Identity Theft Protection Blog

By the AllClear ID Team

Allison here with AllClear ID. We’ve talked a lot about mobile phone security, and ways to keep your personal data and your apps safe. But, there’s an increasingly popular aspect of mobile phones that we haven’t discussed yet, but are also worrying consumers when it comes to security: mobile payments and mobile wallets.

This is different from making a purchase on eBay on your cell phone. Mobiles payments and mobile wallets involve using a program like Google Wallet, Square, or Dwolla to make a payment with your smartphone. It turns your smartphone into your wallet or credit card, as your smartphone can store this information in an app or on a chip. This has a very different set of security issues that are separate from hacking into wireless networks, and not using good passwords on your financial accounts.

How Do Mobile Payments Work?
Since the technology is so new there isn’t yet one way mobile payments work which is part of the reason why security is so blurred and mainstream adoption hasn’t happened yet. There are a variety of ways to do it, such as:

• Paying with a smartphone equipped with a special chip (Google Wallet)
• A credit card number stored in an app (GoPago, Square)
• A small device that attaches to the phone or tablet to act as a credit card processor (Intuit, Paypal Here)

With the first two options the mobile payments work by utilizing near-field technology so retailers need a special point-of-sale system in order to take a mobile payment. It doesn’t require putting in a PIN, but simply requires a scan of a bar code in the app or mobile wallet program. Some consumers may not like having to hand over their phone to the cashier. Some worry about what these mobile payment companies do with all these credit card numbers– which is the biggest security concern.

Read more about Mobile Security on our blog here!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. We often talk about the importance of choosing strong passwords and keeping your passwords safe once you have chosen them, but no password is entirely secure. Passwords are compromised every day through various means like hacking, social engineering, or the simple guess until it cracks method. Besides using your best judgment and common password safety tips there isn’t much else you can do to keep your password safe– but this may someday change.

The Defense Advanced Research Projects Agency (part of the US Defense Department) hopes to someday eliminate passwords, and instead identify computer users by their typing style. Everyone types differently from the amount of time in between keystrokes to the length of time a particular key remains depressed; this could someday lead to a unique way to identify yourself that can’t be compromised as easily as a password. According to a New York Times article, DARPA is planning to provide research money to make this a reality. Several universities are researching this technology including Carnegie Mellon, Pace University, and Columbia.

Although everyone has a unique typing style, it can vary from day-to-day. How will computers know it is actually you, and not someone else? In the New York Times article, one researcher makes an analogy to music that really hits this idea home. He compares your core typing style to the core rhythm of a song. You can usually easily identify a popular song even if it is played poorly by an amateur group. This technology will seek to find your typing rhythm which can’t be easily copied.

The USNews reports on this technology in action. This technology verifies users at log in based on their typing style when entering a username and password. This could potentially make stolen passwords useless, since only half of the needed equation would be obtained. The technology isn’t yet perfected; longer passwords can make reproducing typing style difficult, even for the same user. Read more here.

Check out our blog for more tips on password protection.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. One of the most basic lessons for protecting yourself from id theft is to create secure passwords and then to keep them safe. This means combining letters, numbers and symbols, not using the same password for multiple accounts, and never sharing your passwords with others. However, all of your password protecting efforts might be in vain if the businesses you frequent fail to provide adequate safeguards for keeping your passwords safe.

Take for example this recent article posted on Business Insider about Jet Blue. Apparently, the airline stores passwords in plain, unencrypted text and sends emails containing these passwords to their users. Email accounts are easily compromised and sending passwords in plain text in an email just isn’t safe. Additionally, companies that send emails with passwords plainly written probably don’t protect your passwords on their systems, thus exposing your password to employees and potentially to hackers. Couple this with the fact that many people use the same password across multiple accounts and you have an identity theft disaster waiting to happen.

Jet Blue isn’t the only company that emails passwords in plain text. The website – Plain Text Offenders – is doing their part to expose this common problem by allowing users to anonymously submit websites they find that store passwords in plain text. Check out some of the offenders in their gallery here.

Passwords stored in plain text are very susceptible to compromise so it is especially critical not to use these passwords over multiple accounts. Create unique passwords for each site you use. I know it can be hard to remember a different password for each site, but it is an important id theft protection. Here are some tips from our blog for creating memorable, strong passwords.

