Identity Theft Protection Blog

By the AllClear ID Team

Allison here with AllClear ID. Spam, spam, spam. It’s everywhere and no site is safe unless the proper security measures are implemented. Most recently, micro-blogging site – Tumblr – has become a key target for spam campaigns. Some spam on the website are just pranks, but the point of much of this spam is to generate actual profit for the spammers.

“The majority of tactics used on Tumblr and Google Play are similar to those deployed on other popular social networking sites such as Facebook and Pinterest”, said Christopher Boyd, senior threat researcher at GFI Software. “Spammers continue to use surveys and phony prize offers simply because they work. Recycling old tactics minimizes the effort needed on their part, but it also gives users the opportunity to avoid becoming a victim by keeping a sharp eye and watching for tell-tale signs.”

GFI Software, an anti-spam and email security firm, conducted research in May on the most prevalent threat detections. This research found that spam campaigns were abound on Tumblr and Google Play. Although spam has been present on Tumblr since its inception, in the past few months there has been a targeted effort from spammers to drive Tumblr traffic to their sites. Hundreds of thousands of people have had their login credentials stolen.

“The three main types of spam that we regularly encounter on Tumblr are phishing pages, survey scams, and malware installs” Boyd said. “Many of these sites began as generic sites falsely offering ’free gifts‘ in return for personal information or a survey, but are now mimicking legitimate sites like the Tumblr staff blog in order to further fool users into thinking that the offers are real.”

Falling for these traps could mean signing up for monthly billing services, or handing over personal information to third-party marketers. At worst, it could mean loss of control over your Tumblr account and malware/browser plugins could lead to data theft. To avoid falling for these traps Boyd suggested that users do independent research to confirm whether or not the offer is true or a scam.

“Tumblr users should always check the source when they encounter unsolicited offers for free gifts and other prizes. If the content in front of them claims to be from the official Tumblr blog or another seemingly legitimate source they should independently navigate to the legitimate site and find the offer there,” he said. “Spam messages sent directly to your “Ask box” should be viewed with suspicion, and searching for additional information about the offer on your own will quickly confirm if it is a scam.”

For more identity protection stories check out our blog here!

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Allison here with AllClear ID. Rumor has it that Facebook will start allowing children under the age of 13 to join the social network. The reasoning behind this change is that children under 13 are already joining the site by lying about their age; the change would make it easier for these kids to join Facebook without lying. Although Facebook has made no specific plans or announcement about changing the policy it has expressed interest in creating a safe haven for kids online.

Whether or not your kids are on Facebook it’s important to talk to them about how to be safe online because it’s likely they will join the social networking site once they turn 13. It’s estimated that over 20 million kids under 13 are currently on Facebook, and parents need to be involved in what their children are doing on Facebook. Here’s how to talk to your kids about Facebook safety:

1. Talk About What They Are Doing Online – Facebook doesn’t allow anyone other than the account holder to access accounts so parents can’t snoop into their kids’ profiles. As an alternative, get to know what they are doing online. Ask them who they are talking to, what they do on Facebook, and ask if they are giving away where they live and where they go to school. Parents could take this one step further by creating a profile for themselves and adding their kids to their network. You may not be able to see everything, but you can still be involved in what your kids are doing on Facebook.
2. Guide Them Toward Proper Behavior – Think of Facebook as another way for your kids to engage and to interact with other people, and guide them on how to do so appropriately. Let your kids know that they shouldn’t be complaining about their teachers, coaches, family etc. online, and explain the possible consequences of doing so. Most parents would scold their kids for saying something negative about their coach in public; consider the online world as another public forum where comments like that can easily get out of hand.

It’s best not to stop them from using Facebook if they are already on the social networking site. Social media has become an integral part of socialization and communication, and it will only be a matter of time before your child is on Facebook. It’s better to be a part of this process, and to help your kids make the right decisions instead of ignoring it and making your kids learn it on their own.

Check out more identity theft stories on our blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. If you don’t think id theft can happen to you, think again. Everyone is at risk, even your favorite celebrities. Check out how id theft has impacted a few of your favorite celebrities.

