Identity Theft Protection Blog

By the AllClear ID Team

Matt here, AllClear ID Investigator. On October 13, 2010, the FBI unsealed indictments against 44 alleged members and associates of an international crime enterprise for what the FBI described as the “largest single Medicare fraud ever charged.” Reportedly, the organization’s activities spanned 25 states, operated in 118 phantom clinics, and billed over $100 million in fraudulent claims.

The members of the alleged crime ring were charged with using physicians’ unique identifiers to bill Medicare for services that were never performed, in clinics that did not exist. According to the indictment on racketeering charges, “the conspirators would steal the identity of a doctor—in particular, a doctor’s date of birth, Social Security number, medical license number, and other identifying information.”

Physician identity theft is not only devastating for the victim, but can also result in significant financial losses for federal health programs. The scam–believe it or not–is relatively simple. The perpetrator merely uses a physician’s identity to open a phony clinic and begin billing insurance entities–like Medicare or Medicaid–for services that are not actually provided. For example: in one recent case in New Jersey, the “doctor” in question was actually found and charged with health care fraud and aggravated identity theft, and now must pay $40,000 in restitution to Medicare. The perpetrator, having no medical license of any sort, used the identity of a retired doctor and made house calls to elderly patients. He then began billing Medicare under the physician’s NPI, or National Provider Identifier.

The National Provider Identifier was implemented in 1996 with the adoption of the Health Insurance Portability and Accountability Act (“HIPPA”). The NPI is the standard unique identifier for healthcare providers. How easy is it to obtain this type of information? Today, physicians’ personal identifiers are openly available to the public at the Centers for Medicare & Medicaid Services’ (“CMS”) NPI registry website, also called the National Plan and Provider Enumeration System. A simple search of a physician by first and last name on the registry yields his or her NPI number, license number, licensing state, taxonomy, business mailing address, full legal name, and gender.

CMS is currently working on a few different proposed screening rules and risk assignments to combat the problem, while physician advocates continue to urge CMS to remove the public display of the NPI registry. Until physicians’ personal identifiers are kept confidential criminals will continue to devise ways to use them to steal scarce healthcare dollars. Also troubling, until this information is secured, physicians who fall victim to identity theft will continue to find themselves in the nightmarish scenario of trying reclaim their identities. The Federal Government has taken positive steps to aid physician identity theft victims, and could build on that effort in the future by removing physicians’ personal identifiers—including the NPI registry—from unrestrained public access. To arm against identity theft, physicians should make every effort to secure their personal and professional information, and should promptly report any suspicious activity involving their identity.

For more identity theft tips, check out our AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jacqueline here with AllClear ID. You share a home with them, but how well do you really know your roommates? The people closest to you such as family, friends, and  roommates are often those that steal your identity. Here are some tips for protecting your identity from roommates.

Hide Your Info: Where do you keep your wallet? Many people simply leave their wallet (filled with identity information like credit card numbers, etc.) out in plain view. If you have roommates, or even if you don’t, practice keeping your sensitive information out of sight. It is often a good idea to invest in some sort of locked box or safe for your personal information. Keep bills, identity information, bank statements, checks, and other private documents locked up.

Log Out of Accounts: Since roommates often share computers they may be able to access personal accounts like your social media profile if you aren’t careful. You should always log out of accounts as soon as you are done using them. Don’t let your computer store user names or passwords. This might be convenient, but it isn’t worth the id theft risk. Keep personal computers locked and password protected when they aren’t in use.

Get a P.O. Box: Sending your bills, bank statements, and other personal records to your home address is risky when you share that address with a roommate. Consider investing in a locked P.O. box or signing up for paperless billing to keep your sensitive information out of your roommate’s hands.

Don’t Over-Share: Roommates often know more personal information about you than others which makes it easier for them to open accounts and steal your identity. Be careful what you share.

Use Secure Passwords and Don’t Share Them: Create unique secure passwords for all of your accounts. Be careful when logging in to avoid inadvertently sharing your password. Here are some password tips we featured on the blog in June 2011. Never give out your passwords or pin numbers, even if it is convenient. It might be tempting to send your roommate to the ATM with your card and PIN, but it isn’t a good idea.

Beware of Others: Roommates aren’t your only risk when living with others; you also have to be aware of your roommate’s friends and visitors. The information you share with your roommates may be shared with others. Visitors to your home, even if they aren’t your visitors, will have access to information left out in the open. You can choose your roommate, but you can’t choose their friends.

