Scam of the day – June 27, 2016 – Why you should have a credit freeze

Regular readers of Scamicide are probably familiar with credit freezes, but it is important to remind everyone about the benefits of this tool that is simply the best thing you can do to protect yourself from identity theft.  A credit freeze is, as the name implies, is a freezing of your credit report at your request whereby no one can have access to your credit report even if they have your Social Security number and other personal information about you.  You control access to the credit report through a special PIN that you choose.   Thus, even if someone was able to steal your Social Security number, they could not parlay that into access to your credit report and use it to purchase things or set up accounts using your name.  If you need to thaw out your credit report at such times as you want to apply for credit in the future, it is an easy procedure to do by using your PIN; then, after your new credit has been established, you can freeze your credit report again.

Here is a link to the National Conference of State Legislature’s webpage that describes the credit freeze laws for each individual state.  Because the laws differ from state to state, you should check on the laws for your own particular state when putting on a credit freeze because the costs differ from state to state.  http://www.ncsl.org/research/financial-services-and-commerce/consumer-report-security-freeze-state-statutes.aspx

The credit reporting bureaus and many of the companies offering identity theft protection services advise people to put a fraud alert on their credit reports at each of the three major credit reporting agencies, Experian, Equifax and TransUnion, if you think you are in danger of identity theft rather than use a credit freeze. With a fraud alert in place, you are supposed to be notified if anyone attempts to open a new account or access credit in your name, which sounds like a good thing and it would be if it weren’t often ignored by businesses opening new accounts or granting credit in your name by identity thieves.

And what is the penalty, you might ask for a company failing to contact you before granting someone credit if you have a fraud alert on your credit report? Zero. Zilch. Nada. There is absolutely no penalty whatsoever if a company chooses to ignore a fraud alert and fails to notify you when someone attempts to open a new account using your name.  So why do credit reporting agencies recommend that people use fraud alerts to protect themselves from identity theft?  The answer is simple. The credit reporting agencies make billions of dollars by selling your information to banks and other companies. With a fraud alert in place, they can continue to sell your information however, if you have a credit freeze in place, they cannot sell your information. With a credit freeze in place, even an identity thief who already has your Social Security number will not be able to access your credit reports to use your credit to make purchases or open accounts in your name.

This is important because before opening new accounts, most companies will do a credit check of the applicant. With a credit freeze in place, a credit check cannot be done and consequently an identity thief will be prevented from opening new accounts

Having your credit frozen will not affect your ability to get your annual free credit reports from each of the three major credit-reporting agencies Equifax, Experian and TransUnion.  It is important to put a credit freeze on your credit report at each of the three major credit reporting agencies.  Here are the links to each of them where you can go to freeze your credit.

Equifax  https://www.freeze.equifax.com

TransUnion:  https://transunion.com/securityfreeze

Experian   https://www.experian.com/freeze/center.html

Scam of the day – April 22, 2015 – Watch out for the Simda botnet

Recently the Department of Homeland Security joined Interpol and the FBI to issue a serious warning about a botnet called the Simda botnet.  A botnet, as readers familiar with Scamicide will know, is a network of infected computers used by cybercriminals to spread malware.  According to the Department of Homeland Security more than 770,000 computers have already been affected by the Simda botnet which has been around since 2009 preying on computers that are not properly protected by up to date anti-malware software.  The Simda malware not only enables the cybercriminals to use their victims’ computers to spread this and other malware, but it also enables the cybercriminals to steal personal information from the infected computers that make up the botnet and then use that information for purposes of identity theft.

TIPS

Here is a link to which you can go to find out if your computer has been infected with the Simda malware.  http://www.cyberdefense.jp/simda/

If you have been a victim of the Simda malware, you should install anti-virus and anti-malware software to rid your computer of the Simda malware.  You should then change the passwords for all of your accounts because they have been compromised.  You should also get a copy of your credit report from each of the three credit reporting agencies, Equifax, TransUnion and Experian to determine if you have already become a victim of identity theft.  You should also lock up your credit reports with a credit freeze at each of the three credit reporting agencies.  You can find instructions as to how to do this here in the Scamicide archives.

Even if you have not become a victim of the Simda malware, you should make sure that your anti-virus and anti-malware software is constantly updated.

