Do an online search for “free credit report” and you’ll end up with a dozen or more websites promising online credit reports (and often credit scores) for FREE. Most of these companies even have the word “free” in their name, but don’t be fooled, there’s nothing FREE about their services. Many will entice people to sign up for a product that comes with strings attached. Most will request a credit card number to enroll and then will charge you if you do not cancel the service within a specific grace period.
A recent post (July 24, 2007) on the blogsite The Red Tape Chronicles written by Bob Sullivan explains that “one site, for instance, requires enrollment in pricey credit monitoring service, which can only be canceled online after precisely 23 days. Another automatically enrolls users in a discount travel service. And some hint that the real free credit report site established by Congress -- AnnualCreditReport.com -- isn’t all it’s cracked up to be.” He goes on to say that many of these sites actually can be traced back to the credit bureaus either directly or by affiliation.
The Fair and Accurate Credit Transaction Act of 2003 made it so that consumers are entitled to a free copy of their credit report, once per year, from each of the three major credit-reporting bureaus. Those three agencies -- Equifax, Experian and TransUnion -- even set up a Web site that consumers must go to for their freebie; it's only one legitimate source where you can obtain your FREE credit reports: http://www.annualcreditreport.com/.
There are plenty of other sites with similar names promising free credit reports, but invariably they package the "free" side with some other goods and services, selling you your credit score -- which the agencies are not required to give you for free -- bundling the three reports together into one, selling credit-monitoring services and more. Consumer Reports WebWatch recently reviewed 24 sites offering "free" credit reports and found that the proliferation of these other sites -- which invariably charge a fee for bundling several services together -- was creating confusion. Worse yet, the study found that nine of the 24 reviewed sites were owned or closely tied to TransUnion, with eight others having similarly close connections to Experian. In other words, the same guys who were required by law to provide a free report are also creating some of the confusion about the freebies. That's disconcerting -- and it explains some of the confusion -- but it's not against the rules. It just forces consumers to be particularly careful to get to the right site.
Also, Consumer Reports says half of all credit reports are loaded with errors that could affect you if you're trying to get a loan, open another credit account or even rent an apartment.
Increased consumer awareness and knowledge is a good thing. It’s a positive sign that more folks are interested in what’s being reported in their credit files. Everyone should check their credit reports at least once a year to make sure that all of the information contained in them is accurate and up to date. You should also check your reports for any information that is fraudulent, which could signal that you are the victim of Identity Theft. This includes accounts as well as personal information such as addresses and phone numbers.
So, before you give over your credit card number for something that is supposed to be “free,” don’t do it.
Go to http://www.annualcreditreport.com/.
Saturday, July 28, 2007
Tuesday, July 24, 2007
It's Worth Repeating: Social Security Cards and Wallets DO NOT Mix
I give over one hundred identity theft seminars every year and at each seminar, at least one of the attendees will admit to carrying around their Social Security card in their wallet or purse.
In this day and age, and with all we know about identity theft, I'm shocked that some people still carry their social security card on them. Most of the guilty parties say that they realize it's a potential problem, but they have never gotten around to taking the card out. Others have said that they just didn't know it was dangerous.
How your Social Security number can be used to steal your identity...
There are many pieces of information that, if stolen, can lead to identity theft or, at the very least, identity fraud. They can include a bank or credit card number, a home address, family names, login and password info and so on. But the holy grail of stolen information is your Social Security number (SSN). And it can be exposed in so many different ways, it can make your head spin!
For example, my doctor has a hard copy of my SSN in the files in his office. That’s right. Our archaic healthcare and insurance system still uses Social Security numbers as the primary way to identify patients. But does my doctor take any precautions to prevent identity theft? I’m pretty sure that his office has no alarm system and no security guards. He also has a high staff turnover and probably doesn’t conduct criminal background checks on his employees. And like most medical practices, his files are stored wall-to-wall in plain sight of patients and with no protection other than a low countertop. So there’s a much greater risk that my Social Security number will be misused in his office than on my home computer. But because all medical offices work that way, there’s not much I can do.
And that’s the problem. So many different organizations have a copy of your Social Security number, there’s no way of guaranteeing that it’s safe in their hands. Your Social Security number can also just as easily disappear from your own workplace, and often the biggest thieves of Social Security numbers are co-workers and other insiders. And once it’s in the wrong hands, your SSN can really come back to haunt you.
