THE VAST majority of identity fraud victims (68 per cent) incur no out of-pocket expenses. This points out that businesses are victims of fraud. The aim of this paper is to provide some clarity to the real losses sustained by organisations whose customers experience identity theft. This fraudulent behaviour by criminals erodes the reputation and profits of institutions, which I am calling ’institutional identity theft’. I also want to offer to the reader some of the best policies, procedures, and solutions to reduce your risk to institutional identity theft. Identity theft is a catch-all term for crimes involving illegal usage of another individual’s identity. The most common form of identity theft is credit card fraud.
Identity theft is often looked at as an individual’s problem. You know, something that consumers have to worry about. However, organisations often spend a lot of time, effort, and money trying to prevent their customers from experiencing it. The reason for this is because if customers of these organisations experience identity theft sometimes due to negligence or lack of proper security controls, and other times at no fault of their own, the organisation has to face several consequences. These consequences often include loss of customers, reduced client loyalty and trust, reparation costs including credit repair and monitoring fees, as well as hard costs (reissue fees, account reimbursements, insurance fees). In 2007, 9.4 million American citizens were victims of identity fraud with loses totaling more than 49.3 billion.
Nearly a quarter of a million identity theft complaints were made to the Federal Trade Commission during 2007 (32 per cent of all fraud complaints). Credit card fraud was the most common form of identity theft reported (23 per cent), while bank fraud wasn’t far behind at 13 per cent. Additionally, there were 221,226 complaints of Internet related fraud, which constituted 40 per cent of all fraud complaints.
While there are many types of identity theft, the landscape is changing in the preferred methods
criminals use. For example, the general movement towards consumers using online bill payment, and
receiving electronic statements as opposed to paper statement has decreased the effectiveness of
dumpster diving (stealing mail or rummaging through garbage for statements or electronics that might have personal data stored). While this is true for consumers, dumpster diving at a financial institution such as a bank or credit union can still pay off for bad guys. Internet databases, government registers, and public records remain a target, but significant improvements around the security of these systems has reduced the frequency they are used in identity theft and fraud cases. Eavesdropping on public transactions to obtain personal information (shoulder surfing), stealing credit cards or other identification cards by pick pocketing or surreptitiously by skimming through a compromised card reader will always exist while we continue to use plastic cards. The fastest growing and most preferred method criminals use to collect sensitive customer information is where more of our efforts should be spent. This includes more ’high tech’ methods using malware, browsing, spam, phishing, pharming, trojan horses, and other hacking techniques.
Changing Criminal Methodologies
For example, a loan officer in your branch opens his Internet browser and goes to a site Msnbc to get the latest news. Most organisations allow this as part of their Internet use policy. However, if this user goes to Msnbc on St Patrick’s Day 2008 and had a vulnerable browser, the site would have opened up as iFrame (hidden window on the website) that loads malicious code in the background. Malware, once installed, is virtually unlimited in what it can do. Often, these malicious. A combination of high tech fraud methods, such as malware, phishing, pharming, key-loggers, and trojan horse programmes, combined with various social engineering techniques (a collection of techniques used to manipulate people into performing actions or divulging confidential information) has led to a lucrative practice for many criminals. But even searching on Google or any other search engine can lead to system compromise.
Anyone who has done a fair bit of searching on the Internet will often run across ’Spam pages’. These web pages are filled with the most commonly searched keywords on the Internet. They will have strings of words and phrases like ’tribadism fight scenes, free tribadism porn video Britney Spears, make money fast terrorism Iran Election 2008, primaries, Obama, Clinton,’ etc. They seed these pages with ’statistically improbably phrases’ (phrases that are usually unique to the most legitimate or desirable search results), which rank much higher than other sites. Then the criminals will distribute these pages across hundreds of compromised, legitimate websites. Malicious code (viruses, worms, Trojan programmes, Bot net software and the like) is then injected into these pages so when someone simply browses them, they are immediately infected. So when one of your users simply goes to Google and types in some search string, several of the pages that are listed as top results may be these infected pages that could compromise that system, which can lead to an entire network compromise. In fact, in many cases, five out of six results are infected ’Spam pages’. Remember, they don’t have to open an attachment. They don’t have to execute a programme. All they have to do is click on a search result link in Google, like you and I do many times a day.
Most companies use an outsourced firm or third party to host their website. Because these companies use a single, common platform, if a vulnerability is found in the third parties hosting platform, it has the potential of being able to compromise every website hosted by that provider. In one study, one person or group had infected hundreds and hundreds of legitimate websites all hosted by the same ISP in Eastern Europe. Most of the sites had redirectors to a site with a ’virus dropper’ (website that injects a virus into the computer that has accessed the web page). In other words, we have seen evidence that someone has figured out how to penetrate websites hosted by a hosting company at will, and has all at once placed web pages on all of them, which intercept popular Google keyword searches and redirect them to virus droppers. This company boasts over 700,000 websites.
Epilogue
While the Internet is not the culprit, it has become a tool that identity that thieves have embraced and abuse to find victims and commit fraudulent activities. A layered security approach that combines policy, procedures, training, and a variety of technologies managed and monitored centrally is the best way
to combat institutional identity theft. Many managed service providers can offer you a solution that mitigates a single threat or risk within your environment. With this approach, many companies are already finding it difficult to manage the various vendors and technologies. With Perimeter eSecurity, you get all the benefits of outsourced security management and monitoring while maintaining the visibility and control through our client portal ’Viewpoint’. Only Perimeter eSecurity can offer your organisation the complete solution that can protect your institutions profits and identity.
By Ramesh Manghirmalani
Showing posts with label Identity theft. Show all posts
Showing posts with label Identity theft. Show all posts
Wednesday, July 16, 2008
Saturday, July 12, 2008
Mortgage scam is front for identity theft - mailtribune.com - 11 Jul 2008
WHITE CITY — Police are asking the public to be aware of a man involved in a mortgage scam that has cost at least one White City resident $300 and opened her up to identity theft.
A White City woman was approached recently by a man claiming to work for a mortgage "watchdog" group. The suspect said he could look over mortgage paperwork to spot potential errors that could save the buyer thousands of dollars, Jackson County Detective Sgt. Colin Fagan said.
"He charges a $300 fee for this bogus service," Fagan said. "Also, he takes the paperwork with him and does not return."
The suspect said he was affiliated with a local mortgage lender. Detectives believe he may have visited the company and made away with several business cards, which he displayed to the victim, Fagan said.
Mortgage paperwork gives a criminal a wealth of financial information that could be used to drain a bank account or open credit cards in the victim's name, Fagan said.
"Mortgage papers contain your social security number, full name and date of birth," Fagan said. "That's all an identity thief needs to get started. People under foreclosure are vulnerable to begin with and this is the last thing they need."
Police believe the suspect is Bart Arthur Blahosky, 50, who has a long history of fraud spread over Utah, Nevada and Idaho.
"Our victim said he was dressed very nicely and sounded like a lawyer," Fagan said.
Blahosky is described as a white male, standing 5 feet 11 inches tall and weighing 170 pounds. The picture is from his a recent Oregon drivers license, Fagan said.
"We know of only one victim in our area so far, but there could me more," Fagan said.
By Chris Conrad
A White City woman was approached recently by a man claiming to work for a mortgage "watchdog" group. The suspect said he could look over mortgage paperwork to spot potential errors that could save the buyer thousands of dollars, Jackson County Detective Sgt. Colin Fagan said.
"He charges a $300 fee for this bogus service," Fagan said. "Also, he takes the paperwork with him and does not return."
The suspect said he was affiliated with a local mortgage lender. Detectives believe he may have visited the company and made away with several business cards, which he displayed to the victim, Fagan said.
Mortgage paperwork gives a criminal a wealth of financial information that could be used to drain a bank account or open credit cards in the victim's name, Fagan said.
"Mortgage papers contain your social security number, full name and date of birth," Fagan said. "That's all an identity thief needs to get started. People under foreclosure are vulnerable to begin with and this is the last thing they need."
Police believe the suspect is Bart Arthur Blahosky, 50, who has a long history of fraud spread over Utah, Nevada and Idaho.
"Our victim said he was dressed very nicely and sounded like a lawyer," Fagan said.
Blahosky is described as a white male, standing 5 feet 11 inches tall and weighing 170 pounds. The picture is from his a recent Oregon drivers license, Fagan said.
"We know of only one victim in our area so far, but there could me more," Fagan said.
By Chris Conrad
Wednesday, July 9, 2008
Foreclosures bringing cases of fraud to light - signonsandiego.com – 8 Jul 2008
Last year, an Orange County man was rejected for a personal loan at his credit union. To his surprise, his credit report had been red-flagged because he was six months behind on mortgage payments on a $660,000 home in Oceanside.
That was news to him. He had never bought a house in Oceanside.
So he contacted police, who uncovered that his identity had been stolen to make the purchase in October 2006.
Now the home on Overlook Drive is in foreclosure. The real estate agent involved in the deal, Robert Hugh Decker, is in custody in San Diego. Prosecutors allege that Decker's company was paid nearly $37,000 in commissions and that he was collecting $1,800 per month in rent from tenants.
The charges against Decker highlight the seamy side to the mortgage meltdown. Industry experts say the same lax lending standards that lured home buyers to stretch beyond their means created a fertile petri dish for real estate fraud.
Law enforcement officials say a host of real estate shenanigans sprouted during the housing boom. The most prevalent – and least likely to be prosecuted – involved fudging income on loan applications. Other buyers fibbed about whether they would occupy the home or rent it.
Some schemes were more complicated and nefarious. They often involved inflated appraisals, zero-down financing and grossly false information on loan documents. In these scams, the idea was not to own the property long-term but instead to siphon off as much money as possible from commissions, rental income or undisclosed cash kickbacks before letting the home fall into foreclosure.
“Many people just assume these foreclosures are part of the subprime meltdown,” said Todd Lackner, a real estate appraiser in San Diego. “This is not true. These properties were purchased with the intention of being foreclosed on.”
More of these cases are coming to light as the foreclosure crisis deepens. Last month, federal prosecutors charged six people from a downtown San Diego mortgage and real estate firm with wire fraud as part of a nationwide crackdown on bogus real estate transactions.
The probe, called Operation Malicious Mortgage, resulted in more than 400 indictments nationwide. The Justice Department and FBI estimate losses from the schemes at more than $1billion.
In Oceanside, Decker is one of a handful of people charged by state prosecutors in connection with the Overlook Drive property and two additional home purchases. The four other people, all of whom have pleaded guilty, include notaries, a mortgage broker and an Orange County chiropractor who provided the personal information of two patients whose identities were stolen, said San Diego Deputy District Attorney Stephen Robinson, who is prosecuting the case.
The investigation is continuing, and at least two additional foreclosure homes may be involved, authorities said.
Decker's attorney, Charles Guthrie, said that his client is innocent and that those who pleaded guilty are pointing fingers to escape tougher treatment.
