Identity Theft Protection Blog

By the AllClear ID Team

Vanessa here with AllClear ID. In Rhode Island, driver licenses aren’t just sitting in people’s pockets; they’re also stored in a computer system that’s used to combat identity theft.

A news report by the NBC station Channel 10 in Providence reports that the Department of Motor Vehicles in Rhode Island is using a facial recognition-based system in its license and ID card issuance programs in an effort to curb identity fraud.

The system can compare all the photos taken for state-issued ID cards and run them through the face-recognition software to check if an individual has more than one license under different names. It can also be used to help police track down suspects.

Sounds like a good crime-fighting tool, right? The American Civil Liberties Union isn’t so positive. It’s worried that the use of facial-recognition biometrics with all the stored state ID pictures could be an invasion of privacy.

ACLU representative Hillary Davis told NBC 10,  “You have this situation where individuals are being flagged as someone they are not, and the onus is on them to prove they are who they say they are because this computer, for whatever reason, has brought up their image. How well is this technology working? Is facial recognition software something that is accurate 100 percent of the time?”

Just up north, a driver sued the Massachusetts DMV, claiming he was mistaken for someone else.

But the Rhode Island DMV maintains that the program is only used when fraud is suspected, and they don’t prosecute or suspend a license based on the computer results alone.

Illinois, one of the first states to adopt facial recognition programs, says their program has been a huge success, finding more than 5,000 cases of identity fraud from 1997 to 2007. Of the cases, 4,600 involved people with one fraudulent identification, and 600 cases involved people with two or more fraudulent identifications.

And the trend is growing, with biometric-based facial recognition technology now being used in approximately 20 states.

By the AllClear ID Team

Kelly here with AllClear ID. If you’re doing any shopping online one slip of the finger could lead to a mountain of identity theft problems. “Typosquatting”, a scam in which domains similar to popular retailers are bought, is on the rise. Websense reports that such domains now number in the thousands with examples including “bestbuyh.com”, “appple.com”, and “wallmatt.com”. While you may think that these fake sites would be easy to spot, they are often well designed and appear similar enough to the real retailers to trick consumers.

Although these shoppers think they’re making a purchase from a reputable vendor, they’re actually supplying their information to identity thieves. But even if you don’t make a purchase, be careful; clicking links on these unsecure websites can result in malware or spyware being installed on your computer. Other fake websites use the correct spelling of a well known company, but with a “.org” or “.net” domain. These will often be embedded in emails offering great deals.

To avoid becoming a victim of a typosquatting, take a few extra precautions when shopping online:

• Double-check: Always look at the address bar to make sure you are visiting the correct domain
• Search instead: Try searching for the name of the website in Google instead of visiting it directly. In addition to ensuring that you do not make any typos, you’ll also ensure that you are on the correct top-level domain
• Trust your instincts: If a website looks or feels fishy, don’t make a purchase! No matter how great a deal is, it’s not worth compromising your identity.
• Be secure: When you enter all of your personal information during a transaction, look up on the address bar and make sure that you are on a secure (https://) connection.
• Have protection: To avoid being harmed by clicking on dangerous links, make sure that your anti-malware and anti-spyware protection is up to date. Cnet has a security center with links to download all sorts of antispyware and security programs.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Vanessa here with AllClear ID. Is Internet privacy a contradiction in terms? I recently read two interesting opinions – one for and one against – from two proponents in the San Diego Union-Tribune.

Beth Givens, director of the Privacy Rights Clearinghouse, writes that everyone has a different comfort level regarding the collection and use of their personal information. However, most online data-gathering and profiling activities are largely invisible to consumers. Potentially harmful effects of these tracking tools include: targeting economically-distressed people with payday loans and subprime mortgages; engaging in discriminatory pricing in which some people are offered products or services at higher prices than others; and targeting children.

She supports a “do not track” mechanism across all web browsers that people can use to express their online tracking preferences. “If individuals see the value of behaviorally targeted ads, they can affirmatively opt in,” Givens writes. “If they do not, online advertisers can continue with more traditional yet still lucrative practices.”

On the opposite end is Michael Robertson, a high-tech entrepreneur who founded the music-downloading site MP3.com, whose op-ed is titled “Privacy Overreaction Will Slow Progress.” First off, corporate abuse of online data-gathering is rare, he writes. “Corporations understand that customers won’t do business with those who break their trust and reveal personal data to others. The inherent profit motive acts as a highly effective policing agent for companies to guard this data.”