Scam of the day – March 22, 2015 – Obituary scams

Scammers have no sympathy for anyone as evidenced by the many scams that are based on obituaries.  For years, scammers would scan the obituaries and then go to Social Security’s Death Master File where the names of deceased Americans are available along with their Social Security numbers and then use this information to the deceased a victim of identity theft by obtaining credit, filing phony income tax returns or other tactics.  Easy access by scammers to the Death Master File has been largely closed by legislation that took a long time to be made effective.

Scammers also will look for information in obituaries about the names of family members and then use that information for purposes of the infamous Grandparent Scam where the grandparent gets a telephone call late at night from a scammer posing as the grandchild who under the guise of some emergency tricks the grandparent into sending money to the scammer.

Scammers also call the families of people they see in the obituaries and claim they are creditors of the deceased person and that the family must pay a debt owed by the deceased.

Finally, scammers will also deliver packages by messengers on a COD basis claiming that the package was something ordered by the deceased person.  It is only after the family member has paid the Cash On Delivery charges and opened the package that the family finds that the package is just filled with old newspapers or magazines merely used as weight for the package.

TIPS

Scammers prey on people at their most vulnerable so it is at times like the death of a family member that you must be your most vigilant.  When writing an obituary, don’t put in specific information such as names that can be used by a scammer.  Also, contact the three major credit reporting bureaus, Equifax, TransUnion and Experian to seal the credit report of the deceased in order to avoid the risk of identity theft.  If someone contacts you claiming a debt was owed by the deceased, demand written confirmation for you to review before paying any alleged debts.  Don’t be pressured to act quickly by a purported debt collector.  Finally, if a COD package comes, refuse to pay until you can confirm that the delivery is legitimate.

Scam of the day – February 27, 2015 – Texas court dismisses data breach class action

More and more massive data breaches have become a part of everyday life.  Breaches such as recently occurred at Anthem and in the past few years affected Target, Home Depot and many other companies affect just about everyone.  Sometimes the data breaches, such as occurred with Target only affect credit card information, but other data breaches, such as the recent Anthem data breach result in much personal information being stolen which can then be used to turn the person whose information has been stolen into a victim of identity theft.  Recently a number of class actions on behalf of the victims of these data breaches have been filed against the breached companies for failing to use proper security measures.  Recently the Federal District Court for Southern Texas dismissed a class action brought by Beverly Peters on behalf of herself and others whose information had been compromised following a February 2014 data breach affecting 405,000 employees and patients of the St. Joseph Health System, a Texas hospital and health clinic company.  The class action was dismissed by the court because as of the date of the court hearing there was no evidence that any of the people affected had become victims of identity theft.

TIPS

The problem with this decision is that in many instances, identity thieves wait before using the stolen information in the hope that as time goes by, people will be less vigilant in guarding their identities.  In massive data breaches such as the one suffered by the St. Joseph Health System, the hackers often steal all of the information and then sell it in batches on black market websites to identity thieves whose use of the information results in the victims suffering identity theft.  While credit monitoring is often offered on a free basis, as it was in this case, by the hacked company following the data breach, credit monitoring does nothing to stop identity theft.  It only tells you that you have become a victim sooner than you might otherwise become aware.  A much better alternative is to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  This will prevent even someone with your personal information from accessing your credit report to obtain credit in your name and thus help keep you from becoming a victim of identity theft.  You can find information in the Archives of Scamicide about how to put a credit freeze on your credit reports.

Scam of the day – February 19, 2015 – Anthem data breach update

As I reported to you right after it happened earlier this month, Anthem, a major care health care company suffered a data breach that could affect as many as 80 million Americans.  The data stolen included birth dates, Social Security numbers and other information putting the affected victims in extreme danger of identity theft.  Anthem is now offering free identity theft repair and credit monitoring services to current or former members of affected Anthem plans going back to 2004.  This includes customers of Anthem, Inc. companies Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore and Unicare.  It also includes customers of affiliated Blue Cross and Blue Shield companies who used their Blue Cross Blue Shield insurance in any of the states where Anthem, Inc. does business.  Those state are California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Ohio, Virginia and Wisconsin.