Here are some examples of how your SSN can be misused and lead to identity theft fraud:
In this day and age, and with all we know about identity theft, I'm shocked that some people still carry their social security card on them. Most of the guilty parties say that they realize it's a potential problem, but they have never gotten around to taking the card out. Others have said that they just didn't know it was dangerous.
How your Social Security number can be used to steal your identity...
There are many pieces of information that, if stolen, can lead to identity theft or, at the very least, identity fraud. They can include a bank or credit card number, a home address, family names, login and password info and so on. But the holy grail of stolen information is your Social Security number (SSN). And it can be exposed in so many different ways, it can make your head spin!
For example, my doctor has a hard copy of my SSN in the files in his office. That’s right. Our archaic healthcare and insurance system still uses Social Security numbers as the primary way to identify patients. But does my doctor take any precautions to prevent identity theft? I’m pretty sure that his office has no alarm system and no security guards. He also has a high staff turnover and probably doesn’t conduct criminal background checks on his employees. And like most medical practices, his files are stored wall-to-wall in plain sight of patients and with no protection other than a low countertop. So there’s a much greater risk that my Social Security number will be misused in his office than on my home computer. But because all medical offices work that way, there’s not much I can do.
And that’s the problem. So many different organizations have a copy of your Social Security number, there’s no way of guaranteeing that it’s safe in their hands. Your Social Security number can also just as easily disappear from your own workplace, and often the biggest thieves of Social Security numbers are co-workers and other insiders. And once it’s in the wrong hands, your SSN can really come back to haunt you.
Here are some examples of how your SSN can be misused and lead to identity theft fraud:
- Illegal Immigrants can buy your SSN so they can get jobs and report income (or not report income) to the IRS in your name creating a duplicate tax return
- A thief\illegal can open new credit accounts.
- Your SSN can be used to open a bank account and obtain an overdraft or loan.
- It can be used to open a utility account. Many identity thieves will use SSNs they stole themselves, or purchased from someone else, to rent an apartment, open a utility or telephone account, or rent a car (and not return it).
- Crooks\illegals with bad histories can easily hide their past by using a stolen Social Security number when applying for a new job.
- Thieves\illegals have been known to give stolen Social Security numbers when arrested, often leaving their victims with a criminal record that’s very difficult and costly to erase.
- And some thieves have even been known to go bankrupt using a stolen Social Security number, either to avoid having a bankruptcy on their own record, or as a last twist of the knife against the real owner of the SSN.
So keep a close eye on your Social Security number and a closer eye on your credit through credit monitoring so you’ll know if someone does try to use it.
If you still have your social security card in your purse or wallet, take it out immediately!
Store the social security card in a safe deposit box or a secure place.
An Overdue Book Can Ruin Your Credit Score. Who would have thought?
As cities work to scrape up every little bit of revenue, they’re now going after library fines and overdue parking tickets.
How are they going after this money? With collection agencies.
Is it working? The Wall Street Journal says yes:
A handful of cities, including San Diego and Chicago, have worked with collection agencies since the late 1990s. But the trend is spreading rapidly around the country because of the popularity of identity theft. Strapped local governments are looking for creative ways to boost revenue without raising taxes and fees. Over the past few years, local governments in places including Seattle; Anchorage, Alaska; Austin, Texas; and Florida’s Miami-Dade County have contracted with private agencies to collect late parking tickets and court fees. In New York City, Baltimore and Dallas, libraries use private collection firms to recover fines. New York State recently hired a collection company to pursue overdue E-ZPass toll bills.
I learned about method of identity theft in 2005 from an audience member of one of my seminars. She had her purse stolen. As an out of the box thinker she even had a photocopy inventory of everything in her purse just in case. So needless to say she was prepared. She called and closed all of the accounts that would be potentially affected. Or so she thought...
Library Card Identity Theft
It never occurred to her to suspend her library card privileges. And how easy is it to get a library card? That was the specialty of the criminal who stole her purse. He knew the window of opportunity would be small to 'joy-ride' on her credit cards' so he raped and pillaged the public library system of its pricey titles. He knew exactly which books would fetch the highest prices on eBay. Of course she found out the hard way when the debt of unreturned library books turned into a collection issue and negatively affected her credit score.