When you have a roommate you have to be extra careful to protect your identity. Scambusters.org has some great tips for college students and ID theft. This resource is great for anyone with roommates no matter the age.

For more tips about identity theft, check out the AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. I have heard over the years that people with common names are more likely to fall victim to identity theft. This news story titled Common Names ID Theft Risk (found on NBC-2 News) is a few years old, but still serves as an excellent example.  Is this claim really true? Could the name you are given at birth permanently increase your id theft risk?

The answer is surprisingly, “No”. When it comes to financial identity theft your basic information like name, phone number, birthdate, address, etc. isn’t important. The main information you need to protect is your Social Security number, bank account information, and driver’s license number. Without these, identity thieves aren’t going to have the information they need to commit financial identity theft. Banks realize that names are often quite similar with one another, and do not use these to identify their clients. Instead they rely on unique identifiers like your SSN. You can protect yourself from identity theft by protecting confidential information whether your name is common like John Smith, or unique like Kimae Lawclef.

Having a common name however can make it more confusing to resolve identity theft cases should they occur. If you share a name with an id thief it can be more difficult for law enforcement and creditors to unravel who is who. Common names can also lead to cases of mistaken identity or criminal identity theft. This news story from Chicago involving mistaken identity and background checks shows just how common this problem can be.

Another concern may be parents using the Social Security numbers of their similarly named children to commit id theft. Parents using their child’s id information to open credit accounts isn’t just a problem for those with similar names; it can happen with any names since parents have access to their children’s Social Security number.

Common named folks everywhere can now breathe a sigh of relief. You are still at risk for id theft, but not any more than the rest of us.

For more stories about identity theft, check out the AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Allison here with AllClear ID. The most common scam or online fraud type of 2011 was the FBI scam where people impersonate the FBI or FBI agents via email in order to get money or personal information. It’s now one of the worst online threats out there, but you can easily stop yourself from becoming a victim by paying attention to what scammers do, and what the FBI doesn’t.

First: government agencies do not send unsolicited emails. Period. So, if you get something from the FBI or any other government body that you didn’t ask for it’s likely to be a scam.

Second: many of these unsolicited emails say that you need to claim some sort of inheritance or lottery winnings, and need to do so by contacting a different government agency. When contacting that other agency they ask you pay a few fees to stake your claim only for you to never hear from them again.

This is where your “common spam sense” kicks in. For starters, the FBI certainly doesn’t have the manpower to deal with matters of unclaimed money. Even if it were part of the agency’s purpose to handle these issues would they really charge you to obtain something that’s rightfully yours like an inheritance or a lottery winning? Probably not. There’s no iota of truth or legitimacy to what these emails say that should be confused with something possible or real. Government agencies don’t do this sort of thing on a day to day basis.

The FBI isn’t worrying about such matters, and these scammers are only using the names of government agencies to add legitimacy (much like how they add the names of politicians in emails to get that same sense of legitimacy). All in all, the FBI–or any other government agency–isn’t going to be sending you unsolicited emails. The FBI won’t do to you what these scammers do so it will be clear when the time comes to know what’s legitimate and what’s not.

To read more identity theft stories, check out the AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Allison here with AllClear ID. Whether you’re a business or an individual you’ve probably had to part ways with old and worn-down electronics. It could be a laptop that no longer works, or an outdated cell phone. However, wait before you throw it away! Pitching old electronics without special precautions could be detrimental to your personal information.

How is that possible? Well, just because you don’t have a need for that laptop or cell phone anymore doesn’t mean that all the data on it will disappear once it’s thrown away. Even if it’s broken, a tech-savvy hacker could get in there and find the information he needs. Old electronics still carry valuable information on them–even personal information or credit card numbers–that an identity thief would love to have. If you do take the time to delete what’s on the device it might not be enough as tools do exist that can retrieve that information. The best way to dispose of old electronics in a way that protects you from identity theft is to destroy the gadget physically.

One way to destroy the laptop or hard-drive is to physically shred it. Most probably don’t have an electronics shredder lying around, but there are many companies that do offer this service. It may be cheaper just to put your electronics in the trash can, but consider the risk. If your identity is stolen because the hacker got to the device you have little way of knowing who did it. Not to mention it’s illegal in some parts of the country to put old electronics in the landfill so it’s better to be safe.

If you’re getting rid of a device that’s just old or because you don’t need it anymore then consider donating it. Many big brands, such as Canon, Apple, and most cell phone carriers, will take back old devices and dispose of them properly for you. There are also plenty of e-cycling or electronics donation drives where they will either dispose of the device, or reuse it elsewhere. You could also donate your old electronics to a school or nonprofit who would be happy to have them.

