Makes You Think…What am I Not Thinking About?

This is a story out of the UK to make you think.  A traveler discarded his British Airways boarding-pass stub in the trash. It only showed his name, flight,  seat number and frequent-flyer number.  Unfortunately, that was plenty enough information to commit Identity Theft. 

Luckily, the person who picked it out of the trash was just testing to see how easy it was to find out information on the traveler. With the help of a computer expert, they logged onto the British Airways website, bought a ticket in the traveler’s name and entered the frequent flyer number from the discarded airline stub which gave them full access to all his personal details- including his passport number, date of expiration, his nationality and DOB. They never had to even guess at a password. 

Using this information, they then surfed the web of all the publicly available databases available and, within 15 minutes, found out where he lived, who he lived with, where he worked, which schools he went to and how much his house was worth.  They were able to get full access to all his personal details- just from a discarded boarding-pass stub.  Makes you think, doesn’t it? Are you protected for those things you don’t even think about?  http://www.myidentitytheftshieldsite.com 

http://news.carrentals.co.uk/boarding-passes-and-identity-theft-3422122.html

 

What Personal Information am I Required to Give to Merchants When Paying by Credit Card?

You know the situation. You are purchasing an item in a store and you give the sales clerk your credit card. The sales clerk now wants to see your driver’s license to prove that you are you and writes down your DOB and driver’s license number. Do you have to give them that information? After all, the clerk now has your credit card number and with the information on your driver’s license, they probably have enough information to perpetrate an identity theft. 

If asked, you can refuse to provide additional information. If a merchant asks you for information and you refuse, they can not deny you the sale just because you do not want to produce your personal information. (Sorry, if you are under 21, you can’t use this rule to get around producing ID for alcohol purchases…). So, you have every right to just produce your credit card and not produce any further identity. There are a few exceptions (like if your card is unsigned) but this is basically the rule. (See  section 9.11.2 for Mastercard’s policy: http://www.mastercard.com/us/wce/PDF/MERC-Entire_Manual.pdf, and page 29 for Visa’s policy: http://usa.visa.com/download/merchants/rules_for_visa_merchants.pdf

On the other hand, I personally want the merchant to see my ID so that someone can’t use my credit card without further proof. I have signed all my credit cards (ALWAYS sign your cards whether you add this or not), and added “See ID” on the back. While the merchant is not required to comply with my request, to me, as long as they are not writing down the information, I would rather have them see a picture of ME (and not the ID thief) with the comparisons of names. But the choice is up to you! 

 

What Do You Do If Your Identity Is Stolen?

If you do not have an Identity Theft protection plan in place and you find out your identity has been stolen, there are several steps that you should take immediately.

Remember, it is very important that you keep records of the time and date of all the steps you take, details of any conversations you have, and copies of any letters you write or forms you file, because you may need to produce them later.

1. Place a Fraud Alert on Your Credit Reports. Review Your Credit Reports.

To help prevent any further new accounts from being opened in your name, call any one of the three consumer repositories below–you only need to call one; they are required to call the other two–to place a fraud alert (good for 90 days, although under certain circumstances you can file an extended fraud alert which lasts 7 years). Make sure you receive a confirmation from the company. This fraud alert requires creditors to follow certain rules before they extend new credit or change existing credit.

Equifax: 1-800-525-6285; www.equifax.com
Experian: 1-888-397-3742; www.experian.com
TransUnion: 1-800-680-7289; www.transunion.com

After you have placed a fraud alert on your file, you are entitled to order one free copy of your credit report from each repository (different from the one free credit report you get annually). Check these reports very carefully for new accounts, or inquiries from companies you never contacted, or debts that are not yours. You will need to deal with any incorrect information immediately.

Some states allow you to place a credit freeze that will prevent third parties from accessing your credit report. However, a freeze does not protect current accounts from being accessing by thieves or from someone opening a new account where a credit check is not done before hand.

2. Close out Your Accounts that Have Been Improperly Accessed.

Call the fraud departments of each company where there are new or changed accounts and ask them to close these accounts. Make sure you follow up with a written confirmation and supporting documentations (police report or FTC complaint). Request that the companies send you confirmation that the accounts have been closed and that the fraudulent debts have been cleared.