While shaking down citizens over small debts might sound petty, hundreds of cities around the country are owed millions of dollars in unpaid fines. Since 1997, when Chicago began using a collection agency to track down unpaid parking fines, ticket revenue has more than doubled, rising from $68 million to $154 million last year. (The total number of parking tickets issued has dropped slightly over the period.) Since the Omaha, Neb., public-library system hired a private collection company in March, it has collected more than $40,000 in fines and recovered about $75,000 worth of overdue books and materials.
Yep, they’re bringing in the big boys in order to collect on millions of dollars of small fines that many of you have ignored… until now. If you decide to ignore a collection agency, that $20 library fine could show up as a collection account on your credit report.
How will single collection account for a stupid small overdue fine affect your credit score? It could lower it by as much as 100 points. Ouch! That’s gonna hurt.
It appears that Equifax is the sole credit bureau that feels this may be a bit of overkill. Also from the Wall Street Journal:
Equifax Inc., the third credit bureau, makes an effort to weed out small charges like library books and parking violations from credit files. The company says it is not fair to include them in credit reports since municipal fines are reported unevenly around the country.
Well, that won’t help too much because you never know which bureau a potential creditor will use to look at your credit.
So what should you do?
How are they going after this money? With collection agencies.
Is it working? The Wall Street Journal says yes:
A handful of cities, including San Diego and Chicago, have worked with collection agencies since the late 1990s. But the trend is spreading rapidly around the country because of the popularity of identity theft. Strapped local governments are looking for creative ways to boost revenue without raising taxes and fees. Over the past few years, local governments in places including Seattle; Anchorage, Alaska; Austin, Texas; and Florida’s Miami-Dade County have contracted with private agencies to collect late parking tickets and court fees. In New York City, Baltimore and Dallas, libraries use private collection firms to recover fines. New York State recently hired a collection company to pursue overdue E-ZPass toll bills.
I learned about method of identity theft in 2005 from an audience member of one of my seminars. She had her purse stolen. As an out of the box thinker she even had a photocopy inventory of everything in her purse just in case. So needless to say she was prepared. She called and closed all of the accounts that would be potentially affected. Or so she thought...
Library Card Identity Theft
It never occurred to her to suspend her library card privileges. And how easy is it to get a library card? That was the specialty of the criminal who stole her purse. He knew the window of opportunity would be small to 'joy-ride' on her credit cards' so he raped and pillaged the public library system of its pricey titles. He knew exactly which books would fetch the highest prices on eBay. Of course she found out the hard way when the debt of unreturned library books turned into a collection issue and negatively affected her credit score.
While shaking down citizens over small debts might sound petty, hundreds of cities around the country are owed millions of dollars in unpaid fines. Since 1997, when Chicago began using a collection agency to track down unpaid parking fines, ticket revenue has more than doubled, rising from $68 million to $154 million last year. (The total number of parking tickets issued has dropped slightly over the period.) Since the Omaha, Neb., public-library system hired a private collection company in March, it has collected more than $40,000 in fines and recovered about $75,000 worth of overdue books and materials.
Yep, they’re bringing in the big boys in order to collect on millions of dollars of small fines that many of you have ignored… until now. If you decide to ignore a collection agency, that $20 library fine could show up as a collection account on your credit report.
How will single collection account for a stupid small overdue fine affect your credit score? It could lower it by as much as 100 points. Ouch! That’s gonna hurt.
It appears that Equifax is the sole credit bureau that feels this may be a bit of overkill. Also from the Wall Street Journal:
Equifax Inc., the third credit bureau, makes an effort to weed out small charges like library books and parking violations from credit files. The company says it is not fair to include them in credit reports since municipal fines are reported unevenly around the country.
Well, that won’t help too much because you never know which bureau a potential creditor will use to look at your credit.
So what should you do?
- Pay your fines, no matter how small. Your city could start using a collection agency at any time. Your fines - even years old - could then be sent to collections.
- Call and negotiate. If you do get a collection notice, call and negotiate with the agency. Make sure they agree that if you pay the fine they will remove the collection from your credit file.
- Monitor your credit. Make sure you are monitoring your credit through the Identity Theft Shield. Make sure you know exactly how you appear to the financial world months before you apply for a car or home loan. You want to have time to resolve issues like this before applying.
