Reader Question: Can identity theft really be prevented?

Posted by Joe on August 6th, 2008

Thanks for visiting the NextAdvisor Daily blog. You may want to subscribe to our RSS feed.

Q: I have heard there is no way to prevent identity theft. Why should I sign up for one of these [identity theft protection] services if that is the case?

A: While there is no way to prevent all identity theft, some identity theft is completely preventable if you take the right precautions.

We see identity theft protection services, such as LifeLock, Identity Guard and Trusted ID, as one of the key ways that many consumers can greatly decrease the risk of many forms of identity theft. Specifically, many of these services can be very effective in preventing financial identity theft, such as new account fraud, which make up the majority of identity theft crimes reported to the Federal Trade Commission (FTC) each year.

Identity theft protection services also offer varying degrees of recovery assistance for subscribers, typically in the form of a service guarantee. This recovery assistance may include access to recovery experts, covering costs associated with restoring a stolen identity, interacting with the major credit bureaus and more. Every service approaches identity recovery and restoration differently, so it is important to research each service to understand what it does and does not cover in the unfortunate that a subscriber does become an identity theft victim.

Learn more by visiting our guide to identity theft protection services.

• Reader Question: Which identity theft protection service is best if I’ve already been victimized?
• LifeLock’s $1 Million Guarantee - Separating Fact From Fiction
• ID Watchdog identity theft protection service review
• ID Watchdog launches dedicated 24/7 toll free hotline for NextAdvisor.com visitors
• Identity Theft Shield from Kroll and Pre-Paid Legal Review

Fake Facebook profile page victim awarded $43,000 in damages

Posted by Joe on August 5th, 2008

A judge in the United Kingdom awarded about $43,000 in damages to a man who had been victimized by a fake Facebook profile. The profile, which was been created by a former friend and business associate, included personal information about the victim including his birth date, home address, relationship status and daily whereabouts. Additionally, the fake Facebook profile made false claims related to the victim’s sexual orientation and political affiliations. The victim’s brother found the fake profile after it had been live on Facebook for a little more than two weeks and it was removed.

Our Facebook identity theft protection guide covered several tips on how to protect your identity while using the popular social network. What we didn’t note in our guide, and what this UK case makes painfully clear, is that Facebook makes it relatively easy for anyone to create a fake profile page in your name since it requires little or no actual identity verification. Luckily, it is relatively easy to report a fake Facebook profile if you believe that you have been victimized in a similar fashion.

If you already have a Facebook account simply visit the Facebook “Report a Fake Profile” page and enter the requested information.

If you don’t have a Facebook account you can ask a friend that does have an account to report the fake page on your behalf. Alternatively, you can send an email to “login@facebook.com”. Briefly explain that a fake profile has been created in your name and provide your contact information so that a member of the Facebook support team may contact you to investigate the matter further.

• How to report a fake profile page on Facebook
• Facebook phishing scams increase risk of identity theft on the popular social network
• Facebook security flaw exposes personal information
• Your new Facebook friend just stole your identity
• Facebook exposes personal information of up to 80 million members

Feds uncover international credit fraud ring

Posted by Caitlin on August 5th, 2008

In what is believed to be the largest hacking and identity theft case ever prosecuted by the Department of Justice, twelve members of an international credit fraud ring were indicted today for the theft and sale of more than 40 million credit and debit card numbers. According to federal authorities, three of the defendants hacked into the wireless computer networks of nine retailers, including Barnes and Noble, Office Max, Marshall’s, T.J. Maxx, BJ’s Wholesale Club and Sports Authority. They then installed software designed to record credit card numbers, passwords and other account information. The stolen information was then sold to other identity thieves, who used the credit and debit card numbers to withdraw cash from the victims’ accounts.

Three of the defendants were also indicted in May, allegedly having executed a similar scheme to capture credit and debit card numbers at eleven or more Dave and Buster’s restaurants.

If you are concerned about becoming a victim of identity theft, we recommend that you consider subscribing to an identity theft protection service.

