OCTOBER 2010
Inside This Issue . . .
PENALTY FOR WORLD CUP FANS PREYING ON JOB SEEKERS
HE FAKED HIS DEATH ONLINE DATING DANGERS
THE ATM SKIM SCAM THIS MONTH IN PROTECT
The numbers donʼt lie. 250,000 soccer fans exposed. 7,000 student identities stolen. 26,000 credit card numbers snatched. 16,000 cell phone numbers copied. 2,000 patient records taken. These are all from stories captured in this edition of the PROTECT newsletter. The lesson is clear: in a digital world, it is easier than ever for criminals to steal and store thousands of records at once. No wonder more than 11 million Americans have been touched by identity theft. But when all is said and done, the most important number is one — you — who is vulnerable when the big time rip-offs take place.
MUSIC SHARING IS OFF KEY
COMPUTER BACKUP: BETTER SAFE THAN SORRY
PROTECT can be part of the solution. PROTECT is a monthly newsletter to help you avoid becoming one of the 11 million Americans already victimized by identity theft. Each issue explains the latest crimes and scams and, most importantly, tell you how to protect yourself and loved ones. PROTECT is brought to you by the people who operate I.D. SHIELD 360, a leading service that helps shield you from the criminals determined to steal your most important possession – your identity.
THE NUMBERS DON’T LIE
COMPUTER BACKUP BETTER SAFE THAN SORRY
Backing up your computer is always on the “to do” list but never seems to get done. After all, youʼre not a banker or a government official or a medical researcher with trade secrets, millions of records, or proprietary information to protect. But it makes sense to act now.
Letʼs face facts: computers are a big part of our lives, replacing the mail, the stereo, the encyclopedia, the mall, the photo album, the file cabinet, the financial ledger, and so much more. Why take the chance that you will lose useful — or even vital — business or personal information because of your own error or because your computer malfunctions or because your files become corrupt? Generally, there are three ways to back up documents, photos, music, and other data. The least expensive but most time-consuming is transferring your data to CDs or DVDs. This require a CD or DVD burner, patience, and the discipline to do it regularly. If you have a lot of data, using CDs could mean burning a lot of discs. Most DVDs, on the other hand, can hold up to 4.7 gigabytes of data. A simpler solution may be to use an external hard drive to mirror existing information. External hard drives can provide a convenient way to increase storage space,
with the added benefit that the drive may be unplugged and connected to another computer. They generally have tons of storage capacity and modest per-gigabyte costs. Other external storage options include USB flash drives, which are faster and the most portable, but have little capacity. High-capacity solid state drives — fast and relatively free from mechanical failure — cost too much per gigabyte to be affordable for most people, but prices are coming down in 2010.
Finally, there are sites that offer online backup. Most free and commercial backup software allows you to click and highlight the files and folders you want backed up. They also let you schedule when each day or week you'd like the action performed. A few actually back up files continuously. In general, these services are inexpensive, and the best ones wonʼt noticeably slow down your computer. They also encrypt data before, during, and after it's been sent to industrialstrength servers. There's no media to mess with, either. The differences to shop for: ease of use in setup, choosing files and folders for backup; how you get files back if you lose them; and the degree of encryption and security built into their procedures. Any of the three options — do-ityourself, external hard drives, and online sites and services — are relatively inexpensive and easy to use, and protect you from permanent loss of data.
So what are you waiting for?
GOOD BACKUP PRACTICES
ONLINE MUSIC SHARING IS OFF KEY
Illegal music downloading and file sharing seem to have become a right of passage, a part of growing up in the 21st century, a way to get great deals and make online buddies while sticking it to anonymous companies. But, in addition to the fact that it is illegal, the practice opens music sharers to serious security breaches, computer viruses and other ugly side effects. One danger is that it is difficult to verify whether the source of the files is trustworthy. Such files are often used by attackers to transmit malicious codes. This means spyware, viruses, Trojan horses or worms. When the music is downloaded, your computer becomes infected. All kinds of private information about you, such as logins and banking details, may be sent back to a central server owned by the spyware or malware creator. Also, your computerʼs performance is compromised: some experts estimated that as many as 50 percent of all problems that send computers to the shop relate to viruses planted, purposely or not, through such files. Further, music file sharing often leads to identity theft issues because you often give other users access to personal information. Whether it's because certain directories are accessible or because you provide personal information voluntarily, unauthorized people may be able to access your financial or medical data, personal documents, sensitive corporate information, or other personal information.