Sunday, July 15, 2007
eBay for Identity Thieves
On any given day hundreds of thousands of U.S. consumers are having their private\sensitive information bought and sold via 'Internet Relay Chat' rooms. The identifiers that comprise our identity have become societies new digital currency.
Wednesday, July 11, 2007
Medical Identity Theft
An example of how disruptive medical identity theft can be. Any victim of medical identity theft needs a properly trained advocate\investigator to put the pieces back together and make the victim whole again.
A personal quote from the victim in this story:
"All of our medical information is reported to the MIB (Medical Information Bureau) which is located in Boston, MA. Who in turn aggregate or gather together this information from every procedure or doctor's visit we go on. Someone using our information can and does alter our files. If I am admitted to a hospital in an incapaciated state, I am at the mercy of what my medical history states or mis-states."
A Classic Case of Criminal Identity Theft
Most consumers are unaware that this type of identity theft can happen to them. This is one of the most tangled type of identity theft to come out from under.
How fast can identity theft happen?
In four seconds, as the captured security footage in this video shows. This video is provided for educational purposes by the Broward County Sheriff’s Department.
Tuesday, July 10, 2007
What can they really do with your identity?
Bob is on the run. He murdered a clerk at an all-night convenience store and cleaned out the cash register. He needs to hide, and hide fast.
He shaves off his mustache, dyes his hair a different color, pops in colored contact lenses, and applies some phony tattoos; but that's not enough. He needs a new name and the papers to go with it. He turns to his friend Bill who puts him in touch with Mary.
Mary is a hacker. Yesterday she sent out a few thousand emails from a mailing list she bought on the Internet. Half of the letters were for a phony Microsoft patch download, the other half were "I'm Amy and here's my photo" letters. As of this morning, 10% of those letters were opened and 5% of the recipients clicked on the patch or the "Amy" photo.
If you were one of the readers who clicked, you now have a Trojan horse on your computer and it opened a passage through your computer's firewall. Now Mary gets to work.
The Trojan has informed Amy that she has free entry into your computer. She logs into your computer from wherever she is located (it could be next door, it could be on the other side of the planet). In the middle of her monitor, a window appears. The window is your desktop, exactly as you see it, only smaller.
Whatever you have on that computer now belongs to Mary, and that includes ALL your Internet activity because everything you do out here in cyberspace is copied to your hard drive.
Did you do any online banking? Mary now has a copy of your username; besides that, she can apply a program to decode your password.
Did you make any online purchases? She now has your credit card information.
Is your credit lousy? That doesn't matter to Mary, and it certainly doesn't matter to the murderer, Bob. She knows you're a real person, she has your full name, she knows where you live, and that's enough for her to get your Social Security Number off the Internet and maybe even your Driver's License number. If there is anything at all on your computer about where you were born, she has that too which means she can send off for a copy of your Birth Certificate.
Bingo.
Phony identification documents are created for Bob using your Social Security Number and whatever else Mary was able to obtain - actually, your Social was enough. Bob, thief and murderer of convenience store clerks, is now walking around saying he is you. And, he is free to continue his crime spree posing as you.
The above is only one scenario. Mary can get into your computer simply by attaching viruses like Trojan horses and spyware to web sites, ad banners, forms, and popups.
All my Internet activity is on my hard drive? Where?
Everything you do on the Internet is recorded on your hard drive for future reference. Your browser stores your history, cookies, and your password management on your hard drive. Your activity is hidden in Temporary Downloads and Download files, cookies, cache files, Temp files, and files that don't even show in your Directory.
Can you go around every day and clean out these files yourself? No, not really. For one thing, you'd have to run through your entire Directory every few minutes. On top of that, you can easily delete a file that is vital to the functioning of your computer. This is strictly a job for your anti-virus program, your anti-spyware program, and your internet tracks eraser, and these programs must be actively run on a regular basis. That means that besides your regular scheduled maintenance, you need to make an extra run every now and then, especially after a heavy email or surfing session.
Where does my information go?
Mary can find out all she needs to know about you in just a few minutes, and she can turn around and sell that information more than a thousand times over the next 48 hours.
Mary's been at this for a while, so she has her contacts lined up and waiting. Your credit card information is sold to a criminal info-merchant in Malaysia, one in Nigeria, and one in Kiev. The credit card information is then sold to thieves who order merchandise over the Internet.
