Are You Well Protected?

by Doug Pollack

As we look forward to what is in store for us in 2008, The Identity Theft Resource Center is projecting an increase in both the number of security breaches and incidents of identity theft.

With this as a backdrop, we've developed a set of recommendations for people to protect themselves. As part of our ID Self-Defense Academy, a component of our subscription services member website, this Self-Defense Checklist includes both common sense suggestions that you are likely to be familiar with, as well as others that are new this year given the evolution in the use of the internet and computers in identity theft.

Some of the items you may not have thought about include using a "wipe" utility on your computer hard drive to make sure all of your information is permanently erased before disposing of the computer, and checking the annual earnings statement that you receive each year from the social security administration for any discrepancies in earnings or work history.

The complete checklist follows.

Self-defense Checklist

Protect Yourself At Home

• Switch to a mailbox with a lock.
• When you're away from home, place a hold on your mail (online at www.usps.com or with a Hold Mail form at the post office).
• Use a cross-cut shredder to shred documents containing financial or other personal information.
• Secure important documents in a safety deposit box or a fire-proof safe hidden at home.
• Stop newspaper delivery and garbage service if you're leaving town.
• Set up lights on timers to make your home look occupied when you're away.
• Have a neighbor you trust keep an eye on your home, and leave a number where you can be reached.
• Immediately notify the post office and anyone you do business with if you change your address.
• Place outgoing mail in a post office mail slot or hand it to a postal worker instead of leaving it at your home mailbox for pick-up.
• Review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.

Protect Your Computer and Internet Access

• Protect your computer with a password.
• Never provide personal information in response to an unsolicited e-mail.
• Avoid viruses and other scams by frequently updating your browser and e-mail software.
• Use and regularly update your firewall and anti-virus/anti-spyware software.
• Change your passwords often, and use letter and number combinations that are difficult to guess.
• Never have your computer remember your password.
• Don't respond to instant messaging from unfamiliar users, and avoid instant message offers.
• To ensure the authenticity of e-mail requests for personal information, type the company's Web site URL directly into your browser instead of clicking on a link in the e-mail. (The real destination of the link may be different than the URL that you see.)
• Don't ever send personal or financial information via e-mail.
• Don't open e-mail attachments or download files from strangers.
• Before doing business with any company, ask for and verify its name, street address, and phone number.
• Choose an Internet Service Provider and browser that use filtering software to limit spam in your e-mail inbox.
• Never respond to email asking for your help in getting money out of a foreign country.
  Encrypt your wireless network as soon as you set it up.
• When using Ebay, Craigslist, or other sites linking buyers and sellers, use PayPal for transactions. Don't ever wire money via wire service, and don't accept cashier checks or money orders, as these can be forged.
• Review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.

Protect Yourself On the Road

• Carry only the credit cards and checks you absolutely need when traveling.
  Keep identification and credit cards in a secure wallet or purse on your person (and out of pickpockets' reach) where you can keep an eye on them.
• Make photocopies of the fronts and backs of your credit cards, driver's license, and passport and store the copies someplace other than your wallet in case of theft.
• Program the toll-free numbers for your credit card companies into your mobile phone in case of theft.
• Never leave valuables, phones, receipts, or other papers containing financial or personal information in your car, even if it is locked (and always lock it).
• Keep receipts in a safe place until you can cross-shred or safely store them at home.
• Always keep your mobile phone in a secure place on your person to avoid losing it. Activate the lock feature when it's not in use so that it can't be used and any stored information can't be accessed if it is stolen.
• If you must discuss personal or financial information over the phone, do so in your hotel room or another private place where you won't be overheard.
• Avoid downloading attachments from your e-mail account onto a computer other than your own. Erase your browsing history and discard any personal files in the computer's trash or recycling bin, then empty it before logging off.
• Never enter or access personal information from a public-access computer or one in a hotel business center, as these can be fitted with hard-to-see key loggers that record your information.
  Be sure to eject any personal CDs, DVDs, or jump drives at the end of a session on a computer that isn't your own.
• Especially after you travel, dealing with merchants you don't know, remember to review your credit card, bank account, and cell phone statements regularly to make sure there are no unauthorized charges.

Data Breaches Reach Record Levels in 2007

by Doug Pollack

According to a December 30, 2007 AP article written by Mark Jewell, the trend in data breaches continues on the upswing. He reported that:

"The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information."

This of course is bad news for consumers who have also experienced meteoric rates of identity theft in 2007. It has been estimated that over 9MM US citizens fell victim to identity theft in 2007. If you're counting, this averages out to one every three seconds. And the growing adoption of new technologies such as wireless internet and devices by businesses and consumers, provides new ways for technically-savvy criminals to circumvent data security measures.