Yet another concern is that, in the process of sharing and transmitting files, your computer may open certain ports in your firewall. This may give attackers access to your computer or enable them to attack your computer by taking advantage of vulnerabilities in your applications or system. Finally, back to the obvious point: itʼs often illegal and it may have consequences. File shared applications may include pirated software, copyrighted material, or pornography. If you download these, even unknowingly, you may be faced with fines or other legal action. If your computer is on a company network and exposes customer information, both you and your company may be liable. And, as much as you may wish to deny or rationalize, the fact is that artists, musicians, writers, engineers and others in the music business suffer harm, which ultimately costs the consumer – you – as well.
MORE ON THE DANGERS OF MUSIC FILE SHARING FROM MICROSOFT
MAJOR PENALTY FOR WORLD CUP FANS
As memories of the 2010 soccer World Cup in South Africa linger, FIFA, soccerʼs global governing authority is reporting that the personal information of some 250,000 fans who attended the previous World Cup — 2006 in Germany — may have been stolen and sold on the black market.
The information is said to have been stolen from a database compiled by FIFA to make it easier for fans to buy tickets at its far-flung ticket offices. The same company victimized by this theft also ran ticketing operations for the 2010 World Cup.
The theft includes names, birthdates and passport numbers of World Cup fans throughout the United States and Europe. This includes an estimated 20,000 Americans, 35,000 Englishmen, 36,000 Swiss, 42,000 Portuguese, 36,000 Dutchmen, 50,000 Scandinavians and tens of thousands Poles, Italians, Germans, Frenchmen, Spaniards and Croatians. The full list reportedly includes the personal details of a number of high-profile fans, including those of a former Swedish prime minister and many star players who fear blackmail or worse. A criminal investigation is underway amid concerns that criminal gangs — or even terrorist groups — may have purchased the information for up to $1 million dollars. Taking an early lead is the Information Commissionerʼs Office (ICO), the UK data watchdog, whose head has stated: “The unlawful trade in peopleʼs personal information is a criminal offense under the Data Protection Act. We have launched a full investigation. As part of our investigation we will be working together with international data protection authorities.” Several other countries and international agencies are also launching inquiries into why the databases were not deleted after the 2006 World Cup, as called for by international law governing sensitive information.
Early speculation is that it was an inside job, possibly by a rogue employee of Match Hospitality, the official ticket agent for FIFA. To add to the embarrassment, Match Hospitality is partly owned by a media company run by Philippe Blatter, nephew of FIFA president Sepp Blatter. Sepp Blatter also had exclusive rights to sell ticket hospitality packages at the 2010 and 2014 tournaments, and has been criticized for jacking up pricing for packages for this summerʼs World Cup, resulting in many empty seats in South Africa. FIFA has thus far refused comment on the case other than that it is starting its own investigation.
ID THIEVES PREY ON JOB SEEKERS As we head into the 2010 mid-term elections, persistently high and long-term unemployment continues to be a gut-wrenching problem for the nation. Almost as sad is the fact that identity thieves are taking advantage of the moment to steal personal information from job seekers and their resumes. And job seekers are more vulnerable than ever because of the proliferation of online job boards and, more so, because desperation leads to mistakes. Here is advice from the experts for protecting your identity during the job search. It can be summed up in a nutshell: Be careful and be patient.
SIMPLIFY YOUR RESUME While some people mask their information by not putting their name on a resume, this is not realistic or favored by recruiters. Rather, you can set up an alternative email address to use for job hunting, and use a cell phone number and a post office box as your address. Yahoo!, Hotmail, Juno, and Netzero all offer free email accounts. Companies today are aware of the identity theft risks associated with resumes, so they don't necessarily expect to see home addresses included on resumes. Also, to protect friends and employers, hold back on providing references until they are requested. INVESTIGATE RECRUITERS Fake recruiters are an increasingly common hazard. Ask for references from friends, ask the recruiter for references, or check out local business associations to see if they are members. You can also use the Internet to find the company's web site and verify the address, phone number, and other information. Check the career page to see if the job opening is listed. Stay away from sketchy job listings, many of which thrive on unmonitored sites such as Craigslist. To identify a legitimate listing, use reputable sites only and look for job postings that identify the company posting the listing. Conversely, avoid job advertisements that list the company name as “private” or “unlisted.” Itʼs not worth the risk. Look for recruiter unprofessionalism: typos, misspellings, a private email address. JUST SAY NO If a recruiter asks for more information than makes common sense — copy of your driverʼs license, a bank account statement, marital status, a passport or
visa, a money transfer for a “starter” or “application” fee — be suspicious. Respectable recruitment companies start with just the basics, name and contact information. If you feel uncomfortable with a question, just leave it blank. And the legitimate recruiters rarely if ever ask for a fee to get the search process started. To protect yourself from becoming the victim of a data breach, sometimes itʼs best just to say no.
