Latest "Identity Theft Prevention" Posts
How to Protect Your Lost Wallet or Purse against Identity Theft
In a panic that your lost wallet or stolen purse might lead to identity theft? Take a deep breath and then take the First 5 Steps to Stop ID theft. First, you need to understand that a lost wallet or purse is one of the most concentrated sources of identifying documents. For now, assume that your lost or stolen wallet or purse will be used to exploit your identity. Sometimes, even when your missing item shows up unexpectedly, the damage has already been done by a clever thief who is simply returning your valuables so that you don’t suspect further theft and shut down your accounts. Don’t take any changes. Instead, take these first five steps (adapted from my Identity Theft Recovery Guide):
1. Inventory Your Lost Wallet or Stolen Purse from Memory
Want us to walk you through the entire recovery process with quick videos, easy forms and expert advice as you go? Click on the Recovery Guide and get started before your wealth evaporates.
Until Microsoft issues a security fix, I recommend discontinuing your use of Internet Explorer, regardless of version.
A Security Advisory released by Microsoft on April 26, states that the company is “aware of limited, targeted attacks that attempt to exploit a vulnerability” in Internet Explorer versions 6 through 11.
According to the release, the vulnerability would allow an attacker to host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker’s website, or by opening an attachment sent through email.
Do you know that panicked feeling, sweaty-hot pins and needles…
when you realize that you’ve lost your wallet or mobile phone? Gone are your credit and debit cards, driver’s license and maybe even checks or a Social Security card. Your phone might house addresses and phone numbers for your loved ones, passwords and logins for your financial accounts, and even access to your email program (allowing someone else to email as you, let alone make calls as you). While the wallet might contain cash and the mobile phone is expensive, they are worth virtually nothing compared to the value of the sensitive (and sellable) data they contain.
You’ve probably heard that instead of signing the back of your credit card, you can protect yourself by putting the words “Photo ID required” or “See photo ID”. So we went out to test this method to see if it actually gets people to do that. I presented my card at various shops (sporting goods stores, frozen yogurt stands, fast food joints…) and filmed the transactions. In this small sampling, I found five who did not ask for my ID and six that did.
I wonder if you can guess what the difference is between the people who didn’t ask for my ID and the ones who did. The answer? I had written “Photo ID Req’d.” on the FRONT of my card (in several places, in fact) in the cases where it was requested and only on the back where it was not.
My guess is that you feel pretty comfortable banking online, at least from your computer, if not yet on your mobile device. I do too, despite all of the hackers out there trying to intercept our bank account numbers and passwords. Most of us are at ease because of the little lock symbol that appears before the URL when we visit our bank (or Gmail, Yahoo, and so forth). That lock symbol means that our communication is encrypted (digitally scrambled) by a standard called OpenSSL. Over time, SSL has proven to be relatively safe.
Just this week, however, it was discovered that OpenSSL was hacked using a vulnerability known as the Heartbleed Bug. Jeremy Bowers, as interviewed on NPR, put eloquently (emphasis mine):
Recently, I was asked to do a segment for The Rachael Ray Show that demonstrated very visually how many audience members face immediate identity theft risks. Watching them move across the stage as we exposed two or three common sources of identity theft was remarkable. Once we had experienced the numbers, we ventured into the house of one of Rachael’s audience members to see how to mitigate the risk. Watch the video to see if you would have joined the “at risk” group, or read the transcript below:
Rachael: We had the audience stand back here because we all carry several items on any given day, EVERY given day, that put us at risk. So John, you’re going to weed out our audience so we can all learn in how many areas we are seriously at risk if we have certain items on us, correct?
It’s no surprise that identity theft once again tops the “Dirty Dozen” tax scams put forth by the IRS for 2014. They warn that if an identity thief has access to your personal information, such as your name, Social Security number or other identifying information, he or she may use it to fraudulently file a tax return and claim a refund in your name. Think of the implications for the 110 million victims of the recent Target data breach as well as victims of the hundreds of other breaches at other retailers, universities, healthcare providers, government agencies and so on.
KrebsOnSecurity reports that the information from the Target breach alone has reportedly flooded underground black markets and cards are being sold from around $20 to more than $100 each. This data is being sold in hundreds of online “stores” advertised in cybercrime forums. A fraud analyst at a major bank was able to buy a portion of the bank’s accounts from such a store.
The latest scheme to target unsuspecting consumers aims right at the core of what matters to the average person on an average night: our entertainment! In a scheme unveiled by Jerome Segura in a blog post on the site Malwarebytes.org, scammers are going after the personal information and financial resources of Netflix users.
Here’s how it works:
You are on what looks like the real Netflix home page. You enter your information, but instead of taking you to Netflix, you are redirected to a page telling you your account has been suspended for “unusual activity”. You are given an 800 number for “Netflix Member Services” and a very authentic looking error code.
If you call this number, a real live human being answers sounding much like a real typical tech support person. They will be happy to help you (even if you give them bogus account information!) if you’ll just give them that error code. This then allows them to remotely access your computer.
Today I served as the keynote identity theft speaker for the Fort Worth Speakers Foundation, here in balmy Texas (well, compared to Montana, where I spoke last week). After the main presentation, I fielded a range of questions on all topics. One woman asked me this: “At what point is fraud committed as a by product of the Target breach no longer Target’s fault?” The question was highly intelligent and the answer is very revealing.
When word got out about the massive security breach that occurred at Target in December of 2013, and which could wind up being the largest in U.S. history, many speculated that shoppers would dramatically change their habits. After all, nearly 1 out of 3 Americans were affected.
But a recent poll conducted by the Associated Press shows that our intentions don’t necessarily match our actions. The AP-GfK Poll, which was conducted in January and involved interviews with 1,060 adults, shows that the majority of Americans polled say they fear becoming victims of theft after the breach.