"With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability. Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information security professionals."

Research Groups estimate that between 50MM and 80MM records of personal information were breached during 2007. These breaches were caused both by hackers whose intent is to steal and exploit this personal data, as well as by unintentional human error such as in the loss or misplacement of a laptop computer with sensitive personal data residing on its hard drive.

Predictions by industry groups suggest that breach numbers reported will continue to rise given a growing trend requiring disclosure of breaches and notification of affected individuals by organizations that experience a data breach.

ID Theft During the Holiday Season

by Doug Pollack

Unfortunately, ID thieves don't take time off during the holidays. Because people are out and shopping (or on the web and shopping) more actively during December, there is an even greater risk of identity theft.

Christine Arevalo, an ID theft expert and head of data breach services at ID Safeguards, discusses ID theft during a recent edition of AM Northwest.



When shopping online during the holidays, remember to look for the "lock" icon and "https:" address in your browser when entering your credit card or other personal information. Also, she suggests that you dedicate just one credit card for your online purchases in order to make it easier to keep track of the charges in January. And never use a debit card for online buying since it directly accesses your checking account funds.

The Bad Check Boomerang

By: D. Jones, Recovery Advocate

Have you recently received a collection notice in the mail and don’t know why? Collection notices can be for outstanding balances on credit cards or for outstanding, uncollected checks. Those pesky notices are one of the main ways the average consumer discovers the theft of their identity.

When a check has been written, whether a forgery (signing a name that isn’t yours) or a counterfeit check (a false check created with accurate or completely inaccurate information or a mixture of both) it goes through a few steps before its final destination.

Ever notice those little machines or attachments to the register that scan your check when you present it to the merchant? Those are usually linked to larger check verification companies. The four major ones are: Telecheck, CheckRite, SCAN/ChexSystems and Certegy. The system used either denies or accepts the check and the merchant goes from there.

If the check is denied, it means there is a check collection or an alert out with the particular bureau the merchant uses. The merchant will often give the consumer a card with contact info for the bureau used. However, if the check clears, either the name, driver’s license number or checking account information is not on file with the bureau as being in “negative status”. When a check is verified as “no negative status” it doesn’t mean the check is good – it means there is no record of the check being bad. Not as easy as it sounds.

Back to those check collection notices in the mail – if you've received one it means your personal information (bank info, name, driver’s license number) was used to write a check to a merchant.

If the information used was your account info, you notice unauthorized debits exiting your checking account and alert the bank. If it does not belong to your bank, and here’s the frightening part, you may not know about it for a while.

Once the check doesn’t clear it goes back to the merchant to collect the amount. Often they use those same verification bureaus to collect for them and record the information as “negative” which means the victim is unable to present checks validly – another way a victim discovers the theft of their identity. Enter the appearance of the check collection notice in the mail.

Remember that frightening delay mentioned earlier? If incorrect address or fake address information was used the notice may not get back to you for some time, and identity thieves count on this delay to utilize the checks as long as they can.

Thieves obtain our info through various illegal methods including mail theft, purse/wallet theft, dumpster diving, or corporate breach compromise and black market dealings.

Sometimes the victim attempts to resolve the situation themselves but the collection notices can often be the tip of a very nasty iceberg. We’ve all heard about collection bureaus and their practices - dealing with these guys can run the gamut from irritating to abusive. So if you ever get one of those notices call the check collection bureau and ask them to provide verification of the debt – it’s your legal right!

Credit Union Customers Targeted with Latest Scam

by Heather Wells (Recovery Advocate)

What could be worse than having your bank account or good credit history hijacked around the holidays? Picture yourself at the register attempting to pay for gifts using your debit card and being told that there are insufficient funds in your account. Or imagine checking your credit reports only to discover dozens of new maxed out lines of credit that you did not know about.

The identity thieves are getting increasingly clever with their scams. They have realized that consumers are becoming less willing to respond to “phishing” emails that direct them to decoy websites asking for personal banking information or a social security number. Most folks delete these sorts of emails suspecting foul play, which is the smart thing to do. The newer version of this phishing scam is known as “vishing,” or “voice phishing.”

An article from consumeraffairs.com dated December 3, 2007 states that “sophisticated criminals now send emails instructing consumers to call a telephone number instead of clicking on a link. This tactic, known as ‘vishing’ can be especially effective because consumers who encounter a live person are much more likely to let down their guard.”

Read more from the article and view a recently circulated vishing email here.

