Monday, August 27, 2007

PTA President Masquerades as Identity Thief

A former PTA president allegedly stole a $4,650 check
from a neighbor's daughter, shopped online using other
people's credit card numbers and kept the personal
information of 50 people including their Social
Security numbers (SSN).


According to the Whittier Daily News,

The former La Pluma Elementary PTA
president had earlier pleaded not guilty to
grand theft, possession of methamphetamine,
multiple counts of identification theft, theft of
access card information, grand theft of lost
property, burglary and forgery.

...according to Sheriff's Detective Ted Caraisco.
He said she also had the savings account number
of a 6-year-old girl.

So, our tip for today is for those who still believe
they are not very likely to become a victim of
identity theft. Think again, if a PTA president
can stand accused of being an identity theft
criminal, then anyone is also liable to become
one too given the right circumstances.

We've already reported on this blog cases involving
policemen, priests, children, parents, teachers, etc.
who all have become identity thieves.

Why take the chance and gamble with your financial
future?


Get your credit report to inspect it for any unauthorized
credit lines and/or new accounts. Also, check out your
background records, for any arrests or warrants filed on
your name but not committed by you so that you avoid
unnecessary jail time or job loss.

Thursday, August 23, 2007

Judge Rules Against Identity Theft Victims

Tens of thousands of Old National Bancorp customers
whose personal and financial information was
hijacked by a computer hacker cannot recover
damages from the Indiana banking institution
who lost the data in 2005, a federal appeals
court ruled Thursday.


As reported in an original story by Wired:

"a proposed class action against Old National
Bancorp, the 7th U.S. Circuit Court of Appeals
said damages were unavailable to victims of
data theft if those victims did not suffer
economically."

Illustrating just how frustrating it can
be for an identity theft victim to get
relief
after the crime has been committed
against them, the story continues with an
example of why federal court ruled issued
a ruling against the consumers and not the
bank:

"Without more than allegations of increased
risk of future identity theft, the plaintiffs
have not suffered a harm that the law is
prepared to remedy."

Pointing out the need for banks to institute
their own monitoring solutions instead of
consumer's having to carry that burden,
the story continues with:


The bank's customers also demanded a
"monitoring procedure to insure prompt
notice to plaintiffs of any attempt to
use their confidential personal
information stolen from the
defendants."

So, our tip for today is to take full control
over your financial safety. One effective
measure to help prevent against identity
theft is to enroll in automatic credit monitoring.

Also, make sure to take advantage of the often
times free account monitoring services your
bank may provide.

Finally, get your credit profile and background
checked out 2 - 3 times per year to make sure
an identity theft criminal has not already made
you a victim.

Tuesday, August 21, 2007

Monster Identity Theft Impacts 1.6 Million

Monster.com, a leading U.S. based resume search service, was the
recent victim of a computer hack which impacts as many as
1,600,000 people according to the security firm Symantec.

According to the story reported by the Out-Law blog, hackers
used a Trojan Horse to access Monster.com by impersonating
an employer:

"The Trojan appears to be using the (probably stolen)
credentials of a number of recruiters to login to the
website and perform searches for resumes of candidates
located in certain countries or working in certain
fields," said Symantec...


The story further sheds light into what sensitive personal
information was compromised to what will likely be future
identity theft potential:

"The personal details of those candidates, such as
name, surname, email address, country, home address,
work/mobile/home phone numbers and resume ID, are
then uploaded to a remote server under the control of
the attackers," it said. "This remote server held over
1.6 million entries with personal information belonging
to several hundred thousands candidates, mainly based
in the US, who had posted their resumes to the
Monster.com web site."


Following the typical pattern of companies which have
allowed consumer data to be exposed to identity theft,
the usual process of issuing press releases claiming
no harm has been done has begun:

"We are not aware of any cases of identity theft. In fact,
the information that is gathered from Monster is no
different than that displayed in a phone book," said
Patrick Manzo, vice president of fraud prevention
and compliance at Monster.

Perhap, but are you willing to bet some enterprising
identity theft hackers would not have gone through all
of the effort to steal sensitive consumer data if it were
already widely available from any phone book?

So, our tip for today is for any consumers who have
or currently utilize the services of Monster.com.

Contact the firm immediately to verify your personal
information has not been compromised. Plus, even
if Monster.com does not admit to your data having
been illegally accessed by the identity thieves, it is
highly prudent for you to immediately institute credit
monitoring as well to conduct a background search
of
your good name.

The cost of inaction, in this case, can ultimately end
up costing you far more.

Final end note, make sure to tell your friends of this
large scale computer hack which has the potential for
the largest identity theft case this summer.

Saturday, August 18, 2007

Disney Orlando Identity Theft Busted

Here's at least one instance where an identity thief
has been caught red handed. It seems an Orlando
area waitress who specialized in stealing the credit
card information of unsuspecting tourists was arrested
recently with over 100 tickets to local area theme parks.


According to the local news station which broke this story,
the 22 year old woman stands accused of stealing the
credit card information to commit fraud via the Internet
and mail services using the stolen identities of her victims.

That is until local authorities arrested her.

So, our tip for today is for any family members or associates
you know of who are vacationing in busy tourist areas.

You would be wise to either pay cash or use traveler's
checks
instead of using your credit cards.

Finally, since you can not always police your card while
traveling, it is wise to get automatic credit monitoring
setup to provide you fraud alerts via cell phone when
suspicious transactions occur.

