Scam of the day – August 1, 2017 – Discover card now offering identity theft alert services

Discover is now offering free identity theft alert services through any of their credit cards.  Discover monitors websites on the Dark Web where criminals buy and sell stolen credit cards, Social Security numbers and other identity theft information.  They will then alert their customers if it is found that their Social Security number or credit card has been compromised.  In addition, Discover will also monitor the customer’s Experian credit report and alert the customer if new accounts, such as credit cards, car loans or mortgages are taken out in the name of the customer.  Finally, Discover representatives will offer some guidance in remedying the problem if the customer does become a victim of identity theft.  All of these services are offered by Discover to its customers at no charge.

TIPS

While this is a very significant benefit to consumers and Discover should be applauded for its efforts, it should be noted that there are numerous other ways that identity theft is accomplished beyond those that Discover will be monitoring.  In addition, Discover will only be looking at the customer’s Experian credit report and not those of the other credit reporting agencies, TransUnion and Equifax.  Often problems may appear on one of these companies reports and not on the others.  Perhaps most importantly, like all credit monitoring services, these services do nothing to help prevent someone from becoming a victim of identity theft in the first place.  There are many things that people can do to help protect themselves from becoming a victim of identity theft, perhaps most strongly by putting a credit freeze on their credit reports at all three of the credit reporting agencies.  In my book “Identity Theft Alert” I list more than sixty simple things people can do to protect themselves from becoming a victim of identity theft.

Scam of the day – July 29, 2017 – Professional football player victim of criminal identity theft

Dallas Cowboys wide receiver Lucky Whitehead was arrested last month in Virginia on shoplifting charges and the Cowboys responded by releasing him from the team earlier this week.  There was one problem, however. Whitehead was not in Virginia last month, but an identity thief who used Whitehead’s name to commit the crimes was and provided Whitehead’s name when arrested.  Fortunately, for Whitehead, who may be lucky after all, although the Cowboys cut him for a crime he did not commit, the New York Jets signed Whitehead to a contract to play for the Jets.

Criminal identity theft occurs when someone steals your identity and then commits crimes using your name and Social Security number.  The problems encountered by someone whose identity has been stolen by a criminal who then commits crimes in the name of the identity theft victim are tremendous.   Victims of criminal identity theft have been arrested for crimes they never committed and often have had difficulty having the crimes, committed by someone who stole their identity, removed from their records.  A faulty criminal record can affect your ability to get a job or various benefits.

TIPS

If you find that you are a victim of criminal identity theft, you should hire a lawyer and contact the police as well as the District Attorney’s office to straighten out the matter.  File a report indicating that you are the victim of identity theft.  It will be necessary for you to confirm your true identity through photographs and fingerprints. In addition, show law enforcement authorities your driver’s license, passport or any other identification that you might have that contains your photograph.

Get a letter from the District Attorney explaining the situation to have available if you are ever stopped for a traffic violation and your record is checked.  A few states have Identity Theft Passport programs through which anyone whose identity has been stolen by someone who uses it to commit crimes can, upon proving their identity, receive an Identity Theft Passport that protects them and confirms their true identity .  Even if your state does not have an Identity Theft Passport program, get a letter from the law enforcement agency that arrested the person using your name known as a “clearance letter” which indicates that you have not committed the crimes which were done by the identity thief who used your name.  Keep this document with you at all times.

Scam of the day – July 20, 2017 – Ashley Madison settlement awaits court approval

In July of 2015 it was first learned that the Ashley Madison dating site had experienced a major data breach affecting 36 million of its members. Ashley Madison, a website for people seeking to have extra-marital affairs formerly used the slogan, “Life is short, have an affair.” Ashley Madison was hacked by a group calling itself Impact Team.  Impact Team released information on 36 million users of Ashley Madison including names,  addresses, sexual interests and credit card details.

The Federal Trade Commission (FTC) and 13 state attorneys general sued Ashley Madison and later settled.  Under the terms of the settlement Ashley Madison was required to implement a comprehensive data security program and pay 1.66 million dollars to the FTC and the states involved with the charges.