Overall, don’t just place your laptop or desktop tower in the dumpster like you would with any of your other trash. You’re not just throwing away wires and casing, but valuable data too. Take the time to get rid of your old electronics properly, or else you might as well give away your information to the identity thieves themselves.

Read more about identity protection tips on the AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. Malware isn’t just a pesky computer problem; it can put you at risk for id theft. A recent wave of malware attacks have affected more than 4 million computers in 100 countries across the world according to the Department of Homeland Security. In the U.S. alone, approximately 100,000 computers are currently vulnerable to this attack known as the DNS name changer.

What is the DNS Name Changer?

When you connect to the internet you use domain names to navigate to various websites. The domain name is converted into a series of numbers that basically serve as the address your computer will use to find your selected website. If you are affected with the DNS name changer malware your computer will generate incorrect numbers and send your computer to fraudulent websites. Visiting these fraudulent websites puts your computer at a greater risk for other attacks and viruses and increases your chances of identity theft.

How Can You Protect Yourself from the DNS Name Changer Attack?

Every computer is at risk for the DNS Name Changer attack, but that doesn’t mean you and your identity are defenseless. You can check your computer quickly and easily for free to find out if you have been affected. If you are infected you can fix the problem and get your computer back into proper working order. More information is also available through the DNSNameChangerWorkingGroup’ssite.

Protect yourself from identity theft by making sure that your computer isn’t infected with the DNS Name Changer. It only takes a couple of minutes to know if you have a problem. If you are one of the millions infected, you can start taking the right steps to correct the problem now.

Has your computer been affected by the DNS Name Changer? Let us know about it on our blog!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Allison here with AllClear ID. We’ve previously covered Pinterest scams and Facebook spam, but social media spam isn’t limited to those two social networks. Anyone who’s an avid Twitter user would know to beware of links and users that seem like spam.

So how can you tell what’s spam and what’s not? For starters, spam users are much easier to identify than spam links. Spam links can come from people you know while spam users (or spam bots) are usually people you’ve never met. If these users follow you, you can set up your account so that you get to approve any follow requests. Here’s how you can identify a spammer:

1. Vague Bio– Twitter allows users to put a 160-character bio as part of their profile (yes, it’s longer than a tweet). Spam bots won’t bother to fill this out, or will instead put some generic quote. Other bios from spam bots include comments about getting tons of followers.
2. Photo is Generic or Nonexistent– Spammers will either use a generic stock photo as their picture, or they won’t have a photo at all. This isn’t exclusive to spammers, but most avid Twitter users take the time to put an actual picture of themselves or a company logo.
3. Strange Username– This could be a username that’s all numbers, tough to pronounce, or simply looks like something no real person would come up with for a username.

A little bit harder to tell apart is a spam link or tweet, since it could come from someone you know, or the link could be cloaked with a URL shortener. Here are two spam link baits that I’ve had sent to me personally:

• The “Hi. Someone is saying terrible stuff about you. :[” spam. I fell for this one, where I clicked the link and was taken back to the Twitter log in screen. Type in your login and password and nothing happens because that log in screen was a fake. The fake screen is how spammers get passwords to access accounts and to spread their spam. If you receive this tweet, then most likely what happened is that the person who sent it got hacked somehow, and the spammer is just trying to get more passwords.
• The “I made hundreds of dollars in three days doing this. You can do it too,” spam. With a link to the supposed project or method of getting rich quick. This scam is more obvious, but it’s one that I’ve seen multiple times.

Twitter is an amazing tool for communication, information, and socializing. Play it safe – keep your eyes open for spammers and bots, and it can stay that way.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Matt here, AllClear ID Investigator. The 2011 tornado season ravaged much of the American Midwest, sending relief efforts and charities to the hub of it all: Joplin, Missouri. During this time, there were two alleged charities set up to help victims of the 2011 Joplin, Missouri tornado. However, these charities never contributed a dime to the relief effort according to the state’s Attorney General, Chris Koster. Koster said that Alivio Foundation Inc. began soliciting donations shortly after the May 22 tornado through a PayPal link on the purported charity’s website, and through an online donation conduit called Crowdrise. Donations were supposed to go to a couple of Catholic churches in Joplin, but the churches reported that they were never even contacted by Alivio. Koster’s office has since been able to locate $9,700 so far through Crowdrise alone.

