MARCH 2011
Inside This Issue . . . SPRING CLEANING BLUES BAD REVIEWS
FOR NETFLIX TINY URLS HIDE
BIG PROBLEMS BEWARE THE
HEARTBREAK HOTELS WORK-AT-HOME DREAM
TURNS TO NIGHTMARE THIS MONTH IN PROTECT
The weather warms, the flowers bloom, love is in the air, pitchers and catchers take the field, and spring cleaning is on the agenda. Itʼs all good. Except for the fact scammers have their own “spring cleaning” ritual, which often includes offering you fake or substandard products and services for your home, garden, car and self. Itʼs easy to be lulled by the balmy breezes, but experts warn that spring is a fertile moment for you to become one of the millions of Americans who have been the target of scams or the victim of identity theft.
PROTECT is here to help you in any and all seasons. Each issue of this newsletter explains the latest crimes and scams, and how to avoid them. PROTECT is brought to you by the people who operate I.D. SHIELD 360, a leading service that helps shield you from the criminals determined to steal your most important possession – your identity.
EVEN THE PASTOR’S AT RISK
SPRING CLEANING
Spring is primetime for con artists to show up at your door offering an array of products and services, from tree trimming, to roof and driveway repair, to painting and home modeling. The experts warn you to be on guard against unscrupulous fly-by-night operators. What may seem like a great deal could end up cleaning you out.
There are several indicators that you may be the target of a scam. One 驶red flag始 is that these con artists may drive vehicles with out-of-state license plates or set up temporary offices from which they can disappear quickly once authorities start looking for them. A second is high pressure tactics. Companies which operate above-board and want your business will not pressure you into making an immediate decision, and give you the time to check them out. The more they pressure you to make an immediate decision whether to hire them, the more likely they are scammers. A third common scam tactic: a salesman or workman tries to distract you by, for example, feigning illness or asking for a drink of water, while he or an accomplice steal valuables. And, finally, be suspicious if one bid is substantially lower than the rest; that is often a sign that substandard services are about to be performed.
Before shelling out any money or signing any papers, here are some recommended safeguards: • Get the name and address of the company the vendor claims to represent.
• Ensure all details and verbal promises are included in a contract; make sure that you understand everything in the document. • Verify that the individual is licensed, bonded and insured. • Donʼt always go for the lowest bid; if estimates for the same work vary widely, ask hard questions.
• If you have checked references and the companyʼs reputation and intend to use its services, make checks payable to the company, not the salesperson or any other individual, and never pay with cash. • Keep doors and windows locked while work is going on, and do not allow strangers inside the home.
• Visit independent third party verification or certification organizations like the Better Business Bureau or a number of reliable websites such as Angieʼs List or Service Magic, to check out a companyʼs track record. AN EXCELLENT PLACE TO FIND A RELIABILITY REPORT
SHORTENED URL’S HIDE LONG TERM PROBLEMS
Twitter users are noticing tweets posted to their accounts containing only a shortened URL using Google's URL shortener. When users click on the link they are taken to a page, and asked to install and pay for a fake antivirus called “Security Shield.” URL shorteners can be a handy and legitimate way to include links without using a long string of characters, and are used frequently on sites such as
Twitter that limit messages to 140 characters. In addition to Google, sites like Tiny URL and Bit Ly
are also popular. An estimated one million URLs are
shortened each day, which makes these services a rich new target for cyber criminals in 2011. Because
social media sites are already rife with such criminals, these links are being used for spam, scamming and other malicious purposes.
What you should do?
Preview a shortened URL before clicking on it by
hovering over it with your cursor. This option is often provided, with a small window usually displayed
showing the full web address for the linked page. If not, you might considering avoiding the link. In ad-
dition, cybercriminals have not given up on the old-fashioned e-mail strategy, so if you receive an
e-mail that contains only a link, even if it appears to
be from someone you know, itʼs best to delete it and follow up with the sender. Chances are this e-mail account has been compromised.