“Mr. Decker is an honest man,” Guthrie said. “He wants to go to trial . . . We're looking for specifics. We want to see what they say Mr. Decker did.”
Who gets hurt by mortgage fraud? Lenders, of course, often lose money when they foreclose on a house. Identity-theft victims can spend months or years trying to repair their credit scores.
But there's also a wider impact. Real estate experts say that suspicious deals helped inflate property values during the boom and that the foreclosures are fueling a faster fall in values in today's market.
One example occurred in Mission Hills. In October 2005, a roughly 1,400-square-foot home was listed for $1 million. It didn't sell. In early April 2006, it was relisted for $989,000. A month later, the price was raised to $1.3 million.
It went into escrow for $1.25 million two days after the price increase. The buyer purchased it with zero-down financing, according to deed records.
The lender foreclosed on the home in October. The bank resold it in April. The price: $640,000.
Lackner, the real estate appraiser, has unearthed about 1,500 such unusual sales in San Diego County. He began researching questionable real estate deals about a year ago after stumbling across some suspect, high-priced purchases.
“As an appraiser, I'm asked if properties in Mission Hills have decreased 50 percent in value like this one,” Lackner said. “My answer is no. This property was never worth $1.25 million.”
In San Diego County, home prices have tumbled 26.5 percent since their peak in November 2005, according to La Jolla-based DataQuick, a real estate research firm.
Buyers who lied about income or occupancy on loan applications also are contributing to the price plunge, said lawyer Ann Fulmer, a vice president with Atlanta-based Interthinx, which provides fraud-detection services to lenders. Today's tougher lending standards make it harder to fudge information when trying to refinance these loans, so the buyers are walking away in many cases, she said.
During the end of the housing boom – from 2006 to early 2007 – the climate was particularly sunny for these questionable transactions. No-documentation loans and stated-income “liar” loans were plentiful.
One scheme used during the boom years was cash back in which the buyer gets a kickback from the seller after the loan closes. Cash back is not illegal if everyone, including lenders, knows it's happening.
Cash-back schemes sometimes involve “straw buyers” – witting or unwitting accomplices whose names are used to purchase a home. If straw buyers know what's going on, they often get a fee.
In March 2006, Shamika Copenhagen purchased a $1.5 million home in Eastlake using zero-down financing, federal prosecutors said. Creative Financial Services of San Diego arranged the loan. The application claimed Copenhagen made $337,000 a year working for U.S. Mergers, a company prosecutors say “does not exist as a functioning entity.”
When the sale was completed, the lender paid Creative Financial $38,000 in commissions for arranging the loan.
The seller, however, also wrote a $200,000 check to Said Betech of Creative Financial, prosecutors said. The purpose of the $200,000 was not disclosed on any documents associated with the transaction, said Assistant U.S. Attorney Christopher Alexander, who is prosecuting Betech and several others in the case.
A couple of weeks later, one of Betech's colleagues at Creative Financial wrote a $15,000 check to Copenhagen, prosecutors say.
The lender foreclosed on the 3,800-square-foot house in March 2007. It sold a year later for $700,000.
Betech's lawyer could not be reached for comment; Copenhagen is not among those charged.
Federal prosecutors examined 21 suspicious home sales linked to Creative Financial. So far, 18 have been taken back by lenders or are in the process of foreclosure.
More arrests could be coming, police said. One case under investigation involves five condos in San Diego – three downtown, one in La Jolla and another in Rancho Santa Fe – that were purchased between May and October 2006 in the name of a Pennsylvania man for more than $3 million combined.
The unwitting buyer is a mechanic who lives in a manufactured home, police said. All of the condos have been foreclosed, and San Diego police have a suspect. The San Diego Union-Tribune is not using names because the investigation is continuing.
This sordid side of the housing meltdown is increasingly getting the attention of policymakers and law enforcement. A recent report by the Mortgage Bankers Association ranked California fourth nationally for incidents of mortgage fraud – behind Florida, Nevada and Michigan.
In part because the loans are big, losses related to real estate fraud amount to $6 billion a year, according to a study by BasePoint Analytics, a Carlsbad company that makes mortgage-fraud-detection software for lenders and investors in mortgage-backed securities.
“Looking back to 2004 when we got into it, it was seen as a pretty small problem” by the mortgage industry, said Frank McKenna, chief fraud strategist with BasePoint. “But at $6 billion a year, you're looking at something that's three times the size of credit card fraud.”
That was news to him. He had never bought a house in Oceanside.
So he contacted police, who uncovered that his identity had been stolen to make the purchase in October 2006.
Now the home on Overlook Drive is in foreclosure. The real estate agent involved in the deal, Robert Hugh Decker, is in custody in San Diego. Prosecutors allege that Decker's company was paid nearly $37,000 in commissions and that he was collecting $1,800 per month in rent from tenants.
The charges against Decker highlight the seamy side to the mortgage meltdown. Industry experts say the same lax lending standards that lured home buyers to stretch beyond their means created a fertile petri dish for real estate fraud.
Law enforcement officials say a host of real estate shenanigans sprouted during the housing boom. The most prevalent – and least likely to be prosecuted – involved fudging income on loan applications. Other buyers fibbed about whether they would occupy the home or rent it.
Some schemes were more complicated and nefarious. They often involved inflated appraisals, zero-down financing and grossly false information on loan documents. In these scams, the idea was not to own the property long-term but instead to siphon off as much money as possible from commissions, rental income or undisclosed cash kickbacks before letting the home fall into foreclosure.
“Many people just assume these foreclosures are part of the subprime meltdown,” said Todd Lackner, a real estate appraiser in San Diego. “This is not true. These properties were purchased with the intention of being foreclosed on.”
More of these cases are coming to light as the foreclosure crisis deepens. Last month, federal prosecutors charged six people from a downtown San Diego mortgage and real estate firm with wire fraud as part of a nationwide crackdown on bogus real estate transactions.
The probe, called Operation Malicious Mortgage, resulted in more than 400 indictments nationwide. The Justice Department and FBI estimate losses from the schemes at more than $1billion.
In Oceanside, Decker is one of a handful of people charged by state prosecutors in connection with the Overlook Drive property and two additional home purchases. The four other people, all of whom have pleaded guilty, include notaries, a mortgage broker and an Orange County chiropractor who provided the personal information of two patients whose identities were stolen, said San Diego Deputy District Attorney Stephen Robinson, who is prosecuting the case.
The investigation is continuing, and at least two additional foreclosure homes may be involved, authorities said.
Decker's attorney, Charles Guthrie, said that his client is innocent and that those who pleaded guilty are pointing fingers to escape tougher treatment.
“Mr. Decker is an honest man,” Guthrie said. “He wants to go to trial . . . We're looking for specifics. We want to see what they say Mr. Decker did.”
Who gets hurt by mortgage fraud? Lenders, of course, often lose money when they foreclose on a house. Identity-theft victims can spend months or years trying to repair their credit scores.
But there's also a wider impact. Real estate experts say that suspicious deals helped inflate property values during the boom and that the foreclosures are fueling a faster fall in values in today's market.
One example occurred in Mission Hills. In October 2005, a roughly 1,400-square-foot home was listed for $1 million. It didn't sell. In early April 2006, it was relisted for $989,000. A month later, the price was raised to $1.3 million.
It went into escrow for $1.25 million two days after the price increase. The buyer purchased it with zero-down financing, according to deed records.
The lender foreclosed on the home in October. The bank resold it in April. The price: $640,000.
Lackner, the real estate appraiser, has unearthed about 1,500 such unusual sales in San Diego County. He began researching questionable real estate deals about a year ago after stumbling across some suspect, high-priced purchases.
“As an appraiser, I'm asked if properties in Mission Hills have decreased 50 percent in value like this one,” Lackner said. “My answer is no. This property was never worth $1.25 million.”
In San Diego County, home prices have tumbled 26.5 percent since their peak in November 2005, according to La Jolla-based DataQuick, a real estate research firm.
Buyers who lied about income or occupancy on loan applications also are contributing to the price plunge, said lawyer Ann Fulmer, a vice president with Atlanta-based Interthinx, which provides fraud-detection services to lenders. Today's tougher lending standards make it harder to fudge information when trying to refinance these loans, so the buyers are walking away in many cases, she said.
During the end of the housing boom – from 2006 to early 2007 – the climate was particularly sunny for these questionable transactions. No-documentation loans and stated-income “liar” loans were plentiful.
One scheme used during the boom years was cash back in which the buyer gets a kickback from the seller after the loan closes. Cash back is not illegal if everyone, including lenders, knows it's happening.
Cash-back schemes sometimes involve “straw buyers” – witting or unwitting accomplices whose names are used to purchase a home. If straw buyers know what's going on, they often get a fee.
In March 2006, Shamika Copenhagen purchased a $1.5 million home in Eastlake using zero-down financing, federal prosecutors said. Creative Financial Services of San Diego arranged the loan. The application claimed Copenhagen made $337,000 a year working for U.S. Mergers, a company prosecutors say “does not exist as a functioning entity.”
When the sale was completed, the lender paid Creative Financial $38,000 in commissions for arranging the loan.
The seller, however, also wrote a $200,000 check to Said Betech of Creative Financial, prosecutors said. The purpose of the $200,000 was not disclosed on any documents associated with the transaction, said Assistant U.S. Attorney Christopher Alexander, who is prosecuting Betech and several others in the case.
A couple of weeks later, one of Betech's colleagues at Creative Financial wrote a $15,000 check to Copenhagen, prosecutors say.
The lender foreclosed on the 3,800-square-foot house in March 2007. It sold a year later for $700,000.
Betech's lawyer could not be reached for comment; Copenhagen is not among those charged.
Federal prosecutors examined 21 suspicious home sales linked to Creative Financial. So far, 18 have been taken back by lenders or are in the process of foreclosure.
More arrests could be coming, police said. One case under investigation involves five condos in San Diego – three downtown, one in La Jolla and another in Rancho Santa Fe – that were purchased between May and October 2006 in the name of a Pennsylvania man for more than $3 million combined.
The unwitting buyer is a mechanic who lives in a manufactured home, police said. All of the condos have been foreclosed, and San Diego police have a suspect. The San Diego Union-Tribune is not using names because the investigation is continuing.
This sordid side of the housing meltdown is increasingly getting the attention of policymakers and law enforcement. A recent report by the Mortgage Bankers Association ranked California fourth nationally for incidents of mortgage fraud – behind Florida, Nevada and Michigan.
In part because the loans are big, losses related to real estate fraud amount to $6 billion a year, according to a study by BasePoint Analytics, a Carlsbad company that makes mortgage-fraud-detection software for lenders and investors in mortgage-backed securities.
“Looking back to 2004 when we got into it, it was seen as a pretty small problem” by the mortgage industry, said Frank McKenna, chief fraud strategist with BasePoint. “But at $6 billion a year, you're looking at something that's three times the size of credit card fraud.”