GET REAL ABOUT JOBS How many times have you heard this advice? If it sounds too good to be true, it probably isnʼt. Nobody makes a million dollars working from home part time. These types of ads are usually not real, and there is always some catch. Most of these ads will link you to websites that ask for your personal or sensitive information. Do not be fooled.
ASK FOR PRIVACY POLICIES Reputable job sites have a privacy policy. Check it out to see how long your resume will be up on the site and other ways they protect it from the general public. Some site even let you give them your skills and then have the job openings mailed to you, which keeps you in control. No privacy policy, no deal. PROTECT YOUR RECORDS Educational records are increasingly an area where privacy is breached. Under the Family Educational Rights and Privacy Act (FERPA), you may request that your college or university not release your educational records without your permission. Donʼt let fake recruiters, or anyone else, access these records without your knowing about it. EVEN AFTER YOU ARE HIRED Once a job offer comes, you still must be careful. Avoid providing originals or copies of documents such as passports or birth certificates. Employers can legally record the information on the documents to get you signed on, but you are well within your rights not to hand over documents or copies can be mishandled.
TRUE STORIES HIS BROTHERʼS KEEPER A man who allegedly stole his brotherʼs identity, joined the Navy, worked at a Naval Hospital under the stolen identity, then attempted to fake the death of his brother to collect an inheritance, is facing numerous charges in federal court. According to the indictment, Jason Robert Daniels used his brotherʼs name and Social Security number to join the Navy. Upon being sent to Guam, he used the stolen identity to work at the hospital through 2009. Not satisfied, he then took out a $400,000 life insurance policy on his fake identity, which was set up to benefit his real identity. The next day, Daniels also created a will that would transfer all the earnings of his fake identity to his real identity. As a final step, he staged a bogus suicide that would have gotten him the pay off. Along the way, Daniels also managed to use the fake identity to take out loans and run up credit cards. His brother was not available for comment.
HOSTILE TAKEOVER Manhattan NY District Attorney Cyrus R. Vance, Jr. has indicted Iguosade Osahon for stealing more than $500,000 by exploiting stolen identity information over a three-year period. Osahon stole the names, dates of birth, and Social Security numbers of more than 750 individuals, which he used to perpetrate a variety of identity theft scams. Starting in 2007, Osahon began compiling the personal identification information of his victims, including their Social Security numbers and dates of birth, from a variety of sources, including online data traffickers. With the data, he was able to take over victimsʼ bank and credit card accounts. Records show he spent some of his ill-gotten gains on high-class goods: Tiffany & Co. jewelry, Rolex watches, and goods from Louis Vuitton, Bloomingdaleʼs and Target.
WAKE COUNTY WARRANTS
A Raleigh, NC woman is being held under a $5 million bond while she faces nearly 30 charges in connection with an alleged identity theft scheme. Arrest warrants from Wake County state that Heather Lynn Holley opened up bank and credit card accounts, and cashed checks using other people's identities. In one case, the identity of a 2-year-old child was stolen. Investigators claimed in the warrants that Holley broke into several homes to obtain birth certificates, passports, Social Security numbers, vehicle registration cards and other documents. Also stolen were an external hard drive, jewelry, clothing and antiques, according to the warrants. In one instance, Holley used someone elseʼs health insurance card to obtain medical treatment and, in another, tried to cash a forged check for more than $30,000.
STORAGE CENTER A Miami, FL man has pleaded guilty to identity-theft related charges after federal agents found more than 26,000 credit card numbers stored on his computer. Juan Javier Cardenas purchased the stolen credit card numbers over the internet. In 2009, he emailed more than 1,500 credit card numbers to five co-conspirators, who used the compromised numbers to make fraudulent purchases. The Department of Justice has not detailed how Cardenas obtained the credit card numbers over the Internet.
CHILDʼS PLAY Medical records for more than 2,000 people were stolen from the University of Kentucky Hospital, prompting the Lexington, KY facility to issue an alert for identity theft. The records were taken from the Department of Pediatricsʼ newborn screening program. A laptop containing personal information — social security numbers, birthdates, diagnoses, and mothersʼ names included — was stolen. A University of Kentucky spokesman said the investigation began in late summer and is ongoing, and that institution is contacting those whose records could be affected.