A BAD REVIEW FOR
NETFLIX
Netflix has cancelled its second $1 million Netflix Prize contest — seeking a better movie-recommendation search engine — after consumers filed a lawsuit claiming that the first contest breached customer privacy and that the second threatened to do worse.
By way of background, the first Netflix competition challenged consumers to come up with an improved algorithm for recommending movies to customers. Such recommendations are a key part of Netflixʼs customer retention strategy. To get the contest going, Netflix gave the public access to a portion of the companyʼs database; nearly 50,000 contestants had access to two massive datasets, including 100
million movie ratings, along with date of the rating, a unique ID number for each of half-a-million subscribers, and the movie titles. A team led by AT&T researchers won the first contest by improving the algorithm by roughly 10 percent. In planning for the second contest, the company announced that it would release even more customer information to researchers in hopes of making an even better system. Data privacy advocates and lawyers jumped into the fray, arguing that the information in the database was too easy to decode and that individualʼs privacy would be sacrificed. Those fears were highlighted when an in-thecloset lesbian mother sued Netflix for invasion of privacy arising from the first contest, alleging the movie-rental company effectively “outed” her when it disclosed information about customers to contestants in the first contest.
The suit, in federal district court, claimed that Netflix violated fair-trade laws and a federal privacy law designed to protect video rentals. The basic argument was that Netflix knew or should have known that people would be able to identify users based on their personal data; lawyers also noted that just before Netflix announced the contest, AOL was involved in a high-profile incident in which the release of its apparently anonymous search-engine log data was used to track down real people. As a final nail in the coffin, the FTC jumped in as well. Under pressure, a Netflix official wrote in the company blog: “We have reached an understanding with the FTC and have settled the lawsuit with plaintiffs,” wrote Neil Hunt, the companyʼs chief product officer. “The resolution to both matters involves certain parameters for how we use Netflix data in any future research programs. In light of all this, we have decided to not pursue the Netflix Prize sequel…”
TRUE STORIES SELLING OUT HER SON A Texas woman has admitted to selling her sonʼs birth certificate and Social Security card to a Kansas woman. Maria de Jesus Soto, a 54-year-old Brownsville TX woman sold the documents for a total of $750. It was the fifth time she had sold various identity documents; police say that most such documents ultimately end up in the hands of illegal aliens from Mexico. After she was caught, Soto turned statesʼ evidence and aided in breaking up a fake document ring.
ID THEFT IS ADDICTIVE Fifteen defendants have been indicted for their roles in a $1 million conspiracy to distribute methamphetamine. The indictment also alleges that the conspiracy was funded by a major identity theft conspiracy. Four of the conspirators used stolen personal and financial information to create false identification documents — primarily counterfeit Missouri driverʼs licenses and identification cards — and counterfeit checks for themselves and others. They then used the cards to cash the fake checks, which they used to make retail purchases. They would then return or otherwise dispose of the purchased property in exchange for cash or drugs. According to the indictment, one of the leaders was in possession of laptop computers, hundreds of blank checks from another personʼs account, a computer software program, a CD entitled “How to Get New ID,” and stolen Social Security cards.
NEW LOOK. NEW DAY. NEW CARD. A J.C. Penney clerk in the Syracuse NY store has been arrested for opening credit card accounts in the names of people in the Midwest. It turns out Shantique L. Settles had been opening J. C. Penney credit card accounts, and then purchasing gift cards from Penney
WIRELESS CRUISING
The Santa Barbara County, CA sheriffʼs office has apprehended a 26-year-old former UC Santa Barbara exchange student from Nigeria on multiple charges of identity theft. As detailed by a sheriffʼs spokesman, Imoukhuede Ohiwerei Ehimika was taken into custody. It turns out that Ehimika had been cruising local neighborhoods and picking up unsecured wireless connections. He then used his computer skills to obtain sensitive personal information and transfer more than $150,000 to his own account. Sheriffs only became suspicious after several complaints came from a geographically clustered group of victims just north of the Santa Barbara city limits.
stores in many cities. When a customer complained in Iowa, a retail storeʼs security identified the clerk who opened the account as Settles, according to police records. The store then found that Settles had opened accounts for several other people from Illinois to Kansas, and had applications denied on accounts ranging from New York to Colorado.