TIPS

Anthem has contracted with AllClear ID to provide two years of identity theft repair and credit monitoring services to affected customers.  Identity repair assistance is available without enrollment by merely calling AllClear ID at 877-263-7995.  Additionally, affected customers may enroll at no charge in the AllClear PRO credit monitoring service during this two year period.  You can enroll either by phone at 877-263-7995 or online at https://anthem.allclearid.com/

Additionally although neither Anthem nor AllClear ID provides this service, if you were a victim of this data breach, it would be advisable to put a credit freeze on your credit reports at each of the three major credit reporting agencies, Equifax, Transunion and Experian.  You can find more information about credit freezes and how to put them on your credit reports at no charge by going to the Scamicide archives.

Scam of the day – October 31, 2014 – Free credit score scams

Based on the information contained in your credit reports, your credit score can have a significant effect on whether you are granted a loan and at what interest rate, whether you will be hired for a job, whether you will be sold insurance, whether you can rent an apartment or many other purposes.  We all have a right to an annual free credit report from each of the three major credit reporting agencies, however, your free credit report will not provide you with your credit score.  Recently many people are receiving emails with offers to provide a free copy of your credit score.  Unfortunately, as with any other email or text message that requires you to provide personal information such as your Social Security number which is required to obtain your credit report or credit score, you cannot be sure that the offer is legitimate.  In some instances, companies offering to provide “free” credit reports or scores are actually signing you up for a continuing service that you may not either desire or need.  These sites generally ask for your credit card number, but tell you that they only need the credit card number for verification purposes.  Of course, that it is a lie.  If you were getting something free, you would not need to provide a credit card number.   They are getting your number to use it to charge you monthly fees for services that you may not have thought you ordered.  Even worse however, are scams in which the company offering to provide you with your free credit score is actually just scamming you in order to get your Social Security number which they will use to make you a victim of identity theft.

TIPS

As I always say, you cannot trust any email or text message to be legitimate.  Never click on links, download attachments or provide personal information in response to unsolicited emails or text messages.  The risk is too great.  If you want your free credit reports from each of the three major credit reporting agencies, Equifax, Transunion and Experian, the only place to go is the website www.annualcreditreport.com.  It is important to monitor your credit report not just to find evidence of identity theft, but also to find mistakes that may appear on your report that can adversely affect your credit score.  As for your credit score, the website www.creditkarma.com is a legitimate website that you can trust, that encrypts your data and provides your credit score for free.

Scam of the day – September 29, 2014 – Child identity theft

Last week, Florida became the latest state to enact a law to help combat identity theft of children’s identities.  The new law has the clever acronym of KIDS, which stands for the Keeping ID Safe act.  Under this law, parents of minors are able to open a file with each of the major credit reporting agencies, Equifax, TransUnion, and Experian and then immediately freeze the accounts so that even if an identity thief managed to obtain the child’s Social Security number and other personal information, the identity thief would not be able to access the credit report for purposes of running up large debts using the credit of the child, who generally does not become aware that his or her identity has been stolen until he or she reaches older teen years when he or she might first apply for a car loan or financial aid for college.  Identity theft of children’s identities is a huge national problem.  According to a study by the Carnegie Mellon CyLab, children are more than 51 times more likely to become a victim of identity theft than adults.

TIPS

If you live in one of the states that has a law such as Florida’s, take advantage of the law, set up a credit report for your children and immediately freeze the account. And while you are at it, you should also freeze your own credit reports as your best precaution against identity theft.  If your state does not have such a law, let your state legislators know that you want them to pass such a law.  I am proposing such a law in my own home state.  As much as possible try to limit the places that have your child’s Social Security number and become familiar with the Family Educational Rights Privacy Act which helps you protect the privacy of your child’s school records and lets you opt out of information sharing by the school with third parties.  Finally, the security company AllClear ID (www.allclearid.com) provides a free service called ChildScan which not only searches credit records tied to your child’s Social Security number, but also checks employment records, criminal records and medical records to recognize at an early stage if your child has become a victim of identity theft.

Scam of the day – July 14, 2014 – Chinese hackers steal information from Federal Office of Personnel Management

Hacking of American companies by Chinese hackers is not particularly startling as it is going on all of the time, however the federal government is now admitting that back in March Chinese hackers were able to hack into the data bases of the Office of Personnel Management and gain access to personal information on thousands of government workers.  What is particularly troublesome is that the Office of Personnel Management manages a program called e-QIP where federal employees who are seeking security clearances must provide much personal information including personal financial data.  It is not known what the purpose of the hacking was and whether or not it was government sanctioned or not.  What is known is that, just as the hacking into the computers of the United States Department of Energy last week, showed, government databases are just as vulnerable as those of private companies.