FLUNKING SECURITY Embarrassed officials at City College of New York, one of the colleges of The City University of New York, have sent warning letters to 7,000 students telling them that their personal information has been compromised. The information was on a laptop that was stolen over the summer break, and included Social Security numbers. Though school officials say the information is password protected, many students and parents are expressing worry about the possibility of identity theft.
WRONG NUMBER Nine former employees of Sprint, the cell phone service provider, are charged with conspiring to commit wire fraud and identity theft in a $15 million cell phone-cloning scheme. According to the complaint, from January through June 2010, the nine defendants used the companyʼs computer network to obtain confidential information about the cell phones of thousands of customers. All told, they accessed customer accounts more than 16,000 times. They then created clones of the customersʼ cell phones and made unauthorized calls valued at millions of dollars in charges. Sprint has now credited the victims for the value of these calls.
BREAKING IN
Five people have been arrested in St. Louis, MO for conducting a nationwide identity theft ring. Police say the gang depended on car break-ins to get drivers licenses, checkbooks and credit cards. The ring started in Florida but worked their way north to Missouri. Tara Funk (pictured left), Brandon Taylor, Steven Black, Jearvon Jackson, and Kevin Robinson have all been arrested for their role in the thefts. All are from Florida. The scam was busted when a teller at the Bank of America realized a check was stolen and alerted police. After a short chase, three of the suspects were caught. When arrested, the thieves had more than $5,000 in cash, dozens of credit and debit cards, checks and data about the owners. One suspect was found with $1,500 tied around his private parts.
ONLINE DATING
DANGEROUS LIAISONS
In todayʼs fast-pace and fully-wired era, it is
no surprise that more and more people are turning to the internet to meet prospective partners. Online dating can be a satisfying and rewarding experience. Still, the growing popularity of the practice — and the fact that people can hide anonymously behind their computer profiles — is leading to a rising tide of identity thefts and related scams.
Among the most common problems encountered in the online dating scene: the person on the other end is not who they claim to be, perhaps older or less genteel, heavier or poorer, married on the side, or even emotionally unstable; or the person is part of a scheme to get your email address for marketing or spamming; or your prospective date is really looking
for a shakedown to get you to send money for a visit or an emergency or to help a sick friend or aid a Nigerian prince; or your online pal is really looking to obtain your phone number, credit card, bank information or passport to steal your identity. HERE ARE THE BASICS FOR PROTECTING YOURSELF FROM ONLINE DATING SCAMS:
AVOID FREE DATING SITES These sites donʼt make much of an effort to run background checks to identify or filter out fakers and scammers.
SET UP AN ANONYMOUS EMAIL ACCOUNT Use an email service and change the account information to not give out your full name. This protects your privacy.
USE A CELL PHONE NUMBER A person armed with your home number can more easily find your home address.
QUESTION PERFECTION Carefully scrutinize the dating profile to look for obvious signs of fraud such as the person being too perfect or the information too generic.
MEET IN A PUBLIC PLACE This includes driving yourself to the destination so that a stranger does not know where you live.
DONʼT OFFER TOO MUCH INFORMATION Resist the urge to tell your life story, occupation, details, even your address, until you feel more confident about the other person. DO EXTRA RESEARCH If you are interested in this person, run your own background check or at least use Google for the basics. FEAR LOVE AT FIRST SIGHT While having someone fall instantly in love with you may be flattering, be wary. They may try to gain your trust through flattery, only to abuse it later. Time is on the side of honest people, and against desperate scammers. DONʼT SEND MONEY Be concerned when people ask for money. Keep it where it belongs, in your pocket.
TRUST YOUR GUT If someone or something makes you uncomfortable or sends up too many red flags, stop communicating with this person. Like in all aspects of life, online dating requires listening to your instincts.
AVOID ONLINE DATING SCAMS
THE SKIM SCAM
When located in an area that is well lit and filled with people, the ATM seems like a great convenience and a safe bet. Donʼt be fooled. ATM skimming is spreading nationwide. Indeed, the ATM Industry Association acknowledges that the scam is among the banking industryʼs biggest frauds and the U.S. Secret Service estimates annual losses at $1 billion a year.
