NOVEMBER 2010
Inside This Issue . . . MEDICAL THEFT ON THE RISE
SHOCKING FACEBOOK APP FLAP BASKETBALL STAR FOULS OUT
THE PARENT TRAP THIS MONTH IN PROTECT
If you have seen the hit movie, The Social Network, you know the back story about Facebook and its meteoric rise to 500 million users worldwide. All well and good and glamorous — in the movies, that is. But Facebook and other social media sites, like MySpace, LinkedIn and Twitter, also expose millions of potential victims to identity theft and privacy invasion, and have become a fertile place for criminals to operate. Danger lurks: security experts liken checking out links to going down a dark alley at the invitation of a stranger. No wonder identity theft continues to grow exponentially, as this monthʼs lead story on Facebook apps reveals.
PROTECT can be part of the solution. PROTECT is a monthly newsletter to help you avoid becoming one of the 11 million Americans already victimized by identity theft. Each issue explains the latest crimes and scams and, most importantly, tell you how to protect yourself and loved ones. PROTECT is brought to you by the people who operate I.D. SHIELD 360, a leading service that helps shield you from the criminals determined to steal your most important possession – your identity.
VET IDENTITIES STOLEN
IMPROVING YOUR CREDIT SCORES SENIOR SWEEPSTAKES SCAM
THE FACEBOOK APP FLAP Though Facebook and its social media siblings claim that they are safe to use, evidence continues to build that these companies cannot secure the volumes of sensitive information gathered on their sites. Not from hackers, not from criminals, not even from otherwise legitimate marketers who just want to know a little more about you.
The latest problem has sent shockwaves through the country. It arises from several of the popular applications — or “apps” — on the Facebook site. Apparently, many of these apps have been transmitting identifying information — essentially providing access to peopleʼs names and even friendʼs names — to advertising and internet tracking companies. According to an investigation by The Wall Street Journal, the issue may affect tens of millions of app users, even those who set their profiles to maximum privacy. The practice is against Facebook rules about sensitive private data, and renews gnawing questions about the companyʼs ability to protect its users. It is unclear how long the breach has been in place.
The problem is linked to the expanding number of companies that build detailed databases on people in order to track them online. Apps are bits of software that let Facebookʼs 500 million users play games or share common interests. The Journal found that all the top ten most popular apps were transmitting users IDs to outside companies. These games include FarmVille, Texas HoldEm Poker, FrontierVille, Café World and Mafia Wars. Several also have been transmitting personal information about a userʼs friends to outside companies. Most apps aren't made by Facebook, but by independent third party developers.
The key piece of information being transmitted is the Facebook ID, a unique number assigned to each user on the site. Since the user ID is a public part of any Facebook profile, anyone can use that number to look up a person's name, using a standard web browser, even if that person has set all of his or her Facebook information for maximum privacy. For other users, the ID reveals information they have set to share with “everyone,” including age, location, occupation and photos. The gay community is particular up in arms about this, as it appears that one bit of information being tapped is sexual orientation. The apps are sending Facebook ID numbers to dozens of advertising and data firms, several of which build profiles of internet users by tracking their online activities. They justify the actions as saying it allows them to better target (and thus serve) individuals with promotions for specific products. Facebook says it is taking steps to “dramatically limit” the exposure of usersʼ personal information. Since the story broke, MySpace has now acknowledged a similar problem. Congress has begun an investigation with a letter to Facebook founder Mark Zuckerberg, and a class action suit against at least one of the app makers has been launched. There are generally lots of tips for protecting your personal data, but in this case the available advice is limited: restrict the information you place on Facebook, use common sense about what you open and who you friend, and forego playing the major game apps until a technology solution to the particular problem is resolved.