• Former Minnesota Vikings Running Back Michael Bennett- His identity was stolen by a police officer who was moonlighting as a security guard. He stole mail from Bennett and other players which he used to commit identity theft. The thief lost his job and received 3 years of probation and $117 in fines for this crime.
• Tiger Woods- His identity was stolen back in 2000 by Antony Taylor – who used Woods’ identity to buy over $17,000 worth of furniture and electronics. Taylor would impersonate Woods at various stores to open credit accounts. Taylor was sentenced to 200 years under California’s Three Strikes Law.
• Paris Hilton-  A Massachusetts teen was jailed for hacking Paris Hilton’s phone, and posting her celebrity contact info online. The same teen was also involved in hacking a LexisNexis database, and acquiring records for more than 300,000 consumers.
• Jerry Orbach- Prior to his 2004 death, Law and Order star Jerry Orbach was a victim to identity theft many times over. Orbach’s identity was stolen when his Social Security number was posted on Ebay. He became a victim a second time when his wallet was stolen on the Law and Order set. Orbach became actively involved in the fight against identity theft when he became the face of a post-office identity theft awareness ad campaign.
• Robert De Niro- A housekeeper to Robert De Niro pled guilty to stealing from her celebrity employers. The housekeeper made purchases from upscale stores using stolen credit cards, and used the Social Security number of a young girl to obtain employment illegally.
• Michael Jordan- Jordan’s bank account information was found in the home of Ishman Walker. Walker was arrested for identity theft right after he was unable to find someone to act as his accomplice and impersonate either Michael Jordan, or his wife at the time, Juanita. Lesson Learned: Protect your bank account numbers.
• Will Smith- An identity thief posed as Will Smith, and opened at least 14 credit card accounts in his name. The thief, Carlos Lomax, was sentenced to prison time and required to pay more than $60,000 in restitution for the purchases he made. However, his wasn’t Lomax’s first celebrity id theft. He had a previous id theft conviction connected to Steve Smith, a former Atlanta Hawk’s basketball player and TV commentator.

The point is: you’re not alone. Identity theft is not just for those who aren’t in the spotlight.

Keep yourself safe by protecting your information and checking out these identity theft protection tips.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Vanessa here with AllClear ID. What started as a database to protect Americans from fraud has become a major source of identity theft and misery. Making it worse this is a database run by the federal government – and it says it’s powerless to stop the database information from going public.

The database in question is the Social Security Administration’s Death Master File. We’ve talked before about ghosting, and unfortunately this file makes the crime simple for thieves. It contains the names, birth dates, and Social Security numbers of more than 90 million deceased Americans. It is updated every week, and can be accessed for free online.

According to media reports thieves are pocketing fraudulent tax refunds after filing returns with personal information about recently deceased children that they found in the Death Master File. Parents who recently lost a child are increasingly targeted by these thieves. Armed with the deceased child’s Social Security number and other personal information the crooks falsely claim them as dependents and have the refunds routed to them.

One of the victims is Matt Pilcher of Potomac, Maryland. His daughter, Ava, died at six months old from lung disease following her premature birth. Pilcher’s 2010 income tax filing was rejected by the IRS because someone else had claimed Ava as a dependent. All her information was on the Death Master File.

The database was created in 1980 ironically at the request of U.S. businesses seeking a tool against identity theft. It seemed like a good government solution to the rising problem of consumer fraud. However, this was before the Internet Age. Now there are serious problems stemming from the Death Master File. The Social Security Administration recently admitted that it accidentally lists about 14,000 living Americans each year in the death database. Living people listed as deceased have trouble getting jobs, opening bank accounts, buying cars and cell phones, and renting housing.

There is little grieving parents can do to protect themselves from tax fraud if thieves decide to take their dead child’s name, birthdate, and Social Security numbers. Crooks only need to file for a tax refund before the family can. By the time the IRS detects something is wrong the money is already out the door.

What makes this situation even more infuriating is that the Social Security Administration is powerless to act. Information on the Death Master File is information that must be disclosed under the Freedom of Information Act.  Congress would need to amend FOIA laws to limit the amount of information made public. Luckily, that may happen as the House Ways and Means Committee, which oversees the Social Security Administration, recently called a hearing to examine how the Death Master File is handled.