Sunday, July 6, 2008
Fake profiles of Mahesh Bhatt, Paresh Rawal crop up online - dnaindia.com - 04 Jul 08
Bollywood bigwigs Paresh Rawal and Mahesh Bhatt have lodged a complaint with the Cyber Crime Investigation Cell (CCIC) of the Mumbai crime branch alleging that their fake profiles have been created on the social networking website Facebook. They said they apprehended that the profiles had been created for misuing them.
Joint commissioner of police (crime) Rakesh Maria said the complaints were lodged on Tuesday night. He said the profiles could have been posted to lure youngsters and wannabe actors and actresses into providing sensitive information and to then use the information against them.
Messages asking people to send in their photographs and personal details have been posted on the website. The website has had many visitors hoping to interact with Rawal and Bhatt, Maria said. Social networking websites, such as Facebook, can be used for casting couch, he said.
“This is for the first time that we have a complaint of a fake profile on Facebook,” he said. The previous complaints concerned Orkut, he said.
The cyber crime sleuths may face some obstacles in this case. Maria said. If the server on which the profile has been uploaded is situated in a foreign country then it becomes difficult to block such websites, he said.
The police on Thursday wrote to the agency concerned to block the website or erase the profiles.
Mahesh Bhatt said he came to know about the profile from his dentist. “He told me he had scrapped me on Facebook in past few days. I was shocked to hear this. I told him I am not registered on Facebook,” he told DNA.
“Later Paresh (Rawal) called me and said his fake profile said that he was looking for girls (newcomers) for films,” he said. He said the content was posted from the United States. Attempts were made to contact Paresh Rawal. But his secretary said he was in Mauritius.
Joint commissioner of police (crime) Rakesh Maria said the complaints were lodged on Tuesday night. He said the profiles could have been posted to lure youngsters and wannabe actors and actresses into providing sensitive information and to then use the information against them.
Messages asking people to send in their photographs and personal details have been posted on the website. The website has had many visitors hoping to interact with Rawal and Bhatt, Maria said. Social networking websites, such as Facebook, can be used for casting couch, he said.
“This is for the first time that we have a complaint of a fake profile on Facebook,” he said. The previous complaints concerned Orkut, he said.
The cyber crime sleuths may face some obstacles in this case. Maria said. If the server on which the profile has been uploaded is situated in a foreign country then it becomes difficult to block such websites, he said.
The police on Thursday wrote to the agency concerned to block the website or erase the profiles.
Mahesh Bhatt said he came to know about the profile from his dentist. “He told me he had scrapped me on Facebook in past few days. I was shocked to hear this. I told him I am not registered on Facebook,” he told DNA.
“Later Paresh (Rawal) called me and said his fake profile said that he was looking for girls (newcomers) for films,” he said. He said the content was posted from the United States. Attempts were made to contact Paresh Rawal. But his secretary said he was in Mauritius.
Friday, June 27, 2008
Baby Identity Theft Victim - www.wlbt.com
A metro area man says he's spent the last six months fighting identity theft. The victim of the crime was his newborn son.
He believes the thief is local, and could strike again if they're not stopped.
Before he could speak his first word, or take his first step, Devin Jones was a victim of identity theft. It all started when his parents filed their income taxes.
Craig Jones says, "When we went to file our taxes they said they already used our social security, name, birth date, and social to file their taxes. ...Took us longer to file our taxes... we did get our money back... that's not the issue. The issue here is that someone was able to get this information that fast, use it and here it is almost July and no one is in jail yet."
Jones says his son's social security number was stolen less than three months after he was born.
It's still unclear how the number was leaked. Jones has done his own investigating.
Jones says, "The IRS knows because they processed both forms, they paid both entities, they have told me I have an impending audit in November. The state tax commission has pulled it up while I was on the phone with them and told me, 'yeah we see who did it but we can't give that info to the prosecutorial body to go get them. It doesn't make sense."
The Social Security Administration in Jackson says protecting your Social Security number is key in preventing identity theft. They say always keep your card and number in a safe place. Don't carry your social security card or anything with the number on it on you, and always call them immediately if you suspect someone is using your number illegally.
Craig Jones says, "Everyone in this state should be concerned about how many numbers have been used - how much money has been squandered."
Obviously it's never a good idea to give your social security number out to anyone, aside from an employer or healthcare provider.
Jones says he will continue to fight to save his son's identity, before any more damage is done.
He believes the thief is local, and could strike again if they're not stopped.
Before he could speak his first word, or take his first step, Devin Jones was a victim of identity theft. It all started when his parents filed their income taxes.
Craig Jones says, "When we went to file our taxes they said they already used our social security, name, birth date, and social to file their taxes. ...Took us longer to file our taxes... we did get our money back... that's not the issue. The issue here is that someone was able to get this information that fast, use it and here it is almost July and no one is in jail yet."
Jones says his son's social security number was stolen less than three months after he was born.
It's still unclear how the number was leaked. Jones has done his own investigating.
Jones says, "The IRS knows because they processed both forms, they paid both entities, they have told me I have an impending audit in November. The state tax commission has pulled it up while I was on the phone with them and told me, 'yeah we see who did it but we can't give that info to the prosecutorial body to go get them. It doesn't make sense."
The Social Security Administration in Jackson says protecting your Social Security number is key in preventing identity theft. They say always keep your card and number in a safe place. Don't carry your social security card or anything with the number on it on you, and always call them immediately if you suspect someone is using your number illegally.
Craig Jones says, "Everyone in this state should be concerned about how many numbers have been used - how much money has been squandered."
Obviously it's never a good idea to give your social security number out to anyone, aside from an employer or healthcare provider.
Jones says he will continue to fight to save his son's identity, before any more damage is done.
Friday, June 13, 2008
a new type of ID theft received on my e-mail
Dear Mr. Sood;
Greetings from the United States.Thank you for your promotion of the news about fraud.Several people who have been cheated by this company in the US havebeen pushing for years to get these men indicted on charges.The Federal prosecutor and Postal service are investigating hundredsof frauds by these men - Ben Anderson and Meir Waknine.Our dream is close to realization but we need more help.
The veteran's whose deceased relatives ID they stole to use to cheatpeople have agreed to let us put up a public website with their namesand photos showing everyone the families they hurt in addition tothose who they stole from...
We are looking for a company, preferably one overseas that can hostthe website or help create itand be UNTRACEABLE. These men already claim to be able to have peoplekilled who oppose them.So far, just threats for years. But they are quite cruel so no onewants to open themselves up to that again.Personally I was threatened for months and I am aware of severalbusinesses that had to close due to their campaigns of fear.
If you can forward the names of Indian firms who might be interestedin hosting and helpingwe would love to talk with them. These men have friends who are"hackers" supposedly and have stolen IDs.They have broken into victim's websites and servers. So any companythat does this MUSTbe able to fight off attacks and be willing to defend itself.
Thanks for your assistance,Namasté.
An American FriendBob TornilI remain anonymous otherwise...
Greetings from the United States.Thank you for your promotion of the news about fraud.Several people who have been cheated by this company in the US havebeen pushing for years to get these men indicted on charges.The Federal prosecutor and Postal service are investigating hundredsof frauds by these men - Ben Anderson and Meir Waknine.Our dream is close to realization but we need more help.
The veteran's whose deceased relatives ID they stole to use to cheatpeople have agreed to let us put up a public website with their namesand photos showing everyone the families they hurt in addition tothose who they stole from...
We are looking for a company, preferably one overseas that can hostthe website or help create itand be UNTRACEABLE. These men already claim to be able to have peoplekilled who oppose them.So far, just threats for years. But they are quite cruel so no onewants to open themselves up to that again.Personally I was threatened for months and I am aware of severalbusinesses that had to close due to their campaigns of fear.
If you can forward the names of Indian firms who might be interestedin hosting and helpingwe would love to talk with them. These men have friends who are"hackers" supposedly and have stolen IDs.They have broken into victim's websites and servers. So any companythat does this MUSTbe able to fight off attacks and be willing to defend itself.
Thanks for your assistance,Namasté.
An American FriendBob TornilI remain anonymous otherwise...
Wednesday, June 11, 2008
Thursday, June 5, 2008
'Untraceable' phone fraudsters eye your credit card - theregister.co.uk - 03 Jun 2008
Scams involving email and fake banking websites may get all the attention, but a recent rash of fraudulent phone calls shows criminals haven't given up on more traditional tools for tricking people into surrendering credit card numbers and other sensitive information.
The calls begin with a recording that makes a tempting offer - usually for a lower credit-card interest rate or an extended car warranty - and then invite the caller to speak to a live agent. The agents then ask for information including the credit card number and expiration, name, address, and in some cases social security number and other data. Recipients who have fallen for the ploy report finding charges as high as $900 on their credit card.
Your reporter has received three such calls in as many weeks. After taking the bait for a lower interest rate, an agent named Donna said her company, amorphously called Financial Services, uses its clout to negotiate directly with the issuing bank to lower my rate. Eventually, she put a supervisor named Johnny Davis on the line to answer questions like where Financial Services was incorporated and whether it was a member of the Better Business Bureau.
His answer: "That has nothing to do with the purpose of the phone call. Are you interested in us negotiating your interest rates of your accounts?"
Obviously, Davis wasn't the least bit daunted by the questions and neither were any of his colleagues, judging from similar online accounts, in which recipients report getting an abrupt click when seeking such information. Other people report receiving the calls every day at 3 a.m.
The reason Johnny, Donna and the rest of the cabal can't be bothered with maintaining even the appearance of legitimacy is they know they are largely untraceable. The varying phone numbers that appear in recipients' caller id screens are spoofed. There is little that typical users can do to find the real origins of the call.
"I actually pursued it a little bit," said Dan Clements, head of credit card-monitoring service CardCops after he received a call. But because CardCops, a division of Affinion Security Center, is set up to focus on internet-based abuses, he took a pass on one based solely using phone lines. "I couldn't dig in on it," he said.
Identity theft investigators at Consumer's Union say they are unfamiliar with the scam. Officials from the California Attorney General's office the the Federal Trade Commission didn't return phone calls by time of publication.
That's left people to resort to alternate ways of handling the calls. One person, for instance, started Stopping Heather, a site named after the perky voiced operator whose recording graces the beginning of many calls. Participants are encouraged to log as much information about the calls they receive as possible, including spoofed numbers and the scripts of the scammers. Ad-hoc forums on sites such as 800Notes serve much the same purpose. Others report keeping a whistle or an air horn at the ready.
The surge of calls come as security researchers report an up-tick in so-called vishing attacks, which use VoIP, or voice over IP, to trick people into turning over banking credentials and other sensitive data. Last fall, more than 12,000 people in Texas were targeted in a scam that attempted to capture their account details for eTrade and two local banks, according to a recent report from iSIGHT Partners.
Vishers typically set up demo accounts with one of the many VoIP providers, carry out their attack and then move to another provider. The attacks observed in the report were different from the recent scam, however. They typically rely on emails that encourage recipients to call an automated number and manually enter their account information.