CREATING A STRONG PASSWORD
Passwords are a necessary part of your life these days. The average internet user, studies show, is asked for it by more than 20 websites a month. But if your password is compromised, you are vulnerable to identity theft, money stolen from bank accounts, fraudulent purchases via online shops, and much more mayhem. A fraudster who manages to find or figure out your password(s) will have the keys to your entire online life, and can do anything with your accounts that you can. An important safeguard against the risk of, or serious corollary damage from, identity theft is to be smart about creating and protecting your password. 1. Have a different password for each and every important account or transaction; one would not have the same key to every door lock.
2. Craft strong passwords that are random combinations of letters and words rather than obvious dates or names or other personal information that an identity thief can glean. Childrenʼs names, spouses names, your address, your birthday are all bad ideas.
3. Further to point 2, make the password as long as possible, include as many diverse characters as possible, do not use real words spelled forwards or backwards, and do not use simple combinations (like 1,2,3,4,5) that are easy to spot when you type them in. 4. Keep your passwords secret, even from friends and family members, because the more people who know a password, the more likely it is to leak.
5. To be extra safe, change your passwords regularly. The experts says that making changes every 30 to 90 days is a good ruleof-thumb. Common sense, yes. But recent research in Britain found that nearly half of internet users use the same password for most accounts, one in ten use memorable dates and names that an identity thief could figure out, and four in ten share their passwords with friends or family.
WATCH A VIDEO ON CREATING A STRONG PASSWORD
BEWARE THE
TRUSTED EMPLOYEE
At small businesses, it is often the long time trusted employee — or even a business partner — who steals. Such a person has access, knowledge and, perhaps, motivation, to forge, to steal, to scheme. Because of the relationship, there is often a long delay before the boss catches on, making the damage even worse. Here is what experts say about how to prevent the loss and the heartbreak goes with it.
First, know the common methods of employee theft. Frequently, an employee creates a fictitious vendor who is paid for goods never received or services never performed, and pays with a check that he then cashes. Sometimes, an actual vendor and the employee work a deal by marking up prices and collecting kickbacks. Another common approach is for an employee to open an account with the same name as the company, then take customer checks and deposit them in that account. The books are changed so the customer transaction does not exist. Last, but not least, there is old-fashion theft of petty cash or inventory. Second, know how to prevent it. Here, the key is vigilance. There should not be one person exclusively responsible for the accounting function, and there must be an independent accountant who comes in to audit the books on a regular basis. It also helps for the owner to be more hands-on. At minimum, this means reviewing checks and bank records each month. A rule set in stone against gifts from vendors can also be useful. And technology can help: judicious use of video cameras and chips in inventory can cut down on stealing.
Third, remember that identity theft can be as serious as property theft. Disgruntled or dishonest employees can steal co-workersʼ personal information, especially through access to payroll records which include addresses and Social Security numbers. Personnel files, benefits data, payroll
records and tax records all potentially offer thieves the opportunity to steal tens or hundreds of identities in one fell swoop. Employers who donʼt use basic precautions, such as evaluating their computer security practices regularly and storing personnel files in locked cabinets, raise their likelihood of being sued for negligence. Experts recommend that small businesses bring in IT specialists to create secure computer systems and to otherwise limit access to sensitive information.
Lastly, when the crimes are discovered and you have a suspect, the experts advise against immediately confronting them. Being wrong can lead to defamation suits and other ugliness. Instead, consult the professionals. A lawyer can help you take the case to the police or district attorneyʼs office. An accountant can go through your books and try to determine who had access to them and who likely committed the crime. Also, if personal information is involved, issue a warning to the innocent employees and contact the three major credit bureaus to notify them of the problem and to seek advice on how to protect the credit ratings of your employees.
MEDICAL FRAUD
BECOMING AN EMERGENCY
As unemployment stays high and health care reform stalls, medical theft is becoming a major social disease. As many as half a million Americans may have already been victimized.