Second, cracking down on online data gathering will inhibit valuable inventions and benefits for people in the future. “Just as a stop sign at every intersection in our roadways would render them inefficient and impractical – defeating the very purpose of the infrastructure – the same is true on the digital highway,” Robertson writes. “Allowing unimpeded communication from my fridge to my belt to my grocery cart to my doctor is the exact behavior that will unleash ever greater value to consumers.

Who do you agree with more? Read Givens’ op-ed and Robertson’s reply in full to decide for yourself.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

George here from the AllClear ID investigation team. One of the latest scams going around is the “jury duty” scam.

How it works: scammers make phishing phone calls to random people claiming they work for the local court. They tell the person on the phone that he either missed jury duty, or he is being considered a prospective juror. For either reason the scammer will request personal information, such as home address, date of birth, Social Security number, even credit card numbers so the judge can clear the warrant that has been issued. They ask for the same information when they claim they are calling the consumer as a prospective juror. Victims of this scam will claim they never received a jury duty notification. The scammer then asks the victim for confidential information to verify the notification was mailed to the correct address, or to make sure they are calling the right person.

The jury duty scam has been reported by the FBI for a few years across several states. The latest incident happened in early December in Kendall County, Illinois.

If you do get a call from a so-called court worker, remember that official ones are not supposed to ask for Social Security numbers, or other similar private information. In fact, most courts communicate with consumers through snail mail via the US Postal Service. Protecting yourself is simple: Never give personal information out when you receive a phone call. When in doubt, you can call the organization requesting private information directly by finding the phone number in your local yellow pages or online at its website. For court-related issues, always call the county clerk’s office to verify that it is trying to reach you.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Vanessa here with AllClear ID. The Better Business Bureau investigates thousands of scams every year, from the latest gimmicks to new twists on old schemes. Some scams quickly fizzle out, while others plague consumers year-round. Here’s what the BBB listed as the most prevalent scams of 2011.

 
Check Cashing Scam: Selling items online turned into several scams last year. How it works:  After posting an ad you are contacted by someone asking about your item. They send you a check for more than the amount owed, ask you to deposit it into your bank account, and then send them the difference via Western Union. The money you wired is gone instantly and the deposited check bounces after a couple of days leaving you scammed out of the money you wired.

Facebook Viral Videos Scam: Viral videos claiming to show everything from Osama bin Laden’s death to the latest celebrity scandals were popular scams perpetrated by hackers, often times appearing to come from a “friend.” Once the link is clicked malicious software is downloaded to your computer which then hacks into your social media account and sends similar messages to your friends. So the next time you see a sensational headline for the latest viral video resist the urge to peek, or go to an authorized news source.

Hotel Identity Theft Scam: Consumers complained they received a call to their hotel room in the middle of the night from the “front desk clerk” asking for their credit card number again because the hotel’s computer had crashed. Scammers counted on sleepy consumers not realizing that the call was not from the hotel, but from someone outside who knew the direct-dial numbers for the guest rooms. By the time morning rolled around consumers found their credit card had been on a shopping spree. This scam was so prevalent that many hotels are now posting warnings in their lobby.

Mark Zuckerberg Sweepstakes Scam: Sweepstakes and lottery scams come in many forms, but the bottom line is typically that you’ve won a large sum of money, but to claim it you have to send in a smaller amount of money. This year’s top sweepstakes scam was an email claiming to be from Facebook founder Mark Zuckerberg, announcing the recipient won $1 million from his site. These kinds of scams often use celebrities to make their offer seem more genuine. Instead of clicking on the link go directly to the homepage of the company mentioned.

Mortgage Relief Scam: We’ve written about “foreclosure rescue” services and the scammers often behind them. Because the federal government announced several mortgage relief programs this year many sound-alike websites popped up attempting to fool consumers into parting with their money to save their home.

 
National Automated Clearing House Association Scam: We cover phishing scams on this blog, and the BBB cites a particularly malicious phishing scam last year. It disguised itself as official communication from the National Automated Clearing House Association, which facilitates the secure transfer of billions of electronic transactions every year. The email claimed one of your transactions did not go through in the hopes you would react quickly and click on the link before thinking it through.

Online Job Scam: We wrote about this scam, which the BBB calls “the worst job-related scam of 2011.”