The use of live agents at a time when open-source public branch exchanges and similar gear makes number spoofing cheap and simple is a wrinkle that will take time for enforcers to crack down on.
By Dan Goodin in San Francisco
The calls begin with a recording that makes a tempting offer - usually for a lower credit-card interest rate or an extended car warranty - and then invite the caller to speak to a live agent. The agents then ask for information including the credit card number and expiration, name, address, and in some cases social security number and other data. Recipients who have fallen for the ploy report finding charges as high as $900 on their credit card.
Your reporter has received three such calls in as many weeks. After taking the bait for a lower interest rate, an agent named Donna said her company, amorphously called Financial Services, uses its clout to negotiate directly with the issuing bank to lower my rate. Eventually, she put a supervisor named Johnny Davis on the line to answer questions like where Financial Services was incorporated and whether it was a member of the Better Business Bureau.
His answer: "That has nothing to do with the purpose of the phone call. Are you interested in us negotiating your interest rates of your accounts?"
Obviously, Davis wasn't the least bit daunted by the questions and neither were any of his colleagues, judging from similar online accounts, in which recipients report getting an abrupt click when seeking such information. Other people report receiving the calls every day at 3 a.m.
The reason Johnny, Donna and the rest of the cabal can't be bothered with maintaining even the appearance of legitimacy is they know they are largely untraceable. The varying phone numbers that appear in recipients' caller id screens are spoofed. There is little that typical users can do to find the real origins of the call.
"I actually pursued it a little bit," said Dan Clements, head of credit card-monitoring service CardCops after he received a call. But because CardCops, a division of Affinion Security Center, is set up to focus on internet-based abuses, he took a pass on one based solely using phone lines. "I couldn't dig in on it," he said.
Identity theft investigators at Consumer's Union say they are unfamiliar with the scam. Officials from the California Attorney General's office the the Federal Trade Commission didn't return phone calls by time of publication.
That's left people to resort to alternate ways of handling the calls. One person, for instance, started Stopping Heather, a site named after the perky voiced operator whose recording graces the beginning of many calls. Participants are encouraged to log as much information about the calls they receive as possible, including spoofed numbers and the scripts of the scammers. Ad-hoc forums on sites such as 800Notes serve much the same purpose. Others report keeping a whistle or an air horn at the ready.
The surge of calls come as security researchers report an up-tick in so-called vishing attacks, which use VoIP, or voice over IP, to trick people into turning over banking credentials and other sensitive data. Last fall, more than 12,000 people in Texas were targeted in a scam that attempted to capture their account details for eTrade and two local banks, according to a recent report from iSIGHT Partners.
Vishers typically set up demo accounts with one of the many VoIP providers, carry out their attack and then move to another provider. The attacks observed in the report were different from the recent scam, however. They typically rely on emails that encourage recipients to call an automated number and manually enter their account information.
The use of live agents at a time when open-source public branch exchanges and similar gear makes number spoofing cheap and simple is a wrinkle that will take time for enforcers to crack down on.
By Dan Goodin in San Francisco
UnitedHealthcare data breach leads to ID theft at UC Irvine - Computerworld.com - 03 Jun 2008
Scammers used stolen data to file false tax returns, steal students' refunds
June 3, 2008 (IDG News Service) A data breach at United Healthcare Services Inc. has led to a rash of identity-theft crimes at the University of California, Irvine.
To date, 155 graduate and medical students at the school have been hit by the scam, in which criminals file false tax returns in the victim's name and then collect their tax refunds. The breach affects 1,132 graduate students who were enrolled with the university's graduate student health insurance program in the 2006-07 school year, said Cathy Lawhon, the university's media relations director.
UC Irvine police and IT staff have been investigating the crime for several months, she said.
"In February, the police began getting reports from graduate students that when they filed their income tax returns, they were being told that their returns had already been filed using their Social Security numbers," she said.
Local and federal law-enforcement agencies have been called in to help with the investigation, and they have traced the source of the data breach to UnitedHealthcare, the carrier for the school's graduate student health-insurance program, Lawhon said.
Based in Minnetonka, Minn., UnitedHealthcare is one of the largest health care service providers in the U.S. A company spokeswoman confirmed that some university students' personal information "may have been accessed without authorization," but she could not comment on the source of the breach.
Other UnitedHealthcare customers have not been affected, she added. "As far as we know, this situation was isolated to UCI."
According to U.S. Internal Revenue Service spokesman Jesse Weller, scammers have been particularly aggressive this year, hoping to cash in on the federal government's economic stimulus payments. "Even before the law was signed ... scammers were attempting to get victims related to the stimulus payment, and it has continued since that time," he said.
The IRS is now in the process of sending checks of $300 to $600 per person to an estimated 130 million households in the U.S. as a result of the Feb. 13 stimulus package.
Weller could not comment on the UC Irvine breach.
The university has set up a Web page for those who think they may have been affected by the scam.
June 3, 2008 (IDG News Service) A data breach at United Healthcare Services Inc. has led to a rash of identity-theft crimes at the University of California, Irvine.
To date, 155 graduate and medical students at the school have been hit by the scam, in which criminals file false tax returns in the victim's name and then collect their tax refunds. The breach affects 1,132 graduate students who were enrolled with the university's graduate student health insurance program in the 2006-07 school year, said Cathy Lawhon, the university's media relations director.
UC Irvine police and IT staff have been investigating the crime for several months, she said.
"In February, the police began getting reports from graduate students that when they filed their income tax returns, they were being told that their returns had already been filed using their Social Security numbers," she said.
Local and federal law-enforcement agencies have been called in to help with the investigation, and they have traced the source of the data breach to UnitedHealthcare, the carrier for the school's graduate student health-insurance program, Lawhon said.
Based in Minnetonka, Minn., UnitedHealthcare is one of the largest health care service providers in the U.S. A company spokeswoman confirmed that some university students' personal information "may have been accessed without authorization," but she could not comment on the source of the breach.
Other UnitedHealthcare customers have not been affected, she added. "As far as we know, this situation was isolated to UCI."
According to U.S. Internal Revenue Service spokesman Jesse Weller, scammers have been particularly aggressive this year, hoping to cash in on the federal government's economic stimulus payments. "Even before the law was signed ... scammers were attempting to get victims related to the stimulus payment, and it has continued since that time," he said.
The IRS is now in the process of sending checks of $300 to $600 per person to an estimated 130 million households in the U.S. as a result of the Feb. 13 stimulus package.
Weller could not comment on the UC Irvine breach.
The university has set up a Web page for those who think they may have been affected by the scam.
Wednesday, June 4, 2008
11 people arrested in alleged identity theft ring - wafb.com
BATON ROUGE, LA (WAFB) - We've learned of a criminal case that involves conspiracy, bribery, money laundering, and identity theft. However, that's just a few of the charges.
In total, eleven people are charged with obtaining and using financial information of more than 55 people and businesses throughout Louisiana. The alleged ring leader, Robert Thompson, also known as John Lawson, allegedly managed to do all of this from prison and he has a long list of charges.
U.S. Attorney David Dugas says Thompson bribed a prison guard to get his hands on cell phones. He would rally folks to help him on the outside. Aside from a J.B Evans correctional officer, ten others were arrested for allegedly helping him. In one case, the group reportedly tried to steal $20 million from one victim's bank accounts.
In total, eleven people are charged with obtaining and using financial information of more than 55 people and businesses throughout Louisiana. The alleged ring leader, Robert Thompson, also known as John Lawson, allegedly managed to do all of this from prison and he has a long list of charges.
U.S. Attorney David Dugas says Thompson bribed a prison guard to get his hands on cell phones. He would rally folks to help him on the outside. Aside from a J.B Evans correctional officer, ten others were arrested for allegedly helping him. In one case, the group reportedly tried to steal $20 million from one victim's bank accounts.
Monday, June 2, 2008
Ramsey County / Two charged with mail theft - Twincities.com
Tipped off by a bank employee, police stopped a car with hundreds of pieces of stolen mail, including IRS refund checks, officials said.
Nauras Sabri Alameri, 25, of Columbia Heights, and Ariane Michelle Swanson, 30, of Maple Grove, were charged Friday in Ramsey County District Court with mail theft and check forgery.
The criminal complaint in the case, by prosecuting attorney Robert Plesha, tells the state's version of events:
Alameri and Swanson came to the drive-through window of U.S. Bank at 2383 University Ave. in St. Paul about 8:30 a.m. April 2, attempting to cash checks for $800 and $1,500 made out to a Deborah Doffing.
Swanson was in the passenger seat.
A teller said that they could cash the smaller check but that they'd have to come into the bank for the other because it was for more than $1,000.
Instead, they drove off.
A bank employee thought that seemed fishy, especially because the Minnesota ID card Swanson had presented didn't look like her.
A bank employee called Doffing, who said she hadn't been to the bank. She also said she was waiting for a new ID card to arrive in the mail.
Alameri and Swanson returned to the bank's drive-through window at 10:15 a.m. with two more checks, one for $500 that had been altered and one for $400 that had been drawn on the account of Tin Leam of Shakopee.
The teller recognized the two and stalled them while bank officials called police. Alameri "became very impatient" and wanted to know why the wait was so long, according to the complaint.
When a squad car pulled up, the pair took off.
Police caught up with them blocks later, where they found hundreds of pieces of mail in the front seat — IRS refund checks, other checks, bank statements, credit card reports — bearing addresses from Minneapolis, Brooklyn Park, Maple Grove and Shakopee.
In Alameri's wallet, police also found a driver's license and checks with other people's names on them.
When police interviewed Swanson, she said Alameri was warehousing the lifted letters at his house in Columbia Heights. She said she had not stolen them but admitted trying to cash the stolen checks, the complaint said.
She also directed investigators to the alley behind Alameri's house, where she said they would find three bags of discarded mail in a garbage can. They did, police said.
Alameri blamed Swanson, saying she brought in all of the mail in his home.
Contact numbers for the two, who were not in custody, could not be found Wednesday.
Nauras Sabri Alameri, 25, of Columbia Heights, and Ariane Michelle Swanson, 30, of Maple Grove, were charged Friday in Ramsey County District Court with mail theft and check forgery.
The criminal complaint in the case, by prosecuting attorney Robert Plesha, tells the state's version of events:
Alameri and Swanson came to the drive-through window of U.S. Bank at 2383 University Ave. in St. Paul about 8:30 a.m. April 2, attempting to cash checks for $800 and $1,500 made out to a Deborah Doffing.
Swanson was in the passenger seat.
A teller said that they could cash the smaller check but that they'd have to come into the bank for the other because it was for more than $1,000.
Instead, they drove off.
A bank employee thought that seemed fishy, especially because the Minnesota ID card Swanson had presented didn't look like her.
A bank employee called Doffing, who said she hadn't been to the bank. She also said she was waiting for a new ID card to arrive in the mail.
