Scam of the day – September 8, 2017 – Massive data breach at Equifax

Yesterday Equifax, one of three major credit reporting agencies announced that it had been victimized by a data breach between mid May and July that resulted in personal information of approximately 143 million Americans being stolen.  To put this number into perspective it accounts for nearly 44% of the entire population of the United States.  The compromised information included names, Social Security numbers, birth dates and more.  This information puts the victims of the data breach in serious danger of identity theft.  In the past when major data breaches such as this have occurred, the cybercriminals sell the information to other cybercriminals on the Dark Web.  To date, we have not yet seen this information being sold, but it will be.

Equifax is offering to affected customers a free year of credit monitoring and the ability to freeze your Equifax credit report.  To find out if your records were affected by the breach, click on this link provided by Equifax

Potential Impact


If you have been affected by the data breach, you should sign up for the free services offered by Equifax and definitely should freeze your credit report at all of the credit reporting agencies because the information stolen puts you in jeopardy of identity theft at all of the credit reporting agencies.

Even if you have not been a victim of the data breach, you should consider taking this as the opportunity to put a credit freeze on your credit reports. Credit freezes are the best thing you can do to protect yourself from becoming a victim of identity theft.

To get started, it’s best to first understand the laws and fees governing credit freezes in your state. The National Conference of State Legislatures describes the credit freeze laws for each state. 

To get the maximum protection from identity theft, it is important to freeze your credit at each of the three major credit reporting agencies. Here are links to each of them for information about how to get a credit freeze: 

Once you have frozen your credit, be sure to keep the PIN and information on how to unfreeze your credit report in a safe place.

August 26, 2017 – Steve Weisman’s latest column for the Saturday Evening Post

Here is a link to my latest column which describes how putting a credit freeze on your credit reports can be the best thing you can do to protect yourself from becoming a victim of identity theft.

Con Watch: Credit Freezes: The Best Protection from Identity Theft

Scam of the day – August 1, 2017 – Discover card now offering identity theft alert services

Discover is now offering free identity theft alert services through any of their credit cards.  Discover monitors websites on the Dark Web where criminals buy and sell stolen credit cards, Social Security numbers and other identity theft information.  They will then alert their customers if it is found that their Social Security number or credit card has been compromised.  In addition, Discover will also monitor the customer’s Experian credit report and alert the customer if new accounts, such as credit cards, car loans or mortgages are taken out in the name of the customer.  Finally, Discover representatives will offer some guidance in remedying the problem if the customer does become a victim of identity theft.  All of these services are offered by Discover to its customers at no charge.


While this is a very significant benefit to consumers and Discover should be applauded for its efforts, it should be noted that there are numerous other ways that identity theft is accomplished beyond those that Discover will be monitoring.  In addition, Discover will only be looking at the customer’s Experian credit report and not those of the other credit reporting agencies, TransUnion and Equifax.  Often problems may appear on one of these companies reports and not on the others.  Perhaps most importantly, like all credit monitoring services, these services do nothing to help prevent someone from becoming a victim of identity theft in the first place.  There are many things that people can do to help protect themselves from becoming a victim of identity theft, perhaps most strongly by putting a credit freeze on their credit reports at all three of the credit reporting agencies.  In my book “Identity Theft Alert” I list more than sixty simple things people can do to protect themselves from becoming a victim of identity theft.

Scam of the day – July 29, 2017 – Professional football player victim of criminal identity theft

Dallas Cowboys wide receiver Lucky Whitehead was arrested last month in Virginia on shoplifting charges and the Cowboys responded by releasing him from the team earlier this week.  There was one problem, however. Whitehead was not in Virginia last month, but an identity thief who used Whitehead’s name to commit the crimes was and provided Whitehead’s name when arrested.  Fortunately, for Whitehead, who may be lucky after all, although the Cowboys cut him for a crime he did not commit, the New York Jets signed Whitehead to a contract to play for the Jets.

Criminal identity theft occurs when someone steals your identity and then commits crimes using your name and Social Security number.  The problems encountered by someone whose identity has been stolen by a criminal who then commits crimes in the name of the identity theft victim are tremendous.   Victims of criminal identity theft have been arrested for crimes they never committed and often have had difficulty having the crimes, committed by someone who stole their identity, removed from their records.  A faulty criminal record can affect your ability to get a job or various benefits.


If you find that you are a victim of criminal identity theft, you should hire a lawyer and contact the police as well as the District Attorney’s office to straighten out the matter.  File a report indicating that you are the victim of identity theft.  It will be necessary for you to confirm your true identity through photographs and fingerprints. In addition, show law enforcement authorities your driver’s license, passport or any other identification that you might have that contains your photograph.