Hereʼs the scoop. Skimmers are electronic devices cleverly disguised to blend in with an ATMʼs appearance. Their purpose is to record the information stored on the magnetic strips of debit and credit cards. ATM skimmers can have two different hardware parts: a card reader and a camera. The card reader is a plastic covering that attaches over the slot. It may be bulky, but blends in because the color matches. The card reader steals a card number and, for some purposes, that is enough. But if the criminals also want cash after you leave, they need the camera to record your PIN number. Cameras tend to be hidden in discrete objects, with a small pinhole in it, and attached further up the ATM. The pinhole lets the camera view and record PIN numbers punched on the keypad below. While the ATM is the most common locale for skimmers, the system can be set up on any machine that accepts credit cards. Cases are beginning to show up at gas pumps, stores and restaurants as well. How is the information actually stolen? Essentially, there are two different types of wireless transmissions in play. The first uses Bluetooth technology. Once the hardware is attached to the ATM, someone in a nearby car downloads the information onto a laptop as people perform their transactions. Most commonly, the stolen data is uploaded to the internet and sold to scam artists. The other method is through a router. After attaching the hardware to the ATM, the individual places a laptop and router nearby, perhaps in a garbage can. The router transmits the data from each transaction to the laptop. Later, the criminals return to pick up the equipment. Financial institutions know that skimming is on the rise. They are trying to work together more closely as a group and with law enforcement officials. Alerts are sent out whenever a skimming incident is detected and surveillance devices are being placed near ATMs to take pictures of potential skimmers in action. The reality, though, is that individuals must take greater responsibility for their own protection. Use the same ATM whenever possible. Familiarize yourself with the machine and be able to spot anything out of the ordinary. Look for hiding places for a tiny camera, such as oddly placed brochure holders or a mirror positioned over the keypad. Cover the screen with your hand when typing your PIN to obstruct the view of your fingers. If you see a strange device on an ATM machine, call your local law enforcement agency or bank immediately. Finally, check up frequently on your accounts and monitor your credit reports to help limit any damage.
HOW THEY CALCULATE
YOUR CREDIT SCORE
Last month, PROTECT commenced a series on understanding your credit report. The reason is simple: knowing what is in these reports is vital to your economic health and safety. You need a clean report to apply for a mortgage on a house, to buy a car, or to finance any big ticket item. You need to know how the reports work so that you can work to improve your credit scores. You need to monitor it for errors and discrepancies, which happen often, and to make sure no one has stolen your identity is running up debts in your name.
Since credit reports are updated all the time, itʼs also good to check your credit report regularly with the three credit bureaus, Equifax, Trans Union and Experian; some say at least once a year while many experts recommend a quarterly review. Last month, we looked at the basics: what information is compiled in the report. This time around we explore your credit score, what it is and how it is calculated. Your Credit Score is a mathematically calculated number based on the information in a credit report, essential your payment and debt records. It does not include outside information such as salary, age, gender or race. By comparing the information on your report to hundreds of thousands, credit reporting agencies come up with a number that can be used to identify your level of future credit risk. Credit scores are often called “FICO scores” because most scores are produced from software developed by Fair Isaac Corporation or FICO.
SCORES RANGE FROM 300 TO 850 – THE HIGHER THE SCORE, THE LOWER THE RISK. HERE IS HOW THE CALCULATION IS MADE:
you have managed credit responsibly. This may be better for a score than having no balance at all.
LENGTH OF CREDIT HISTORY
PAYMENT HISTORY
This accounts for about 35 percent of the score. This includes on-time payments on credit accounts, credit cards and retail stores, as well as mortgage payments and installment loans for cars and other large items. Late payments and delinquencies are also taken into account, such as how late they were and how many times you missed a due date. Payment History also includes public record and collection items such as bankruptcies, foreclosures, wage attachments, liens, judgements and even late payments on public utilities such as water or electricity.
AMOUNT OF CREDIT
This accounts for about 30 percent of the score. This looks at the total amount owed on each account and the overall amount at issue. It also looks at the number of accounts on which you owe money. Here, the larger amount of debt and the more accounts you have, the greater is the credit risk. Interestingly, having a small balance without missing a payment can show that
With 15 percent of the score, this factor looks at the age of your oldest account and the average age of all of your accounts. It also considers how long it has been since you used certain accounts.
NEW CREDIT
This accounts for 10 percent of the score. The credit report considers how many new accounts you have, how long it has been since you opened a new account, how recently a lender made a credit report inquiry, and whether you have repaired problems with your credit history.
TYPES OF CREDIT
The final 10 percent of the score looks at the types of credit accounts you have, and how many of each type. Revolving credit is basically credit cards, American Express, Visa, MasterCard, Discover, and store cards. Installment credit encompasses personal loans, car loans, student loans and mortgages. COMING UP IN THE SERIES:
HOW MISTAKES ARE MADE AND HOW TO FIX THEM HOW TO IMPROVE YOUR FICO SCORE WHAT YOUR SCORE DOES NOT INCLUDE AND MORE . . .