NO ʻIʼ IN TEAM Two former University of Washington football stars – the team won the Rose Bowl in 1978 – were involved in an identity theft confrontation. Greg Grimes tells Seattle police that he and Robert Lance Theoudele disliked each other when they played football together at the University. Now, decades later, Theoudele is charged with identity theft of telling police his name was Grimes when he was arrested on multiple occasions. In fact, Theoudele has been arrested more than 40 times and has used numerous alias names, dates of birth, and Social Security numbers; he has claimed to be Grimes several times, first starting in 1985. Grimes managed to clear his name only by taking a fingerprint test.
STATEWIDE SCAM A man has been arrested for leading a group that has engaged in identify theft by creating fraudulent credit cards throughout Florida. Juan Tato Echemendia of Miami has been accused of numerous identity crimes throughout the Tampa Bay area. Arrested on 73 criminal counts, he had 109 fraudulent credit cards at the time of his arrest. He is accused of forging the cards and cardmaking equipment was found in his apartment. At least four other men are accused of being involved in the crimes.
JURY DUTY Individuals in at least three states reported last month that they were scammed by callers claiming to be from the Courts Administration. The callers claimed that they had failed to report to jury duty and demanded needing information – Social Security numbers, birth date, banking information and the like – to confirm. Officials from Pennsylvania to Alabama have stated that they do not handle these matters by phone or ask for confidential information over the phone, and that such calls should be reported.
EVEN THE PASTOR Victims of an ambitious identity theft scheme included local businessmen and women, elected officials, local police, and even the pastor of Bennettsville NC. A 21 year old man, Vontrell Canty, is accused of nearly 40 counts of identity theft. Financial documents, electronics and packing slips were found at Cantyʼs home. Apparently, Canty opened accounts in the names of numerous community members, purchased items under their names, and shipped the items to a different address. The case remains under investigation, and more arrests or suspects may be announced.
HEARTBREAK HOTELS
Hotels are an increasingly popular target of identity thieves. A new study by Trustwave, a security company that specializes in protecting hotel systems, found that hotels have surpassed restaurants for the top spot where your credit card data is most likely to be stolen.
Just as robbers target banks because that’s where the money is, hackers target hotels because that’s where the data is. Booking and reservation centers generally have thousands of credit card numbers on file and one successful break-in can net the hacker big numbers and big money. In addition, hotels are popular targets because credit card information is not only used to check-in, but throughout the hotel in places like the golf course, the restaurants, the spa, the gift shop, the pool bar, and are all processed through one central computer system. These central systems, says Trustwave, are designed in the same way across hotels, so once the hackers figure it out they can take a “cookie cutter” approach to breaking into hotels. In addition, hotels tend to give many employees access to the computer systems, making the installation of malware easy and skimming credit cards even easier. Finally, there is the low-tech angle. Hotels are huge public meeting spaces where people mix, and personal information and property are vulnerable to thieves lurking in the background.
How can guests protect themselves?
• Get a copy of your room bill, and hold on to it for 30 days to make sure you don’t get charged for anything extra.
• Check your credit card statements carefully to ensure no fraudulent charges were placed, and make sure to frequently check them online. • Do not leave receipts, airline tickets, printouts, and other documents in wastebaskets in public spaces.
• Do not leave personal effects lying around when you take a break from meetings. In your room, place key documents in the safe. • Try to avoid using business centers for internet access unless you can be assured that cached data is purged. • Urban legend has it that identities can be stolen off hotel key cards; this, thankfully, is not true. Most hotels only encode the guest name and room number on the magnetic strip.