Alameri and Swanson returned to the bank's drive-through window at 10:15 a.m. with two more checks, one for $500 that had been altered and one for $400 that had been drawn on the account of Tin Leam of Shakopee.
The teller recognized the two and stalled them while bank officials called police. Alameri "became very impatient" and wanted to know why the wait was so long, according to the complaint.
When a squad car pulled up, the pair took off.
Police caught up with them blocks later, where they found hundreds of pieces of mail in the front seat — IRS refund checks, other checks, bank statements, credit card reports — bearing addresses from Minneapolis, Brooklyn Park, Maple Grove and Shakopee.
In Alameri's wallet, police also found a driver's license and checks with other people's names on them.
When police interviewed Swanson, she said Alameri was warehousing the lifted letters at his house in Columbia Heights. She said she had not stolen them but admitted trying to cash the stolen checks, the complaint said.
She also directed investigators to the alley behind Alameri's house, where she said they would find three bags of discarded mail in a garbage can. They did, police said.
Alameri blamed Swanson, saying she brought in all of the mail in his home.
Contact numbers for the two, who were not in custody, could not be found Wednesday.
Sunday, June 1, 2008
IDENTIFYING THE THIEF - Newyork post 01-Jun-2008
June 1, 2008 -- The first clues that something was wrong started popping up in my e-mail in-basket one morning.
First one online service was thanking me for asking about their mortgage refinancing and then, scrolling down, I saw e-mails from cellphone companies, from the CD folks at Columbia House, an offer of vacation packages, one for computers and even a note from Disney's ornament-of-the-month club.
Soon after, my phone started ringing off the hook.
I didn't order or solicit any of this attention and very quickly - like before I could finish my morning cup of coffee - I was irate. I had become the latest victim of identity theft.
Only this wasn't a case of some anonymous cad lifting my PIN or social security number. I had a good idea of who the dirtbag was who was making my life hell.
Like many apartment dwellers, I had recently feuded with my upstairs neighbor over his failure to clean the lobby.
But instead of reacting as many would - giving me the silent treatment or, how about this, apologizing - this idiot neighbor decided to steal my ID and break the law. So I decided to get even.
Working with what I think is just a slightly better-than-average knowledge of how the Internet works, I started a year-plus fight to legally prove that my neighbor was the perp who stole my home address, e-mail address and telephone number. Some quick action alerted the companies to the crime before its was time to bill me for the phony orders.
After calls to a few of the marketers e-mailing me, I was able to identify and document the unique internet protocol (IP) address of the computer used to impersonate me. Plugging that information into one of the free online IP trackers led to a specific account.
However, the Internet provider, Comcast in this case, refused to voluntarily turn over the info. So I turned over whatever evidence I had to Det. Al Lopez of the Jersey City Police Department, where I live. After a little more than a month, Det. Lopez got back to me with a good-news-and-bad-news answer.
Though the neighbor's actions qualify as identity theft under New Jersey law, pressing charges was not so easy. Not used to handling such cases, the local prosecutor's office refused to pursue it. They suggested I go to civil court.
But I wasn't about to give up. After bugging them for weeks, the D.A. relented and agreed to take the case. With the evidence I had, the case was a slam-dunk.
My neighbor was charged with a felony and faced up to six months in prison and fines of up to $1,000. But he wasn't going easy. I loved the fact that he had to spend some money on a lawyer, but didn't like it that he forced more than a dozen re-scheduled court dates.
Finally, this past winter - 16 months after the charges were filed - prosecutors offered him a plea-bargain that reduced the charges to a misdemeanor in exchange for a guilty plea.
I can't tell you the satisfaction I got that day when Daniel Tang, 27, of Jersey City, my upstairs neighbor from hell, stood up in court and admitted his crime.
You can fight back against ID theft - and win!
By BRITT ERICA TUNICK
Feds: 'Bonnie' in Philadelphia Identity Theft Case Up to Old Tricks - Fox News -
PHILADELPHIA — A young beauty set to plead guilty to identity theft after a year of lavish globe-trotting hasn't changed her ways, U.S. prosecutors said Wednesday.
Jocelyn Kirsch, 22, stole and used an acquaintance's credit card in California, where she has been living while awaiting her federal plea, Assistant U.S. Attorney Lou Lappen told a judge.
A tense-seeming Kirsch, wearing a gray University of Pennsylvania sweat shirt, was taken into custody Wednesday and appeared in court in handcuffs for a bail hearing. A judge put her on house arrest, with electronic monitoring, pending her expected guilty plea next week.
"This is just a very sad case of a clearly troubled young woman," defense lawyer Ronald Greenblatt said afterward. "It clearly shows mental-health issues."
U.S. Attorney Patrick Meehan this month called Kirsch and her Ivy League boyfriend, co-defendant Edward Anderton, 25, the "poster children for identity theft."
The media dubbed the duo "Bonnie and Clyde," after the notorious 1930s bank robbers, following their arrest.
Travel photos show the alleged grifters smooching under the Eiffel Tower, riding horseback on a beach and flaunting matching red swimsuits by a swanky hotel pool. Prosecutors say they obtained $120,000 in goods and services after stealing financial information from friends, co-workers and neighbors.
Kirsch, a photogenic, auburn-haired, former Drexel University student, has not been charged in the California theft. But it could enhance the probable two- to five-year sentence she faces in the pending case.
"This kind of conduct calls into question her ability to get credit for acceptance of responsibility," Lappen said. "It will be part of the case one way or the other."
She plans to plead guilty to the five-count information, which includes aggravated identity theft, money laundering and fraud charges, Greenblatt has said. The charges carry a two-year mandatory minimum and a guideline range of about five years, Lappen said.
Kirsch's father is a plastic surgeon in North Carolina and her mother is a nurse in California; no family members attended the unscheduled hearing Wednesday. She has been living in Novato, Calif., with her mother and working at a Starbucks.
Anderton, an economics graduate of the University of Pennsylvania who worked in real-estate finance, is living with his family in Everett, Wash. His plea hearing is set for Monday.
This is apperently not the first time the two have been rounded up for similar crime... earlier in Dec 2007 the two were arrested for the similar fraud
http://www.foxnews.com/story/0,2933,315163,00.html
Jocelyn Kirsch, 22, stole and used an acquaintance's credit card in California, where she has been living while awaiting her federal plea, Assistant U.S. Attorney Lou Lappen told a judge.
A tense-seeming Kirsch, wearing a gray University of Pennsylvania sweat shirt, was taken into custody Wednesday and appeared in court in handcuffs for a bail hearing. A judge put her on house arrest, with electronic monitoring, pending her expected guilty plea next week.
"This is just a very sad case of a clearly troubled young woman," defense lawyer Ronald Greenblatt said afterward. "It clearly shows mental-health issues."
U.S. Attorney Patrick Meehan this month called Kirsch and her Ivy League boyfriend, co-defendant Edward Anderton, 25, the "poster children for identity theft."
The media dubbed the duo "Bonnie and Clyde," after the notorious 1930s bank robbers, following their arrest.
Travel photos show the alleged grifters smooching under the Eiffel Tower, riding horseback on a beach and flaunting matching red swimsuits by a swanky hotel pool. Prosecutors say they obtained $120,000 in goods and services after stealing financial information from friends, co-workers and neighbors.
Kirsch, a photogenic, auburn-haired, former Drexel University student, has not been charged in the California theft. But it could enhance the probable two- to five-year sentence she faces in the pending case.
"This kind of conduct calls into question her ability to get credit for acceptance of responsibility," Lappen said. "It will be part of the case one way or the other."
She plans to plead guilty to the five-count information, which includes aggravated identity theft, money laundering and fraud charges, Greenblatt has said. The charges carry a two-year mandatory minimum and a guideline range of about five years, Lappen said.
Kirsch's father is a plastic surgeon in North Carolina and her mother is a nurse in California; no family members attended the unscheduled hearing Wednesday. She has been living in Novato, Calif., with her mother and working at a Starbucks.
Anderton, an economics graduate of the University of Pennsylvania who worked in real-estate finance, is living with his family in Everett, Wash. His plea hearing is set for Monday.
This is apperently not the first time the two have been rounded up for similar crime... earlier in Dec 2007 the two were arrested for the similar fraud
http://www.foxnews.com/story/0,2933,315163,00.html
Thursday, May 29, 2008
The multiple faces of identity theft - TechrRepublic - 28 May 2008
During a routine check of her new 401(k) account, “Holli” discovered something that wasn’t quite right. The name of another person was attached to her account. A person she didn’t know.
It is something the experts call Social Security Number only identity theft. And it is more popular than you might think.
On Friday I mentioned that Todd Davis of LifeLock, the guy that you hear spouting his SSN in radio and print advertisements in an effort to prove that his system is so secure, had been hacked 87 times in obvious efforts to scam. What is unknown and unknowable, really, is the number of times his SSN has been used simply for employment, aggravating the immigration issue.
Holli discovered that the person piggy-backing on her SSN was a man named Paulino Rodriguez, a resident of Escondido, CA. He was using her SSN to work at a local Burger King.
From MSNBC:
Escondido is Ground Zero of the immigration debate. Just a few minutes north of the Mexican border, near San Diego, Escondido is home to thousands of Mexican immigrants who battle their way every day into the country and into gainful employment. Mexicans have been fighting in Escondido for a long time. Not far away, in 1846, U.S. forces were routed in the Battle of San Pasqual during the Mexican-American war, the worst American defeat of the conflict. Today, some say, Mexicans are again overwhelming American forces in a different kind of battle.For the past three years, Paulino Rodriguez used Holli’s Social Security number for the right to work at the Escondido Burger King. Recently, with his wife and four children, he took up residence in a middle-class subdivision on Espanas Glen Street in Escondido, a short block near Interstate 15.Rodriguez, according U.S. immigration officials, is a Mexican national with no right to work in the United States. But thanks in part to Holli’s Social Security number, he had found a decent life for his family in Escondido, which means “hidden” in Spanish. But that that life was safe only if no one found out he was sharing Holli’s identity.
Across America, perhaps millions of U.S. citizens are sharing their identities with undocumented workers who are virtually hiding behind Social Security numbers like Rodriguez. The data on the subject are incomplete, but each year nearly 10 million workers pay their taxes using the wrong Social Security number. While this can happen for a variety of reasons, most often it involves restaurant and farm workers, suggesting many of those 10 million workers are employees who are using someone else’s SSN to satisfy federal employment requirements.
Escondido is Ground Zero of the immigration debate. Just a few minutes north of the Mexican border, near San Diego, Escondido is home to thousands of Mexican immigrants who battle their way every day into the country and into gainful employment. Mexicans have been fighting in Escondido for a long time. Not far away, in 1846, U.S. forces were routed in the Battle of San Pasqual during the Mexican-American war, the worst American defeat of the conflict. Today, some say, Mexicans are again overwhelming American forces in a different kind of battle.For the past three years, Paulino Rodriguez used Holli’s Social Security number for the right to work at the Escondido Burger King. Recently, with his wife and four children, he took up residence in a middle-class subdivision on Espanas Glen Street in Escondido, a short block near Interstate 15.Rodriguez, according U.S. immigration officials, is a Mexican national with no right to work in the United States. But thanks in part to Holli’s Social Security number, he had found a decent life for his family in Escondido, which means “hidden” in Spanish. But that that life was safe only if no one found out he was sharing Holli’s identity.