3. File a Complaint with The Federal Trade Commission (FTC).

Call the FTC’s Identity Theft Hotline [1-877-IDTHEFT] or access the online complaint form at https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03 to file a complaint with the FTC. When you go and file a report with your local police department (see #4), bring a copy of this complaint and have them attach it to the police report. You can now use this report to help you clean up your credit report and stop the debts from reappearing, help get companies off your back when they continue to try to collect fraudulent debts, and help place an extended fraud alert on your credit report.

4. File a Report with Your Local Police Department.

Either call or go to your local police department and ask to file a report about your identity theft. Bring a printed copy of your FTC Identity Theft Complaint form and all the attached documents that you filed, and have them attach it to the report.
When they have finished making the report, request a copy for your files. This will help you fight any debts incurred in your name, or new accounts that you did not open. If you are unable to get a copy of the complaint, at least get the number of the report so you can reference it if you need to.

How Do Criminals Steal Their Information?

To an identity theft criminal, your personal information can provide instant access to your credit record, financial accounts, or other assets.  There are many ways that criminals can get your information. 

“Telephone Pretexting “.  Getting your information can be as simple as someone calling you on the phone and representing themselves as someone you normally do business with, like a local store, your doctor’s office, or your bank.  You think nothing of it and somehow, you have given them your credit card number or other information. 

Or someone allegedly from the IRS calls and says they are processing your refund and need some additional information.  Thinking only of how you are going to spend your refund, you give them the information.

“Skimming” involves using hand held computers to read and store the information encoded on the magnetic strip of an ATM or credit card when it is used legitimately.  Once stored, the information can be entered onto any other card with a magnetic strip.  This can also be done manually by anyone who has access to your credit card by just coping or memorizing your number when you hand your credit card to a business.

“Phishing” is the act of sending false emails proclaiming that they are from your bank or Ebay or PayPal, and asking you to enter your personal information to clear an alleged “problem”.  They can be as elaborate as setting up fake web sites that look just like the real ones.  

“Shoulder surfing” involves people watching you from a nearby location as you enter a credit card number or pin number. 

“Dumpster diving” is well known for people going through your curbside garbage or at your place of business to obtain copies of statements, checks, credit card offers, making it easier for thieves to get control over your accounts. With the amount of junk mail you get, you think nothing of just tossing it into the trash, including all those annoying credit card applications and other mail you are through reading.

“Unlocked mail boxes” allow thieves to intercept and redirect your mail to another location so bills or bank statements showing unauthorized withdrawals will never be seen by you until after the damage is done. 

“Keyloggers” are programs placed in your computer after someone has hacked into it which then logs your keystrokes to get your pin numbers or password which are then used to steal your identity. 

“Trojans” are programs that ride along on other applications or emails and come into your computer without your knowledge.  Once your computer is infected, a hacker can use the trojan program to open a “door” into your computer so they can access your personal files.  (Remember the Trojan Horse story?)

“Physical Theft and Stealing” People still carry around their Social Security number in their wallet, either the card itself or on identification cards (medical insurance, military cards, etc.),  or they print their driver’s license number on their checks.  Carrying more than one or two credit cards are all easy ways by criminals to obtain your information if your wallet or purse is stolen.

Not only can your purse or wallet be stolen, but laptops or other information devices that are full of personal information can be stolen. Information can be taken from your employer’s files,  hospital records, school files or any place information about you is being stored.

“Address Changing” to redirect your mail.  Or, a thief will open a new account in your name and change the address so you are not aware it exists. 

“Hacking“. With today’s technology, criminals can obtain your personal information without leaving the comfort of their own home.  They can purchase your information through online databases, or can get it illegally by hacking into either your computer or into any database that has your information already stored.

“Spyware“.  In exchange for free software or services, often times spyware, sometimes known as “cookies”, will be secretly placed into your computer.  It may be as innocent as identifying your online surfing and spending habits, sending information to marketers every time you visit a website.  Or, if it is a malicious spyware, it can gather personal information or even change your internet settings, causing a loss of your identity or crashing your computer.

