Do You Have Safe Business Practices In the Workplace?

If you have a business, there are several questions that you need to ask yourself to know if you have taken steps to protect your information from being improperly accessed by identity thieves. Think through these questions to see where you may need to beef up your security at your work place. At the same time, check out the security at the offices you frequent and see if they have files lying around that could be compromising your identity.

• When you obtain personal information from your customers or clients, is there a good reason for each question? (Only ask for information that you need in your working relationship with that customer. Do not ask for information just because everyone always asks for that information. The less information you have on someone, the less information to lose!)
• Is the information that you do need obtained in a safe manner? (For example, do not ask for a Social Security number in a room full of people who could hear the answer. If you ask for information online, make sure you have a secure site for the protection of the person providing the information).
• When you have the information, who has access? (Do you have files laying around or stored in unlocked file cabinets?) Do only the people who need the information have access to it on your computer? (Is your computer password protected or the specific file password protected?) Dealing with accessibility to information by taking easy steps to protecting the data goes a long way to mitigating damages. Don’t forget your employees’ information needs the same protection as your customers.
• When you are done with the information how do you dispose of it? (Do you shred paper documents?) Is information on the computer properly disposed of? (If you recycle your computer, is all the personal information on the hard drive correctly removed?)

Getting the right answers to these questions will not guarantee that identity theft will not occur as, unfortunately, you can never be 100% safe. However, if you can take just a few protective steps more than what you may be doing now, then you have started the continuing process to protect yourself from an information breach that could result in monetary fines and jail time for you.

If you would like more information on how to protect yourself and your business, please contact us at info@identitytheftforum.net. Also check out The Little Book of Identity Theft at   http://www.ourlittlebooks.com/educational.html.

It’s Not Always What YOU Do or Don’t Do

To add insult to injury to Hurricane Katrina evacuees, an investigation revealed that there was an identity theft security breach in Texas. An agency which had provided services the evacuees who ended up in Texas had inadvertently allowed personal information on more than 16,000 evacuees to be posted on two web sites which displayed public information. This information included names, addresses and social security numbers!

Although FEMA was not directly responsible for this other agency’s breach, they have tried to close the barn door after the horse was out by providing credit monitoring for 18 months for the victims. Unfortunately, so much identity theft fraud happens years after the incident that those people will have to be very vigilant about always watching their credit reports for years to come.

So, as careful as you may be with your information, it is not always you who is the one to cause a breach. This is why you have to be so attentive to what is out there and to whom you are giving your information. Right now, your information is in schools, hospitals, job sites and hundreds of other sites you don’t even think of. I am sure the victims of Katrina were not thinking about identity theft when they were being helped by the Texas agency. They were only concerned with getting some clothes on the backs, food in their mouths, and shelter over their heads. It is sad that a mistake by a governmental agency makes it necessary to think about identity theft in addition to just living.

If you need help, or further information about how to protect yourself, please feel free to contact us at info@identitytheftforum.net. Also check out The Little Book of Identity Theft at  http://www.ourlittlebooks.com/educational.html.

Remember To Protect Your Kids Against Identity Theft

 Most people do what they are supposed to do about identity theft. They don’t carry their Social Security card in their wallet; they check their credit card receipts every month; and they check their credit reports at least once a year. But have you considered your children’s identity? While obviously, they do not have credit cards, they do have a social security number. Has that number been used to buy a house, get a credit card or even get a job?

Because kids have no active credit or no credit history, there is nothing to check. They don’t get bills in the mail to clue you in and there is no reason to check out their credit reports. Therefore, there is no reason why an identity thief would want your child’s identity. If you believe this, you would be wrong. Children’s numbers can get stolen from schools and hospitals who traditionally have little security measures in place to prevent identity theft of a child’s personal information. And, unfortunately, many identity thieves are a relative of a child so it makes it even harder to catch.

To identity thieves, a social security number is just a number. They do not care whether it belongs to an adult or a child (or even a deceased person!). If they can get that number and just a few other pieces of information (easily obtainable), they have enough information to obtain credit and ruin a child’s credit before that child is old enough to apply! When that child is 18 and applies for credit, they may find that they have already been working for 15 years, or that they have 6 credit cards and a mortgage. Unfortunately, if the identity theft misused the credit, this child’s credit could be ruined before they even start, and may take years to unravel.

What to do? You run your own credit report at least once a year (hopefully three times a year- once for each credit repository). Remember to run your children’s numbers through as well. Although nothing should come up, you will be glad if you find something that you can deal with it now and not 15 years from now.

If you need help, or further information about how to protect your child, please feel free to contact us at info(a)identitytheftforum.net. Also check out The Little Book of Identity Theft at   http://www.ourlittlebooks.com/educational.html.

2008 Breach Report Now Out

On Monday, 1/5/09, the Identity Theft Resource Center (ITRC) came out with their Breach Report for 2008:

(http://www.idtheftcenter.org/BreachPDF/ITRC_Breach_Report_2008_final.pdf).