Now it appears that Ashley Madison, which is owned by Ruby Corp. has agreed to a settlement of the separate class action brought by Ashley Madison customers whose personal information was leaked.  According to the terms of the 11.2 million dollar settlement, victims of the data breach will be paid up to $3,500 each.  The settlement has been agreed to, but needs court approval before it can be final.  I will report to you when that occurs.

TIPS

Perhaps the biggest takeaway from this matter, as millions of Ashley Madison customers suffered the consequences of having their involvement with the dating service made public, is that your personal information is only as safe as the places with the worst security that have your personal information.  It also is obvious that the more places that have your personal information, the more at risk you are.  Therefore you should limit the places that have your personal information as much as possible.  In addition, you should not leave your credit card on record with a company for convenience sake even if it is a company with which you regularly do business.  Unless you agree to have your credit card information saved, companies with which you use your credit card are not allowed to store that information.

Scam of the day – July 3, 2017 – Delta Airlines Facebook scam

For years I have been reporting to you about numerous scams involving airline tickets.  Delta Airlines is  now reporting a scam where the targeting victim of the scam receives a a Facebook request purporting to be from Delta asking for SkyMiles numbers and other personal information.  This information is used by the scammer for purposes of identity theft.

TIPS

Neither Delta nor any of the other airlines will contact you through Facebook and ask for personal information or account information.  Delta and the other airlines will only ask for your account information if you go to their secure website or if you contact them in order to verify your identity.

Scam of the day – June 30, 2017 – Government agency criticizes IRS for failure to protect victims of identity theft

It was just a little over two weeks ago that I complimented the IRS for actions it was taking in regard to resolving the claims of victims of income tax identity theft as announced in a report by the Treasury Inspector General for Tax Administration (TIGTA).  Unfortunately, a newly issued TIGTA report about employment related identity theft found the IRS is doing a miserable job of protecting innocent victims of this type of fraud.

Employment related identity theft occurs when someone steals your Social Security number for purposes of getting a job.  The victim does not generally learn about the crime until they are notified by the IRS that they did not include all of their income on their income tax return.  The recent TIGTA report found that the IRS’ procedures for both identifying the phony returns filed by the identity thieves and its procedures for helping the victims whose Social Security numbers had been stolen and used  were seriously lacking.  In particular,  TIGTA concluded that 548,968 victims of this type of crime were not being properly helped by the IRS.

TIPS

TIGTA made seven specific recommendations to the IRS as to steps it should be taking, including developing procedures to notify parents of children whose Social Security numbers had been stolen and used for employment related identity theft, however, the IRS did not agree with five of the recommendations, leaving victims in danger and with less help from the IRS than they should receive.

The best thing that anyone can do to protect themselves from becoming a victim of identity theft is to keep your Social Security number as private as possible.  Don’t give it as an identifier to anyone or any company that asks for it unless you are legally required to do so.  For example, your doctor or dentist does not need your Social Security number although many ask for it.  The more places that have your Social Security number, the greater your risk of identity theft.

June 21, 2017 – Steve Weisman’s latest column for the Saturday Evening Post

Identity theft can be high tech, low tech or no tech.  Here is a link to a column I wrote for the Saturday Evening Post about the dangers of identity theft posed by your regular snail mail.

Con Watch: How Snail Mail Can Lead to Identity Theft

Scam of the day – June 20, 2017 – Another cosmetic surgery clinic suffers data breach

On June 5th I reported to you about the data breach at a Lithuanian cosmetic surgery clinic and now we have learned about a similar, but significantly different data breach suffered by prominent Beverly Hills plastic surgeon  Dr. Zain Kadri whose patients include people from many states and four countries.

The data breach, which law enforcement says, affects approximately 15,000 people includes tremendous amounts of data, information and documents including before and after surgery photographs, patient records, credit card information and patient contact information.  It appears that Dr. Kadri’s practice was both electronically hacked and physically burgled by a person, who police say, was a former employee.

The patients victimized by this crime face blackmail, extortion and identity theft as a result of the data breach.

TIPS

Medical practices continue to be a prime target for identity thieves because they are often quite vulnerable to cyberattacks, but as this case apparently shows, data breaches can be done through old fashioned burglaries as well and it is important for all entities that store personal data to take steps to secure data both physically as well as electronically and to limit access to such information to only such employees as have a need to have access to the information.