Your Driver's License and Social Security information go to phony ID makers in the US and Canada, and abroad to phony ID makers who create Passports, Social Security cards, and Driver's Licenses for foreign drug dealers and money launderers.
Your bad credit doesn't matter.
Even if you have no credit, criminals will establish credit for you. They will purchase pre-paid credit cards in your name and build them up, increasing the credit line and then apply for credit elsewhere. They forge documents showing they own property (belonging to someone else) and then obtain loans against that property in your name. They get jobs in your name, rent apartments, buy furniture, and lease cars, all in your name. Then they disappear over the hill and leave you with all the liability.
Once I prove it wasn't me who did everything, I'm in the clear. Right?
It's not as simple as that - not by a long shot. You have to prove your innocence for each and every event.
The above examples are not far-fetched. They are a daily occurance in this country. At it's current pace identity theft claims 27,000 victims per day in the United States alone.
Identity Theft may be a crime but unfortunately apathy is not. Apathy is the bigget ally an identity thief has. Educated consumers hear the stories, but do little to change their actions to protect themselves against this pandemic. Turn apathy into action and protect what you cannot prevent.
He shaves off his mustache, dyes his hair a different color, pops in colored contact lenses, and applies some phony tattoos; but that's not enough. He needs a new name and the papers to go with it. He turns to his friend Bill who puts him in touch with Mary.
Mary is a hacker. Yesterday she sent out a few thousand emails from a mailing list she bought on the Internet. Half of the letters were for a phony Microsoft patch download, the other half were "I'm Amy and here's my photo" letters. As of this morning, 10% of those letters were opened and 5% of the recipients clicked on the patch or the "Amy" photo.
If you were one of the readers who clicked, you now have a Trojan horse on your computer and it opened a passage through your computer's firewall. Now Mary gets to work.
The Trojan has informed Amy that she has free entry into your computer. She logs into your computer from wherever she is located (it could be next door, it could be on the other side of the planet). In the middle of her monitor, a window appears. The window is your desktop, exactly as you see it, only smaller.
Whatever you have on that computer now belongs to Mary, and that includes ALL your Internet activity because everything you do out here in cyberspace is copied to your hard drive.
Did you do any online banking? Mary now has a copy of your username; besides that, she can apply a program to decode your password.
Did you make any online purchases? She now has your credit card information.
Is your credit lousy? That doesn't matter to Mary, and it certainly doesn't matter to the murderer, Bob. She knows you're a real person, she has your full name, she knows where you live, and that's enough for her to get your Social Security Number off the Internet and maybe even your Driver's License number. If there is anything at all on your computer about where you were born, she has that too which means she can send off for a copy of your Birth Certificate.
Bingo.
Phony identification documents are created for Bob using your Social Security Number and whatever else Mary was able to obtain - actually, your Social was enough. Bob, thief and murderer of convenience store clerks, is now walking around saying he is you. And, he is free to continue his crime spree posing as you.
The above is only one scenario. Mary can get into your computer simply by attaching viruses like Trojan horses and spyware to web sites, ad banners, forms, and popups.
All my Internet activity is on my hard drive? Where?
Everything you do on the Internet is recorded on your hard drive for future reference. Your browser stores your history, cookies, and your password management on your hard drive. Your activity is hidden in Temporary Downloads and Download files, cookies, cache files, Temp files, and files that don't even show in your Directory.
Can you go around every day and clean out these files yourself? No, not really. For one thing, you'd have to run through your entire Directory every few minutes. On top of that, you can easily delete a file that is vital to the functioning of your computer. This is strictly a job for your anti-virus program, your anti-spyware program, and your internet tracks eraser, and these programs must be actively run on a regular basis. That means that besides your regular scheduled maintenance, you need to make an extra run every now and then, especially after a heavy email or surfing session.
Where does my information go?
Mary can find out all she needs to know about you in just a few minutes, and she can turn around and sell that information more than a thousand times over the next 48 hours.
Mary's been at this for a while, so she has her contacts lined up and waiting. Your credit card information is sold to a criminal info-merchant in Malaysia, one in Nigeria, and one in Kiev. The credit card information is then sold to thieves who order merchandise over the Internet.
Your Driver's License and Social Security information go to phony ID makers in the US and Canada, and abroad to phony ID makers who create Passports, Social Security cards, and Driver's Licenses for foreign drug dealers and money launderers.