Reports of data breaches increased dramatically over 2007. There were 656 major breaches with 35,691,255 people exposed as a result of these breaches (although the number of breaches do not reflect the actual number of companies affected). To qualify as a breach, identifying information that could lead to identity theft such as a person’s social security number, must have been exposed at the time of breach.

What is most scary is that only 2.4% of all the breaches had encryption or other strong protection methods in use. In fact, only 8.5% of the reported breaches even had password protection. Obviously, most of the breached data was unprotected. I wonder what the statistics would look like if companies took a wee bit of time to actually protect their information. Doing so would certainly mitigate their damages (not only monetary but possible jail time as well) for breaches of information. Check out the link to the right for ITRC’s website.

For further information about how to protect your business, be in compliance with the identity theft laws or need training, please feel free to contact us at info(a)identitytheftforum.net.

Even Twitter Gets Phished!

 Even Twitter, the current poster child of social networking (www.twitter.com), is involved with identity theft! With 4-5 million users by the end of 2008 (with 70% of them signing up just in 2008) it is actually surprising that it has not happened before. But this time phishing tweets caught such celebs as Fox news Bill O’Reilly (questioning his sexuality), Britney Spears (questioning her nautiness), and CNN anchor, Rick Sanchez (questioning his drug use) as hackers posted incorrect tweets allegedly from them.

Over the first weekend in January, Tweeters were hit with a classic phishing scam. They were sent a direct message urging them to take a look at a funny blog about themselves. When they clicked on the link, it took them to what appeared to be the real twitter page (very nice likeness) which required them to sign in to their twitter account (first clue!). Of course, had they looked at the real link, it was not going to the real twitter site, but to a bogus one. Once they entered their information, they were giving out their usernames and passwords to the hackers. The hackers then proceeded to use this information to send out direct messages to all those people’s followers and so on and so forth as the scam grew and grew and more and more passwords were stolen.

This is classic phising at it’s best! While people seemed to catch on fairly quickly, the damage was done as more and more people went to the bogus site and gave out their passwords. The easy fix was for everyone to change their password, and the scam slowed down. But because not everyone changed their passwords, the phishing scam raised it’s ugly head again! What’s the simple remedy? Before you give out your password, always check the url to make sure that you are aimed at a correct website. Very simple, but when you are tweeting and involved in social networking, it is not something that you would normally do. With the increase in social networking sites, maybe it is something that people should do!

My twitter: Candace_OLBooks. Also check out The Little Book of Identity Theft at   http://www.ourlittlebooks.com/educational.html.

FTC to Suspend Enforcement of ‘Red Flags’ Rule

The Red Flags Rule was to go into effect on November 1st, 2008. Developed pursuant to FACTA (Fair and Accurate Credit Transactions Act), financial institutions and creditors with applicable accounts must have had identity theft prevention programs in place to identity, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. 

Under FACTA, a “creditor” is defined as any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit. “Credit” includes a right granted to defer payment for any purchase. So any person that provides a product or service for which the consumer pays after delivery is a creditor. A “financial institution” is defined by FACTA to include all banks, savings and loan associations, credit unions, and any other person that holds a consumer transaction account as defined by section 19(b) of the Federal Reserve Act.  

The difficulty was that the law’s definition of a “creditor” or “financial institution” was not entirely clear to many businesses. Therefore, they were not aware that they were engaged in activities that would have caused them to fall under the Red Flags Rule. When contacted through FTC outreach efforts, the FTC realized that these businesses were unprepared or did not even know that they were required to be in compliance. Therefore, the FTC will delay enforcement of the Rule for six months to allow these businesses sufficient time to establish and implement appropriate identity theft prevention programs in compliance with the Rule. 

Suggestion:  Unsure whether or not you should be in compliance? Better be safe than sorry and bring yourself into compliance. (Besides, you should have an identity theft plan in place in any case!) You will need to take several actions to protect yourself. Contact us if you would like more information on how to be in compliance or need training to do so (info@identitytheftforum.net)

 

 

 

Congress Passes Stronger Identity Theft Laws

The Identity Theft Enforcement and Restitution Act has passed Congress and is on the president’s desk for final approval and signing into law. This bill will add stiffer penalties and definitions for information and identity theft crimes. This bill was originally proposed in 2007 by Senator Patrick Leahy but it stalled in the House of Representatives. To get it through, Senator Leahy eventually attached it to another unrelated bill.

Basically, this law makes installing spyware or malware on more than 10 computers a felony; allows federal agents to go after identity theft cases where the victim and criminal are in one state (before, the victim and criminal had to be in separate states); allows victims to sue the criminals for restitution after an identity theft crime; and eliminates the $5,000 minimum damages requirement previously required for charges to be filed.

You can see the different versions of the Bill here: http://thomas.loc.gov/cgi-bin/query/z?c110:S.2168:

Quick Cash Scams Can Leave Your Identity Shattered

In the new age of digital technology, an old scam has been introduced with a new twist. There has been an increase in e-mails from foreign countries that promise a large amount of money for doing a relatively simple thing- cash checks.  

