FEBRUARY 2011
Inside This Issue . . .
ID THEFT: AN APP FOR THAT ROOM FOR A NEW SCAM
BARTENDER BLUES MOVE IT DON’T LOSE IT
TIMESHARE TRICKS THIS MONTH IN PROTECT
Stories in this edition of PROTECT make one thing clear. Although identity thieves are adapting high tech tools to steal your identity, equally threatening are old-fashion low tech methods such as raiding your mail box or lifting a credit card from your wallet or taking papers from your unlocked car. The message is simple but profound: sometimes very basic measures, such as locking your doors and monitoring your mailbox, can help you avoid being one of the 11 million Americans who have been violated by the vultures who want to swoop down and grab your personal information.
PROTECT can be part of the solution. PROTECT is a monthly newsletter to help you avoid becoming a victim of identity theft. Each issue notes the latest crimes and scams and, most importantly, tell you how to protect yourself and loved ones. PROTECT is brought to you by the people who operate I.D. SHIELD 360, a leading service that helps shield you from the criminals determined to steal your most important possession – your identity.
STUDENTS LEARN THE HARD WAY
ROOM FOR A NEW SCAM Upon acceptance by a College or University, many excited students will turn to Facebook to join the myriad groups and pages related to their new alma mater. What many students do not know, however, is that the “Class of 2015” page they just joined may be a front for a scam or shady business. Although Facebook requires groups related to organizations to be operated by officials, representatives, or members, it is easy to create a fraudulent page and hope it flies under the radar.
Such is the case of Roomsurf.com, which created 150 “Welcome Class of 2015” groups using logos
and language that suggested official university affiliation, though none exists. Upon joining the group, new students are bombarded with spam
from Roomsurf, a fee-based roommate matching service. The company charges up to $10 dollars
to help potential roommates meet each other, and contends that those who meet in the Roomsurf groups might request each other as roommates.
At the heart of the controversy is the ease with which an unscrupulous businessperson or out-
lier can pose as a University or College official, employee, or fellow student. Creating a group is simple on the social networks, and there currently is no specific burden of proof imposed on
the creator to show that they are related to the
university. Given the ease of establishing a convincing false identity – Roomsurf simply copies College logos and takes welcome language
from their catalogs — Facebook groups have become fertile ground for scams of all stripes.
Although Facebook gained its vast popularity in part due to itʼs lack of spam and scams, its huge user base has become irresistible to crooks.
Therefore, Facebook users must become more careful and adjust their habits when navigating
the site — scrutinize, verify when possible, and always think before you click. Meanwhile, Facebook says it is investigating Roomsurf.
VISHING AND SMISHING
JOIN PHISHING
Vishing attacks are generally conducted using voice technology to trick people into revealing critical financial or personal information to unauthorized entities. Most take place on voice mail, VoIP (voice over the internet), or landline and cellular telephones. Here is how it works: The potential victim receives a message, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to verify or update an account, confirm a purchase or provide other related information. Vishing is troublesome to trace. Like legitimate customer services, vishing scams are often outsourced to other countries and thus are hard to track down. Also, scammers are using a ploy known as “spoof caller ID,” so even if a victim has caller ID, the call appears to come from a reputable source such as a bank or a government agency.
Readers of PROTECT already know well about “phishing,” the use of email or instant messaging on the internet to fool people into disclosing sensitive information. The same trick is now spreading fast via voice technology, or “vishing,” as well as through text messaging, or “smishing.” WATCH A VIDEO REPORT ON VISHING SCAMS
A similar twist deals with SMS or banking text alerts. Dubbed “smishing,” this identity theft scam comes in looking like a common text message from your bank, warning you that your account has been invaded or locked. You are invited to call the number and provide some information about your account, and warned that if you do not respond you could lose every cent you have deposited. This approach is rising fast as banking text alerts are becoming enormously popular.
No matter what the medium, the best defense to these attacks is to be suspicious of any unsolicited message that suggests they are targets of illegal activity or that their money is at risk. Rather than calling a number provided in an unsolicited message, a consumer should directly call the institution or bank named, to a number known to be valid, in order to verify all recent activity and to ensure that the account information has not been tampered with. The Better Business Bureau should also be alerted and, say the experts, always know what is in your credit report to be sure you have not been an innocent victim of “vishing” or “smishing.”
