Consumers, thieves like iPhones

Posted by kent on July 2nd, 2009

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

The iPhone and other smart phones are proving popular with the least coveted of all demographics: pickpockets and muggers. This article from Reuters points out that in New York City, while petty crime is not on the rise, the theft of the smart phone is. The article focuses on new anti-theft technologies that enable users to trace their phones, as well as activate alarms on them, and allow for remote wiping of the phone's data. The latter is particularly important for the prevention of identity theft. While a stolen iPhone is costly and inconvenient, the data that's on it may cost you a whole lot more.

There are other ways to help protect yourself from iPhone theft as well:

1. Ditch those white Apple iPhone earbuds; they're a telltale sign.

2. Make sure you're using a passcode (and wipe your screen down frequently, so no one sees the smudgy evidence of the passcode digits).

3. If you're really concerned about the passcode, you can download Apple's iPhone configuration utility and enable longer alpha numeric passcodes. The more characters you use, the larger the possible key combinations.

4. There's an option in the passcode settings to have the iPhone erase itself if the wrong passcode is entered 10 times. That will help protect your personal data if the iPhone falls into the wrong hands.

If you do lose your iPhone, check out our guide on how to recover from a lost or stolen iPhone. Remember, this is as much about information theft as it is about the loss of your device. You can protect yourself against identity theft by using one of the many options in our identity theft protection service reviews section.

• Apple to offer new "Find My iPhone" feature for lost or stolen iPhones
• How to recover from a lost or stolen iPhone
• Apple OKs VoIP over wifi for the iPhone
• VoIP comes to the iPhone
• Equifax continues to offer FICO despite Experian dropping the popular score

Phishing for fun!

Posted by kent on July 2nd, 2009

You've heard of the dangers of phishing (a method that hackers use to gain access to personal info through facsimile websites) but how good are you at spotting it? We've posted a number of pieces on the importance of looking out for "suspicious" urls. Here's your chance to put that knowledge to the test. The Anti-Phishing Phil game was developed at Carnegie Mellon University to educate Internet users on how to spot phishing urls. The game plays right in your web browser, just use your mouse and a few keys to control it. Click here to play.

Being smart about phishing is one way to help prevent computer viruses and personal information theft. Also, check out reviews on Internet security software and identity theft services to see how you can better protect yourself from online fraud.

• Facebook phishing scams increase risk of identity theft on the popular social network
• If I install Identity Guard, will it automatically uninstall Norton?
• Malicious hack impacts 2.2 million shortened URLs
• How to recover from a lost or stolen iPhone
• Your new Facebook friend just stole your identity

What to do with leftover customer data?

Posted by Caitlin on July 1st, 2009

Verified Identity Pass was a privately owned company that offered a service called Clear, which was designed to help air travelers get through airport security checks faster by vetting their identities and backgrounds in advance. On June 21, Verified Identity Pass announced that, for financial reasons, it would be ceasing operations. The abrupt closure has raised serious concerns about the customer data collected by the company. Stored information includes fingerprints, iris scans and digital images for roughly 260,000 customers. While this registered travel program was privately owned, it was authorized by the TSA, which required the service to record full legal names, home addresses, dates and places of birth, genders, heights, driver's license numbers, passport details and other information for all customers.

Bennie Thompson, the chairman of the House Committee on Homeland Security, has given the Transportation Security Administration until July 8 to explain how the agency plans to ensure the security of all this data. The TSA is in the process of putting together a response to this question, and in the meantime, claims that Clear is appropriately safeguarding the collected data. Verified Identity Pass assures customers that their information is being stored in conformance with the TSA's security and privacy requirements. But the data has yet to be deleted, leaving open the possibility that it could be sold or passed on to a third party, if the intention is to use it for another registered travel program.

As long as our personal information is out there, beyond our control, it is wise to invest in identity theft protection.

• T-Mobile denies data breach despite hacker claims
• Hackers gain access to sensitive data from 100,000 websites
• Is your state putting your identity at risk?
• Reports of TJ Maxx, Marshalls 15% discount related to massive data breach appear on the web
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers

Consumers Union wants to know what you think about credit card reform

Posted by Caitlin on July 1st, 2009

Consumers Union has created CreditCardReform.org, which provides news updates and explanations to ensure that readers understand how credit card reform effects their financial situations, as well as a wealth of tips to help readers use credit responsibly.

In the months before the new protections outlined in the latest legislation go into effect, Consumers Union is attempting to monitor the various tactics that credit card companies sometimes use against cardholders. If your credit card provider adds a new fee, raises an existing fee, increases your interest rate, closes your account, lowers your credit limit, or takes away your rewards, they'd like to hear your story.

To learn more about credit cards or to find a credit card that's right for your financial situation, check out our reviews and comparison charts.

• Will New Federal Reserve Rules End Rate Jacking?
• America's largest retail pharmacy to offer LifeLock's identity theft protection services
• Why Monitoring Your Credit Score Is More Important Than Ever During The Credit Crisis
• Experian launches new credit score system for consumers with little or no credit history
• What is the FICO number that is considered PRIME?

