friday June 22, the fire has burnt almost 70,000 acres, destroyed 189 homes and killed 1 person. This fire has been called the most destructive fire in the history of Colorado. With this destruction has come the possibility of others looting and being able to take personal information and documents out of evacuated homes.
How it started:
Weather in the area made the fire particularly difficult to fight. In the first several days of the fire, more than 1,800 firefighters were unable to contain the blaze – at all. Hot, dry weather and strong winds helped the fire to grow and spread. As the blaze continued to move and spread, firefighters focused on protecting the many homes in the area. They used evacuation to help move residents from the high-risk fire areas into safer places where residents could wait until the threat of fire to their homes passed.
The evacuations, although a critical strategy for fighting the fire and protecting lives, open up the possibility of looting in the evacuated residences and businesses. ABC News reports that at least one man has been arrested for impersonating a fire fighter and possessing stolen property. Read more about this story or watch related videos on ABC’s website here.
Depending on what thieves take, looting can lead to identity theft. Make sure that your mail, financial information and personal documents are in a secure location away from prying eyes. A fire-proof lockbox is a great way to protect yourself from this id theft risk.
We are grateful to the brave firefighters and others that sacrifice so much to protect lives and homes. Battling a raging fire in these hot summer temperatures isn’t easy and we are grateful to those that put their lives on the line to protect the homes and lives of others.
June 20th, 2012
Jackie here, with AllClear ID. Copying documents like driver’s licenses and medical records is common practice when getting a new job or setting up a file at a medical office. Depending on the copier, this practice can make you an at-risk candidate for identity theft. Many high-end copiers contain a hard drive which can store copies of your personal information. If this hard drive is accessed by an ID thief, they may have all the info they need to utilize your information.
CBS News highlighted this id theft risk in an April 2010 in a news broadcast. CBS investigated this form of stealing, and purchased four used copiers from a warehouse for about $300 each. In less than a day, CBS was able to access thousands of sensitive documents including copied checks, medical records and more. The information contained in these copiers could have easily been utilized to commit identity theft.
What Can You Do?
Knowing that copiers pose an identity theft risk is one of the first steps to protecting yourself.
- Speak Up- Before you allow someone to make copies of your sensitive information, ask about their copier. According to CBS, almost all digital copiers made after 2002 contain a hard drive. If the copier doesn’t have a hard drive then it’s probably safe to allow a copy to be made.
- Ask About Security Practices- If a copier does contain a hard drive, you need to ask about security and how the sensitive data on the drive will be handled. Encryption software is available to ensure that data will not be accessible to outside parties. Scrubbing the hard drive before selling the copier off is another viable option.
- Use Another Copier- If you aren’t satisfied with the answers you receive when asking about a particular copier, refuse to have a copy made and offer to copy the needed documents yourself at another location. Copiers at copy stores may have the same risks as copiers in doctor’s offices or at employer’s offices. Many personal printers have copy options available. You may be able to copy your documents yourself and to provide a pre-made copy. Don’t forget to properly dispose of your devices (check out our blog post on the topic here) once you are done with them.
For more information read this article on the NY Times website. The next time you need to make a copy, think before you push the start button. If you aren’t careful, the information on the copier might make its way into the hands of an identity thief.
June 8th, 2012
Allison here, with AllClear ID. Scammers do their work by preying upon vulnerable populations: the elderly, the children, the deceased. But, there’s one more population that’s also being targeted: immigrants. New immigrants are especially vulnerable. They can be intimidated or threatened with arrest or deportation for reporting a possible fraud or scammer.
The Federal Government has created a database with over 6 million immigration fraud complaints, ranging from scammers providing false green cards and immigration documents – to providing false or nonexistent immigration services. These scammers even charge for government forms and access to personal documentation that is otherwise free. Sometimes, these scammers work under identities stolen from legitimate practitioners, as was the case with one man arrested in West Palm Beach, Fla. in 2011. The man posed as an attorney and processed more than 3,000 fraudulent immigration applications and consulted with them in his home.
If you or someone you know is an immigrant seeking legal counsel or has been a victim of immigration fraud, please follow these tips when finding an attorney, legitimate immigration services, or help in settling the fraud:
- Make sure to consult an attorney, not a notary public or an “immigration consultant”. If you are undocumented and need legal advice regarding your situation, avoid any ‘notario’ immigration consultant or other so-called “professional” who is not a licensed attorney in your state. A notario or consultant isn’t allowed to give legal advice or to talk to government agencies for you.