• None Found

Identity Theft Restitution Act adds harsher federal penalties for identity thieves and hackers

Posted by Joe on August 4th, 2008

A bill which would enable harsher penalties for many forms of identity theft as well as give the federal government more jurisdiction in such cases is one step closer to being signed into law. The Identity Theft Restitution Act was amended to H.R. 5938 by the Senate last week and will return to the House of Representatives in its new form for a vote. If passed and signed into law, H.R. 5938 would:

• Give identity theft victims the ability to seek restitution from identity thieves for the time and money expended to restore their credit and remedy other negative impacts of identity theft.
• Give business who are impersonated by criminals the same protection as individuals under federal identity theft laws.
• Allow for federal prosecution of any crimes which involve stealing information from any computer regardless of location. Currently only interstate crimes where the criminal’s computer is physically located in a different state then the victim’s computer can fall under federal jurisdiction.
• Make it a felony to use spyware or keyloggers to damage ten or more computers regardless of the actual financial damages. Current laws have minimum financial damage qualifiers so that an identity thief that attempts to steal large volumes of personal information from multiple computers but is unsuccessful may simply get off with little or no sentence.
• Give the federal government jurisdiction over any theft of information from a computer regardless of which state the perpetrator and victim reside in. Current laws only allow for federal persecution if information is stolen from a computer that is located across state lines.
• Make it a felony to threaten to release or steal information from a computer. Current laws are only applicable if a criminal explicitly threatens to damage a computer or otherwise render it inoperable.
• Force the United States Sentencing Commission to re-evaluate and update its guidelines for identity theft and cyber crimes.

We believe that the Identity Theft Restitution Act is a strong stand against identity theft and cyber crimes which include the theft of information stored on personal and corporate computers. We will continue to monitoring the progress of this legislation and keep our readers up-to-date on its progress.

While these types of laws would enable harsher penalties for identity thieves and hackers, it is important to remember that they do little to actual prevent criminals in the first place. It is a good idea to protect your personal information both online and offline to prevent being victimized. To learn about services that will protect your identity read our guide to identity theft protection services. To learn more about software that will keep personal information on your PC safe, read our guide to Internet security software.

Please share this post:
These icons link to social bookmarking sites where readers can share and discover new web pages.
• 
• 
• 
• 
• 
• 
• California identity theft protection guide: facts, trends and resources
• Data Breach Alert: Hundreds of thousands of computers infected by Russian hackers
• Arizona identity theft protection guide: facts, trends and resources
• Texas identity theft protection guide: facts, trends and resources
• Is your state putting your identity at risk?
Identity Theft Protection, Internet Security Software
No Comments »

The federal government fails to encrypt its own data

Posted by Caitlin on July 31st, 2008

The United States Government Accountability Office recently released an information security report which states that at 24 major U.S. agencies, 70% of sensitive information on laptops and mobile devises was unencrypted as of last September. For the purposes of this report, sensitive data includes personal medical records, other personal information, law enforcement data and records essential for homeland security.

According to the report, “While all agencies have initiated efforts to deploy encryption technologies, none had documented comprehensive plans to guide encryption implementation activities. As a result, federal information may remain at increased risk of unauthorized disclosure, loss, and modification.” The report also points out that the Federal Information Security Management Act (FISMA) requires agencies to protect their data, as do other laws. The White House Office of Management and Budget (OMB) has been recommending that agencies encrypt all sensitive data on laptops since 2006. Many agencies have failed to do so, and many agencies have reported missing or stolen laptops.

Representative Bennie Thompson and Representative Zoe Lofgren, both of whom are members of the U.S. House of Representatives Homeland Security Committee, expressed disappointment with U.S. agency encryption efforts when the GAO report was released on Monday. Lofgren, a California Democrat, stated that federal agencies “lag far behind the private sector” when it comes to protecting and encrypting data.

Sensitive data loss can put countless American citizens at risk for identity theft. To learn more about identity theft protection services, view our reviews and comparison. If you are interested in learning about what you can do to protect the data on your own laptop, click here to read about security software.

• California identity theft protection guide: facts, trends and resources
• Texas identity theft protection guide: facts, trends and resources
• Arizona identity theft protection guide: facts, trends and resources
• 25 million identities left unprotected in the UK
• How to steal Colin Powell’s identity

How to recover from a lost or stolen iPhone

Posted by Joe on July 29th, 2008

Apple’s iPhone, like any smart phone with the capability to store significant amounts of personal information, can put you at risk for identity theft if it is lost or stolen. Fortunately, there are many precautions you can take to ease the pain of a lost iPhone. If your iPhone has already been lost or stolen and you have not taken these proactive measures, your options are more limited, but there are still steps you should take to mitigate the risks and costs of iPhone loss.

What to do BEFORE your iPhone is lost or stolen

Password protect your iPhone. Setting a a password on your iPhone is very simple and adds an immediate layer of security should it be stolen.