 
Trade Show Scam: Consumers are not the only ones conned by scanners. Last year, several businesses were conned by organizers of trade shows or festivals that did not exist. The businesses paid up front for booth space with the promise of reaching thousands of potential customers only to have the event be moved to an undetermined future date or canceled completely. Usually the contract contained a firm no- refund policy. To check the reliability of a company go to www.bbb.org and list its name in the search box to see if it has a good or bad reputation.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Tamara here from the AllClear ID investigation team. Facebook users are being duped into divulging personal information by filling out a form to supposedly prevent their Facebook account from being disabled. The information they’re being asked ranged from their email address and Facebook password to the first six digits of their credit card number and type of card. Scammers then use that personal information to assume the victim’s Facebook profile and email. In doing so the thief can not only spread the scam, but can also obtain other personal and financial information to commit identity theft.

How it works: Facebook users receive a phishing email stating their Facebook account has been reported for policy violations, specifically that they are annoying or insulting other Facebook users. If they do not confirm the account within 24 hours, their account will be disabled.

“Spammers and scammers sometimes create phony emails that look like they’re from Facebook,” as written on the Facebook Security home page. “These emails can be very convincing. Even the ‘From:’ field can be spoofed to include ‘Facebook’ or ‘The Facebook Team.’”

These emails might include:

• Notifications about friend requests, messages, events, photos, and videos
• False accusations that you are abusing the site
• Warnings that something will happen to your account if you don’t update it or take another immediate action

One way to check if an email is actually from Facebook is to look for a link at the bottom of the message directing you to unsubscribe or edit your Facebook email notification settings. To test this link:

1. Right-click the link and copy the URL
2. Paste it into your browser
3. Make sure it starts with “www.facebook.com”

Note that this link isn’t included in all correspondence from Facebook. For example, if you contact Facebook about an issue, the email response you receive won’t include an unsubscribe link. If an email looks strange don’t click any of the links in it or open any attachments.

An important note: Facebook will never send you a password as an attachment.

Also, check Facebook’s Community Standards to see what is considered truly bad enough to get your profile taken off the website.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Vanessa here with AllClear ID. What started as a database to protect Americans from fraud has become a major source of identity theft and misery. Making it worse, this is a database run by the federal government – and it says it’s powerless to stop the database information from going public.

The database in question is the Social Security Administration’s Death Master File. We’ve talked before about ghosting, and unfortunately this file makes the crime simple for thieves. It contains the names, birth dates, and Social Security numbers of more than 90 million deceased Americans. It is updated every week, and can be accessed for free online.

According to media reports, thieves are pocketing fraudulent tax refunds after filing returns with personal information about recently deceased children that they found in the Death Master File. Parents who recently lost a child are increasingly targeted by these thieves. Armed with the deceased child’s Social Security number and other personal information, the crooks falsely claim them as dependents and have the refunds routed to them.

One of the victims is Matt Pilcher of Potomac, Maryland. His daughter, Ava, died at six months old from lung disease following her premature birth. Pilcher’s 2010 income tax filing was rejected by the IRS because someone else had claimed Ava as a dependent. All her information was on the Death Master File.

The database was created in 1980, ironically at the request of U.S. businesses seeking a tool against identity theft.  It seemed like a good government solution to the rising problem of consumer fraud. However, this was before the Internet Age. Now there are serious problems stemming from the Death Master File. The Social Security Administration recently admitted that it accidentally lists about 14,000 living Americans each year in the death database. Living people listed as deceased have trouble getting jobs, opening bank accounts, buying cars and cell phones, and renting housing.

There is little grieving parents can do to protect themselves from tax fraud if thieves decide to take their dead child’s name, birthdate, and Social Security numbers. Crooks only need to file for a tax refund before the family can. By the time the IRS detects something is wrong, the money is already out the door.

What makes this situation even more infuriating is that the Social Security Administration is powerless to act. Information on the Death Master File is information that must be disclosed under the Freedom of Information Act.  Congress would need to amend FOIA laws to limit the amount of information made public. Luckily, that may happen as the House Ways and Means Committee, which oversees the Social Security Administration, recently called a hearing to examine how the Death Master File is handled.