In the meantime here are a few steps that parents of deceased children can take to protect thieves against identity theft:

• File taxes early. The IRS typically processes returns in the order received. If yours goes in first a crook using your child’s information is less likely to get away with deceit.
• Don’t expect answers. By law, the IRS cannot share information about the person who claimed your child.
• Contact credit bureaus. It’s possible the thief also tried to use your child’s name to take out credit cards or turn on utilities. To find out contact the three credit ratings agencies: Experian, Equifax and TransUnion.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here with AllClear ID. “Will that be debit or credit?” Many people assume that their answer to this question only affects the card they pull out of their wallet, but they are wrong. When it comes to identity theft you have very different protections depending on the type of card you use.

Debit
A debit card is one issued by your bank that is tied directly to your checking account. It is the card you use at the ATM and at retailers when you want money to come directly out of your bank account. When using a debit card you have two options: enter a PIN or run the card as credit and sign. Both are considered debit transactions and offer the same basic protections in cases of identity theft or fraud. Here’s how you’re legally protected if your debit card is misused:

Debit Purchases/Withdrawals made with your physical card:

• Unauthorized transactions reported within 2 business days have $50 consumer liability
• Unauthorized transactions reported between 3-60 days have $500 consumer liability
• Unauthorized transactions reported over 60 days no protection

Purchases/withdrawals made with debit card number only:

• $0 consumer liability for all purchases reported within 60 days
• Consumer is responsible for all charges reported after 60 days

Debit transactions come straight out of your bank account which means that you may be without your funds while the bank investigates any fraudulent charges. The bank is required to provide temporary credit in the amount of the disputed charges after 10 days while they examine your claim.

Credit
Credit cards are a line of credit extended by a company to consumers. These cards will typically issue a monthly bill for any charges rather than deducting the money directly out of your bank account. Some of the top credit card companies include Visa, Mastercard, American Express, and Discover. Here’s how you’re legally protected if your credit card is misused:

Credit purchases made with your physical card:

• $50 consumer fraud liability (most companies will waive this fee)
• If you report missing cards before charge is made there is  $0 consumer liability

Purchases made with credit card number only:

• $0 consumer liability

Consumers also have additional protections when using credit cards through the Fair Credit Billing Act. This law protects consumers from poorly made or damaged merchandise that was purchased with a credit card. You may also have coverage for items purchased, but not received. This protection is available after efforts have been made to resolve the problem with the merchant and specific requirements will need to be met.

For more information on avoiding credit card fraud read the FTC’s Consumer Fact Sheet: Avoiding Credit and Charge Card Fraud.

The next time you head out for a shopping trip make sure you know what protections you have available should you become a victim of identity theft, or notice fraudulent charges on your card statement.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

 

 

By the AllClear ID Team

Jacqueline here with AllClear ID. Have you heard of social engineering? This ID theft tactic sounds harmless, but in reality it is anything but. Social engineering plays on flaws in human thinking, and can compromise almost anyone’s identity. And since social engineering often utilizes call centers and company employees there is little you can do to protect yourself from this type of identity theft.

Social engineering starts with a tiny bit information. Often this information is public knowledge or easily obtained. The identity thief will then attempt to leverage this information to steal your identity. To better understand how this process works let’s examine a real life example of social engineering.

Paul Allen, a co-founder of Microsoft, recently became a victim of a social engineering scheme. Brandon Price, an army deserter from Pittsburgh, PA was able to obtain Allen’s debit card through Citibank’s call center. Price impersonated Allen on the phone call, and changed the account’s address to his own. He then ordered a new debit card which was subsequently sent out. Price used this card to make a payment on a loan, and then attempted a failed wire transfer and in-store purchase. You can read more about this story on Wired’s Threat Level blog here.

Although it is unknown exactly how Price was able to con Citibank into sending Allen’s debit card to his address it probably involved using kernels of information obtained about Allen to access and make changes to the account. Think about it: how difficult would it be for someone to access your accounts with a quick call to a call center? Often the identity verifying information used to protect your accounts could be easily obtained online, or by swiping a few pieces of mail.

The lesson learned from this incident and many others like it is simple: protect your information as much as possible. Identity thieves use information to steal, and without it they can do nothing. It is also important to regularly monitor your accounts and credit history to find problems early so they can be easily corrected. ID theft schemes like this one are one reason that credit score monitoring is so important. Every identity is at risk, even the billionaire Paul Allen’s.