From the home screen of your iPhone:

• Click on the Settings button
• Click on General
• Click on Passcode Lock
• You will be prompted to enter and confirm a four digit passcode for your iPhone

Your iPhone passcode is now set and you will be prompted to enter the four digit number any time you attempt to access your phone. This simple step can greatly decrease the chance that a criminal is able to access your personal information on your iPhone if it is lost or stolen. While having a passcode will potentially prevent unauthorized access to information stored on your iPhone, it is still possible to make outbound calls. So, it is important to alert your wireless carrier immediately after you discover that your iPhone is lost or stolen so you are not potentially liable for calls made by someone else.

Write down your iPhone’s IMEI Number. Your iPhone’s IMEI, or International Mobile Equipment Identity, is a fifteen digit number that can be used by wireless carriers to identify your specific device. It is located on the back of your iPhone near the FCC ID and serial number (you may also want to write down your iPhone’s serial number for your records, although this information is not really that useful in helping with recovery). Keep the IMEI number in a safe place so you can easily find it if your iPhone is ever lost or stolen.

Keep your iPhone backed up by frequently synching with iTunes. It is a good idea to always make sure that all of the information on your iPhone is also backed-up on your computer by frequently syncing through iTunes. This will make the process of recovering the data from your lost or stolen iPhone relatively painless. For even more protection you may want to consider using an online backup service to store copies of all of the files on you computer. This way you still be able to restore your files if both your iPhone and computer go missing at the same time.

Guard against identity theft with an identity theft protection service. To an identity thief, a lost or stolen iPhone is a potential goldmine of information. Losing your iPhone could expose your online bank account, online brokerage account, name, address, telephone number, and email address, passwords, e-mails and other personal data to a criminal. If your iPhone does go missing, an identity theft protection service will help prevent and detect identity theft.

Treat your iPhone like its cash equivalent. You wouldn’t leave two crisp hundred dollar bills lying around so don’t be as careless with your $199 iPhone. Treat your phone with the same level of security and care you use when safeguarding your wallet, purse or other important items.

What to do AFTER your iPhone is lost or stolen

Notify your cellphone carrier. You should contact AT&T, the exclusive cell phone carrier for the iPhone, as soon as you realize that your phone has gone missing. AT&T will be able to deactivate the wireless account associated with your iPhone which will prevent criminals from running up big cell phone bills in your name that you could potentially be held liable for.

File a police report. While some police will not be particularly interested or concerned about helping you recover your iPhone, others are surprisingly helpful. We have read online accounts from a police detective that claims to have recovered four out of five stolen iPhones in cases brought to his attention. This is when it is useful to have the IMEI number available.

Notify your contacts. All of the personal information stored on your lost or stolen iPhone is now potentially accessible by anyone, especially if it is not password protected. It is important for all of the contacts stored in your phone to know that their personal contact information is potentially in the hands strangers. It is not uncommon for criminals to perpetrate crimes against those listed in the phone’s contact list by posing as the rightful owner.

Notify your employer. If your iPhone is linked to your company’s network or has confidential business information stored within, you need to notify your employer immediately. It is a good idea to let your supervisor or other company official know as soon as you realize your phone is missing. Make sure to change the password on your work email address immediately if it is linked to your iPhone. This will prevent the phone from being able to download additional email messages.

Change all your online passwords. Your iPhone has a powerful web browser with the ability to store any of your online passwords for easy access to web based accounts. Whoever has your lost or stolen iPhone in their possession can now potentially gain access to your online bank and brokerage accounts, email, PayPal, eBay, Amazon and any social networking websites you belong to. Change those passwords now to prevent your online accounts from being compromised.

You may also be interested in our lost or stolen laptop recovery guide.

• Apple OKs VoIP over wifi for the iPhone
• VoIP comes to the iPhone
• Stolen laptop returned to lucky professor
• Researchers launch free tracking software for lost or stolen laptops
• Our review of Apple’s new movie download service - Stick with NetFlix!

Facebook exposes personal information of up to 80 million members

Posted by Joe on July 28th, 2008

We have warned previously of the potential identity theft risks that exist for Facebook users. One issue that we didn’t specifically address was the risk that the popular social network would inadvertently expose personal information of its users through a technical glitch. Unfortunately, that is exactly what happened earlier this month when many of Facebook’s 80 million users had their full birth dates exposed on their profile pages.

