A week of false claims
June 19th, 2009 - Posted by Kent
Yesterday, we reported on Thomas Parkins who dressed as his deceased mother in order to claim her Social Security checks. But this was not the only fraud this week that left us scratching our heads:
Rebecca Beshausen abused the kindness of online strangers by telling the story of her pregnancy with a child she knew would be born with a severe, life-threatening disability. Yet, it turns out that the story was fabricated. In the end, a picture of the fake baby gave her away. Beshausen claims she received no money, but did receive a few gifts.
In another curious case, Fidel Castro's son, Antonio, was tricked into a false online relationship with a 46-year-old man. Antonio thought that Luis Dominguez was a brunette bombshell named Claudia. Dominguez didn't get money from Antonio, but the sham relationship yielded some private info from the Cuban dictator's son, and exposed a lifestyle that's above and beyond what the average Cuban lives.
The moral of the story is that not all impersonation is done for money. While we offer reviews of top-of-the-line identity theft protection services to help safeguard finances, no service can stop the oldest method of the con: the need for human contact.
New iPhone firmware plugs security holes
June 18th, 2009 - Posted by Kent
It's pretty hard to avoid the news that Apple has released a new operating system for its popular iPhone. The 3.0 OS adds a host of much-touted features, such as copy-and-paste functionality, a phone-wide search capability, and an optional 'Find My iPhone' service. What's less publicized is that the update also plugs 46 security holes in the iPhone's OS. That's 46 reasons to upgrade right there (even though many users have reported issues with the update servers). As the once-humble cel phone starts working more and more like computer, it also starts to take on some of the computer's vulnerabilities to malicious code. The iPhone doesn't have third-party security options like your computer does (you can check out the best of those options here), so we're stuck with security patches and common sense to protect our iPhones from malicious code. Here are two things to keep in mind:
1) Be as smart with your iPhone as you are with your computer. Never open email attachments from unknown senders.
2) Think twice about the sites you visit. The beauty and danger of having the Internet in the palm of your hand is that you can go anywhere. Make sure those places look trustworthy when you see them in search results.
By the way, if you have Apple's $100-a-year MobileMe service and you're hoping to use the 'Find My iPhone' feature, make sure to turn it on first. It involves some settings on the phone itself. Best to do it now while it's still in your hands.
Identity theft of the dead
June 18th, 2009 - Posted by Kent
Not all victims of identity theft are among the living. The AP has reported that a New York man is charged with grand larceny and criminal impersonation after it was revealed that he was dressing as his long-deceased mother. For six years, since her death, Thomas Parkin has been donning wig and glasses to collect Social Security checks and rent subsidies, netting him well over $100,000. He started the scam by providing a false Social Security number to the undertaker, so his mother's death would not be reported. A lawsuit, DMV security tape, and tombstone ultimately caught up with him.
While we don't review any services that would have helped in this case, we have plenty of identity theft services for the living in our Compare identity theft protection services category.
The rise of check fraud
June 17th, 2009 - Posted by Robert Siciliano
Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
As opening new lines of credit becomes more difficult, identity thieves are gravitating toward check fraud.
Check fraud is a billion dollar problem. As predicted by the Identity Theft Resource Center, check fraud, which accounted for 12% of financial crimes in 2007, increased to 17% in 2008. According to the American Bankers Association Deposit Account Fraud Survey Report, $969 million were stolen via check fraud in 2006, up from a reported $677 million in 2003. Of the $969 million dollars lost to check fraud, 38% was stolen through return deposit scams, 27% was stolen using cloned checks, 28% was stolen using counterfeit checks, and 7% was stolen by altering or washing checks.
In an article in The New York Post, a brazen ring of thieves enlisted crooked bank tellers to run a check fraud scheme that was brought down when the crooks made the mistake of forging checks from a NYPD account. Two criminal hacker ringleaders organized the counterfeit scam, using 950 "soldiers," or "mules," to deposit and cash counterfeit checks, netting them millions of dollars. Three bank tellers were involved, stealing and selling customer profiles which included names, Social Security numbers, and account numbers. Insider identity theft of this kind accounts for up to 70% of all instances of identity theft.
Check fraud victims include banks, businesses and consumers themselves. Our current system for cashing checks is somewhat flawed. Checks can be cashed and merchandise can be purchased even when there is no money in the checking account.
I presented a program on motivation and self-improvement at a women's prison in Massachusetts a few years back. I requested a little background on the women I was speaking to, just because I watch too many movies and I wanted to know if there was any possibility I'd get shanked. The case worker informed me that about 80% of the women were incarcerated for check fraud and shoplifting. It seems that when some people get a checkbook, they consider it an opportunity to print money.