Unfortunately, there is little that we as consumers and patients can do other than to limit the amount of personal information we provide, as best we can.  For example, your doctor does not need your Social Security number.  We should also inquire of anyone or any entity that retains our personal information about what they do to secure that information.

Scam of the day – June 18, 2017 – Identity thieves hack Federal Student Aid website

The Free Application for Federal Student Aid (FAFSA) is a part of the U.S. Department of Education used by college students to apply for much needed financial aid to assist them in furthering their education.  Some of the forms used in the application process require inserting information from past income tax returns.  To make the process more convenient, FAFSA provided for a data retrieval service directly to the IRS to obtain the necessary information, however scammers, such as two recently indicted men from Indiana and Georgia are alleged to have hacked into the data retrieval system of FAFSA applicants to get the tax information which they then used to commit income tax identity theft, attempting to steal approximately 12.7 million dollars in phony income tax refunds.

In response to these problems, FAFSA suspended its data retrieval system until two weeks ago when they reinstituted the Data Retrieval Tool with the IRS in a manner that the tax return information will be encrypted and hidden from view of even the borrower as well as someone hacking into the borrower’s account.

TIPS

Quite often, as Shakespeare said, the fault is not in the stars, the fault is in ourselves. Too often we become victims of identity theft when the security of particular websites, companies or government agencies that have our personal data is compromised because we provide our passwords and user names to identity thieves by falling prey to spear phishing emails or downloading malware.   It is important to never click on a link in an email or download an attachment unless you have confirmed that it is legitimate.  Also, never provide personal information to anyone unless you have confirmed that the request is legitimate.

As for students seeking to use the Data Retrieval Tool of the IRS for filing a FAFSA form, you can safely use this service by going to StudentLoans.gov.

Scam of the day – June 17, 2017 – Father’s Day scams

Tomorrow is Father’s Day which for many people is an opportunity to show our fathers how much we love and appreciate them, for scam artists, it is yet another opportunity to scam people.

One of the most common Father’s Day scams involves e-cards which are great, particularly for those of us who forget to send a Father’s Day card until the last minute.  Identity thieves send emails purporting to contain a link to an electronic Father’s Day card, but instead send malware that becomes downloaded when the victim clicks on the link. This keystroke logging malware enables an identity thief to steal personal information from the victim’s computer that can be used for purposes of identity theft.

TIPS

Never click on a link to open an e card unless the e card specifically indicates who sent the card. Phony e cards will not indicate the name of the sender.  Even if the sender is someone you recognize, you should independently confirm with that person that they indeed sent you an e card before clicking on the link.

Scam of the day – June 16, 2017 – Woman pleads guilt to identity theft through mail theft

Crystal Candiece Cooper recently pleaded guilty in California to stealing mail and using the stolen mail for purposes of identity theft.  At her sentencing, scheduled for September 12th she faces a prison sentence of as long as thirty years.   Identity theft is a high tech, low tech and no tech crime and while we often tend to focus our attention on high tech identity theft tactics such as spear phishing, no tech tactics such as fishing for mail with a plastic bottle covered in glue that is lowered into blue public mailboxes to capture mail being sent with checks is making a comeback.

I have warned you for years about leaving mail with checks or credit card information in your personal mailbox outside of your home with the flag raised to alert your postal carrier that there is mail in your box to be retrieved is a bad idea because it also alerts identity thieves who can easily steal the mail.  Once they have the checks, they can “wash” the name or even the amount of the check and make the check payable to the thief. They also can use the account number of your check to create counterfeit checks to access your checking account.

Mail thieves also will steal incoming mail from your own personal mailbox which may contain credit card bills, checks and other information and documents that can readily be used for purposes of identity theft.

TIPS

This is an easy crime to avoid.  In regard to paying your bills, the best course of action is to pay your bills electronically and avoid the problem altogether.  However, if you cannot do so or prefer to send a paper check by mail, you should use a gel pen that is not easily “washed” to write your checks and you should mail envelopes with checks in them directly from inside the post office.  You also should consider a locked mailbox for your personal mailbox to avoid identity thieves from easily accessing your mail before you do.