Your bad credit doesn't matter.
Even if you have no credit, criminals will establish credit for you. They will purchase pre-paid credit cards in your name and build them up, increasing the credit line and then apply for credit elsewhere. They forge documents showing they own property (belonging to someone else) and then obtain loans against that property in your name. They get jobs in your name, rent apartments, buy furniture, and lease cars, all in your name. Then they disappear over the hill and leave you with all the liability.
Once I prove it wasn't me who did everything, I'm in the clear. Right?
It's not as simple as that - not by a long shot. You have to prove your innocence for each and every event.
The above examples are not far-fetched. They are a daily occurance in this country. At it's current pace identity theft claims 27,000 victims per day in the United States alone.
Identity Theft may be a crime but unfortunately apathy is not. Apathy is the bigget ally an identity thief has. Educated consumers hear the stories, but do little to change their actions to protect themselves against this pandemic. Turn apathy into action and protect what you cannot prevent.
Saturday, July 7, 2007
To shred or to tear: that is the question...
Robert Cockerham of cockeyed.com decided to put the matter to a test. His test subject? A newly received Chase Mastercard pre-approved application.
Step 1: Robert tears the application into small pieces.
Step: 2: Robert meticulously lines the torn pieces up and tapes them together, like so.
Step 3: Robert fills out the application, replacing the current billing address with a new one (his parent’s house) and using his cell phone as the phone number on the new account. With that, he mails it in.
Step 4: Robert excitedly receives his new credit card at his parent’s house and activates it using his cell phone.
Analysis: Tearing up your sensitive documents is not sufficient. Some creditors will process applications, even if they’ve been torn up, taped together and have a new address.
A criminal could easily apply for credit in your name, change the address, and activate the account via a pre-paid cell phone. You wouldn’t even know what happened until creditors started calling you about your unpaid bills.
You must destroy all sensitive documents using a cross-cut shredder before placing them in the trash. Better yet, opt-out of pre-approved offers and give your shredder and the recyclers a rest.
Read the whole story on Cockeyed.com.
Step 1: Robert tears the application into small pieces.
Step: 2: Robert meticulously lines the torn pieces up and tapes them together, like so.
Step 3: Robert fills out the application, replacing the current billing address with a new one (his parent’s house) and using his cell phone as the phone number on the new account. With that, he mails it in.
Step 4: Robert excitedly receives his new credit card at his parent’s house and activates it using his cell phone.
Analysis: Tearing up your sensitive documents is not sufficient. Some creditors will process applications, even if they’ve been torn up, taped together and have a new address.
A criminal could easily apply for credit in your name, change the address, and activate the account via a pre-paid cell phone. You wouldn’t even know what happened until creditors started calling you about your unpaid bills.
You must destroy all sensitive documents using a cross-cut shredder before placing them in the trash. Better yet, opt-out of pre-approved offers and give your shredder and the recyclers a rest.
Read the whole story on Cockeyed.com.
Higher Education behind on Identity Theft Education
Ever wonder why student identity theft is becoming such a big problem on college campuses? Let’s just say that statistics show that when it comes to identity theft protection, institutions of higher learning aren’t exactly making the grade.
Academic humor aside, the amount of personal information that’s “up for grabs” these days at the nation’s colleges and universities seem to be increasing every day.
The reported data breaches, a root cause of identity theft, in the last eighteen months, and leaves some pretty frightening identity theft statistics.
Apart from the fact that hundreds of millions of personal information have been compromised during that time, one of the most startling revelations is that a near majority of the data breaches have occurred at colleges and universities. Last month (May 2007) alone there were more than 14 reported data breaches at schools, colleges and universities that impact students, faculty and alumni, too. And If you don’t think that this is getting ready to balloon into a much bigger problem, think again. Just take a look at some of the following student identity theft scenarios that have occurred in the last year and half alone:
• A computer worm attacked a computer server at the University of Colorado-Boulder and accessed the financial and personal information of 45,000 college students.
• At Stony Brook University in New York, some 90,000 personal records belonging to staff, students and faculty were exposed. And that personal information remained online for at least two weeks after the “mistake” was first discovered.
• At a large community college in southern Nevada, a computer virus is believed to have exposed the personal records of as many as 197,000 students.
