Posts Tagged: ‘credit freeze’

Scam of the day – April 1, 2014 – Military identity theft worsens

April 1, 2014 Posted by Steven Weisman, Esq.

According to a study done by the Federal Trade Commission members of the military are twice as likely to become a victim of identity theft.  One of the primary reasons for this is the military personnel’s Social Security number.  A Social Security number is the key to identity theft.  Once an identity thief has this, he or she is off to the races.  Until recently all military ID cards used the Social Security number and although the Department of Defense has changed its policy and is now issuing military IDs with a unique Department of Defense number, the transition to these numbers only started in 2011 and will take four years to complete so many members of the military still have the old ID cards.  In addition, while Veterans Identification Cards no longer show the veteran’s Social Security number on the card, the person’s Social Security number is still embedded in the magnetic stripe on the back of the card so identity thieves who, through various pretenses manage to scan the card can obtain the Social Security number.  These cards are also being phased out, but many veterans still have these cards.

TIPS

Members of the military with the old-style cards should be particularly careful about providing the card as identification and should limit its use as an identifier whenever possible.  Although members of the military are eligible for an Active Duty Alert to be placed on their files with the three major credit reporting agencies that requires creditors to verify the identity of anyone before issuing credit in the name of the member of the military, a credit freeze, which locks your credit report and requires a PIN to make it available is probably a better choice.  You can find instructions as to how to put a credit freeze on your credit reports on the right hand side of this page.

Scam of the day – March 20, 2014 – Maricopa County Community College hacked

March 20, 2014 Posted by Steven Weisman, Esq.

As the old saying goes, “fool me once, shame on you; fool me twice, shame on me.”  Recently the Maricopa County Community College revealed that its computers had been hacked and personal information including Social Security numbers and banking information of more than 2.4 million students, former students, employees and vendors covering a period of more than thirty years was compromised.  As I have indicated to you in a number of Scams of the day, colleges and universities have been prime targets for hackers because they provide the perfect combination of often lax security and large amounts of personal information.  What makes this security breach even more egregious is the fact that Maricopa County Community College was hacked back in 2011, but steps to improve the security of their computer systems were not taken despite the recommendations of employees of the colleges information technology department and their warning that the 2011 breach which only affected 400 people exposed a flaw that could affect many more people.

TIPS

Presently a class action is being prepared by the Phoenix law firm of Gallagher and Kennedy. If you have been affected by the data breach, you may wish to contact them.  You also should check your credit report at www.annualcreditreport.com to get your free credit report from each of the three credit reporting agencies, Equifax, Experian and TransUnion in order to look for evidence of identity theft.  You should also consider putting a credit freeze on your credit report to prevent it from being accessed by an identity theft armed with your Social Security.  You can find instructions here on the Scamicide website as to how to put a credit freeze on your credit report.  This data breach also brings up the question again as to why Maricopa retained personal information on people who have long ago ceased to have a relationship with the college.

Scam of the day – March 7, 2014 – Another major retailer hacked – what it means to you

March 8, 2014 Posted by Steven Weisman, Esq.

Sally Beauty Holdings, a multi-billion dollar beauty products retailer with 3,300 stores around the world including 2,600 in the United States has announced that it has suffered a security breach which appears to have compromised the credit cards and debit cards of hundreds of thousands of its customers.  Unlike the  recent data breaches at Target, Neiman Marcus and Michaels, it appears that Sally Beauty’s own cyber defense technology may have detected the intrusion at the same time that a number of banks identified Sally Beauty Supply as being a victim of a data breach.  In the Target, Neiman Marcus and Michaels data breaches it was banks that monitored credit cards that first noticed the pattern of stolen cards being tied to the particular retailers.  Recently, on black market criminal websites large numbers of stolen credit cards and debit cards tied to use at Sally Beauty were being offered for sale.  Investigators are now theorizing that it is the same criminals that are behind all of these recent retail breaches and we all should expect more retail breaches in the upcoming days and weeks ahead.

TIPS

If you have shopped at Sally Beauty Supply in the last few months and used a credit or debit card, you should monitor the use of your card carefully for evidence that your card was among those stolen.  You may wish to change your credit card and debit card in order to be ahead of the game.  This is also a good time to remind you that you should not use your debit card for retail purchases.  Limit its use to ATM withdrawals because you do not get the same consumer protections if your debit card is breached that you would have if your credit card is stolen.  The inconvenience to you even if you do not actually lose money as a result of a debit card data breach is far worse than you would suffer with a stolen credit card.  You also may wish to protect yourself further by putting a credit freeze on your credit report so that even if an identity thief manages to get access to your personal information sufficient to gain access to your credit report, they will not be able to use the credit report because it will be PIN protected and frozen.  You can find instructions as to how to put a credit freeze on your credit report on the right hand side of this page of Scamicide.