- Request receipts for payments, request copies of all documents filed on your behalf, and make sure you have a representation agreement in writing. Don’t let anyone keep your documents, such as a passport or a birth certificate, or fill out paperwork that you can fill out yourself. If anything doesn’t feel right, get a second opinion.
- Only work with immigration websites that have a .gov ending, as only those sponsored by the government can have such a website. Immigration websites with any other ending are probably fraudulent.
- Some local businesses, websites and individuals make reference to the Immigration and Naturalization Service (INS). This agency no longer exists! Those referencing this agency are trying to scam you. The INS was dismantled on March 1, 2003. The agency that you should be working with is the U.S. Citizenship and Immigration Services (USCIS), which grants immigration benefits.
- Don’t work with any business that says they can guarantee a quicker processing, a green card, or entry into the annual Diversity Immigrant Visa Program for a fee.
- There is free or low-cost legal help available for people who think they have been defrauded: The Board of Immigration Appeals has a website with referrals to local immigration attorneys or non-profits that can provide services for low or no cost.
- The American Immigration Lawyers Association provides referrals to attorneys in different areas of immigration law.
June 7th, 2012
Jackie here, with AllClear ID. The IC3 (Internet Crime Complaint Center) recently released their 2011 Internet Crime Report. According to the report and an article in the Sacramento Bee, California led the entire nation in identity theft during 2011. There were 34,169 reports of id theft across the state. The IC3 processed 314,246 id theft complaints total during the year, a 3.4% increase from 2010 (or an average of more than 26,000 complaints per month).
The simple fact that California had the highest levels of ID theft in 2011 might seem scary for California residents, but when you put things in perspective, id theft risk is a real problem for everyone, no matter their state. California has the largest population in the United States and although they had the most complaints, they did not have the highest level of complaints per capita. Based on complaints per 100,000 in population, the Golden State ranked #13. The highest per capita levels of id theft reports occurred in Alaska, Washington D.C., New Jersey, Nevada and Colorado.
The IC3 is a coalition between the Federal Bureau of Investigations (FBI) and the National White Collar Crime Center (NWCCC). If you come across a suspicious email or a fraudulent website or if you fall victim to ID theft, head on over to the IC3 website and report it. These reports help law enforcement to work together to find and prosecute identity criminals.
Whether you live in Alaska, California or somewhere else, id theft is a real problem and isn’t likely to be going away anytime soon. In the press report announcing the release of the 2011 report, Assistant Director of the FBI’s Cyber Division Michael Welch said, “Internet crime is a growing problem that affects computer users around the world and causes significant financial losses.” No matter your state, you need to be proactive and on the lookout for signs of id theft.
May 30th, 2012
Jackie here, with AllClear ID. I have heard over the years that people with common names are more likely to fall victim to identity theft. This news story titled Common Names ID Theft Risk (found on NBC-2 News) is a few years old, but still serves as an excellent example. Is this claim really true? Could the name you are given at birth permanently increase your id theft risk?
The answer is surprisingly, “No”. When it comes to financial identity theft, your basic information like name, phone number, birthdate, address, etc. isn’t important. The main information you need to protect is your Social Security number, bank account information and driver’s license number. Without these, identity thieves aren’t going to have the information they need to commit financial identity theft. Banks realize that names are often quite similar one with another and do not use these to identify their clients; instead they rely on unique identifiers like your SSN. You can protect yourself from identity theft by protecting confidential information whether your name is common like John Smith or unique like Kimae Lawclef.
Having a common name however can make it more confusing to resolve identity theft cases should they occur. If you share a name with an id thief it can be more difficult for law enforcement and creditors to unravel who is who. Common names can also lead to cases of mistaken identity or criminal identity theft. This news story from Chicago involving mistaken identity and background checks shows just how common this problem can be.
Another concern may be parents using the Social Security numbers of their similarly named children to commit id theft. Parents using their child’s id information to open credit accounts isn’t just a problem for those with similar names; it can happen with any names since parents have access to their children’s Social Security number.
Common named folks everywhere can now breathe a sigh of relief. You are still at risk for id theft, but not any more than the rest of us.