• An enterprising hacker (perhaps after an honorary degree in finance!) broke into a database at the University of Missouri. The files he accessed contained the names and Social Security numbers of more than 22,000 current and former college students and employees.
And last but not least, just to round out the hacker’s honor role, one of the biggest data breaches of 2006 took place at the University of California, Los Angeles. There, online identity thieves broke into a database containing the personal information (again, including Social Security numbers) of more than 800,000 current and former college students, faculty and staff.
What amount of shredding by those that were exposed can protect them against these events?
It’s clear that the academic world has quickly become a playground for identity thieves. And experts seem to have a lot of theories on the huge growth in student identity theft. One article recently described it like this: “The academic culture that embraces the open exchange of information lends itself to identity theft. Add to that diffused tech systems and independent departments and the struggle to stifle breaches becomes even more challenging.”
Maybe one of the real reasons for the on-campus surge in student identity theft is that universities have just become too complacent. Maybe they think they have nothing to lose, especially from the standpoint of student admissions.
What do I mean by that?
A data breach or identity theft can impact the bottom line and share price of a prominent retailer, for example, but how many aspiring college students are going to decide against applying to a certain school — just because that school has had some security problems with personal information?
So let me leave you with one more academic analogy:
Plain and simple, the only way identity thieves will start receiving failing grades, is if we all take bigger steps to protect what we cannot prevent.
Academic humor aside, the amount of personal information that’s “up for grabs” these days at the nation’s colleges and universities seem to be increasing every day.
The reported data breaches, a root cause of identity theft, in the last eighteen months, and leaves some pretty frightening identity theft statistics.
Apart from the fact that hundreds of millions of personal information have been compromised during that time, one of the most startling revelations is that a near majority of the data breaches have occurred at colleges and universities. Last month (May 2007) alone there were more than 14 reported data breaches at schools, colleges and universities that impact students, faculty and alumni, too. And If you don’t think that this is getting ready to balloon into a much bigger problem, think again. Just take a look at some of the following student identity theft scenarios that have occurred in the last year and half alone:
• A computer worm attacked a computer server at the University of Colorado-Boulder and accessed the financial and personal information of 45,000 college students.
• At Stony Brook University in New York, some 90,000 personal records belonging to staff, students and faculty were exposed. And that personal information remained online for at least two weeks after the “mistake” was first discovered.
• At a large community college in southern Nevada, a computer virus is believed to have exposed the personal records of as many as 197,000 students.
• An enterprising hacker (perhaps after an honorary degree in finance!) broke into a database at the University of Missouri. The files he accessed contained the names and Social Security numbers of more than 22,000 current and former college students and employees.
And last but not least, just to round out the hacker’s honor role, one of the biggest data breaches of 2006 took place at the University of California, Los Angeles. There, online identity thieves broke into a database containing the personal information (again, including Social Security numbers) of more than 800,000 current and former college students, faculty and staff.
What amount of shredding by those that were exposed can protect them against these events?
It’s clear that the academic world has quickly become a playground for identity thieves. And experts seem to have a lot of theories on the huge growth in student identity theft. One article recently described it like this: “The academic culture that embraces the open exchange of information lends itself to identity theft. Add to that diffused tech systems and independent departments and the struggle to stifle breaches becomes even more challenging.”
Maybe one of the real reasons for the on-campus surge in student identity theft is that universities have just become too complacent. Maybe they think they have nothing to lose, especially from the standpoint of student admissions.
What do I mean by that?
A data breach or identity theft can impact the bottom line and share price of a prominent retailer, for example, but how many aspiring college students are going to decide against applying to a certain school — just because that school has had some security problems with personal information?
So let me leave you with one more academic analogy:
Plain and simple, the only way identity thieves will start receiving failing grades, is if we all take bigger steps to protect what we cannot prevent.
Friday, July 6, 2007
Spammers and Hackers Get Personal
Could be a sign of desperation, or a sign of the times. But a growing number of email security firms are detecting sophisticated scam emails targeted at company executives.
As usual the goal seems to be to trick the recipient into opening email attachments infected with things like spyware and keystroke loggers.
But the hackers are researching their victims for their names, job titles, place of employment and even family members to make it look as though the email is from a trusted friend or colleague.
It's also believed that the hackers are using social networking sites like MySpace to gather personal information and piece it together.
As technology gets better at filtering and blocking mass attacks, expect more targeted attacks in the future.