To read more identity theft stories, check out the AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jacqueline here with AllClear ID. In April 2011 a report was issued by The White House entitled National Strategy for Trusted Identities in Cyberspace (also known as NSTIC). The report encouraged businesses in the private sector to create a secure trusted identity system to better protect online identities, and encourage consumer confidence online. It has been a little over a year since this report was issued; let’s take a few minutes and review the basic premises behind this report and examine what exactly this could someday mean for you and your identity.

What Is The National Strategy for Trusted Identities in Cyberspace?
The premise behind NSTIC is simple. The internet has changed the way we do business, communicate, and research. It opens doors, creates possibilities, and enables change. The internet does have a dark side though; it isn’t always secure and can be a hotbed for id theft and scams. The NSTIC’s goal is to create more effective systems for identifying consumers and businesses online. The hope is that greater confidence in identities will foster online commerce, and open the door to new uses for the internet including very sensitive and secure transactions while helping consumers avoid identity theft.

What Is Happening with the NSTIC?
It’s been a year since the original NSTIC report was issued. What is happening? Many private companies, organizations, and advisors are working in collaboration to find solutions to the ever growing problem of identity theft and fraud. They are working to create what is called The Identity Ecosystem which is a future vision of an online world with greater privacy, security, convenience, and efficiency among other things. This Identity Ecosystem would provide age appropriate access to the internet, better security for smart phone and secure transactions, and increased public safety. This will probably be achieved using an individualized trusted credential provided by a private sector identity company. The Identity Ecosystem is not yet operational and trusted credentials for this program are not yet available.

What Does This Mean for You?
It is obvious that we need more protection online. Passwords just aren’t providing the necessary security for our various accounts and transactions. ID theft is all too common and consumer privacy is at risk. If properly executed the Identity Ecosystem could allow for more secure online transactions, better control of your identity, and protection from fraud and identity theft. That being said there is also potential for problems if the system isn’t properly established. Having a single trusted identity used across the internet could potentially result in increased identity theft, rampant information sharing from companies, and a false sense of online security amongst consumers. If not done carefully the Identity Ecosystem could potentially make the problem worse.

The NSTIC does recommend that all consumers participate in this program to take advantage of the id protections once they are ready. However, the program will be optional when ready for implementation.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Allison here with AllClear ID. Online pinboard and latest social media craze Pinterest may have just emerged as the third most popular social network, but it’s also emerging with scams. As people “pin” some of their favorite things, scammers and cyber criminals are now pinning things that are leading to spam, phishing sites, and other malicious things.

Pinterest is becoming a popular target for cyber criminals because the site itself is not only getting more popular, but also because a simple eye-catching photo is all it takes to lure someone in and have an Internet scam succeed in stealing your information or your identity. On Facebook and Twitter, a scammer needs a carefully crafted sentence or lead to entice someone to click a link. The most common scams include filling out a survey, signing up for a subscription or a free offer, and downloading something onto your computer.

However, some of the latest Pinterest scams don’t do any of those things. One advertises an “amazing weight loss product,” where posts include a variety of enticing thumbnail pictures. The captions to these pictures read that the product is sponsored by Pinterest (it’s not), and that it really works. However, when you click on the links, they take you to an acai berry miracle diet website. This is an example of a bait and switch. Baiting and switching like that is a big warning that the whole thing is probably false. It’s one way these scammers hook people in to get the information they need to steal identities. The miracle diet acts like the solution to the problem of being overweight, and is a way to reel in unsuspecting people.

Another scam involves reaching out to people through a Facebook ad, advertising a way people can make money on Pinterest. The link goes to a website that offers a Visa gift card, where all the person has to do is fill out a form to get it. Even though this is also a bait and switch, an additional risk to identity is filling out that form. Since you didn’t originally click on the link for the gift card, but are now being asked to sign up for it, you might “like” the gift card as a reward for clicking on the link. By thinking twice about the form and being careful about your personal information, you can avoid these scams and the problem of having your identity stolen.