Get a letter from the District Attorney explaining the situation to have available if you are ever stopped for a traffic violation and your record is checked.  A few states have Identity Theft Passport programs through which anyone whose identity has been stolen by someone who uses it to commit crimes can, upon proving their identity, receive an Identity Theft Passport that protects them and confirms their true identity .  Even if your state does not have an Identity Theft Passport program, get a letter from the law enforcement agency that arrested the person using your name known as a “clearance letter” which indicates that you have not committed the crimes which were done by the identity thief who used your name.  Keep this document with you at all times.

Scam of the day – July 20, 2017 – Ashley Madison settlement awaits court approval

In July of 2015 it was first learned that the Ashley Madison dating site had experienced a major data breach affecting 36 million of its members. Ashley Madison, a website for people seeking to have extra-marital affairs formerly used the slogan, “Life is short, have an affair.” Ashley Madison was hacked by a group calling itself Impact Team.  Impact Team released information on 36 million users of Ashley Madison including names,  addresses, sexual interests and credit card details.

The Federal Trade Commission (FTC) and 13 state attorneys general sued Ashley Madison and later settled.  Under the terms of the settlement Ashley Madison was required to implement a comprehensive data security program and pay 1.66 million dollars to the FTC and the states involved with the charges.

Now it appears that Ashley Madison, which is owned by Ruby Corp. has agreed to a settlement of the separate class action brought by Ashley Madison customers whose personal information was leaked.  According to the terms of the 11.2 million dollar settlement, victims of the data breach will be paid up to $3,500 each.  The settlement has been agreed to, but needs court approval before it can be final.  I will report to you when that occurs.


Perhaps the biggest takeaway from this matter, as millions of Ashley Madison customers suffered the consequences of having their involvement with the dating service made public, is that your personal information is only as safe as the places with the worst security that have your personal information.  It also is obvious that the more places that have your personal information, the more at risk you are.  Therefore you should limit the places that have your personal information as much as possible.  In addition, you should not leave your credit card on record with a company for convenience sake even if it is a company with which you regularly do business.  Unless you agree to have your credit card information saved, companies with which you use your credit card are not allowed to store that information.

Scam of the day – July 3, 2017 – Delta Airlines Facebook scam

For years I have been reporting to you about numerous scams involving airline tickets.  Delta Airlines is  now reporting a scam where the targeting victim of the scam receives a a Facebook request purporting to be from Delta asking for SkyMiles numbers and other personal information.  This information is used by the scammer for purposes of identity theft.


Neither Delta nor any of the other airlines will contact you through Facebook and ask for personal information or account information.  Delta and the other airlines will only ask for your account information if you go to their secure website or if you contact them in order to verify your identity.

Scam of the day – June 30, 2017 – Government agency criticizes IRS for failure to protect victims of identity theft

It was just a little over two weeks ago that I complimented the IRS for actions it was taking in regard to resolving the claims of victims of income tax identity theft as announced in a report by the Treasury Inspector General for Tax Administration (TIGTA).  Unfortunately, a newly issued TIGTA report about employment related identity theft found the IRS is doing a miserable job of protecting innocent victims of this type of fraud.

Employment related identity theft occurs when someone steals your Social Security number for purposes of getting a job.  The victim does not generally learn about the crime until they are notified by the IRS that they did not include all of their income on their income tax return.  The recent TIGTA report found that the IRS’ procedures for both identifying the phony returns filed by the identity thieves and its procedures for helping the victims whose Social Security numbers had been stolen and used  were seriously lacking.  In particular,  TIGTA concluded that 548,968 victims of this type of crime were not being properly helped by the IRS.


TIGTA made seven specific recommendations to the IRS as to steps it should be taking, including developing procedures to notify parents of children whose Social Security numbers had been stolen and used for employment related identity theft, however, the IRS did not agree with five of the recommendations, leaving victims in danger and with less help from the IRS than they should receive.

The best thing that anyone can do to protect themselves from becoming a victim of identity theft is to keep your Social Security number as private as possible.  Don’t give it as an identifier to anyone or any company that asks for it unless you are legally required to do so.  For example, your doctor or dentist does not need your Social Security number although many ask for it.  The more places that have your Social Security number, the greater your risk of identity theft.

June 21, 2017 – Steve Weisman’s latest column for the Saturday Evening Post

Identity theft can be high tech, low tech or no tech.  Here is a link to a column I wrote for the Saturday Evening Post about the dangers of identity theft posed by your regular snail mail.

Con Watch: How Snail Mail Can Lead to Identity Theft