Read the entire article by CLICKING HERE
As usual the goal seems to be to trick the recipient into opening email attachments infected with things like spyware and keystroke loggers.
But the hackers are researching their victims for their names, job titles, place of employment and even family members to make it look as though the email is from a trusted friend or colleague.
It's also believed that the hackers are using social networking sites like MySpace to gather personal information and piece it together.
As technology gets better at filtering and blocking mass attacks, expect more targeted attacks in the future.
Read the entire article by CLICKING HERE
Monday, July 2, 2007
Synthetic Identities
Privacy experts said thieves are taking identity theft to a whole new level in the form of scam that is being touted as the most sinister yet.
A woman had recently found out that someone used her Social Security number with a different name to work.
Seven years later, the Internal Revenue Service tracked her down. The IRS had charged her with thousands of penalties and fees and were going to literally put her in jail.
She was a victim of what is known as synthetic identity theft.Unlike traditional identity theft, thieves steal a person’s Social Security number but tie it to a different name and create a new, fictional person that experts said is hard to detect.
So, it is actually more insidious and more frightening for a victim.According to experts, thieves open bank accounts and credit cards, or even obtain jobs. Yet it can take years for the scam to be uncovered because it is difficult for authorities and creditors to unravel all of the mismatched information.
Five years ago, this crime was hardly seen, but now the majority of identity fraud is really this synthetic ID fraud, as opposed to the true name identity theft.
Since the fraud isn’t committed in your name, it typically does not show up on your credit report because not enough of the ID information matches you. However, your stolen Social Security number could end up in all kinds of different databases, including those used for background checks.
What synthetic identity thieves do is pollute the files. This act could affect consumers who are seeking a loan or job seekers applying for employment. The trouble isn’t always financial.
Another gentleman, his Social Security number was used by someone who was tried for murder, and so every time there was a background check that pulled up his name, it linked these other databases showing him as arrested for murder.
To find out if you’re a victim, experts said there are steps you can take.Look at your Social Security statement that you receive once a year from the government carefully and make sure that there isn't income on there that you didn't actually earn.
Without checking the statement, the IRS could end up knocking on your door, experts said.If you receive a large portion of mail in someone else’s name, it could be a sign that your information is at risk.
Your Social Security number right now is the key to really destroy your life because if someone uses it with or without your name, it still can come back to haunt you.
While synthetic identity fraud does not typically show up on credit reports, experts said it is still critical to check credit reports yearly to verify all activity.
A woman had recently found out that someone used her Social Security number with a different name to work.
Seven years later, the Internal Revenue Service tracked her down. The IRS had charged her with thousands of penalties and fees and were going to literally put her in jail.
She was a victim of what is known as synthetic identity theft.Unlike traditional identity theft, thieves steal a person’s Social Security number but tie it to a different name and create a new, fictional person that experts said is hard to detect.
So, it is actually more insidious and more frightening for a victim.According to experts, thieves open bank accounts and credit cards, or even obtain jobs. Yet it can take years for the scam to be uncovered because it is difficult for authorities and creditors to unravel all of the mismatched information.
Five years ago, this crime was hardly seen, but now the majority of identity fraud is really this synthetic ID fraud, as opposed to the true name identity theft.
Since the fraud isn’t committed in your name, it typically does not show up on your credit report because not enough of the ID information matches you. However, your stolen Social Security number could end up in all kinds of different databases, including those used for background checks.
What synthetic identity thieves do is pollute the files. This act could affect consumers who are seeking a loan or job seekers applying for employment. The trouble isn’t always financial.
Another gentleman, his Social Security number was used by someone who was tried for murder, and so every time there was a background check that pulled up his name, it linked these other databases showing him as arrested for murder.
To find out if you’re a victim, experts said there are steps you can take.Look at your Social Security statement that you receive once a year from the government carefully and make sure that there isn't income on there that you didn't actually earn.
Without checking the statement, the IRS could end up knocking on your door, experts said.If you receive a large portion of mail in someone else’s name, it could be a sign that your information is at risk.
Your Social Security number right now is the key to really destroy your life because if someone uses it with or without your name, it still can come back to haunt you.
While synthetic identity fraud does not typically show up on credit reports, experts said it is still critical to check credit reports yearly to verify all activity.
Subscribe to:
Posts (Atom)
Posts