Consumers who receive one of these bogus emails should contact their credit union directly by using the phone number on their monthly statement or by obtaining the number from the financial institution’s official website. It’s also a good idea to report this scam to the Federal Trade Commission at http://www.ftc.gov/.

The Missing Ingredient in Most ID Theft Services. Personal Help.

by Doug Pollack

There has been a great deal of attention recently paid to the actions by credit bureaus enabling consumers to use credit freezes as a tool to avoid or deal with identity theft events.

In a recent New York Times article titled "In ID Theft, Some Victims See Opportunity", the author highlights several companies, like ours, that provide ID theft protection services. Several of these companies see the use of credit freezes and credit fraud alerts as a panacea for eliminating the threat of identity theft. This is a position that we do not subscribe to. We believe strongly in encouraging consumers to use all appropriate best practices to avoid identity theft, and we provide a product, FraudStop, that provides broader prevention from ID theft by addressing not just credit records, but also other records including real estate, motor vehicles, utilities and the like, all of which can be used by identity thieves.

"Among its peers, LifeLock has attracted the most attention--much of it negative. In radio and television ads, Todd Davis, chief executive of LifeLock, gives out his Social Security number to demonstrate his faith in the service. As a result, he has been hit with repeated identity theft attacks, including one successful effort this summer in which a check-cashing firm gave out a $500 loan to a Texas fraudster without ever checking Davis' credit report. Last summer, The Phoenix New Times, an Arizona paper, reported that LifeLock's co-founder, Robert Maynard, had a criminal past. Maynard later resigned."

But despite the best protection, ID theft does and will occur. Which is why the consumer is best served by a company that can provide them with an expert to handle any identity theft issues. Which is what we do with our staff of personal recovery advocates. Most identity theft protection services companies do not provide recovery services. They do not have teams of trained professionals. They do not see this as important. We obviously do. And so do the over 2.5 million people that rely on our recovery services.

Among other things, the author highlights that identity theft services whose only value is in setting fraud alerts or credit freezes for consumer, are vulnerable to potential legislation.

"[This] business [specifically mentioned were LifeLock, TrustedID, and Debix] is vulnerable if Congress succeeds in pressuring the three major credit agencies to make these theft-fighting measures cheaper and more accessible to consumers. Sen. Charles Schumer, Democrat of New York, criticized the credit companies last month for making identity theft freezes too cumbersome to set and lift. Each of the three credit agencies recently bowed to public pressure and made freezes available in all 50 states."

But this article is silent on the consumer need for professional ID theft recovery services. It is projected that over 10MM people in the US will fall victim to identity theft in 2008. Identity theft protection services such as ours, and those provided by others in this space, will help in turning this trend. But consumers should be told the truth. There isn't a silver bullet that will guarantee that you won't become a victim of identity theft. ID thieves are using increasingly more sophisticated means to steal from you. Which is why if you opt for an identity theft protection service, it should include expert, professional, personal recovery assistance.

Experian, Equifax and TransUnion Offer Credit Freeze to All Consumers

by Heather Wells (Recovery Advocate)

Starting this month, all consumers will be able to place a “security freeze” with the three major credit reporting agencies. This press release sent on October 31, 2007 details who is eligible to freeze their credit files for free and which folks may need to pay fees to each of the credit bureaus for this service. These fees are for "freezing" and "thawing" your credit files.

Before November 1st of this year, there were 39 states (and DC) that had laws on the books stating that their residents could freeze their credit files. Some other states had adopted freeze laws that applied to victims of identity theft only. With this new law, everyone is eligible, whether they are victims of identity theft or not.

A security freeze (a.k.a. credit freeze) prevents creditors and other entities from viewing your credit report without your express permission. When you apply for credit with a freeze in place, you must use a PIN provided by the bureaus to temporarily lift the freeze. The temporary lift lasts 2-3 days and the entire process adds a few extra days to the application process. The freeze is in place indefinitely until you decide to permanently lift it. Much has been written about the benefits and drawbacks of the freeze. If you are thinking about placing a security freeze, be sure to take into consideration all of the negative consequences as well as the positive.

For example, with a freeze in place, you may be denied employment because your potential employer is unable to conduct a background check. I have personally worked with victims of identity theft who were unable to purchase a new car at a "super sale" rate because they did not time the "thawing" of their credit files just right. On the other hand, there are many id theft victims who enjoy the peace of mind that the freeze offers them, and are more than willing to put up with any potential inconveniences or out-of-pocket expenses.

The three credit bureaus have more information on security freezes at their websites, www.experian.com, www.transunion.com and www.equifax.com.