Graham Cluley, a security expert with Sophos, was one of the first to uncover the breach of date of birth information and alerted Facebook immediately. The problem was fixed shortly thereafter.

The main issue in this case is that many of the impacted Facebook users had proactively set their date of birth to be non-visible to other Facebook users. This is a precaution we recommend in our Facebook identity theft protection guide.

Cluley recommended that, in addition to keeping date of birth hidden in the future, Facebook users take additional steps to protect this sensitive information in the future.

“My advice to Facebook users would be, even if your date of birth
is set to be non-visible, change it to a made-up date in case this kind
of blunder happens again. Facebook and other social networking websites
need to be more careful about protecting their members’ data, or risk
losing users.”

Learn more on how to protect yourself on Facebook by visiting our Facebook identity theft protection guide.

• Facebook phishing scams increase risk of identity theft on the popular social network
• Facebook moves to protect users in partnership with 49 states
• Fake Facebook profile page victim awarded $43,000 in damages
• Facebook security flaw exposes personal information
• Your new Facebook friend just stole your identity

ID Watchdog launches dedicated 24/7 toll free hotline for NextAdvisor.com visitors

Posted by Joe on July 25th, 2008

ID Watchdog, a recent addition to our comparison of identity theft protection companies, has launched a dedicated toll free number for NextAdvisor.com readers. This means anytime access to ID Watchdog representatives who are ready to answer questions or process new subscriptions 24 hours per day and seven days per week. NextAdvisor.com readers can access this new information line by calling (800) 233-1845.

We believe that ID watchdog has the best identity theft recovery guarantee that we have seen in the industry. The guarantee covers every conceivable form of identity theft including financial, social security, medical and more. If an ID Watchdog subscriber is the unfortunate victim of identity theft, the company won’t stop until the identity has been completely restored. The only thing that ID Watchdog’s guarantee doesn’t cover is out of pocket costs and restitution of stolen funds (although no other service identity theft protection guarantee we have seen covers these items either).

You can read our full review of ID Watchdog and other identity theft protection services by visiting our identity theft protection service comparison.

• ID Watchdog identity theft protection service review
• Identity Truth launches toll free number for NextAdvisor.com readers
• Identity Truth launches exclusive 30 day free trial; Earns 5 star rating
• LifeLock’s $1 Million Guarantee - Separating Fact From Fiction
• Identity Theft Shield from Kroll and Pre-Paid Legal Review

Identity Truth phone representatives now available on Saturdays

Posted by Joe on July 23rd, 2008

Identity Truth launched a special toll free number for NextAdvisor.com visitors back in late May. At the time, the Identity Truth representatives were only available to take calls from our readers Monday through Friday. As of last week they are now accepting calls on Saturdays as well.

Consumers that have questions about Identity Truth’s unique technology centric approach to identity theft protection, or any other aspect of the service, can now call (866) 736-0165 Monday through Saturday between 8am and 6pm EST to receive an immediate answer. Calls made during off hours or on Sundays will be answered the next business day.

Read our full review of Identity Truth to learn more about their service.

• Identity Truth launches exclusive 30 day free trial; Earns 5 star rating
• Identity Truth launches toll free number for NextAdvisor.com readers
• NextAdvisor reviews Identity Truth
• Vonage makes customer support a top priority
• 3 tips for VoIP 911 calls

Stolen laptop returned to lucky professor

Posted by Joe on July 23rd, 2008

An Indiana State University professor received and anonymous package this week which included his stolen laptop that had gone missing six days earlier. The laptop contained personal information, such as names, email addresses, academic performance data and social security numbers, of over 2,500 current and former students.

An analysis of the laptop upon its return found that none of the personal information stored on the hard drive had been accessed. This was probably due to the fact that the laptop had strong password protection which prevented unauthorized access.

While we are glad to see that the laptop returned and a data breach adverted by prior planning, this case is the exception and not the rule when it comes to laptop theft. Our recent lost and stolen laptop recovery guide includes a series of useful tips on what to do before and after your laptop is stolen in order to help eliminated hassle and identity theft risk.

• Data Breach Alert: Stolen laptop impacts Virginia school employees
• Researchers launch free tracking software for lost or stolen laptops
• Data Breach Alert: Over 200 child identities exposed in UK
• Data Breach Alert: Stolen laptop exposes identities of 20,000 Kraft employees
• Data Breach Alert: Utah hospital loses thousands of patient records