Across America, perhaps millions of U.S. citizens are sharing their identities with undocumented workers who are virtually hiding behind Social Security numbers like Rodriguez. The data on the subject are incomplete, but each year nearly 10 million workers pay their taxes using the wrong Social Security number. While this can happen for a variety of reasons, most often it involves restaurant and farm workers, suggesting many of those 10 million workers are employees who are using someone else’s SSN to satisfy federal employment requirements.
The really sad note to this case is that Holli had to not only do all the leg work — easy because she had all of Paulino’s information available to her — but every so-called authority she contacted couldn’t help her.
Even when she told Rodriguez’s employer, Reddy Restaurants, Inc. that he was working on her stolen SSN, they declined to get involved. She called the Social Security Administration, the Federal Trade Commission, her 401(k) administrator, and even an attorney only to hear the same thing, “We can’t help you.” Her attorney explained that as long as her credit hadn’t been affected, it wasn’t a criminal issue.
Fortunately, Holli is persistent and convinced her local police department to take a report and forward it to Escondido police. Then she followed up with Escondido police until the report was passed to the investigations department and Detective Damon Vander Vorst. Vander Vorst arrested Rodriguez on May 13 on charges of identity theft and falsifying government documents.
Rodriguez is currently at Vista Detention Facility awaiting disposition of the criminal charges. Meanwhile the Immigrations and Customs Enforcement agency has taken an interest in him and placed a “hold” on him. That means that he is “subject to deportation” according to an ICE spokesperson.
Rodriguez is currently at Vista Detention Facility awaiting disposition of the criminal charges. Meanwhile the Immigrations and Customs Enforcement agency has taken an interest in him and placed a “hold” on him. That means that he is “subject to deportation” according to an ICE spokesperson.
From MSNBC:
Immigrant imposters usually just provide a Social Security card to their employer on their first day of work to fulfill what’s known as the “I-9″ requirement. Since new employment rules took effect in 1983, U.S. workers must supply documentation to prove they are eligible to work; nearly always, a Social Security number is used. While employers can call the Social Security Administration to perform limited verification of the information, that’s seldom done. So it’s possible — in fact common — that employees’ names and numbers don’t match. When that happens, no one gets credit for the taxes paid by the worker. The money simply ends up in the U.S. Treasury. Since 1983, more than $500 billion in uncredited Social Security wages have been earned by so-called “no match” employees like Rodriguez. That hidden financial benefit for the government is one reason, Holli suspects, that agencies don’t act more quickly on reports of SSN-only identity theft.San Diego-based immigration rights advocate Lilia Velasquez sees similar cases in her practice all the time. Imposters run the spectrum from hardened criminals who ultimately take out loans in the victim’s name to well-intentioned Mexicans who are simply doing what they need to do to get a job and feed their families._”It’s not that these people intentionally and maliciously stole someone’s name and identity. … They may feel that they are using the number out of sheer need,” she said.
But victims like Holli should do what they need to do to protect their identities, Velasquez said. “That’s a situation which needs to be investigated until the issue is resolved.”
Immigrant imposters usually just provide a Social Security card to their employer on their first day of work to fulfill what’s known as the “I-9″ requirement. Since new employment rules took effect in 1983, U.S. workers must supply documentation to prove they are eligible to work; nearly always, a Social Security number is used. While employers can call the Social Security Administration to perform limited verification of the information, that’s seldom done. So it’s possible — in fact common — that employees’ names and numbers don’t match. When that happens, no one gets credit for the taxes paid by the worker. The money simply ends up in the U.S. Treasury. Since 1983, more than $500 billion in uncredited Social Security wages have been earned by so-called “no match” employees like Rodriguez. That hidden financial benefit for the government is one reason, Holli suspects, that agencies don’t act more quickly on reports of SSN-only identity theft.San Diego-based immigration rights advocate Lilia Velasquez sees similar cases in her practice all the time. Imposters run the spectrum from hardened criminals who ultimately take out loans in the victim’s name to well-intentioned Mexicans who are simply doing what they need to do to get a job and feed their families._”It’s not that these people intentionally and maliciously stole someone’s name and identity. … They may feel that they are using the number out of sheer need,” she said.
But victims like Holli should do what they need to do to protect their identities, Velasquez said. “That’s a situation which needs to be investigated until the issue is resolved.”
While no one seems to be able to do anything in cases of SSN-only identity theft, there is a clear indication that perhaps some re-thinking of the laws may be in order. Three years ago a Chicago woman discovered that 37 people had used her SSN to obtain employment. But the use of the SSN doesn’t show up on credit reports so it won’t show up in credit monitoring. And since wages earned by the imposter aren’t credited to the victim, it won’t show up on an annual Social Security statement. The only way to discover the misuse is through chance.
Author: Tricia Liebert
Monday, May 26, 2008
Consumers leaving their guard down on card fraud and ID theft - independent.co.uk - 25 May 2008
Britons are not being careful enough with the security of their debit and credit cards, Which? has reported.
The consumer group asked 4,000 of its members a series of questions about how they protect their cards. Around half said that – contrary to advice from banks – they used just one PIN number for all their plastic.
A similar number aren't taking online security seriously enough. For example, they fail to check whether a website is secure – usually delineated by a lock symbol in the bottom right of a site's homepage – before buying items.
Another security failing that came to light is the habit among more than half of those surveyed of using their mother's maiden name as a bank security password. Such personal data is in the public domain and relatively easy for fraudsters to get their hands on.
Which? said consumers should do more to fight fraud and identity theft – crimes that are thought to cost the economy hundreds of millions a year.
"There's a lot more people can do to prevent fraud," said Martyn Hocking of Which?. "Shredding documents and checking your bank statements are a good start, but people need to be wise to basic risks such as using their mother's maiden name as a password, or shopping on websites that aren't secure."
The consumer group asked 4,000 of its members a series of questions about how they protect their cards. Around half said that – contrary to advice from banks – they used just one PIN number for all their plastic.
A similar number aren't taking online security seriously enough. For example, they fail to check whether a website is secure – usually delineated by a lock symbol in the bottom right of a site's homepage – before buying items.
Another security failing that came to light is the habit among more than half of those surveyed of using their mother's maiden name as a bank security password. Such personal data is in the public domain and relatively easy for fraudsters to get their hands on.
Which? said consumers should do more to fight fraud and identity theft – crimes that are thought to cost the economy hundreds of millions a year.
"There's a lot more people can do to prevent fraud," said Martyn Hocking of Which?. "Shredding documents and checking your bank statements are a good start, but people need to be wise to basic risks such as using their mother's maiden name as a password, or shopping on websites that aren't secure."
Feds Warn of Fake Tax E-Mail - PCWbusiness center - 24 May 2008
Security researchers and the U.S. government Friday warned of ongoing targeted phishing attacks posing as overdue tax notices from federal courts. The attacks take aim at top-level executives, including at one who works for security vendor McAfee Inc.
"The e-mails are designed to look like a petition from the Tax Court and are fairly believable," said McAfee researcher Kevin McGhee in a notice posted to the company's Web site. "There's also a legitimate telephone number for the organization [and] the executive's name is listed as the respondent in a case versus the Commissioner of Internal Revenue."
McGhee included a screenshot of the e-mail received by a McAfee executive; the image showed the "From:" address as "ustaxcourt.org."
The legitimate U.S. Tax Court site -- "ustaxcourt.gov" -- also warned of the scam on its home page.
"The United States Tax Court has received many telephone calls regarding an e-mail which purports to originate from the Court being sent by a member of the Tax Court's practitioner bar," the warning said. This message is an example of 'Spear Phishing,' which is an e-mail spoofing attempt that targets a specific organization.
"The Tax Court is not disseminating any e-mail notice to anyone who currently has a case before this Court. If you receive an e-mail with a subject line that includes the text, 'Notice of Deficiency #' or 'US Tax Petition,' ignore/delete the e-mail and do not click any link within the e-mail message," the agency said.
Targeted identity theft attacks, which have been dubbed "spear phishing" by some, "whale phishing" by others, are not new; nor are attacks that pose as legal messages from courts or the Internal Revenue Service . But such attacks have picked up as of late. Last month, for example, several waves of messages masquerading as notices of federal lawsuits reached recipients.
When users click on the link embedded in the phishing message, they're directed to a fake Tax Court Web site, said another security researcher, where they're asked to upgrade their copy of Microsoft Corp.'s Internet Explorer browser. "By string manipulation, in this case, adding a dash to the actual domain name of the actual site, unknowing users are easily made to believe that the bogus site is legitimate, making them most likely to click on the link," said Jovi Umawing, a researcher with Trend Micro Inc. in a separate warning posted on Friday.
McGhee noted that clicking on the purported IE update link actually downloads and installs malware, including a behind-the-scenes keylogger that records usernames and passwords typed on the PC's keyboard, then transmits that information to the identity thief.
Gregg Keizer, Computerworld
"The e-mails are designed to look like a petition from the Tax Court and are fairly believable," said McAfee researcher Kevin McGhee in a notice posted to the company's Web site. "There's also a legitimate telephone number for the organization [and] the executive's name is listed as the respondent in a case versus the Commissioner of Internal Revenue."
McGhee included a screenshot of the e-mail received by a McAfee executive; the image showed the "From:" address as "ustaxcourt.org."
The legitimate U.S. Tax Court site -- "ustaxcourt.gov" -- also warned of the scam on its home page.
"The United States Tax Court has received many telephone calls regarding an e-mail which purports to originate from the Court being sent by a member of the Tax Court's practitioner bar," the warning said. This message is an example of 'Spear Phishing,' which is an e-mail spoofing attempt that targets a specific organization.
"The Tax Court is not disseminating any e-mail notice to anyone who currently has a case before this Court. If you receive an e-mail with a subject line that includes the text, 'Notice of Deficiency #' or 'US Tax Petition,' ignore/delete the e-mail and do not click any link within the e-mail message," the agency said.
Targeted identity theft attacks, which have been dubbed "spear phishing" by some, "whale phishing" by others, are not new; nor are attacks that pose as legal messages from courts or the Internal Revenue Service . But such attacks have picked up as of late. Last month, for example, several waves of messages masquerading as notices of federal lawsuits reached recipients.
When users click on the link embedded in the phishing message, they're directed to a fake Tax Court Web site, said another security researcher, where they're asked to upgrade their copy of Microsoft Corp.'s Internet Explorer browser. "By string manipulation, in this case, adding a dash to the actual domain name of the actual site, unknowing users are easily made to believe that the bogus site is legitimate, making them most likely to click on the link," said Jovi Umawing, a researcher with Trend Micro Inc. in a separate warning posted on Friday.