Good news for identity thieves - it's legal for states to post Social Security numbers online

Posted by Robert Siciliano on July 1st, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

B.J. Ostergren is a proud Virginian. She's known as "The Virginia Watchdog," but I like to call her "The Pit Bull of Personal Privacy." She is relentless in her efforts to protect citizens' privacy, and she is primarily concerned with the posting of personal information online. So in order to make this point, she finds politicians' personal information on their own states' websites, and republishes that information online.

Publicly appointed government employees known as Clerks of Courts, County Clerks or Registrars are responsible for handling and managing public records, including birth, death, marriage, court, property and business filings for municipalities. Every state, city and town has its own set of regulations determining how data is collected and made available to the public.

The Privacy Act of 1974 is a federal law that establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies.

Over the years, many have interpreted this law to allow public information, including Social Security numbers, to be posted online. I've seen Social Security numbers for Jeb Bush, Colin Powell, former CIA Director Porter Goss, Troy Aiken, and Donald Trump, all published on the Internet.

Years ago, B.J. discovered that several states, including her home state of Virginia, were posting our records online, and she immediately saw how this could contribute to identity theft. She has downloaded as many as 22,000 Social Security numbers from deeds, mortgages, tax liens from the websites of circuit courts, registers of deeds and secretaries of state. She made a concerted effort to inform each agency that what they were doing was unethical, at the very least, and possibly even criminal. But she was often rebuked. That’s when she decided to fight back. When government agencies stopped listening, she started posting politicians' personal information on her own website, “The Virginia Watchdog.” This certainly attracted the attention of officials, but it also created a backlash against her.

Some states resolved the issue by redacting the Social Security numbers, but Virginia did not. B.J. persisted in informing them of the problem and, as the Richmond Times Dispatch put it, “the state decided that the person who brought the problem to their attention was the problem.”

A 2008 Virgina state law prohibited disseminating information taken from public records, and thus, prohibited B.J. from posting publicly available information on her own website. So legally, it was okay for the County Clerk to do it, but nobody else was allowed. U.S. District Court Judge Robert E. Payne recently ruled that this 2008 state law is a violation of First Amendment rights. It's a win for B.J., but this doesn’t resolve the initial privacy issue.

So how does this impact you? This means that while you can do everything possible to protect yourself from fraud and identity theft, your local government may be circumventing your security efforts by posting your personal data online. B.J.’s fight has led to the resolution of some issues and prompted some states to redact data, but the battle is far from over.

Visit B.J.'s site, The Virginia Watchdog, to become more informed about one woman's quest to point out what's wrong and to fight for what's right.

You can attempt to protect yourself from new account fraud by setting up a credit freeze, or fraud alerts, which provides an extra layer of protection. And consider making an investment in identity theft protection. Because when all else fails, you’ll have someone watching your back.

Robert Siciliano, identity theft speaker, discusses Social Security numbers.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• How to steal Colin Powell's identity
• Is your state putting your identity at risk?
• Reports say passport snooping is part of training program
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Facebook moves to protect users in partnership with 49 states

Master hacker pleads guilty

Posted by kent on June 30th, 2009

Infamous hacker Max Ray Vision, a.k.a. "Iceman", a.k.a Max Butler pleaded guilty yesterday to wire fraud charges. Wired Magazine reports that he "stole nearly 2 million credit card numbers from banks, businesses and other hackers, which were used to rack up $86 million in fraudulent charges." Butler started out as a good guy, doing contract security work, but quickly picked up a nefarious sideline. Butler did more than just steal credit card numbers directly from credit card users. He actually stole credit card numbers from other hackers and identity thieves, proving once-and-for-all that there's no honor among thieves—or hackers.

How did he steal from them? He hacked the online forums that identity thieves use to buy and sell personal information.

You can help safeguard your own personal info by signing up for identity theft protection. Check out the best options with our identity theft protection service reviews.

• College football player commits identity theft against deceased woman
• New LifeLock features battle new and old identity theft techniques
• Experian says 55% of child identity thefts perpetrated by family members
• ID theft hits a little too close to home
• Data Breach Alert: Millions at risk for identity theft due to supermarket chain data breach

The dog ate my checkbook

Posted by kent on June 30th, 2009

We should never laugh at identity theft, but a recent case from Arlington, Washington does put a humorous spin on an old excuse. A woman allegedly started using her ex-husband's checks to pay for some of her expenses. When police went to question the woman, she initially told them that, "her dog got into her purse and ate all her personal checks." Without a checkbook, she needed some way to pay the bills, and it seems her ex-husband's checkbook was the next best thing to her own.

To protect your identity against much smarter criminals, check out our Identity theft protection reviews and comparison chart.

• Does TrustedID protect my children from identity theft and if so, how is it done?
• WalletLock takes the worry out of losing your wallet
• Data Breach Alert: Thousands of California students at risk for identity theft
• A lost purse or wallet could land you in jail
• Reader Question: What should I do if I think I have been a victim of identity theft?