Scammers are always seizing opportunities to make a profit, and unfortunately during times of crisis they prey on good citizens with open hearts. Many people like to give and help others in need, but do not stop to think that this type of scam could even exist. Yet, every time there is some sort of disaster–from the towers coming down on 9/11 to the Haitian earthquakes–scammers try to take advantage. With technology ever-evolving it has become even easier for crooks to carry out these schemes. After Hurricane Katrina not only was there money being donated on the Internet, but donors could easily punch a couple of numbers on their mobile phones to make a contribution. The donor would then have to follow up the text with a phone call, and give out personal information making them ripe for identity theft.

Fake charities use the same techniques to steal your money that legitimate charities use to raise funds according to the Federal Trade Commission (FTC).  Before you donate make sure you know where your money is going. The Better Business Bureau’s Wise Giving Alliance offers information about national charities; you can also call 703-276-0100 or go to their website here.

You can read more stories like this on our blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. As you travel be careful not to bring home any unwanted travel guests. I’m not talking about bed bugs (although hopefully you don’t find any of those either), this unwanted travel guest is malware and traps might be lurking on your hotel’s internet connection.

Malware (or malicious software) is software that hackers and id thieves use to gather personal information or access your computer without your permission. Computer viruses are a type of malware. Malware can disrupt your computer system, take your personal information, and make you a victim of identity theft.

This press release on the IC3 website warns travelers about potential malware traps when using hotel internet connections. Here’s how this happens: when travelers connect with the hotel internet connection, a pop-up window would come up asking the user to update their software. If the traveler accepted and allowed the installation, malware was then installed on their computer.

Here are some tips for you before you hop on the plane. To keep your computer and your identity safe when using hotel internet connections both in the U.S. and abroad:

• Update before you leave- Update all of your software programs before you leave. If it’s a short hotel stay, you probably won’t need to update again until you get back. Also make sure that your anti-virus protection is up to date.
• Check the digital certificate of prompted updates- Before allowing a prompted update, check the author or digital certificate. If the certificate doesn’t match the vendor, it might be a malware scam.
• Install updates directly from vendor websites- Getting your updates directly from the vendor sites is a good idea when traveling. Refuse the pop-up asking for the update, and then head to the vendor’s site and install the update yourself.

If you do encounter this type of attack, contact your local FBI office or report it using the IC3 website to help law enforcement in their fight against id theft.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jacqueline here with AllClear ID. Discovering that you’ve been a victim of identity theft can feel like being hit in the chest by a load of bricks. Your credit report is littered with debts you didn’t accrue, and the debt collectors might be starting to call. What do you do?

Filing for bankruptcy might seem like the easiest solution to identity theft, but it carries many long term consequences that can be avoided.

Here are five reasons you shouldn’t file for bankruptcy after ID theft:

• You Are Legally Entitled to Have the Debts Removed- As an identity theft victim you are entitled to certain legal protections. Debt collectors may contact you about these debts, but if you inform them that you are a victim of id theft and that these accounts are fraudulent then the debt collector must inform the original creditor and give you access to information about the accounts like applications and statements.
• Bankruptcy Will Ruin Your Credit- After ID theft you may think that bankruptcy is a good solution since it will quickly wipe away many if not all of the fraudulent debts, but bankruptcy has a downside; it will absolutely decimate your credit. Bankruptcy reports can appear on your credit report for as long as 10 years after you file. Additionally, bad credit can interfere with getting some jobs and qualifying for new loans like credit cards or mortgages. It will take time, but by working with the credit reporting agencies you can often restore your credit to the level it was before you became an ID theft victim.
• Bankruptcy is Expensive- Filing a complaint in bankruptcy court costs several hundred dollars in filing fees and other charges. Restoring your identity after id theft can be expensive, but filing for bankruptcy is too.
• Reporting Your Crime Helps Law Enforcement and Others- Identity theft is notoriously hard to investigate and prosecute. Fighting your ID theft and reporting your crime to agencies like the FTC and the IC3 will help law enforcements find and stop identity thieves. This may also help others avoid id theft.
• AllClear ID Can Help- If you are the victim of id theft you might feel alone, but you’re not. There are many agencies and services ready to help you fight and restore your identity. Members of our Free and Pro plans have an immediate connection to an AllClear Investigator. In addition, our Pro plan members have $1 million in id theft insurance and Complete Identity Repair. Other agencies ready to help you restore your identity after id theft include: ITRC (Identity Theft Resource Center), the FTC (Federal Trade Commission) and many others. Avoid id theft when possible, but if you are a victim, you do have options.

For more identity protection tips, check out our blog here!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.