There are numerous forms of check fraud:
Forged signatures are the easiest form of check fraud. These are legitimate checks with a forged signature. This can occur when a checkbook is lost or stolen, or when a home or business is burglarized. An individual who is invited into your home or business can rip a single check from your checkbook and pay themselves as much as they like. Banks don't often verify signatures until a problem arises that requires them to assign liability.
Forged endorsements generally occur when someone steals a check and cashes or deposits it. There's really nothing anyone can do to protect themselves from this, aside from guarding their checks and going over their bank statements carefully.
Counterfeit checks can be created by anyone with a desktop scanner and printer. They simply create a check and make it out to themselves. In order to prevent your checks from being counterfeited, make sure you shred all canceled checks before throwing them away, and be sure to lock up any checks in your home or office. Consider a locked mailbox so nobody can access your bank statements. You should also seriously consider using online banking exclusively, and discontinuing paper statements.
Check kiting or check floating usually involves two bank accounts, where money is transferred back and forth, so that they appear to contain a balance which can then be withdrawn. A check is deposited in one account, then cash is withdrawn despite the lack of sufficient funds to cover the check. In this case, it's generally the bank or whoever cashed the check that gets burnt, unless they are able to go after the person who used their own account.
Check washing involves altering a legitimate check, changing the name of the payee and often increasing the amount. This is the sneakiest form of check fraud. When checks or tax-related documents are stolen, either from the mail or by other means, the ink can be erased using common household chemicals such as nail polish remover. This allows the thieves to endorse checks to themselves. In this case, something as simple and inexpensive as a select uni-ball pen can help. Select uni-ball pens contain specially formulated gel ink (trademarked Uni-Super Ink™) that is absorbed into the paper's fibers and can never be washed out. The pen costs two bucks and is available at any office supply store.
If you write a check to pay a bill and then put it in your mailbox for the postal carrier to deliver, you put yourself at a higher risk for check fraud. Thieves see that red flag up and go phishing for checks. I suggest using a uni-ball pen and taking checks directly to the post office, or dropping them in a big blue mailbox.
If you plan to do any online banking, which millions do, make sure your PC is protected with Internet security software and all your critical security patches are up to date.
You can't prevent all forms of identity theft. However, you can significantly reduce your risk by making a small investment in identity theft protection, or by taking various other precautions.
Robert Siciliano, identity theft speaker, discusses identity fraud and security.
Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.
Q: What's worse than a tacky tie for Father's Day?
June 17th, 2009 - Posted by Kent
A: A malicious .exe file.
Father's Day is coming up, and web-connected children everywhere will be sending their fathers ecards instead of the paper variety. Electronic cards are quicker, easier, cheaper, and don't pose the risk of paper cuts. Actually, ecards are never actually sent. The ecard sits on a website, and the recipient is notified of its existence via an email that links to the ecard's location. Unfortunately, a number of fathers will be receiving ecard notifications sent, not by their well-meaning kids, but by malicious hackers.
These malicious email notifications may look completely legitimate, down to seemingly authentic graphics and email addresses from well-known sites like Hallmark or BlueMountain, but that doesn't mean they are. Here are some thinks to look out for:
1. Check to see if the notification mentions an actual recipient that you know. If it says that a "friend" or "loved one" has sent you an ecard, it's probably not real.
2. Look for inconsistencies, as in this real example: an email claimed to be from hallmark.com, but notified the recipient that the card was waiting at hallmark.co.uk. Also look for spelling and grammatical errors, since hackers spend more time writing code than they do on correct spelling.
3. The dead giveaway is usually the link. If you're suspicious, don't open the link. Instead, you should copy and paste it into a text pad (usually this is done with the right-click on your mouse). If the link points to anything other than what you think it should, don't open it. A nefarious link will often go to right to an .exe file, and ecards should never be .exe files.
It's important to point out that hackers change their methods often. Even an email notification that passes the above test could be a ploy. As always, we suggest having top-notch anti-virus software installed. You can always check out our Internet security reviews and comparison chart.
Mandatory calorie information at chain restaurants?
June 16th, 2009 - Posted by Caitlin
Several states and large cities have already passed laws requiring restaurant chains to display calorie counts on their menus. While the impacted business owners have protested against these laws in the past, the restaurant industry now supports a bill that would mandate calories on menus nationwide. The Menu Education and Labeling (MEAL) act is sponsored by Republican Senator Lisa Murkowski and Democrat Senators Tom Carper and Tom Harkin and is backed by the National Restaurant Association and National Council of Chain Restaurants, as well as several health groups, including the American Diabetes Association and the American Heart Association. The senators stated that under the proposed law, consumers would also be able to request other nutrition information, such as fat, sodium, and carbohydrate contents. While the majority of restaurants would naturally prefer not to list calorie information at all, a national bill would at least impose consistency on the labeling system, as opposed to a series of state and local bills with differing requirements.