Encourage the businesses you frequent to help you protect your identity by keeping your passwords safe. The fight against id theft isn’t one that you can win alone. We are all responsible for helping to keep each other safe from cyber-criminals and identity thieves.

For more identity theft protection tips, visit our blog!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. They say a picture is worth a thousand words, but to an identity thief a picture can be worth thousands of dollars– especially if it’s a picture of your credit or debit card. Posting pictures of your cards online puts you at an increased id theft risk and opens the door for fraudulent charges.

Do people really post credit card pictures online? Surprisingly yes. Social media platforms are filled with pictures posted by people of full credit card numbers, expiration dates, and sometimes even security codes, everything needed to make fraudulent purchases. Check out @NeedADebitCard on Twitter for a re-tweeted feed of posted pictures, and see just how common this problem actually is.

Not every picture shows the full card number and the security code is missing from many, but it still isn’t safe to post these pictures online. Security codes aren’t always needed, and thieves may be able to obtain the rest of your card number through other means like trial and error, guessing, or even looking at other pictures you may have posted. Play it safe and skip the picture when it comes to your credit card, driver’s license, Social Security number, or other identifying information.

For more information check out this story on PCMag.com about posting credit card numbers online and this story about posting driver’s license pictures online.

Learn more about identity theft scams on our blog here!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

It’s old news that hackers are creating phishing sites that are mimicking brands and other trustworthy websites in order to lull people into a sense of security and legitimacy. But, the new twist is that gaming sites like “Star Wars: The Old Republic” and “World of Warcraft” have been targeted as avenues to spread malicious links, and to gather personal information for identity theft.

With World of Warcraft, phishers sent emails through the in-game mailboxes asking users to beta test the game’s newest expansion, “Mist of Pandaria.” Users who clicked the link were taken to a website where they would have to register and provide the credentials to their account. The Star Wars phishing scam was much worse, where users were subject to account verification checks. Not only did these checks ask for emails, but it also asked for answers to several security questions. It’s theorized that this was done to find those who use these emails and security answers for other accounts – such as banking and social media – so that hackers can get inside those other accounts as well.

This development coincides with a report from the Anti-Phishing Working Group that says the number of phishing sites is at an all-time high. More than 38 percent of the fake websites were related to financial services according to the APWG’s report.

No one has been caught for starting these scams, but the gaming sites have boosted security and notified users of the problem. Even niche sites like an online gaming community aren’t safe from phishing scams and other cyberthreats. Overall, protection is simply a matter of being cautious when revealing personal information and credentials to accounts.

To read more about other spam and scams on popular sites, visit our blog!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

AllClear Investigator Aaron found that the most recent change in the world of identity theft are the “victims” being preyed upon. Identity theft criminals seek out any vulnerable person to obtain information from. This could mean that the person is vulnerable due to their circumstance, or that person’s information is vulnerable due to unsafe keeping.

An example of this comes from one of our very own customers who– upon being released from prison and starting their life again– found someone had been living their own life under his personal information. There was an auto loan, a mortgage, utilities, cellular and landline phone services, a secured loan, medical debt, and two credit cards found which were all established while he was incarcerated. The debt which had been incurred was just at $281,000. We are close to fully resolving his case, but it has taken much time and patience to get the case to where it is today.

Stories like these are examples of how identity theft has no boundaries. One might assume that inmates are the last people ID thieves would be interested in. Quite the contrary – anyone with an identity and any type of vulnerability makes them a prime target. These inmates are some of the most vulnerable as their information is widely accessible, and they are exposed to many “free” programs asking for their personal information.

For more identity theft stories, check out our blog here!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Whether you are a freshman just starting your college career, or a senior ready to graduate, computer and online safety is something that affects all college students. Here are three computer and online safety tips for college students:

Be Protective of Your Personal Belongings – Laptops get stolen. Roommates aren’t always the nicest or most trustworthy of those closest to you. Don’t leave belongings that have personal and valuable information lying around, even if it seems okay or that no one is around. Purchasing a computer lock and creating a strong password for a login will make is harder for someone to steal your things.

Share Selectively –It could be tempting to post a lot of information online, or to talk about things over the Internet with your new friends. However, exercise some caution when creating your social media profiles and chatting online. Avoid giving away your address or discussing your exact location on campus.

Check Your Wireless Connections – Although the connection on campus could be secure that might not be the case if you decide to study at a coffee shop off-campus or at your friend’s apartment. If you’re using the Internet in locations where the wireless connection may not be secure then it’s not a good time to purchase your textbooks or to have your parents wire you money. An unsecure network connection makes it easy for an identity thief to get your financial information.