The problem is two-fold, say the experts. First, your identity is misused for the good of others, and you pick up the bill or even lose your own coverage. Second, your medical records may become tainted with the wrong person’s data or blood type or allergies, putting you at risk if and when an emergency arises. Thus, you may not only end up with bills incurred by the person who steals your identity, but the crime can even prove fatal. There are three main ways thieves steal your medical identity. First, they bill your health insurance plan for fake or inflated treatment claims. Medicare is a particularly rich source of such theft. Sometimes these are inside jobs, other times organized crime is involved. Second, they use your identity to buy prescription drugs, which are resold or used to satisfy addictions,or medical equipment and supplies. Here, dishonest pharmacists and vendors join the game. Third, medical thieves without their own insurance want to use your identity to get free treatment based on your policy. Sometimes this problem is made worse by well-meaning people who voluntarily share their insurance with friends; this is a dangerous practice. How can you protect yourself? The experts say vigilance is the answer. In addition to generally being careful with your identity, there are some specific medical industry related safeguards. Check the explanation of benefits each time you get them from an insurance provider. Ask for a yearly statement from the insurer of all benefits paid out under the policy that year. If you think you might be a victim of medical ID fraud, get a copy of your records from your doctor, hospital, pharmacy and laboratory. Correct false medical reports immediately to avoid damaging mistakes in your healthcare. As always, advise the medical experts, be sure to check your credit reports with the three major credit reporting agencies by yourself or via your identity protection system.
CLICK HERE FOR A COMPREHENSIVE LOOK INTO MEDICAL IDENTITY THEFT AND WHAT TO DO ABOUT IT
VETERANS UNDER IDENTITY ATTACK Members of the Armed Forces are among the most vulnerable people to identity theft. This is because of their non-standard work hours, frequent lengthy absences from home, relocations and duty assignment in remote locations, and their communal living situations where civilians, foreigners and others have easy access to their information.
But one event that put virtually all veterans at risk of identity theft had nothing to do with the experience or actions of individual soldiers. It was a system wide failure in which the Veterans Administration lost 26.5 million Social Security numbers. This still stands as the largest identity theft of a federal government agency and a cautionary tale of massive proportions.
In 2006, a long-time analyst at the Veterans Administration was blamed for the lapse after he took home sensitive data and his home was burglarized. The burglary included the employee始s laptop and external drive, which contained the names, Social Security numbers, dates of birth and numerical disability ratings of millions of vets. Luckily, no medical records or financial information were compromised.
The analyst promptly notified his superiors but because of bureaucratic delays, veterans and the public were not informed until three weeks after the event. Eventually every veteran and many of their spouses received a warning letter from the government. The laptop was later recovered by the FBI and it remains unclear if the personal information was actually improperly used. Still, the inspector general of the Department issued a blistering report about the sloppy procedures for protecting personal information at the VA, and the agency始s slow response to the theft.
Flash forward to 2010. The Veterans Affairs Department is now in the process of paying out a total of $20 million to veterans for exposing them to possible identity theft. This is the result of a class action suit recently brought and won by five veterans groups. The money is being used to pay veterans who can show actual damages from identity theft or costs incurred for credit monitoring. If any of the money is left over, it will be donated to various veterans始 charities.
THE PARENT TRAP
Strange but true. A growing proportion of identity theft is being perpetrated by parents on their children. The problem first surface publicly just three years ago, and experts now say it is spreading fast. Indeed, the FTC reports that nearly 10 percent of identity thieves are family members or relatives of the victims, though the Commission does not say how many of these are parents.
It comes down to this. Parents have an exceptional opportunity to steal because they know their childrenʼs Social Security numbers — the key to opening credit card accounts and store accounts — and can intercept any mail that could tip off other family members to the crime. They are also in a position to raid custodial accounts, swipe money from trust funds, or sell off savings bonds received as presents. And even if they are caught, parents often believe that they have committed a victimless crime (it was necessary or they deserved the money or they intended to replace the money at
some future date) and children are often reluctant to prosecute (generally out of embarrassment or a misplaced sense of loyalty). So the crime has high reward and low risk. The reality, however, is that parental identity theft is far from a victimless crime. For the child, it invariably creates long term problems. These include compromising the childʼs credit rating at key moments in their lives; making it hard for the kids to prove to lenders that it was their parents who did the damage; and leaving emotional scars in the same vein as sexual abuse.