Tuesday, August 14, 2007

Tests Show Facebook Users Readily Provide Their Info For Identity Theft

A recent test by the security firm Sophos on Facebook
revealed 41% of users readily hand out their personally
identifying information to complete strangers.


The story, provided by Information Week, continues:

Of the 200 people contacted, 87 responded
and agreed to be friends -- despite the
fact that Freddi wasn't even a real, live
person. O'Brien noted that 82% of them
gave "Freddi" an open view of their profiles,
listing enough personal information that an
identity thief could easily take advantage of
them.

He added that 72% divulged at least one
of their e-mail addresses, 84% gave up
their
date of birth, and 87% offered
details about
where they went to school
and where they work
.

Sophos also reported that 78% gave their
current address.

The information they're offering up could be
just as valuable as credit card information
for someone trying to build a profile of you.

So, our tip for today is targeted for any Facebook users
and/or their parents. Besides the somewhat obvious
reason to shield your personal information from stalkers
and pedophiles, identity thieves can just as effectively
victimize you online with the type of information those
unsuspecting Facebook users provided.

Be smart - don't reveal your personally
identifying
information. If you feel it
necessary to engage in data exchange on the
popular social networkingsites like Facebook,
then create a fictious persona including
personal information that would not be
harmful to you should it fall outside your
direct control.

Also, make sure to warn your friends and associates
of this important security tip and the recent test
involving Facebook.

Saturday, August 11, 2007

Apple Customers Risk Identity Theft

Apple Computer has been hit with a class action lawsuit
for violating provisions of the Fair Credit Reporting Act
(aka, F.C.R.A.) in revealing too much confidential
personal information on store receipts according to
a story from Information Week.


Sidenote, the Fair Credit Reporting Act is an old federal
law which is designed to protect consumers from abuses
by retailers and credit grantors.

As the story was reported, Apple's online store has
mistakenly been providing information protected by
a 2003 amendment to the F.C.R.A.:

...printing credit card expiration dates on Apple
Store online receipts.

This violates a 2003 amendment to
the FCRA which states: "No person
that accepts credit cards or debit cards
for the transaction of business shall print
more than the last five digits of the card
number or the expiration date upon any
receipt provided to the card holder at the
point of sale or transaction."

In addition, the copies of Apple electronic
receipts included as exhibits in the complaint
show -- or would show were the information
not redacted -- the purchaser's full name,
full
home address, full phone number
and full
e-mail address.

With this type of detailed, personal information
identity theft rings can easily and quickly scam
innocent victims by opening up phony credit
card accounts to make fraudulent
purchases.


So, our tip for today is for anyone who uses
Apple's online store. It would be wise to wait
a few weeks until Apple corrects this
error
before conducting purchase transactions
with their online store.

And for offline merchants who still print out credit
card purchases receipts including your full
account number (F.C.R.A. violation?), we refuse
to do business with them as the retail clerk can
easily print a duplicate receipt to go with
your
already provided signature.

Check back frequently for updates to this article.

Finally, make sure to also tell your friends about
this important identity theft prevention tip.

Friday, August 03, 2007

Credit Cards Rated for Fraud Still Needs Improvement

A new research study of the top 25 largest credit card
issuers suggests many of those firms need to upgrade
their identity fraud prevention and detection tools to
better serve consumers according to a story published
by ComputerWorld.

The story continues with the excerpts from a recently
released study conducted by Javelin Strategy & Research
which found some of these deficiencies:

56% of the 25 card issuers surveyed continue to require
full Social Security numbers to help identify their
customers, whether by phone, online or by mail.

"This is a risky practice that unnecessarily increases
the customer's exposure to identity fraud," the report
states.

Consumers are not allowed to set transaction limits or
block certain types of transactions using their credit
cards, such as restricting card use to purchases only
made with U.S. vendors, according to the study.

In fact, only 24% of the surveyed card issuers allow
consumers to set so-called user-defined limits and/or
prohibitions (UDLAPs) on their accounts to help prevent
unauthorized use, the study concluded.

While more card issuers now offer consumers e-mail or
telephone "transaction alerts" to advise them of account
activity, the number of participating card companies is
still small -- about 8%.

So, our tip for today is to check what is really in your
wallet. Make sure to contact your credit card company
and inquire into what fraud prevention services they
offer - most usually for free.

We recently learned of major card provider which
uses account numbers as the default mode for
customers to access their online web site.

The consumer has to call the card issuer's customer service
department and request an alternate user id be setup for
web site access.

In any event of "what's in your wallet", take proactive
action to minimize your risk of becoming an easy target
for identity theft.

Thursday, August 02, 2007

Lifetime Fitness Club Chain Exposes Customers to Identity Theft

The Texas state Attorney General has taken legal action
against the Dallas area Lifetime Fitness chain locations
for improperly discarding customer records in easily
accessible trash cans behind the businesses in violation
of two state laws which requires proper destruction of
clients' sensitive personal information.


As reported by the Austin Business Journal:

According to investigators, the information that was
discarded contained names, addressed, social security
numbers and credit card information, as well as the
date of birth of several children.

"Texans expect their personal information to
remain confidential."

We agree with the Texas Attorney General as this
is not the first time a company has carelessly dumped
personal information for anyone to harvest.

So, our tip for today is for anyone living in the Dallas, Tx
area who may have provided their sensitive personal
or bank transfer information to Lifetime Fitness.

Contact the firm immediately to confirm your personal
information was not part of those customers who's
data was trashed and as a result exposed to potential
identity theft.