Safety in college is much more than walking with a partner at night and locking your doors. Nowadays, it involves computer and online safety as well.

Find out more identity protection tips here!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. ID theft can affect anyone: children, adults, and even teenagers. Many parents find it difficult to teach their teenage children about ID theft. Teenagers are learning to navigate the world on their own, and often do not have a problem sharing huge amounts of personal information with others in the online world. Teaching your teen about ID theft and ID protection is critical.

Here are 4 Essential ID Theft Lessons Your Teen Needs to Understand:

• What to Share and What Not to Share Online- Today’s teens have grown up in an online world, and often see nothing wrong with sharing personal information with others. Teach your teen what they can safely share and what information could potentially compromise their identity (Social Security number, bank information, etc.).
• How to Safeguard Important Information- Knowing what information to protect isn’t enough. Teens need to understand how to protect their information. You can do this by teaching your teen to create strong passwords, keep identity documents in a safe place, and to use the shredder among other things.
• How to Know if Their Identity Has Been Compromised- Teach your teen how to check their credit and detect if their identity has been stolen. You should also teach them how to report ID theft if their identity is compromised.
• Where to Find ID Theft Information for Teens- There are a few great ID theft resources just for teens. Check them out:
  • Teens: Protect Your Identity from Thieves (from the National Crime Prevention Council) – This brochure created by the NCPC teaches teens about ID theft. The NCPC has also created a similar brochure for parents about teaching teens about ID theft.
  • Teen Space at Identity Theft Resource Center – The ITRC has created a great ID theft resource for teens. Here teens can learn about cyber security and ID theft. There are also interactive games and activities here to help reinforce the principles that you teach.
  • SafeTeens.com – Here teens can keep up on the latest news regarding internet safety for teens.
  • Teen Resources by the National Cyber Security Alliance – There are tons of resources for teens featured here on the National Cyber Security Alliance webpage. Teens can read articles on everything from social networking to “sexting” and find videos and interactive quizzes.

Your teen needs you to teach them about how to prevent ID theft. A few important lessons now can help them avoid this all too common crime.

You can read more stories like this one on our AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

 By the AllClear ID Team

Kim here from the AllClear ID Team. Last year, AllClear ID announced a new effort to warn customers when their personal information had been found online by cyber intelligence organizations.  The Victim’s Assistance Program (VAP) is a partnership between AllClear ID, the Identity Theft Resource Center (ITRC), and the National Cyber-Forensics & Training Alliance (NCFTA). It was formed to alert consumers when their personal information is reported compromised or stolen. These pirate sites that the VAP alerts customers of are exactly what blast customer’s personal data across the Internet.

About two years ago Jane received a letter in the mail referencing a credit account that she had allegedly tried to open at American Eagle Outfitters. The account was not opened, and Jane assumed she had received the notice in error. Now, in hind sight, she realizes it was a warning of things to come. Jane and her husband, a retired NYPD officer, discovered her name, DOB, address, phone number, Social Security Number, and credit card information were appearing on websites all over the internet. A man she didn’t know came across her information and gave her a call. Jane was shocked, “I never would have guessed my personal information was online. I am very aware of credit card skimmers and other types of scams, but this was a surprise.” His name was Thomas, and he gave her web addresses so she could see for herself.

While she may never know how her information turned up online, the fallout has been unrelenting. “I get calls from bill collectors starting at 5:00 a.m. and 6-7 letters in the mail each week.” Jane says it is incredibly stressful, but she chose not to put a freeze on her credit file. “I have a fraud alert set, but sometimes the creditors are in such a hurry to issue new credit and they don’t check.” While many attempts are denied, this past holiday season thieves were able to open accounts at Best Buy, Apple, and Midnight Express, charging just over $4,000.00.

This past tax season someone even tried to call the IRS and have her refund redirected to them.  “Now”, Jane says in frustration, “I cannot e-file and I will have to use an ID PIN each time I submit my taxes.” It is just one of many adjustments she is making while her information still can be found online.

She is currently working to get a court order to force Google and other web search engines to remove her information. Until that time, Jane is on a campaign lobbying law enforcement and politicians to go after those who traffic-in stolen information, and to get the data collectors to purge the information from the Internet. 

For more identity theft stories, check out our AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.