As for how to address the problem once it is revealed, experts suggest that children adopt a “tough love” strategy. That means filing a police report so as to get your credit cleared or, at minimum, seeking private mediation to get the parents to privately admit in writing to the wrongdoing. Only with such public admissions or documentation can the child easily clear his or her credit rating and reputation. Other common sense steps to avoid additional thefts in the future: children should consider changing their Social Security number, an admittedly difficult procedure, and they should always be vigilant about checking credit reports or should hire an identity protection service. SEE INTERVIEW WITH VICTIM OF PARENTAL ID THEFT
TRUE STORIES TREATING PATIENTS POORLY A Texas woman has been sentenced to 15 years in federal prison for stealing the personal information of patients while employed by a medical billing contractor. Katina Candrick, 34, of LaGrange TX was sentenced for conspiracy to commit identity theft and unlawful possession of fraudulent identification documents. As a patient account representative at MedAssets, a health care billing company, she illegally obtained the personal information of more than 1,200 individuals from billing accounts she handled. When arrested, she was living under the name of a person whose identity she had stolen. She also used the stolen documents of others to pay for living expenses, vehicles and other items. SENIOR SWEEPSTAKES SCAM An unemployed senior citizen living in Clifton, NJ recently received a letter saying she had won $285,000 in a sweepstakes and needed only to pay the tax on her winnings — $2,850 — to receive the prize. She sent the money and, of course, never heard about the win again. The “final prize notification” letter appeared to be from ING Financial Services, advising her to deposit an enclosed $3,425 check, representing initial payment on her prize, and to transfer the $2,850 to the company as taxes on her prize. Two days after she deposited the check and wired tax payment, her bank called to inform her that the “initial prize check” was counterfeit. Local police have turned the matter over to the FBI, but say they are unlikely to be able to track down and punish culprits overseas because tend to operate from out of the U.S.
B-BALL STAR FOULS OUT
An identity theft story receiving national attention involves Guerdwich Montimer, a 22 year old who posed as a teen of a different name to enter a Permian, FL high school to play basketball. He has now been indicted on felony counts that stemmed from a false birth certificate and a sexual relationship with an underage girl. Montimer, along with a friend who helped him pull off the identity switch, are accused of tampering with government records and identity theft, charges that stem from Montimer presenting a false birth certificate when he enrolled in the school. Tampering with government records, carries a maximum penalty of 20 years in prison in Florida. Identity theft carries a sentence of six months to two years in a state jail. Montimer, a 6-foot-5, naturalized citizen from Haiti, led his new high school team to the playoffs; he had already graduated from a Fort Lauderdale high school in 2007 where he had been a star player. Montimerʼs ruse ended when he was recognized by former coaches at a basketball tournament.
SYSTEMATIC SCHEME A Waycross, GA woman has siphoned more than $2 million out of a companyʼs bank account while she served as office manager for the business. Sandra Coombs, 39, admitted that she stole the money from Ace Pole Co. over a four-year period. Coombs was charged with embezzling the money by forging a series of checks on the companyʼs bank account and making them payable to herself. When the forged checks were cashed, the money was deposited into her personal bank. Coombsʼ embezzlement was discovered as the result of her arrest on unrelated drug charges. she admitted using the money to pay for a lavish lifestyle that included shopping sprees, several cruises and renovations to her home. TEMP HAS PERMANENT PROBLEM A new identity theft scandal involving a woman who worked as a temp for Milwaukee County, WI is now in court. Starlita Sims is accused of stealing the personal information of more than 30 current and retired county employees from the Human Resources Department. Prosecutors say she also gave that information to her boyfriend, Christopher Jackson, who is suspected of opening up fraudulent accounts and setting up a PO Box in order
to misdirect credit card bills and fraudulently purchased goods. In one specific instance, say police, Sims stole a direct deposit form with another workerʼs personal information. Sims and Jackson opened credit cards and changed bank information for that employee.