TIMESHARE RESALE SCAM
Letʼs say you bought a timeshare for a beach resort and now, with the economy still sour, you want to sell your share to cut your expenses. You are not alone; the numbers wanting to sell are growing and the number of sales have fallen more than 30 percent. Scammers are aware of your pain and, as a result, timeshare resale scams are soaring.
Timeshare owners throughout the country report that they've been receiving phone calls or emails – generally unsolicited — from salespeople who claim that they have a buyer. The pitch is almost always the same: your timeshare is in a “hot area” and they have a buyer. All you, the seller, have to do is send cash in advance. The money and the reseller regularly disappear without a trace.
In Florida, for example, where the scam targets senior citizens, a remarkable 3,000 people complained to the Attorney Generalʼs Office about timeshare resale issues last year. This year, that robust figure has already been exceeded.
Real estate industry executives and state attorneys general tell us there are four simple rules of thumb to avoid becoming a victim: 1. NO UPFRONT FEES
No reputable reseller will ever ask you to give money upfront fees.
There are generally no buyers and the money is never seen again. Never pay upfront fees. 2. BE SKEPTICAL
Donʼt believe what they tell you. These companies will tell you
anything just to get you to sign up.
They promise several bids a month and lots of free stuff to sign up. Never happens. 3. HANG UP
They use hard selling tactics to get you to buy. Most of these
companies will also use hard
selling tactics to get you to sell.
Tell them you sold the timeshare and hang up the phone. 4. JUST AN AD
Timeshare resale companies donʼt
really do much selling; they just list it like an ad. You can do it cheaper yourself using ad networks and other listing vehicles.
ID THEFT: THERE’S AN APP FOR THAT
Hereʼs a new adage: “Generally, if the product is free, youʼre the product”. Marketers canʼt do their job without your information, and they are willing to pay top dollar for it — selling your search habits to marketers is why Google is the worldʼs most valuable company, and chances are your browser is carrying cookies and tracking info that will be sold to the highest bidder(s). We are living in an intrusive age, where advertisers are increasingly targeting you by using information gleaned from our computer about your habits. But if you are uneasy about the monitoring of your computer activity, wait till you hear whatʼs going on in the background of your smartphone! In a lawsuit filed this winter, several prominent app manufacturers, including Pandora, Weather Channel and Dictionary.com, are being accused of collecting phone IDs, locations and usage, then selling the information to third party marketing and statistics firms. And Apple, also named in the suit, approved the installation of all these apps on the iPhone. The lawsuit argues that the information collection, done without the consent of the user, constitutes both computer and business fraud. How the lawsuit and inevitable legal wrangling resolve will be hugely important to the future of app development.
Over the past three years, smartphone users have become quite fond of apps — over 3 billion have been downloaded from Apple alone — many of which are free or of nominal cost. While inter-app advertising is an important revenue stream for developers, a recent exposé by the Wall Street Journal revealed just how much information is being collected by apps and then resold to third parties. The worst offenders were among the most prominent in the business: Pandora, Netflix, Yelp, Angry Birds. But the practice is industry wide, and absent regulation, is becoming worse every day.
Companies must know something about your personal information in order for certain apps to work — Yelp and Foursquare arenʼt so great without knowing where you are located and Netflixʼs movie recommendation engine functions only as good as the personal preferences you feed it. The abuses started when marketers found they had access to a phoneʼs unique, indelible ID. Having access to that ID is like installing a browser cookie that canʼt be deleted. So, as it stands now, everything you do in an app, or the information your phone provides to an app, can be sold and aggregated, and then clearly linked to you. The end result may indeed be better targeted marketing through demographics and behavior, but the risks to your sensitive personal information and to your privacy are as numerous as they are alarming.
STUDENTS LEARN THE
HARD WAY
Students need tuition money more than ever and students are traditionally easy targets for scam artists. Thatʼs a combination fraught with trouble. With so many scholarships, loans, and grants being advertised, it is hard for students to know which are legitimate and which ones are frauds. FinAid, a reputable web-based financial aid resource, reports that the population of college students as a whole loses millions annually by falling victim to scam artists posing as grant foundations.
HERE ARE A FEW COMMON METHODS CON ARTISTS EMPLOY TO HOOK IN STUDENTS, AND SOME WAYS STUDENTS CAN PROTECT THEMSELVES.
Be wary of upfront fees. Nominal fees are a common part of todayʼs world, but do not be fooled by something that seems routine; if a scholarship offers huge rewards for a fee, a bell should ring. Most high quality programs do not charge students fees to read their applications. This is especially true if the fee is small, and the scholarship or grant promise is monumental. Whenever a fee is required, take a second look at the organization sponsoring the scholarship. Be realistic about interest rates. Loans are a tricky territory for all students because of the confusing paperwork and complex language. Students should be on high alert when offered an incredibly low interest rate on a loan.