McGhee noted that clicking on the purported IE update link actually downloads and installs malware, including a behind-the-scenes keylogger that records usernames and passwords typed on the PC's keyboard, then transmits that information to the identity thief.
Gregg Keizer, Computerworld
Friday, May 23, 2008
Fraud-prevention pitchman becomes ID theft victim - cnn.com/crime - 22 May 2008
Story Highlights
# Man reportedly obtained loan using Social Security number of LifeLock spokesman
# Todd Davis regularly gives out Social Security number in ads for ID security company
# Customers file lawsuit, claiming LiLifelockid not provide protection as advertised
SAN JOSE, California (AP) -- Todd Davis has dared criminals for two years to try stealing his identity: Ads for his fraud-prevention company, LifeLock, even offer his Social Security number next to his smiling mug.
Now, LifeLock customers in Maryland, New Jersey and West Virginia are suing Davis, claiming his service didn't work as promised and he knew it wouldn't, because the service had failed even him.
Attorney David Paris said he found records of other people applying for or receiving driver's licenses at least 20 times using Davis' Social Security number, though some of the applications may have been rejected because data in them didn't match what the Social Security Administration had on file.
Davis acknowledged in an interview with The Associated Press that his stunt has led to at least 87 instances in which people have tried to steal his identity, and one succeeded: a guy in Texas who duped an online payday loan operation last year into giving him $500 using Davis' Social Secutity number.
Paris said the fact Davis' records were compromised at all supports the claim that Tempe, Arizona-based LifeLock doesn't provide the comprehensive protection its advertisements say it does. "It's further evidence of the ineffectiveness of the services that LifeLock advertises," said Paris, who is lead attorney on the three new lawsuits, the latest of which was filed this month.
Davis learned about the fraud in Texas when the payday-loan outfit called to collect on the loan, he said. He didn't get an alert beforehand because the company didn't go through one of the three major credit bureaus before approving the transaction.
Davis said it's possible driver's licenses have been issued to other people in his name because of the widespread availability of his personal information -- and because of what he described as the flimsy mechanisms in place to report that kind of fraud.
Paris noted that LifeLock charges $10 a month to set fraud alerts with credit bureaus, even though consumers can do it themselves for free.
But Davis stands by his company and his advertising gimmick, which has appeared in newspapers and on billboards, radio and MTV. He even broadcasts it by bullhorn on walking tours through crowded downtowns. "There's nothing on my actual credit report about uncollected funds, no outstanding tickets or warrants or anything," he said. "There's nothing to indicate my identity has been successfully compromised other than the one instance. I know I'm taking a slightly higher risk. But I'll take my risk for the tremendous benefit we're bringing to society and to consumers."
The lawsuits, for which Paris is seeking class-action status, highlight the fundamental limits on how much security identity-theft companies can provide. Companies like LifeLock can help guard against only certain types of financial fraud by helping consumers set up alerts with credit bureaus, which inform them when someone tries to open a new line of credit or boost their credit limit to finance a buying binge, for example.
The services don't guard against many types of identity theft such as use of a stolen Social Security number on a job application or for medical services, or even the instance of an arrestee giving police a stolen Social Security number to shield his own identity.
LifeLock is also being sued in Arizona over its $1 million service guarantee, which the plaintiffs claim is misleading because it only covers a defect in LifeLock's service, and in California by the Experian credit bureau. Experian accuses LifeLock of deceiving consumers about the breadth of its protection and abusing the system for attaching fraud alerts to credit reports.
Security experts say complaints about the company reinforce the time-honored wisdom of keeping your Social Security number secret.
"There's been a lot of marketing, a lot of hype about LifeLock," said Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse, a nonprofit consumer advocacy organization. "The question is, 'How much protection does it really buy you?"'
"There is no company that can guarantee they can protect you (completely) against identity theft," Stephens said. "Absolutely nobody can do that.
# Man reportedly obtained loan using Social Security number of LifeLock spokesman
# Todd Davis regularly gives out Social Security number in ads for ID security company
# Customers file lawsuit, claiming LiLifelockid not provide protection as advertised
SAN JOSE, California (AP) -- Todd Davis has dared criminals for two years to try stealing his identity: Ads for his fraud-prevention company, LifeLock, even offer his Social Security number next to his smiling mug.
Now, LifeLock customers in Maryland, New Jersey and West Virginia are suing Davis, claiming his service didn't work as promised and he knew it wouldn't, because the service had failed even him.
Attorney David Paris said he found records of other people applying for or receiving driver's licenses at least 20 times using Davis' Social Security number, though some of the applications may have been rejected because data in them didn't match what the Social Security Administration had on file.
Davis acknowledged in an interview with The Associated Press that his stunt has led to at least 87 instances in which people have tried to steal his identity, and one succeeded: a guy in Texas who duped an online payday loan operation last year into giving him $500 using Davis' Social Secutity number.
Paris said the fact Davis' records were compromised at all supports the claim that Tempe, Arizona-based LifeLock doesn't provide the comprehensive protection its advertisements say it does. "It's further evidence of the ineffectiveness of the services that LifeLock advertises," said Paris, who is lead attorney on the three new lawsuits, the latest of which was filed this month.
Davis learned about the fraud in Texas when the payday-loan outfit called to collect on the loan, he said. He didn't get an alert beforehand because the company didn't go through one of the three major credit bureaus before approving the transaction.
Davis said it's possible driver's licenses have been issued to other people in his name because of the widespread availability of his personal information -- and because of what he described as the flimsy mechanisms in place to report that kind of fraud.
Paris noted that LifeLock charges $10 a month to set fraud alerts with credit bureaus, even though consumers can do it themselves for free.
But Davis stands by his company and his advertising gimmick, which has appeared in newspapers and on billboards, radio and MTV. He even broadcasts it by bullhorn on walking tours through crowded downtowns. "There's nothing on my actual credit report about uncollected funds, no outstanding tickets or warrants or anything," he said. "There's nothing to indicate my identity has been successfully compromised other than the one instance. I know I'm taking a slightly higher risk. But I'll take my risk for the tremendous benefit we're bringing to society and to consumers."
The lawsuits, for which Paris is seeking class-action status, highlight the fundamental limits on how much security identity-theft companies can provide. Companies like LifeLock can help guard against only certain types of financial fraud by helping consumers set up alerts with credit bureaus, which inform them when someone tries to open a new line of credit or boost their credit limit to finance a buying binge, for example.
The services don't guard against many types of identity theft such as use of a stolen Social Security number on a job application or for medical services, or even the instance of an arrestee giving police a stolen Social Security number to shield his own identity.
LifeLock is also being sued in Arizona over its $1 million service guarantee, which the plaintiffs claim is misleading because it only covers a defect in LifeLock's service, and in California by the Experian credit bureau. Experian accuses LifeLock of deceiving consumers about the breadth of its protection and abusing the system for attaching fraud alerts to credit reports.
Security experts say complaints about the company reinforce the time-honored wisdom of keeping your Social Security number secret.
"There's been a lot of marketing, a lot of hype about LifeLock," said Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse, a nonprofit consumer advocacy organization. "The question is, 'How much protection does it really buy you?"'
"There is no company that can guarantee they can protect you (completely) against identity theft," Stephens said. "Absolutely nobody can do that.
Wednesday, May 21, 2008
ID THEFT: BIGGER THREAT OFFLINE
WALNUT CREEK — When Gina Titus became a victim of identity theft after her wallet was stolen, she expected to have her credit cards used for some unauthorized purchases. What Titus didn't expect was to get hit with a maternity bill.
"They used the checking account and credit cards before I could cancel them," said Titus, a 28-year-old public relations account executive from San Francisco. "Then several months later I get a letter from a collection agency and found they had opened a checking account in my name. I had a Discover card I never opened. The extent of what they were able to do was astounding."
The biggest surprise came when Titus started getting maternity bills for the baby born to a woman who was using her identity.
"I'm blonde. She has brown, curly hair. She had checked into the hospital with my insurance card. It just seemed like things kept coming. I'm definitely more vigilant now," said Titus, who eventually was able to reclaim her financial life after spending hours on the phone with creditors.
The physical manner in which Titus had her identity stolen nine years ago — her wallet was stolen from a car that was broken into — did not involve the sophisticated techniques used by identity thieves who turn to cyberspace.
And while identity theft can involve the Internet and computers, more often than not it involves physical methods such as a stolen or lost wallet, a burglarized mailbox or someone you know ripping you off.
Many people worry that using a credit card for an online purchase can lead to identity theft. But it's a stolen or lost wallet that provides a far more likely scenario for that happening, according to a survey released earlier this year by Pleasanton, Calif.-based Javelin Strategy & Research, a consulting firm for the financial services and payments industries.
Among other things, the 2008 survey looked at how identity theft is accomplished. Of the one out of three identity theft victims who knows how their information was taken, more than three-fourths said it involved a physical method such as a stolen wallet, a phone or mail-order sale, stolen mail, or a theft by someone they knew, compared with 14 percent who reported that it involved online access.
"We are not saying (online access and data breaches) are not significant factors," said James Van Dyke, Javelin's president and founder. "But the point is that it has really been overblown. I think it is to the detriment of consumers to focus exclusively on these electronic methods of communication. Criminals don't have a (bias) toward technology. They will use any channel that works."
That's why consumers need to take steps to prevent identity theft, whether by not mailing paper checks in the offline world or by making sure your computer's anti-virus software is current in the online world, he said. It's also crucial that consumers monitor their financial account activity to determine if they have become a victim of identity theft.
The annual survey continues a five-year trend that shows identity theft dropping in the United States as more online security procedures are put in place and consumers take more preventive measures. Last year, there were an estimated 8.1 million identity theft cases, or 3.58 percent of adults, resulting in $45 billion in fraud, compared to 8.4 million cases, or 3.84 percent of adults, resulting in $51 billion in fraud the previous year. But it's not all good news for consumers. Fewer people who were victims of identity theft could say how their information was stolen: 35 percent in the 2008 survey compared to 42 percent in 2007.
Just what's responsible for the decline in knowing how the crime happened is not clear, said Van Dyke. "We could speculate but we just can't know for certain," he said. "Certainly we are getting increases in reports of data breaches but there are still a lot of data breaches that never get reported."
The low-tech means through which Titus became a victim of identity theft has a much lower profile than the high-tech online methods such as phishing, or a computer data breach. Phishing is when identity thieves trick consumers into revealing financial information by sending a fake e-mail reporting there is a problem with a financial account.
Unlike Titus, most identity theft victims don't know how their personal information was stolen.
"If you lose your purse one day and the next day someone uses your credit card, you pretty much figure out that (someone stole your identity by taking) your purse. If you've got your credit card in your wallet, and suddenly unauthorized charges appear on your credit card account, you have no idea how it happened," said Claudia Bourne Farrell, a spokeswoman for the Federal Trade Commission.