SCRATCHING THE SURFACE The arrest of a Nevada woman suspected of trying to use a fraudulent credit card led local police to a house full of suspected ill-gotten goods. These included a Hummer, flat panel TVs, DVD players, computers, color printers, digital cameras, video game consoles, power tools, and more. Two women are in custody. The investigation is ongoing, but Logan Township, NV police believe they have just “scratched the surface” as to what the pair was doing with other people's identities. They say there were two dozen fraudulent credit cards, numerous altered drivers licenses, and printed checks with names of real people in the area. It is believed that the suspects had also opened a $68,000 credit line opened in the name of a local couple.
MAN GAMBLES HIS JOB
A Norwalk, CT man has scammed his 88-year-old boss. Eric Christian is charged with dozens of crimes, including first-degree identity theft, stemming from the defrauding of a Greenwich businessman who hired him to help around the office. The charges include more than 50 counts of credit card fraud and criminal impersonation. Using his former employer's identity, Christian set up a fraudulent credit cards, stole checks and made purchases, as well as attempting to transfer large sums of money from the business accounts to his own. Most of the money was spent on clothes and gambling. Police in Las Vegas nabbed Christian after he fled Connecticut. He is said to have a chronic gambling problem and a history of identity crimes.
HOW TO
IMPROVE YOUR CREDIT SCORE
PROTECT is publishing a series on understanding your credit report for a simple reason: knowing what is in these reports is vital to your economic health and safety. You need a clean report to apply for a mortgage on a house, to buy a car, or to finance any big ticket item. Improving your credit score is always a good idea; lots of people have adequate scores but could raise them with a little effort. It is an even more pressing matter for the estimated 30 million Americans with a score low enough to make getting loans and credit cards difficult to impossible. A severely low score is usually under 620 on a scale of 300 to 850. Raising a score has been likened to losing weight. It takes time and work, and there is no quick fix. HERE ARE SOME KEY TIPS FROM THE EXPERTS:
PAY BILLS ON TIME Pay your bills on time. Get caught up and stay current since the longer you remain timely, the better your score. If you are way behind, a professional credit counselor may be a good idea. It won’t help your score right away, but it will get you back on track. KEEP BALANCES LOW Keep low balances on credit cards and other revolving credit. High outstanding debt on revolving credit is bad for your score. Pay down revolving credit rather than moving it around to multiple accounts, and try to keep balances below 30% of the credit limit on each card. Paying down installments payments, such as mortgages and student loans is positive for your score, but keeping credit card balances under control has more impact.
OLDER IS BETTER The longer an account has been opened, the better for your scores. Do not open a lot of new accounts. New accounts lower your average account age, which will have a larger effect on your score if you don’t have a lot of other credit information. Since the older the better for your credit history, use an older credit card once in a while so the account is seen by the scorers as active.
REESTABLISH CREDIT HISTORY If you have had credit problems, opening new accounts responsibly and paying them off on time will raise your credit score in the long term.
GOODWILL HUNTING If you've been a good customer, but have one late payment, ask the lender to simply erase it from your credit history. You usually have to make the request in writing. A longerterm solution for troubled accounts is to ask that they be "re-aged." A lender might erase previous delinquencies as a reward for making a series of ontime payments. HAVING CREDIT IS GOOD In general, having credit cards and installment loans (and paying them in a timely manner) will raise your credit score. Someone with no credit cards, for example, tends to be higher risk than someone who has managed credit cards responsibly.
FIGHT UNFAIR BILLS If an unfair bill has resulted in a collections account, keep fighting with the biller and dispute the account at the credit bureaus. Collection accounts are bad for your score. CHECK THE REPORTS There is no scoring penalty for checking credit reports from the bureaus. So check from time-to-time to make sure there are no errors. Things especially worth correcting include: late payments, charge-offs, collections or other negative items, credit limits reported as lower than they actually are, accounts listed as unpaid that were included in a bankruptcy, and negative items older than seven years that should have automatically fallen off your reports.