In the meantime, here are a few steps that parents of deceased children can take to protect thieves against identity theft:

• File taxes early. The IRS typically processes returns in the order received. If yours goes in first, a crook using your child’s information is less likely to get away with deceit.
• Don’t expect answers. By law, the IRS cannot share information about the person who claimed your child.
• Contact credit bureaus. It’s possible the thief also tried to use your child’s name to take out credit cards or turn on utilities. To find out, contact the three credit ratings agencies: Experian, Equifax and TransUnion.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

George here with the AllClear Investigation Team. A US passport is one of the most important identification documents in the United States; it confirms unequivocally that the owner is a US citizen, and allows US citizen’s visa-free passage into many countries around the world. Therefore the benefits of possessing a US passport make them extremely valuable to those illegally seeking citizenship, and criminals attempting to change or conceal their identity, commit financial fraud, or smuggle drugs.

Criminals often use stolen identities to create fake US passports. The three most common schemes to secure original passports through fraudulent means are stealing identities, counterfeiting identities, and using true identities with counterfeited citizenship documents. The third can be achieved by obtaining an authentic Social Security number, which allows a counterfeiter to apply for a US passport. An investigative reporter for eTurboNews demonstrated how remarkably easy this crime is to commit by using the Social Security number of a man who died in 1965, a fake New York birth certificate, and a fake Florida driver’s license. He received a passport four days later. In a second attempt, the investigator used a 5-year-old boy’s SSN, but identified himself as 53 years old on the passport application. He received that passport seven days later.

Criminals also acquire legitimate passports by purchasing them directly from US travelers. Major travel sites have threads on their boards with travelers discussing what they were offered for their passports in different countries and debating the rationale for selling one’s passport. What might seem like a great way to make quick money can have long term and dire consequences to the traveler and to the security of the US. The more immediate inconveniences of lying to government officials about losing their passport and having to apply for another are dwarfed by the fact they have sold their identity to someone else who can not only use that to exploit the individual, but also attempt to gain access to the United States for nefarious purposes such as drug trafficking to terrorism.

Consciously keeping your passport safe is a great start to avoid becoming a victim of passport fraud. The only times you need to present the original copy of your passport is at border crossings, airports, hotels, or at the request of a police officer. In most other cases it is sufficient to remember the number and expiration date, or to have a copy of the original passport at hand. This means that leaving your original passport at your hotel is a great idea. Most hotels have lock boxes that their guest can use. The worst places to leave your passport are in bags or backpacks as they are very vulnerable when left unattended. Money belts or a thin pouch that can be worn underneath clothing are good alternatives. Use common sense. Make a decision based on how secure the accommodation is, and whether you trust the person behind the reception.

For more on how to protect your information while traveling, check out this blog post.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Juan here from the AllClear ID investigation team. I’ve noticed that varying types of cell phone fraud is becoming a huge burden to consumers and phone companies. The most rampant form of cell phone fraud occurs when someone opens up an account using another person’s information. However, there are also ways in which identity thieves can remotely scan your phone for saved information. One method uses Bluetooth connectivity to gain easy access to your phone, or even clones your device and uses your service until it is noticed  - usually when the bill is received. Other scams involve purchasing ring tones on peer-to-peer networks or otherwise unknown companies.

The ways in which a cell phone can be hacked and mimicked are quite impressive: both hardware and software applications that can be used to remotely gather information from a phone. For example, cloning refers to obtaining the unique factory-set electronic serial number and telephone number, and allowing another phone to use it.  (We recently had a post about how hackers can easily break into your cell’s voicemail.)

Cell phone fraud doesn’t seem to be specific to any segment of the population – thousands of people are affected daily.  In fact, the methods thieves use seem to be varied so that no one can be absolutely safe or excluded. However, I’ve noticed a few trends:

• The more densely populated an area, the more likely one is to being a victim of this type of fraud.  Larger metropolitan areas in the U.S. have the most incidents.
• We’ve also noticed more fraud amongst certain carriers like T-Mobile and Verizon than Sprint and AT&T.
• The prevalence of smart phones means that when they are compromised, a lot of personal information is made available to the thieves, such as e-mail, work documents, and social networking messages.

Some estimate that cell phone fraud costs $547M a year to cell phone companies, with tens of thousands of people being affected by this yearly. Furthermore, since personal information can be obtained in phone scams it usually means the beginning of a long rough road of dealing with and clearing up identity theft.  For tips to avoid the most common methods of cell phone fraud, read this ScamBusters.org article.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.