Warning: Be on High Alert for Fake FTC Email Containing Virus

by Heather Wells (Recovery Advocate)

An online article from Reuters dated October 29, 2007, details the latest alarming scam aimed at the unsuspecting public. Reuters reports that an unknown number of consumers may have received a bogus email that appears as though it was sent by the Federal Trade Commission (FTC). The emails are not from the FTC and are instead designed to lure an innocent victim to click on attachments and links that could leave them vulnerable to Identity Theft.

“'The e-mail says it is from ‘frauddep@ftc.gov’ and has the FTC's government seal. But it was not issued by the agency and has attachments and links that will download a virus that could steal passwords and account numbers, the agency said.

'It's a treasure trove for identity theft," said David Torok of the FTC's Bureau of Consumer Protection. ‘We're concerned. The virus that's attached to the e-mail is particularly virulent.’”

Unfortunately, this isn’t the first time the Federal Trade Commission has had to issue a warning regarding bogus emails. In June of 2007, consumers were also under attack from fraudulent emails that looked like legitimate correspondence from the FTC.

The Federal Trade Commission is encouraging consumers to forward the email to spam@uce.gov, an FTC database, for investigation and then to delete the email. For more official information and instructions, go to the FTC website.

Synthetic ID Theft

by Doug Pollack

The Wall Street Journal this week published an article on synthetic identity theft titled "The Borrower Who Never Was" (Christoper Conkey, October 29, 2007).

It describes how an identity thief named James Rose would create synthetic identities, those that appear real on paper, but were actually used by him in order to trick financial institutions into making loans or issuing credit cards.

"Working with a partner, Mr. Rose tricked the guardians of the credit system -- lenders and the three big credit bureaus -- into treating his fake identities as if they were real, creditworthy consumers. He obtained several hundred credit cards in the names of Mr. Gregory and as many as 500 other fake personas over two years, filching around $750,000 over a two-year period."

Unlike more common identity theft, synthetic identities are used primarily to defraud financial institutions without affecting individuals. Mr. Rose noted that their goal was to "make a lot of money without actually hurting people."

Despite protestations to the contrary, some feel credit bureaus aren't doing enough to deter identity theft. In the case of synthetic identity theft, it is the knowledge of credit bureau procedures that enable criminals to create and exploit synthetic identities. Evan Hendricks, editor of Privacy Times, notes that "the credit bureaus are at the epicenter of identity theft and there's no pressure at this point to force them to make changes."

Business breaches a source of identity fraud

by Doug Pollack

A recently federally funded study on identity fraud by Utica College's Center for Identity Management and Information Protection "paints a complex portrait of the signature crime of the digital age, one that has been the top consumer fraud complaint to federal authorities for six consecutive years."

As described in a recent article titled In Many Major Cases ID Theft isn't Personal (Joseph Menn, LA Times-Washington Post, 10-22-07), this study challenges a widely held perception that a majority of identity theft cases occur with people that are known to the victim.

Based on 500 individuals arrested by the US Secret Service over the last several years, only 8% were relatives of or acquainted with their victims. The most common tool for identity theft based on this study was any of a variety of technology devices, including credit card encoders, computer printers and telephones, which contributed to 37% of the cases.

This study further reinforces the need for individuals to be very careful with their personal information, and how and when and to whom they disclose it, but also highlights that identity theft can occur even to those people that are consummately careful.

Clark Howard on ID Theft Services

by Doug Pollack

I've been a long time listener of Clark Howard. It is hard not to appreciate the solid advice on how to save money and not "get ripped off".

With the expansion of competing services targeted at consumers to protect from identity theft, it can be difficult knowing who to trust or what criteria to use in selecting a service. He has commented extensively on identity theft, and provided the following advice to his listeners:

"Clark gets tons of calls about identity theft. It has remained a real aggravation for people, especially when they have been a victim. ...The only time he would recommend paying for a service is if a human being comes with the deal, and that person is going to clean up your credit for you. "

After 4 years in the ID theft protection business, ID Safeguards launched a new consumer identity theft protection service earlier this week called FraudStop. FraudStop is distinctive in that it provides exactly this kind of personal service to victims of identity theft. The company has a team of experienced "recovery advocates" that, if a FraudStop member falls victim to identity theft, will personally take on their case and do everything necessary on their behalf to restore them to pre-theft condition.