The Menu Education and Labeling act would, of course, be great news for dieters. Many diet programs emphasize calorie counting or following a specific nutrition regime, and dining at restaurants can sometimes derail a strict diet plan. Having nutrition information available would certainly help those who are watching their weight overcome the challenge of integrating restaurant meals into their plans.
Many of the diet programs reviewed on NextAdvisor.com provide a variety of tools to help count calories and track weight loss progress, as well as tips on making healthy choices when dining out. For more information about online diet services, see our reviews and comparison charts.
Frequent use of Social Security numbers leads to identity theft
June 16th, 2009 - Posted by Robert Siciliano
Robert Siciliano is a NextAdvisor.com Expert Guest Blogger
A patient at a Washington state medical clinic was asked for his Social Security number numerous times. Many of us have endured this familiar process. Considering the recent buzz about identity theft, this patient became concerned about releasing his own sensitive personal data, and requested that the facility remove his Social Security number from their records. The clinic refused, the patient put up a stink, and was ultimately ejected from the facility. The clinic considered his request unreasonable, and a violation of their rules and regulations. So, who's right and who's wrong in this scenario?
One Saturday afternoon, years ago, my spouse and I went to a major chain that rents videos. Without naming them, let's just say they rent some block buster movies. The account was under my wife's name, but she didn't have her card with her that day. Upon checkout, the pimply faced 17-year-old clerk said, "No problem," and asked for her Social Security number, which appeared on the screen in front of him. I freaked out and was ejected from the store. So, who's right and who's wrong? 
In both cases, the customer is wrong. That may not be the answer you were expecting. I was wrong and the patient was wrong.
In general, routine information is collected for all hospital patients, including the patient's name, address, date of birth, Social Security number, gender and other specific information that helps them verify the individual's identity, as well as insurance enrollment and coverage data. And due to federally mandated laws like HIPAA, they are careful to maintain confidentiality of all patient information in their systems.
Corporations such as banks, credit card companies, automobile dealers, retailers and even video rental stores who grant credit in any form are going to ask for your name, address, date of birth, Social Security number and other specific information that helps them verify your identity and do a quick credit check to determine their risk level in granting you credit.
The Social Security Administration says, "Show your card to your employer when you start a job so your records are correct. Provide your Social Security number to your financial institution(s) for tax reporting purposes. Keep your card and any other document that shows your Social Security number on it in a safe place. DO NOT routinely carry your card or other documents that display your number." But beyond that they have no advice and frankly, no authority.
Over the past fifty years, the Social Security number has become our de facto national ID. While originally developed and required for Social Security benefits, "functionality creep" occurred. Functionality creep occurs when an item, process, or procedure designed for a specific purpose ends up serving another purpose, which it was never intended to perform.
Here we are decades later, and the Social Security number is the key to the kingdom. Anyone who accesses your number can impersonate you in a hospital or bank. So what do you do when asked for your Social Security number? Many people are refusing to give it out and quickly discovering that this creates a number of hurdles they have to overcome in order to obtain services. Most are often denied that service, and from what I gather, there is nothing illegal about any entity refusing service. Most organizations stipulate access to this data in their "Terms of Service" that you must sign in order to do business with them. They acquire this data in order to protect themselves. By making a concerted effort to verify the identities of their customers, they establish a degree of accountability. Otherwise, anyone could pose as anyone else without consequence.
So where does this leave us? I have previously discussed"Identity Proofing," and how flawed our identification systems are, and how we might be able to tighten up the system. But we have a long way to go before we are all securely and effectively identified. So, in the meantime, we have to play with the cards we are dealt in order to participate in society and partake in the various services it offers. So, for the time being, you're going to have to continue giving up your Social Security number.
I give up mine often. I don't like it, but I do things to protect myself, or at least reduce my vulnerability:
- You can refuse to give it out. This may lead to a denial of service or a request that you, the customer, jump through a series of inconvenient hoops in order to be granted services. When faced with either option, most people throw their arms in the air and give out their Social Security number.
- You can invest in identity theft protection. There are dozens of companies offering a variety of services to protect you in different ways. These services can monitor credit reports, set fraud alerts or credit freezes, restore damaged credit, and sweep the net looking for stolen data.
- You can attempt to protect your own identity, by getting yourself a credit freeze, or setting up your own fraud alerts. You can use Google news alerts to sweep the net and take precautions to prevent social media identity theft.