Most messages generally sound like this:  “We are an electronic sales company based in the U.K. We need someone to act as a sales representative by cashing our client’s checks. All you have to do is cash the checks and keep ten percent as a commission. If you have forty five minutes per week and a bank account, then you can earn thousands per month.” 

Here is the real deal. One such individual chose to take this “deal of a lifetime.” The checks arrived at the individual’s address. She received instructions to cash the checks and send the amount, less the commission via money transfer to “person A.” She took the checks to the bank and cashed them. She proceeded to wire $2,000 (as the commission was withheld). The next day, the bank notified her that the checks did not clear. She hurried to the place where the money was wired. Thankfully, the funds were not released, as the recipient could not identify the sender. All was saved, less a few bank fees for the bounced checks, but clearly the situation could have ended worse. She would’ve had to pay the lost money back to the bank and her credit would have been destroyed. True story. 

Protect your identity and your money by never receiving checks from unknown sources. Most of these scams are originating in Eastern Block and Soviet countries, as well as Nigeria and other parts of Africa. The scam artists receive information from career sights where resumes are posted. The sad part is there are no international laws to protect from such a scam.  

Don’t be fooled by opportunities to make easy money, for it will only result in loss of money and poor credit. Be careful as to where you post your resume and how you post it, as there are ways to post it without offering your e-mail address to others. Don’t offer your address, phone number or real name to any strangers that you do not know. There are ways to use these items to steal your identity. Protect yourself before the crime, rather than waiting for someone to do something that leaves you asking yourself, “why did I do that?”

If It Sounds Too Good To Be True, Then It Probably Is!

Credit card fraud can present itself in many forms, all of which can lead to identity theft. One such form is that of an unreliable website.  There are many sites that present themselves with a promise to the unsuspecting victim of an opportunity to earn money from home or an opportunity to receive unclaimed money.

What’s the catch?  Everything is free until it is time to register. There may be a membership fee or a “one time” service charge that is billed to major credit card. Once the company receives the credit card, the rest is an endless nightmare of credit abuse and unwarranted charges based upon identity theft.  These companies prey upon naïve and desperate individuals whom are seeking an alternative to a regular job.  What they get in return is an endless barrage on their identity and money.  Here are a few details that will allow an individual to protect his/her credit and identity before it is too late.

Do the research.  A reputable company will have references and success stories that can be tracked.  If the prospective business does not have a valid mailing address (only a P.O. box), this may be a sign that they are not a legitimate business.  Don’t hesitate to contact the Better Business Bureau.  If they are not registered, this may be a red flag.  Beware of companies that do not offer a toll free number.  Companies that do not offer a help line are usually hiding something.  Call the toll free number, if offered, and talk to a representative from the company.  Many will have automated responses that will present business hours to contact a representative.  Make sure that one is reached and ask the representative important questions that pertain to the validity of the business.  Remember, it is your money and your identity.

Read the fine print.  There are many companies that will present the truth, but in fine print (many times under “terms and agreement”) they add terms that modify the truth or make the truth too expensive for you.  For example, even though it says in large print, “a onetime fee,” it may stipulate in fine print that there are other charges.  Or, they may tell you in the small print that they will sell your information and you have no control over who they sell it to. Always print the “terms and agreement” and read it over carefully for hidden charges or what they say they can do to your personal information. This is a common scam among “fly-by-night” enterprises.

These are only a few details that may save a person money, time, and stress.  Many companies will go to great lengths to get as much money and information as they can from unsuspecting individuals, only to pack up and never be heard from again.  Don’t be one of them.

Warning! Watch Out for Alleged IRS Emails Related to Economic Stimulus Checks

The FBI is warning consumers about recent spam e-mails allegedly from the IRS regarding Economic Stimulus Checks. These emails are actually phising attempts to get your personal information. The emails are suggesting that the fastest way to obtain your check is by direct deposit and then requests you to fill in your personal information, including your bank account information.   

The FBI warning included parts of the email:

“Over 130 million Americans will receive refunds as part of President Bush’s program to jumpstart the economy. Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund. The fastest and easiest way to receive your refund is by direct deposit to your checking/savings account. Please follow the link and fill out the form and submit before May 10th, 2008 to ensure that your refund will be processed as soon as possible. Submitting your form on May 10th, 2008 or later means that your refund will be delayed due to the volume of requests we anticipate for the Economic Stimulus Refund.

To access Economic Stimulus refund, please click here.”     

Of course, if you then clicked there, it would take you to a site that may have looked like it was the IRS, but would just capture your personal information, and soon your bank account could be emptied!

Be careful of any emails allegedly from the IRS, even if they look official. The IRS does NOT send citizens emails, especial emails requesting personal information.

http://www.fbi.gov/pressrel/pressrel08/irsalert050808.htm