Basically, anywhere you have provided information, from the earliest school, to your most recent medical visit, can be a target.

These are only some of the ways that thieves can access your personal information which once in hand, they can use to run up debts in the tens of thousands of dollars under your name, or impersonate you all to your detriment.  

It’s Tax Season- Be Careful!

Well, we all know that it’s tax season, but what we sometimes forget is that it is also the season for scammers trying to steal our identity. 

·  Personally, I’ve already received probably twenty emails purportedly from the IRS, requesting my information so that I can receive my refund, or some other form of money from the IRS.  These phising schemes always appear to be a legitimate IRS email, but of course are from some other source trying to get my Social Security number and other information.  To date, taxpayers have forwarded more than 33,000 of these scam e-mails, reflecting more than 1,500 different schemes, to the IRS.  Always remember, the IRS would NEVER use email to contact taxpayers about their tax issues and definitely never to ask for information from a tax payer.

·  Another phising scheme involves the new rebates from the economic stimulus plan.  To get your rebate under the plan, if you are eligible, you will just need to file your 2007 tax return.  However, scammers are posing as the IRS, requesting taxpayers’ information  in order for the taxpayer to receive their economic stimulus rebate. Once again, the IRS would NEVER use email to contact taxpayers about their tax issues.

HELPFUL TIP:  If you are unsure if your email is truly from the stated source, NEVER click the link.  Always open a new web page and put in the address yourself (in this instance, www.irs.gov).  You can then check on whether or not it is a valid email.  Another way to check is to put your cursor on the link (without clicking!) and the actual address where you will go (not what the link says) will show up either right there under your cursor or down at the bottom of your screen.   I always check this way before clicking any link.

Make Sure to Use Secure Passwords to Prevent Identity Theft

David Weil, Director of Web, Systems and Departmental Services in Information Technology Services at Ithaca College wrote an article in the Ithacan College newspaper about how people open themselves up to Identity Theft by using common passwords.   He traces a connection between an Internet Cafe in Nigeria, to an internet Cafe in Israel (to hide their tracks) to Ithaca College Webmail.  Just spending a few minutes using usernames they obtained from Facebook or myspace, they access students webmail by using a simple password (like Ithaca, or IthacaCollege).  Once in, the hackers can then change everything and send out thousands of illicit messages under the students’ accounts.  They can also look through the rest of the mail and find order confirmations and such to obtain account information to access later.

The moral?  Do not use simple passwords.  While they may be easy to remember, they are also easy to hack. 

http://theithacan.org/am/publish/opinioncommentary/200802_ More_secure_passwords_prevent_identity_theft.shtml

Medical Identity Theft is Often an “Inside Job”

Beh Wilson, American Medical News correspondent, says in an article posted on amednews.com, that “when physicians look to protect their patients from medical identity theft, they may want to start by examining their office staff.”  That is scary to think that when you are visiting your doctor or the hospital and providing your information, that one of the staff may be selling this information!   Read the entire article here:  http://www.ama-assn.org/amednews/2008/03/03/prsc0303.htm

Illegal Card Readers- Caution!

Stephanie Gaskell of the New Your Post states that personal information from credit cards that you wave in front of a sensor can be stolen even as the plastic remains in your wallet.

http://www.nypost.com/seven/12042006/news/regionalnews-/i_d__crime_wave_regionalnews_stephanie_gaskell.htm

Even the Government is Lacking in Identity Theft Protection Efforts

Investigators found that nearly two years after an embarrassing flap in which veterans’ personal information was put at risk of identity theft, federal agencies are still not doing all they can to prevent further lapses.

http://www.mlive.com/newsflash/washington/index.ssf?/base/politics-14/12036986449190.xml&storylist=washington

Identity Theft Complaints Again Top the FTC List of Consumer Complaints

The Federal Trade Commission issued its annual report, “Consumer Fraud and Identity Theft Complaint Data” on fraud complaints consumers have filed with the agency. For the seventh year in a row, identity theft tops the list.   

http://www.ftc.gov/opa/2007/02/topcomplaints.shtm