Take a deep breath. If a declaration like “Winner, Winner, Winner!” is written on the letter or envelope, be careful. Students often “win” money without any recollection of submitting an application. These scams often excite students enough that they will send a minimal fee to receive their substantial prize money. Winning is fun; losing money is not. Students should calm down before writing that check, and do some in depth research as to who is awarding the prize money. Remember the public option. Keep in mind that the government, in the form of Federal Student Aid, has reliable legitimate financial aid resources. This organization can provide students with information about real loan opportunities and a free application their federally sponsored program. CLICK HERE TO FILE FOR A FREE APPLICATION FOR FEDERAL STUDENT AID
MOVE IT DON’T LOSE IT
to a cheap and possibly unprofessional third party; breakage of valuable items that is not sufficiently covered by the moverʼs minimalist insurance policy; pricing based on cubic feet rather than the more verifiable weight method; and the tacking on of extra charges such as additional parking expenses or penalties for “long carries ” if the truck cannot find a parking spot near your home. HERE ARE TEN TIPS TO HELP YOU AVOID BEING TAKEN:
1. Get a referral from your real estate agent since they are motivated to make your move a positive experience.
Any guy with a truck can advertise himself as a mover, but it is essential to pick a mover who is a qualified professional. In the moving business, spring and summer are the big moving months, and thousands of people fall victim to seasonal scammers posing as movers. Negative scenarios range anywhere from damaged items during the process of the move to customerʼs belongings being held hostage in the truck with a large ransom for the property.
Among the common scams: low rate bids in which you are giving a low estimate and them charged substantial extra fees at the destination; getting you to pay full price and then subcontracting the bid
2. Investigate the companies thoroughly with the Better Business Bureau, the trade industry association and several reliable websites that track mover performance. 3. Be sure your mover visits your home to look over the logistics and see what must be moved; good companies will invest the time. 4. Get three estimates to have a sense of what the legitimate price or range may be.
5. Request a contract that covers everything and has no hidden charges or surprises.
6. Check out the claims process in advance so that you might recoup damages from anything broken or lost. 7. Ask if the mover conducts drug testing or background checks on their employees.
8. Be cautious when it comes to the internet; ads for cheap movers are often used by scam artists to prey on consumers.
9. Examine the trucks themselves to see if they look clean and in good condition. 10. Minimize the upfront payment; reputable companies rarely require a downpayment or deposit as high as 25 percent of the total move cost. CLICK HERE FOR A SITE THAT MONITORS MOVING COMPANIES
TRUE STORIES OUT FOR A DRIVE
A Bay Area trio has pleaded guilty to felony identity theft charges in connection with a crime involving stolen credit card numbers and gift cards. Tyrell Charles Blackshire, Herbert Eugene Johnson, and Joseph Edward
Allen cut a trail of crime from California to Oregon after having obtained a list of credit card numbers. The trio
started in California and cruised up Interstate 5 to Portland; at various stops along the way they purchased Nordstrom gift cards from grocery outlets using stolen
credit card information, then transferred money from the credit cards to the gift cards. At one Nordstrom, they would buy merchandise and then drive to another
Nordstrom outlet and return it for cash. Police say the
group spent days driving up and down the interstate looking for stores to scam.
HACKING IS NO GAME
Seacoast Radiology, a New Hampshire medical firm,
reports that its servers were hacked into by gamers
looking to play Call of Duty: Black Ops. The servers contained details like names, addresses, Social Security numbers, and medical histories for nearly quarter of a million patients. Experts believe the hackers only used the server to play games, and didn始t access any client
information, but warn that anyone affected should remain vigilant. A systems administrator discovered the breach after noticing an unusual drop in bandwidth. Investigators think that the people responsible could be based
somewhere in Scandinavia, although they also warn that anyone capable of hacking a server is also capable of spoofing an IP address.
WAITING FOR THE MAIL
Scottsboro MA police have charged Shannon Keys with two counts of identity theft and one count of possession of a forged instrument. She was wanted on similar charges in Alabama and Georgia. Keys was apparently taking mail out of mailboxes, copying information such as name, address and routing numbers off checks, and then creating fake checks and identification in order to cash the checks. Local police said that it is becoming more common for these type thefts to occur; thieves see the red flag up on mailboxes as a dead giveaway. They grab checks and other identification, and then create false documents with them.