While I realize that Clark Howard doesn't endorse products, which is part of his appeal, I am pleased that the FraudStop offering from ID Safeguards is in alignment with the advice that he gives to his listeners.

ID Thieves Steal Medical Services, Cause More Pain

by Rick Kam

In an article written by Victoria E. Knight on October 11, 2007 in the Wall Street Journal, Escalating Healthcare Costs Fuel Medical ID theft, Victoria explains:

"One of the biggest threats posed by medical identity theft is that victims can receive the wrong medical treatment based on the fraudulent information in their medical records. (You are allergic to penicillin, the impostor isn't.) In addition, theft can cause victims to fail pre-employment medical exams or become uninsurable."

What is Medical ID Theft?

Medical identity theft is when someone uses your name and health insurance without your knowledge or consent to obtain medical treatment, prescription drugs or goods. At least a half-million Americans have been affected, according to Pam Dixon, Executive Director of the World Privacy Forum, a San Diego research group that focuses on privacy issues.

What can be done to protect yourself from Medical ID theft?

Like protecting yourself other forms of ID theft, we suggest being aware of potential misuse of your personal data. Check those explanation of benefits statements you get after visiting the doctor to make sure the medical services you received are accurate, and that you were the one that received them.

There are new identity monitoring solutions in the market that detect both financial and non-financial fraud (i.e. medical ID Theft). Credit monitoring is not effective in detecting this issue or many other issues involving non-financial crimes.

Would You Notice $400,000 Missing From Your Checking Account?

by Rick Kam

In an article published in the New York Times by Sewell Chan on October 2, 2007, Chan reports that Mayor Bloomberg fell victim to Identity Theft.

"In early June, Mr. Bostic deposited a $190,000 forged check into the Sovereign account and a $230,000 forged check into PNC account, according to prosecutors. Both of the forged checks were drawn on Mr. Bloomberg’s personal account at the Bank of America and were issued in the name of the mayor’s financial manager, Geller & Company."

You might ask could this happen to me?

The answer is yes. There are many types of financial and non-financial ID theft. Credit card fraud and someone withdrawing money from your checking account happens a lot.

You might say, "I have a service that freezes my credit or automatically sets fraud alerts to guarantee against ID theft". The answer is, these solutions will prevent the issue that happened to Bloomberg - an ID thief stealing money being taken from his checking account.

There are new services on the horizon that monitor credit, checking, and other forms of financial and non-financial personal data to detect misuse of your information and provide 360 degree protection. You will see these new services become available in the market and be more effective, but cost roughly what consumers pay today for less effective solutions. More on this in a future post....

Gap Reports Theft of Laptop Containing Personal Information

by Heather Wells (Recovery Advocate)

800,000 applicants for employment with the Gap may have had their personal information compromised, according to a September 29, 2007 article in SFGate.com written by Carolyn Said.

“The San Francisco retailer on Friday reported the theft of a laptop containing unencrypted personal information for 800,000 job applicants. The data, stolen from the offices of a third-party vendor, covered job seekers in the United States, Canada and Puerto Rico who applied online or by phone between July 2006 and June 2007. Most of the applicants were seeking jobs at Old Navy, although some applied for jobs at Gap, Banana Republic and Outlet stores."

A majority of people think that it’s required to put their social security number, date of birth, and other personal data on an application for employment or on a resume. This is a common misperception that makes job applicants extremely vulnerable to Identity Theft. So, what are some items that DO NOT belong on a resume or job application?

1) Your Social Security Number
2) Date of Birth
3) Driver’s License Number

If a company requests any of this information simply write “see below” and then add a note at the bottom of the application stating that you would “be happy to give this information during the interview process.” Explain to your potential employer that you are simply protecting yourself from the threat of Identity Theft.

In general, employers do not make a hiring decision based solely on looking at an application or resume and they do not need this info unless they are truly interested in hiring you. The same goes applying for a job over the phone. Explain to the person taking down your name and work experience that you don't feel comfortable giving up so many other personal details on the telephone. You never know where your information could end up, on an unsecured computer or desktop, in a trashcan, or even worse, in the hands of an id thief!