Data Breach Alert: Stolen laptop puts Cornell students at risk

Posted by Caitlin on June 29th, 2009

Earlier this month, a laptop was stolen from Cornell University. The stolen laptop contained names and Social Security numbers for 22,546 current and former students and 22,731 faculty and staff members. In violation of Cornell's policy, the laptop was left in a physically insecure environment, and the names and Social Security numbers were not encrypted. New York State Police have launched an investigation to find the thief and recover the laptop. Cornell is offering free credit monitoring and identity theft restoration services to those whose identities have been compromised.

Lost or stolen laptops are a major cause of data breaches. Even if the missing computer does not contain a database of sensitive personal data, in the wrong hands, it can be scoured for useful information that puts the owner at risk. For tips on how to mitigate this risk, see our "How to deal with a lost or stolen laptop" guide. And see our reviews and comparison chart for more information about credit monitoring or identity theft protection services.

• Stolen laptop returned to lucky professor
• Data Breach Alert: Stolen laptop exposes identities of 20,000 Kraft employees
• 25 million identities left unprotected in the UK
• Data Breach Alert: Stolen laptop impacts Virginia school employees
• Data Breach Alert: Utah hospital loses thousands of patient records

Protecting credit cards from fraudulent charges

Posted by Robert Siciliano on June 29th, 2009

Robert Siciliano is a NextAdvisor.com Expert Guest Blogger

Credit card fraud comes in two different flavors: account takeover and new account fraud. Account takeover occurs when the identity thief gains access to your credit or debit card number through criminal hacking, dumpster diving, ATM skimming, or perhaps you simply hand it over when paying at a store or restaurant. Technically, account takeover is the most prevalent form of identity theft. I've always viewed it as simple credit card fraud, rather than "identity theft" in its truest sense.

New account fraud, as it relates to credit cards, occurs when someone gains access to your personal identifying information, including your name, address and, most importantly, your Social Security number. With this data, a thief can open a new account and have the card sent to a different address. This is true identity theft. Once the identity thief receives the new card, he or she maxes it out and doesn’t pay the bill. Over time, the creditors track down the victim, blame him or her for the unpaid bills, and demand the owed funds. New account fraud destroys the victim's credit and is a mess to clean up.

Victims of account takeover are likely to discover the fraud in numerous ways. They may notice suspicious charges on a credit card statement, or the credit card company may notice charges that seem unusual in the context of the victim's established spending habits. Credit card companies have anomaly detection software that monitors credit card transactions for red flags. For example, if you hand your credit card to a gas station attendant in Boston at noon, and then a card present purchase is made from a tiny village in Romania one hour later, a red flag is raised. Common sense says you can’t possibly get from Boston to Romania in one hour. The software knows this.

Victims of account takeover only wind up paying the fraudulent charges if they don't detect and report the crime within 60 days. A 6o day window covers two billing cycles, which should be enough for most account-conscious consumers who keep an eye on their spending. During that time, you are covered by a "zero liability policy," which was invented by credit card companies to reduce fears of online fraud. Under this policy, the cardholder may be responsible for up to $50.00 in charges, but most banks extend the coverage to charges under $50.00. After 60 days, though, you are out of luck. So pay attention to your statements. As long as you do, account takeover should not hurt you financially.

But new account fraud is another story entirely - one that can and will hurt you if you don’t protect yourself. You may not be held financially responsible for the charges themselves, but you will pay in time, and time is money. In some cases you may pay lawyers or private investigators, or you may need to take time off from work, depending on how dire your credit situation becomes. Identity theft victims have been denied credit due to the unpaid debts in their names, and have missed opportunities to purchase homes as a result.

Protecting yourself from account takeover is relatively easy. Simply pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

Protecting yourself from new account fraud requires more effort. You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. There are pros and cons to each. You should definitely choose one of these options.

And of course, invest in identity theft protection.

Robert Siciliano, identity theft speaker, discusses identity thieves.

Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.

• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• College football player commits identity theft against deceased woman
• Palin hacker faces up to 20 years in prison
• Debunking the case against LifeLock
• ID theft hits a little too close to home

Scammers use online dating services to target potential victims

Posted by Caitlin on June 29th, 2009

Last week, guest expert Robert Siciliano discussed scammers who use Craigslist classified ads to target potential victims. Apparently, the same types of scammers also use online dating services to seek out gullible marks. A few days ago, Consumerist received a story from a reader who was contacted by a scammer on Match.com. The message is written in the grammatically incoherent style that tends to characterize foreign scammers. The scammer does not propose any financial transactions in this first message, he simply attempts to initiate contact and establish a relationship. However, he also assumes the name Sgt. Mark Edwards, which is commonly used in Nigerian 411 scams.

If you use Match.com or another online dating service, Robert Siciliano's advice about Craigslist scammers also applies. And if you get any messages from Sgt. Mark Edwards, consider yourself warned.

Of course, identity theft protection and Internet security software are excellent lines of defense against the cybercriminals who prey on users of Match.com, Craigslist, or any other online community.

• Vonage begins testing exciting new contact management and calling features
• How to set up automated online hard drive backups with Mozy
• Identity Theft Expert Answers: Robert Siciliano of IDTheftSecurity.com
• Fake Facebook profile page victim awarded $43,000 in damages
• Facebook phishing scams increase risk of identity theft on the popular social network