Scam of the day – February 16, 2014 – Latest Target information – what it means to you

February 16, 2014 Posted by Steven Weisman, Esq.

Although we have known for some time that the hacking of Target was accomplished through the initial hacking of Fazio Mechanical, a heating and air conditioning company that does business with Target and  had access to Target’s computers for billing and ordering purposes, it was not until recently that we learned that the way that Fazio was hacked was through a common technique called “spear phishing” where the victim receives an email directed to them by name that appears legitimate or promises something enticing, such as free pornography or videos of a newsworthy or otherwise intriguing event. Once the victim clicks on the link in the email or downloads the attachment in the email, malware is downloaded on to the victims’ computer that provides access to the all of the information in the victim’s computer, which in this case included the information necessary to access the Target computer system.  Even though Fazio’s computers were protected by anti-malware programs, either its program was not as good as necessary or it was merely not current with the latest malware threats.  Anti-malware software programs are generally at least thirty days behind the latest malware threats.

Also criticism is now being made of Target’s offer of one year’s worth of free credit monitoring service through Protect MyID.  The problem is twofold.  First, credit monitoring merely helps to inform you that you have already become a victim of identity theft.  It does nothing to prevent identity theft.  But even further Target’s program which is done through the credit reporting bureau Experian only provides you with credit monitoring of your Experian file.  It does not provide you with monitoring of your file with the other two credit reporting agencies, Equifax and Transunion, which makes the monitoring incomplete.  Experian does offer you the additional monitoring for a year, but for a fee that can be as much as $75.

TIPS

The first lesson is that you should never click on links or download attachments unless you are absolutely sure that the links or downloads are legitimate.  Always confirm before you download.  Second, you cannot rely on your anti-malware software to be 100% effective.  Ultimately it is up to you not to download questionable material.  All of that being said, you should make sure that you have anti-malware and anti-virus software on all of your electronic devices and make sure that you keep the software up to date with the latest security patches and updates.

Finally although credit monitoring does offer some benefits, preventing identity theft through pro-active steps such as putting a credit freeze on your credit reports at each of the three major credit reporting agencies is a better way to protect yourself from identity theft in the event your personal information is compromised.  You can find how to put a credit freeze on your credit report by going to the section on “credit freezes” on the right hand side of this page.

 

Scam of the day – January 28, 2014 – The untold story of the hacking of Michaels

January 28, 2014 Posted by Steven Weisman, Esq.

This past weekend, Chuck Rubin, the CEO of Michaels, the country’s biggest arts and crafts stores issued the following statement: “We are concerned there may have been a data security attack on Michaels that may have affected our customers’ payment card information and we are taking aggressive action to determine the nature and scope of the issue.” Thus Michaels becomes the third large national retail store chain to become involved with a major hacking of its credit and debit card data following Target and Neiman Marcus.  What Michaels’ short statement did not indicate is that the company is still not even sure that it has been hacked although every indication is that it has been.   As in the case of the hackings of both Target and Neiman Marcus, it was not the company that discovered that its security had been breached, but rather the banking industry which discovered a pattern of fraudulent purchases using credit and debit cards recently used at Michaels.  So although the evidence is pretty strong that Michaels has been hacked, security experts and Michaels have still not been able to identify how the hacking occurred, which is indeed troubling because it means that newer and even more advanced malware was likely used to perpetrate the hacking.  As I told you just a couple of days ago, you can expect to hear this story again and again in the new year.

TIPS

Once again, I want to advise you that you should limit your debit card’s use to ATM machines.  Do not use it for retail purchases because the consumer protections provided to you by law just are not as great as they are for fraudulent use of your credit card.  Also, as I advised you previously, you may wish to consider putting a credit freeze on your credit report at each of the three major credit reporting agencies to protect you from an identity thief getting access to your credit report in order to use your credit to make large purchases in your name.  you can find detailed instructions as to how to put a credit freeze on your credit report by clicking on the link designated as “credit freezes” on the right hand side of this page.  Finally, for your own protection of your computer, smart phone and other electronic devices, you should make sure that you have installed anti-virus software and anti-malware software.  You should also make sure that you keep this software current with the latest updates as soon as they are available, however, as the situation with Michaels illustrates, new strains of malware are always at least thirty days ahead of anti-malware software to protect you from those malware programs so you should always be wary of phishing and other techniques used to lure you into unwittingly downloading malware.  You can learn in detail how to protect yourself from phishing and other threats by reading my book “50 Ways to Protect Your Identity in a Digital Age” which can be ordered by clicking on the icon of the book on the right hand side of this page.