TIPS

So what does this mean to you?

First and foremost if you are someone whose information was maintained by the Office of Personnel Management you should be on heightened alert for identity theft.  You should check your credit report with each of the three major credit reporting agencies, Equifax, TransUnion and Experian.  You also would be wise to put a credit freeze on your credit reports at each of the three major credit bureaus to prevent someone with personal information about you from gaining access to your credit report and utilizing your credit.  You can find a detailed explanation of credit freezes along with instructions for getting one in the right hand column of the first page of Scamicide.  As for the rest of us, this is yet another lesson that you are only as safe from identity theft as the places with the weakest security that hold personal information about you.  Whenever possible limit the amount of personal information held by companies and governmental agencies with which you do business.  Also, do not leave your credit card number on file with any retailer with which you do business regularly.  It may be convenient to do so, but it increases your risk of identity theft if the company is hacked and your data is compromised.

Scam of the day – March 20, 2014 – Maricopa County Community College hacked

As the old saying goes, “fool me once, shame on you; fool me twice, shame on me.”  Recently the Maricopa County Community College revealed that its computers had been hacked and personal information including Social Security numbers and banking information of more than 2.4 million students, former students, employees and vendors covering a period of more than thirty years was compromised.  As I have indicated to you in a number of Scams of the day, colleges and universities have been prime targets for hackers because they provide the perfect combination of often lax security and large amounts of personal information.  What makes this security breach even more egregious is the fact that Maricopa County Community College was hacked back in 2011, but steps to improve the security of their computer systems were not taken despite the recommendations of employees of the colleges information technology department and their warning that the 2011 breach which only affected 400 people exposed a flaw that could affect many more people.

TIPS

Presently a class action is being prepared by the Phoenix law firm of Gallagher and Kennedy. If you have been affected by the data breach, you may wish to contact them.  You also should check your credit report at www.annualcreditreport.com to get your free credit report from each of the three credit reporting agencies, Equifax, Experian and TransUnion in order to look for evidence of identity theft.  You should also consider putting a credit freeze on your credit report to prevent it from being accessed by an identity theft armed with your Social Security.  You can find instructions here on the Scamicide website as to how to put a credit freeze on your credit report.  This data breach also brings up the question again as to why Maricopa retained personal information on people who have long ago ceased to have a relationship with the college.

Scam of the day – February 11, 2014 – More problems with the Death Master File

Although the Death Master File sounds like a list kept by Darth Vader, it actually is a federal database that contains the names and Social Security numbers of more than 83 million dead Americans.  The list was initially established to help federal agencies, insurance companies, tax collectors and others be able to prevent fraud by being able to confirm when someone has died so that further lifetime benefits would not be issued under that name.  However, as an unfortunate byproduct of the Death Master File, identity thieves regularly check it after getting names from obituaries (the file is available to absolutely anyone) and get the Social Security numbers for recently deceased people.  They then access credit in the names of the deceased as well as file phony income tax returns on behalf of the deceased and other identity theft tactics.  When Congress finally was able to reach a budget agreement and stop the federal shutdown, a part of the budget law included removing public access to the Death Master File.  However, as of today the list is still available to anyone, including identity thieves because the National Technical Information Service, the federal agency that manages the Death Master List has not closed it because it still needs to make provisions for access to the list by organizations that need the information for legitimate purposes.  It is expected that this process could take months before it is completed.  Meanwhile, a recent study by the federal government’s General Accountability Office indicates some federal agencies that need this information to prevent fraud are not getting the acce1ss that they need.

TIPS

Identity theft from dead people is a significant problem, but there are steps that you can take to limit this as a problem in your own family.  First, you should consider limiting the personal information that you put into a family member’s obituary.  Often this information is exploited by identity thieves to assist them in making your deceased family member a victim of identity theft.  Additionally, you should contact the three major credit reporting bureaus, Equifax, Experian and TransUnion to inform them of the death of your family member and to instruct them to close the credit report of your family member in order to avoid someone with access to your family member’s Social Security number from getting access to his or her credit report to use to make large purchases.