Last year, identity theft topped the commission's list of fraud-related complaints reported by consumers, according to an annual report released in February. Nationwide, the commission received 258,427 complaints about identity theft, or 32 percent of all fraud-related complaints.
On a statewide basis, California had the highest number of identity theft complaints — 43,892 — filed last year. It also had the country's second-highest rate of per-capita identity theft, with 120 complaints filed per 100,000 people.
Arizona, with 137 complaints per 100,000 people topped the statewide list.
Napa County had the country's highest level of identity theft complaints among the country's 50 largest metropolitan areas with 303 complaints filed per 100,000 people. The Vallejo-Fairfield metro area was sixth with 218 complaints per 100,000 while San Joaquin County was 21st with 163 complaints per 100,000.
"Why Napa? We're Wine Country. This is not supposed to happen," quipped Andy Lewis, commander of the Napa Police Department's investigations division.
It's hard to say why the region was ranked at the top nationwide for identity theft complaints made last year, he said. Lewis did point out that some of the other metropolitan areas with high identity theft rates have significant populations of undocumented workers. To obtain work, employees typically have to provide a Social Security number.
"This is what I'm hearing from other areas that have undocumented workers. It would be a little bit premature to say that about Napa," he said.
A separate commission survey conducted in 2005 found that only 43 percent of identity theft victims knew how their information was stolen. Of those who did, 16 percent believed their information was stolen by someone they knew.
Another 7 percent it happened during a store, online or mail-order transaction, while five percent reported the theft of a wallet or purse. Only 1 percent said phishing was the culprit.
Stricter online security measures have led to a drop in identity theft involving online transactions while an increasing number of identity thieves are turning to the telephone to obtain personal information, the report said.
Transaction-based identity thefts that stemmed from telephone or mail-based purchases, shot up from 3 percent in 2007 to 40 percent in 2008.
What exact methods were responsible for the hike are unknown, said Van Dyke.
"Somehow in the process of the transaction their information was compromised. It could be someone who got into the database of the provider, a crooked employee or someone could have overheard the transaction," he said.
Banking industry executives are also reporting that vishing — where identity thieves try to get consumers to reveal financial information over the phone — is on the rise, said Van Dyke.
Vishing happens when a consumer gets an e-mail or a phone call telling them to call a phone number to straighten out a problem with a financial account. Once the fake phone number is called, consumers are told to enter account information to resolve the problem.
"The upsurge in identity theft through the telephone reflects fraudsters' preference for unprotected channels," the Javelin survey said.
By EVE MITCHELL MediaNews
Monday, May 19, 2008
ID theft protection firm sued - wvgazette.com - 18 May 2008
LifeLock misinformed customers, lawsuit says
For a time, the ads were everywhere on TV and radio, the ones with the head of a security company brazenly challenging would-be thieves to try to steal his identity.
Richard Todd Davis, CEO of LifeLock Inc., was so confident in his company's ability to protect his identity that he publicly revealed his Social Security number: 457-55-5462.
But according to a new class-action lawsuit filed last week in Jackson County, LifeLock's identity theft protection services were so inept that Davis' personal information was stolen repeatedly.
"While LifeLock has only publicly acknowledged that Davis' identity was compromised on one occasion, there are more than 20 driver's licenses that have been fraudulently obtained [using his personal information]," the suit states.
"Furthermore, a simple background check performed using Davis' Social Security number reveals that his entire personal profile has been compromised to the extent that the birth date associated with his Social Security number is Nov. 2, 1940, which would [inaccurately] make Davis 67 years old."
The lawsuit maintains that LifeLock, which claims on its Web site to be "the industry leader in the rapidly growing field of Identity Theft Protection," made false and misleading claims in its multimillion-dollar ad campaign about the level of protection it provides.
"Through its advertisements, LifeLock misrepresents and assures consumers that it can protect against all types of fraud including, without limitation, computer hacking, password theft and other noncredit-related theft," the suit reads.
But LifeLock doesn't protect against many forms of identity theft, according to the lawsuit.
The Arizona-headquartered company does place and renew fraud alerts on its subscribers' credit profiles. But it does nothing to combat breaches involving personal bank, employment or medical information, as well as theft pertaining to government documents and benefits, the suit alleges.
"LifeLock knows, yet fails to disclose, that the services it provides do not offer the breadth of protection that it promotes through its massive advertising campaign," the suit states.
The West Virginia suit follows similar suits filed in New Jersey in March and Maryland in April. It asks the judge to certify it as a class-action suit.
The lawsuit was filed on behalf of Kevin Gerhold of Falling Waters, and maintains that there are numerous other state residents who were similarly misled into signing up.
Gerhold was attracted by LifeLock's $1 million guarantee against any damages resulting from breaches that occur under the company's watch.
But even that is misleading, according to Charleston attorney David Grubb, who is serving as the suit's local counsel.
For a time, the ads were everywhere on TV and radio, the ones with the head of a security company brazenly challenging would-be thieves to try to steal his identity.
Richard Todd Davis, CEO of LifeLock Inc., was so confident in his company's ability to protect his identity that he publicly revealed his Social Security number: 457-55-5462.
But according to a new class-action lawsuit filed last week in Jackson County, LifeLock's identity theft protection services were so inept that Davis' personal information was stolen repeatedly.
"While LifeLock has only publicly acknowledged that Davis' identity was compromised on one occasion, there are more than 20 driver's licenses that have been fraudulently obtained [using his personal information]," the suit states.
"Furthermore, a simple background check performed using Davis' Social Security number reveals that his entire personal profile has been compromised to the extent that the birth date associated with his Social Security number is Nov. 2, 1940, which would [inaccurately] make Davis 67 years old."
The lawsuit maintains that LifeLock, which claims on its Web site to be "the industry leader in the rapidly growing field of Identity Theft Protection," made false and misleading claims in its multimillion-dollar ad campaign about the level of protection it provides.
"Through its advertisements, LifeLock misrepresents and assures consumers that it can protect against all types of fraud including, without limitation, computer hacking, password theft and other noncredit-related theft," the suit reads.
But LifeLock doesn't protect against many forms of identity theft, according to the lawsuit.
The Arizona-headquartered company does place and renew fraud alerts on its subscribers' credit profiles. But it does nothing to combat breaches involving personal bank, employment or medical information, as well as theft pertaining to government documents and benefits, the suit alleges.
"LifeLock knows, yet fails to disclose, that the services it provides do not offer the breadth of protection that it promotes through its massive advertising campaign," the suit states.
The West Virginia suit follows similar suits filed in New Jersey in March and Maryland in April. It asks the judge to certify it as a class-action suit.
The lawsuit was filed on behalf of Kevin Gerhold of Falling Waters, and maintains that there are numerous other state residents who were similarly misled into signing up.
Gerhold was attracted by LifeLock's $1 million guarantee against any damages resulting from breaches that occur under the company's watch.
But even that is misleading, according to Charleston attorney David Grubb, who is serving as the suit's local counsel.
"In actuality, once you get beyond the numerous legal limitations and disclaimers, the policy really only guarantees that LifeLock will investigate how to fix its failure," Grubb said in a news release. "The subscriber receives no monetary recompense and no guarantee that their reputation and credit status will be restored."
According to the suit, the company has almost 1 million subscribers who pay roughly $110 a year for LifeLock's protection.
"This is a service that you pay for and it kind of lays dormant," said David Paris, an attorney with the New Jersey firm Marks & Klein who is heading the case against LifeLock. "So no one knows that they're not getting what they paid for, because they don't know what to look for."
Paris said that consumers can activate for free the same safeguards that LifeLock does, but the company fails to mention that in its marketing campaign.
The suit alleges that LifeLock's services can actually harm its clients because the constant placement of fraud alerts can prevent them from getting a home loan or refinancing their existing loans.
In addition, the company fails to reveal that it obtains its credit reports by requesting on its clients' behalf their free annual credit report. That means consumers can't ask for their own free report for at least 12 months, according to the suit.
The suit also traces what it calls the "nefarious origin" of the company, including the background of Robert J. Maynard Jr., who co-founded the company with Davis in 2005.
"Upon information and belief, Maynard developed the idea for LifeLock while sitting in a jail cell after having been arrested for failure to repay a $16,000 casino marker taken out at the Mirage Hotel in Las Vegas," the suit states.
Maynard was sanctioned by the Federal Trade Commission because of misleading infomercials for National Credit Foundation, a separate credit-improvement company, according to the suit.
The suit also maintains that Maynard stole his father's identity by using his information to get an American Express card, which he used to rack up more than $100,000 of debt.
Paris said he plans to file another suit in a fourth state soon, and he is still gathering information about LifeLock's practices.
"In Wisconsin, a woman's debit card was stolen, and that thief used that card to sign up for LifeLock," he said. "If you can't provide the basic information to verify someone for subscription purposes, how can you be relied upon to protect people's identities?"
"In actuality, once you get beyond the numerous legal limitations and disclaimers, the policy really only guarantees that LifeLock will investigate how to fix its failure," Grubb said in a news release. "The subscriber receives no monetary recompense and no guarantee that their reputation and credit status will be restored."
According to the suit, the company has almost 1 million subscribers who pay roughly $110 a year for LifeLock's protection.
"This is a service that you pay for and it kind of lays dormant," said David Paris, an attorney with the New Jersey firm Marks & Klein who is heading the case against LifeLock. "So no one knows that they're not getting what they paid for, because they don't know what to look for."
Paris said that consumers can activate for free the same safeguards that LifeLock does, but the company fails to mention that in its marketing campaign.
The suit alleges that LifeLock's services can actually harm its clients because the constant placement of fraud alerts can prevent them from getting a home loan or refinancing their existing loans.
In addition, the company fails to reveal that it obtains its credit reports by requesting on its clients' behalf their free annual credit report. That means consumers can't ask for their own free report for at least 12 months, according to the suit.
The suit also traces what it calls the "nefarious origin" of the company, including the background of Robert J. Maynard Jr., who co-founded the company with Davis in 2005.
"Upon information and belief, Maynard developed the idea for LifeLock while sitting in a jail cell after having been arrested for failure to repay a $16,000 casino marker taken out at the Mirage Hotel in Las Vegas," the suit states.
Maynard was sanctioned by the Federal Trade Commission because of misleading infomercials for National Credit Foundation, a separate credit-improvement company, according to the suit.
The suit also maintains that Maynard stole his father's identity by using his information to get an American Express card, which he used to rack up more than $100,000 of debt.
Paris said he plans to file another suit in a fourth state soon, and he is still gathering information about LifeLock's practices.
"In Wisconsin, a woman's debit card was stolen, and that thief used that card to sign up for LifeLock," he said. "If you can't provide the basic information to verify someone for subscription purposes, how can you be relied upon to protect people's identities?"
To contact staff writer Andrew Clevenger, use e-mail or call 348-1723.
Subscribe to:
Posts (Atom)