Scam of the day – January 27, 2014 – Coca Cola data breach

January 27, 2014 Posted by Steven Weisman, Esq.

A few days ago, Coca Cola disclosed that a number of laptops had been stolen from its corporate headquarters in Atlanta.  These laptops had personal data of up to 74,000 people and, most disturbingly, the data had been stored on the laptops totally unencrypted.  The laptops have been recovered, but it is not yet known whether the affected individuals are in increased danger of identity theft due to the original theft of the laptops.  Among the information on the laptops were the names and Social Security numbers of 18,000 Coca Cola employees as well as personal information including driver’s license numbers on another 54,000 people.  This is yet the latest instance of a disturbing trend of companies and government agencies not taking the basic security step of encrypting personal data on portable laptops.  NASA has been victimized twice by theft of laptops with sensitive personal information.  It shouldn’t take a rocket scientist to figure out that this information should be encrypted.

TIPS

What can you do to protect yourself from this type of corporate negligence?  The first thing you can do is to ask any company that holds personal information about you as to whether they encrypt the data and, if not, why not.  You should also ask about what other security steps they take to preserve the privacy of your information.  Finally, you may wish to consider putting a credit freeze on your credit report which will prevent anyone who does get access to your personal data, such as your name and Social Security number from being able to access you credit report for purposes of utilizing your credit to make a large purchase.  You can find information as to how to put a credit freeze on your credit report by clicking on the link on the right hand side of this page where it reads “credit freezes.”

Scam of the day – January 3, 2014 – Child identity theft update

January 3, 2014 Posted by Steven Weisman, Esq.

Two days ago, Texas became the latest state to pass a law protecting children from identity theft.  The law is patterned after a Maryland law that became effective a year ago and was the first of its kind in the country.  The Texas law will permit parents of children under the age of sixteen to freeze their children’s credit reports with the major credit reporting agencies, Equifax, TransUnion and Experian.   This is important because in recent years, children have been a prime target of identity thieves who, if they are able to get identifying information on a child such as the child’s Social Security number, can open a credit report on behalf of the child and obtain credit in the child’s name.  The identity thief never pays back the money accessed through the child’s credit and the child is burdened with a bad credit report that can have a deleterious effect on the child when he or she applies for credit, applies for a job, applies for a scholarship or applies for an apartment.  Presently the major credit reporting agencies have not permitted credit reports to be frozen until there is an active credit report.  In the circumstances of a child, this would occur only after the child’s credit had been accessed and abused so it truly would be closing the barn door after the horses are out.

TIPS

Credit freezes are a great way for all of us to protect ourselves from identity theft even in the event that someone has access to your Social Security number.  You can find out more about credit freezes in my book “50 Ways to Protect Your Identity in a Digital Age.”  You can also find the laws about credit freezes in your own particular state by going to this link:   http://www.consumersunion.org/campaigns/learn_more/003484indiv.html

Scam of the day – December 21, 2013 – What to do if you were a Target hacking victim

December 21, 2013 Posted by Steven Weisman, Esq.

With 40 million credit and debit cards affected by the recent hacking of Target, there is a good chance that many Scamicide readers are a part of that group that includes my own wife.  The hacking of Target once again shows that regardless of how careful you are, you are only as safe from identity theft as the place with the weakest security that holds or processes your personal information such as credit cards.  Today I am going to provide the simple steps that you should take if your credit card or debit card was compromised.

TIP

First of all, resolve not to use your debit card for purchases.  Reserve its use for ATMs.  The maximum that you are possibly liable for in regard to fraudulent charges on your credit card is only $50 and most credit card issuers won’t charge you anything.  However, with a debit card, if you don’t notice the illegal withdrawals from your bank account in a timely fashion, you risk losing all of the money in the account and even if you do report the fraudulent activity right away, you will not be made whole by the bank until they have completed an investigation of the matter.

The next thing you should do is check your credit card statement for illegal activity.  Do this online for both speed and to see the most recent transactions.  If fraudulent purchases appear, notify the credit card company to have them remove the charges.  Also file a police report.  You should then cancel the card and have the credit card company issue you a new card.  Even if you have not yet noticed illegal activity, you shouldn’t be complacent because generally in these situations, the thieves sell the stolen credit card information on black market websites and there may be a long time lag before you would see illegal activity on your card.  Why wait for the inevitable?  Cancel the card and get another one.