- Protect your PC. Regardless of what others do with your Social Security number, you still have to protect the data you have immediate control over. Make sure to invest in Internet security software.
Robert Siciliano, identity theft speaker, discusses the ubiquitous use of Social Security numbers.
What have you done in the past when asked for your SSN? Did you refuse? What happened?
Robert Siciliano is CEO of IDTheftSecurity.com , an identity theft expert, professional speaker, security analyst, published author and television news correspondent. Siciliano works with Fortune 1000 companies and startups as an advisor on product launches, branding, messaging, representation, SEO and media. Siciliano's thoughts and advice on all these matters appear often in both the televised and print news media including CNN, MSNBC, CNBC, FOX, Forbes and USA Today. He has 25 years of security training as a member of the American Society of Industrial Security. He is the author of 2 books, including The Safety Minute: Living on High Alert; How to take control of your personal security and prevent fraud. He's also partnered with Uni-Ball to help raise awareness about the growing threat of identity theft and to provide tips on how you can protect yourself.
Malicious hack impacts 2.2 million shortened URLs
June 15th, 2009 - Posted by Joe
URL shortening services, which convert very long website addresses into shorter ones, have become increasingly popular on the Internet over the last two years. Micro-blogging services, which put a limitation on the number of characters that can be used in a message, make URL shorteners very useful for users of services like Twitter.
Malicious hackers targeted Cli.gs, one such URL shortening service, this week and the attack impacted about 2.2 million URLs that had been processed through the service. This means that the longer website addresses would not be available when an individual clicked on a shortened Cli.gs link.
Luckily for Cli.gs users, the company had an established data backup policy that will restore all of the 2.2 million links to normal within the next 24 hours according to the company's website.
It is extremely important for both businesses and individuals to consistently back up all important documents and files. We think the best option for consumers is to use an online backup service that will securely store a remote copy of all your important files on an ongoing basis. You can learn more about online backup services by reading our online backup reviews and comparison.
Equifax offers lenders access to new FICO score
June 15th, 2009 - Posted by Joe
Equifax is making a new type of credit score available that will potentially change the way that lenders view your next loan application. Dubbed Beacon 09, the new Equifax score is based off of Fair Isaac's FICO 08 methodology.
The new score will generally penalize consumers less for one-time mistakes, such as paying a bill late. On the other hand, the new model is harsher on those people that carry very high debt to credit ratios.
Most lenders will continue to use standard FICO credit scoring methodology for now, but consumers should expect that the FICO 08 score methodology to become more frequently used over time. As such, it is a good idea to take a hard look at your current debt load and making plans to pay it down if you anticipate the need for additional credit in the near future.
Equifax is the second major credit bureau to adopt the new scoring methodology from FICO. TransUnion began offering the score back in January. It is unlikely that Experian, the remaining major bureau, will be offering FICO 08 any time soon as the two companies are currently involved in an ongoing lawsuit.
T-Mobile denies data breach despite hacker claims
June 15th, 2009 - Posted by Joe
A proprietary T-Mobile document that hackers claimed had been stolen from the company's servers appeared on an Internet security website earlier this month. The anonymous individual that provided the document also claimed that they would be selling the compromised T-Mobile data to the highest bidder. T-Mobile responded by stating that they had identified the document in question and that "possession of this alone is not enough to cause harm to our customers." Additionally, T-Mobile has stated that the access to this company information was not gained through any type of hack on its servers and no customer information is as risk. It is not clear at this point exactly how the third parties access the T-Mobile document.
Over 32 million people subscribe to T-Mobile service in the United States, so any activity that put the company's customers data at risk could potentially have repercussions for millions of Americans. We will continue to monitor developments in this situation and provide relevant updates as they are available.
It is important to note that there is no data to support any type of data breach that impacts T-Mobile customers at this point. But, there are enough open questions about the circumstances involved that we would warn T-Mobile customers to be extra aware of any unusual activity on their credit reports or bank statements that may be the early indicator of potential identity theft.
You can learn more about services that can help mitigate the risk of identity theft by reading our reviews and comparison of identity theft protection services.
Categories
Blog Archives
Popular Services Reviewed:
Credit Monitoring Services |
Find Us On:
Copyright© 2006 - 2012 NextAdvisor.com - All rights reserved.
Disclosure: NextAdvisor.com is a consumer information site that offers free, independent reviews and ratings of online services. We receive advertising revenue from most of the services we review. Our editors thoroughly research and whenever possible test each service we review and offer their honest opinions about each one. We are independently owned and operated and all opinions expressed on this site are our own.