FILLʼER UP
of a significant number
a sophisticated skimming device placed inside ATM
The names were reportedly listed
Two men stole more than $90,000 from some 200
people by taking personal financial information with
and credit card payment devices at gas station pumps throughout California. David Karapetyan pled guilty to 37 felonies and Zhirayr Zamanyan] pled
guilty to five felonies. Two other conspirators had not yet been sentenced. In their high-tech crime spree, the gang traveled to gas stations across the Bay
Area in a rented Cadillac Escalade. They were able to unlock various kinds of gas station pumps, con-
nect the cables inside to their two-inch electronic device, and record ATM and credit card data as well as victimsʼ PINs. No tampering was visible on
the outside of the pumps. The gang would return later in the evening to retrieve the skimmers. BIG PLANS
An Olympia WA man was recently arrested for
planning an identity theft of 1,000 people. It is being called the largest potential identity theft in the region.
Anthony Vaughn, an admitted drug addict, got pos-
session of the names and Social Security numbers
of employees at the state's
Employment Security Division.
on papers that were stolen from a car
parked outside of the State Capitol last
year, the news source said. Police removed
40 boxes of personal documents and related materials from the suspectʼs home.
TRUSTING YOUR BARTENDER
A Mazeppa MN bar owner stole peopleʼs identities and used them to forge winning prize receipts from a gambling game. Orrin Gregory Haugen fraudulently
claimed $8,700 in prize receipts from pull tab games
at his Bar and Grill, and from another restaurant nearby. The Mazeppa Fire Association operates pull
tab boxes at Haugenʼs bar and the Plainview Lions Club has boxes at the nearby supper club. Haugen
used stolen identities to forge receipts, then cashed winning pull tabs, court documents state. Police were
tipped off when someone congratulated a man for winning money in the games, but he had not been
playing and had not been in the area for a long time.
LICENSE TO STEAL
Durham NC police have released the photo of a woman wanted in connection to an alleged identity theft and fraud. It started when a local resident reported to police that someone had acquired her bank information and withdrew thousands of dollars from her account at numerous bank branches around town. During the investigation, police determined that the suspect used a fake driverʼs licence to gain access to the victimʼs account. One of the branches became suspicious, seizing the fake licence and calling police, but the suspect fled. She is described as: female, white, middle-aged, with long dark hair and wearing dark clothing and eyeglasses.
PASSPORT TO TROUBLE
Passports have long been a common form of identity theft. In the wrong hands, they enable fake identification and travel. Lose control of your passport and you may as well say goodbye to your whole identity.
This is particularly troubling today; stolen passports can be used for acts of terrorism as well as for more common crimes such as illegal entry, money laundering and narcotics trafficking. Minor alterations to the picture, name and description in a passport makes it appear as if it belong to the identity thief. Some basic tips for softening the blow of a lost or stolen passport: travel with copies of major documents, like birth certificate and marriage certificate, as well as the passport; keep copies separate from the originals; know the phone numbers and addresses of the U.S. embassy or consulate for the relevant countries. If your passport is lost or stolen, report it promptly to the State Department. Two new forms of digital passports add a technological twist to the risk of passport theft. One is the U.S. Passport Card, a relatively simple card that is good for travel within North America. More than a million Americans have been issued these cards. They contain RFID microchips which transmit a signal so your movement across borders can be automatically recorded. A second digital security document, the Biometric Passport or U.S. Electronic Passport, is also becoming commonplace. These are true international travel passports and replace old-style passports as they expire. The Biometric Passports store lots more data on the chips, including facial or iris recognition, fingerprints, digital photos, personal data, and more. As you go through passport control, those features are electronically checked. No sooner have these new digital passports been implemented than reports are surfacing that the microchips on the devices can be read by scanners from 20 or 30 feet away. Many security experts argue that the system, though encrypted, is not secure enough and is susceptible to identity theft. Others say the system is safe. But in a telling YouTube clip, an ethical hacker can be seen driving around San Francisco, reading off the numbers of people始s digital passports inside purses and pockets, and transferring them to the laptop computer in his car. Expert advice for protecting yourself: keep the digital passports in their sleeve since they cannot be read in that circumstance. And, of course, the same safety rules as in the old days for making sure these items do not fall into the wrong hands.
WATCH A VIDEO ABOUT DIGITAL PASSPORT THEFT