You also should use this opportunity to obtain your free credit report in order to make sure that there is no evidence of identity theft.  Go to www.annualcreditreport.com.  This is the only source for the free credit reports that you have a right to have by law.  Many other websites with similar names may provide you with a free credit report, but in the fine print, you may find that you have unwittingly signed up for a costly service that you do not want or need.

Finally, you may wish to consider putting a credit freeze on your credit report so that even if someone has sufficient personal information about you to otherwise gain access to your credit report in order to use it to make a large purchase, they would not be able to get access to your credit report because it is frozen and can only be made available by you using a PIN.  You can find all the information you need about credit freezes here on Scamicide.  Just go to the column on the right and click on “credit freezes.”

 

Scam of the day – December 8, 2013 – Blue Cross laptops stolen: customers in danger of identity theft

December 8, 2013 Posted by Steven Weisman, Esq.

Horizon Blue Cross Blue Shield has just announced that two laptop computers were stolen from its Newark, New Jersey headquarters.  The stolen laptops contained personal information including names, addresses, dates of birth, Social Security numbers and more on 839,711 members thereby placing them in serious danger of identity theft.  The computers, which were locked by cables to employee workstations inside the Newark headquarters, were protected by passwords, but the information contained on the computers was not encrypted, thereby making the information available to an identity thief who is adept at using software programs used to decipher passwords.  Unfortunately, we have no reason to believe that the passwords used are of sufficient strength to make the process of breaking down the passwords difficult, particularly when the company did not take the important step of encrypting the information.

Similarly, it has just been revealed that a laptop computer and paper files containing personal information of 1,300 patients of the Houston Methodist Hospital was stolen last week.  In this case again the data was not encrypted and the paper files not properly secured thereby putting the hospital’s patients in serious jeopardy of identity theft.

These two laptop thefts are, unfortunately, not unusual and they serve to highlight two important facts.  First, that you are only as safe from identity theft as the security of the weakest place that has your personal information and second, that companies are still not taking basic security measures such as encrypting data, necessary to protect the privacy of personal information that they hold.

TIPS

In regard to these specific instances, those members affected by the laptop thefts at Horizon Blue Cross Blue Shield are being notified by Horizon and are being offered free credit monitoring and identity theft protection, which I strongly advise that you accept if you are affected by this security breach.  In regard to the Houston Methodist Hospital laptop thefts, the hospital is in the process of notifying those patients affected and are also offering free identity theft protection for a period of one year.  Again, if you are a victim of this data breach, I urge you to accept the offer.

In addition, those people affected and, quite frankly, everyone, should consider putting a credit freeze on their credit reports to prevent someone from accessing their credit report even if an identity thief has gotten access to Social Security numbers and other information that would otherwise permit access to the all important credit report.  Everyone should also regularly monitor their credit reports for early evidence of identity theft.  You can find information about how to get a credit freeze and your free credit reports in my book “How to Protect Your Identity in a Digital Age” as well as here on Scamicide.

 

Scam of the day – November 20, 2013 – Dangers posed by hacking of government websites

November 20, 2013 Posted by Steven Weisman, Esq.

In November 2nd’s Scam of the day, I told you about the recent arrest of British citizen Lauri Love for hacking into the computers of a number of United Sates Government departments.  In a confidential memorandum, the FBI has recently warned other government agencies about actions of the informal hackers group known as “Anonymous “to also hack various agencies of the United States government. According to the memorandum which was leaked to Reuters, many federal agencies have already been hacked and information stolen from the U.S. Army, the Department of Energy, the Department of Health and Human Services and many more resulting in Anonymous stealing large amounts of personal information contained in the unencrypted computers of these various agencies.  Among the information stolen was personal information on 104,000 employees and contractors of the Department of Energy including bank account information on some of these people.  A common thread between Lauri Love’s hacking and the hacking done by Anonymous is the exploiting of security flaws in Adobe’s Cold Fusion software which is a popular website development software used by many companies and federal agencies.  I have been warning you that this was going to happen since we first became aware of the hacking of Adobe.

So what does it mean to you?

TIPS

Once again, this illustrates that your personal information is only as safe as the place with the weakest security that holds your information.  It is important to limit the places that hold your personal information to as few places as actually need it.  Also, do not leave credit cards on file with online companies with which you shop for your convenience.  Your convenience can lead to your becoming a victim of identity theft if they are hacked.  You should make sure that you monitor your credit reports at least annually to be on the lookout for identity theft and you may wish to consider putting a credit freeze on your credit report to limit the damage if you do become a victim of a hacking.  For more information about credit freezes and getting free copies of your credit reports check out my book “50 Ways to Protect Your Identity in a Digital Age.”