It’s unclear whether the accounts that post some of these scams have been compromised, or have been intentionally set up by scammers, which is a critical thing to think about when using social networks. They aren’t going away, and they could easily be coming from “friends” as well as strangers. With Pinterest, and all the other popular ones, there’s always the possibility of someone getting into your account (or a friend) and posting these malicious links. Just because your friend or your sister posted about an amazing weight loss product doesn’t make it legitimate or trustworthy. Be mindful of what’s being offered, where the link takes you, and what’s being asked of you. If you give away your personal information to the wrong person, your identity could be at risk.

To keep up-to-date on all of the newest scams, make sure to check out the AllClear ID’s Scam Alert.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

 

By the AllClear ID Team

Allison here with AllClear ID. Awhile back we warned of a scam targeting vehicle shoppers on Edmunds. Now those of you thinking of making purchase on Craigslist anytime soon need to exercise caution. There is a scam going on involving Google Checkout and those who wish to make purchases out of state. If you fall for it the scammer ends up with your identity including name and address, plus your money, while you get nothing in return.

How this Internet scam works is that the scammer lists something on Craigslist, commonly a motor vehicle like an ATV, a pickup truck, or a small vehicle like a Nissan Altima or a motorcycle. One thing to notice is that the scammer will sell the item well below market value, and will have some story as to why they are selling it so cheaply. Once you indicate interest, the scammer will tell you that the vehicle is ready for shipping to your address from an out of state location. All you have to do is give the scammer your name and shipping address, and then everything will be set up via Google Checkout.

If you ask to see the vehicle, motorcycle etc., the scammer will say that it’s already in storage ready to be shipped, so you can’t meet them or take a look at it. Sometimes, the scammer will say that they are on a military base about to be deployed, which is why they need to sell quickly or why they cannot meet. All you have to do is provide the information to Google Checkout, and then you will have a quick grace period in which to test the vehicle and to make a final decision. In the meantime, Google Checkout will hang on to the money until you give Google Checkout the go ahead.

The entire story is a scam. Once you put the money into Google Checkout, you won’t see it again. Keep in mind that Google Checkout is a legitimate service; however, these scammers are using a dummy Google Checkout to get their money. Online threads show that this scam has been going on for over 18 months, in states all over the country, and it is still going right now. Here are a few warning signs to watch out for if you’re planning to make a purchase of an ATV, tractor, motorcycle, car, or any other vehicle via Craigslist:

• If you are unable to take a look at the vehicle before purchase
• If the vehicle is being sold below market value
• If they ask for you to pay before you even have the vehicle, or have seen it
• There’s a grace period for you to test the car and make a decision
• Vehicle is located in a state different from the one advertised in on Craigslist

If you are in the market for a vehicle, make an in-state purchase, or avoid doing it on Craigslist all together. If an ad you find and the correspondence you have seems too good to be true, then it probably is.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.

By the AllClear ID Team

Jackie here from AllClear ID.  The internet has opened the door to a host of privacy concerns for both businesses and consumers. A new report issued by the FTC addresses these issues, and provides recommendations for businesses and government for protecting the privacy of Americans and allowing them to control their personal data. This privacy report expands on an earlier December 2010 staff report, and includes guidelines for businesses that handle private consumer data.

The report encourages companies to take the following three actions to protect privacy:

• Privacy by Design- Privacy shouldn’t be an afterthought. Companies should take privacy into consideration during every stage of the development process. Consumer information should be protected with reasonable security and steps should be taken to promote data accuracy.
• Simplified Choice- Consumers should be able to control what information they share and with whom. Do-Not-Track options should be available so that consumers can easily control tracking when online.
• Greater Transparency- Consumers should be able to know what information is being collected about them. Companies should be more open about the information they collect.

The FTC report includes action points that will be used to improve consumer privacy control over the next year. The FTC will focus their efforts on creating a do-not-track system, promoting self-regulatory codes, and resolving privacy concerns with mobile devices, data brokers, and large platform providers.

What Does This Mean For You? Privacy is a big concern for all internet users. The amount of personal information shared online is staggering. This FTC privacy report will help shape privacy regulation and policies in the coming years. The recommendations in this report will help businesses create sound privacy practices, and should help consumers to have greater control over the information they share online.

Check out the FTC’s summary of the report here, and keep updated on new privacy laws and news at the AllClear ID blog.

Views expressed are the personal views of the author, and do not represent the views of the National Foundation for Credit Counseling, its employees, its members, or its clients.