Thursday, April 12, 2012

One Million Social Security Numbers Stolen in Utah

   Utah -- and therefore all of us -- has a problem.  In early April, it was announced that the Health Services department had been hacked, probably by someone in Eastern Europe, and nearly one million Social Security numbers and corresponding data were stolen -- that's one in six Utah residents.
An article: http://tinyurl.com/7k7v8wh
   As bad as that sounds, the worse thing (to me) is that many of these are children -- Children's Health Insurance Plan (CHIP) recipientsA child's Social Security number can be used for many years before it is discovered.
   Why might this be bad for the rest of us?  The weakness in security that led to Utah's hack may be in other states' systems.  Certainly, the ease with which the thieves broke into Utah's computers will encourage them or other thieves to try to break into other systems.
   I'm just glad I've got LegalShield's Identity Theft Shield.  No plan protects 100%, but with the ID Theft Shield, I'm covered if it does happen.

Tuesday, March 6, 2012

Do you have a good password?

Password maintenance is a pain.  Anyone active on the network knows how difficult it is to keep track of passwords.  The temptation is to keep the same password for everything and keep it simple.  I've found that a service called Lastpass.com is a way to manage passwords with one login.  It helps, but isn't perfect.

Did you know that the most common password is "Password1"?  (Oops -- did I just guess your password?)  Read this very interesting article on the topic of password complexity.

The Lastpass.com site I mentioned above allows you to generate very complex passwords for your various sites, then it keeps track of those complex passwords for you.  Pretty handy, really, unless you need to manually enter those passwords.  An alternative I've used is to create a password that has something static and something that varies, but both are easy to remember yet hard to guess.  Let me explain.

Take a phrase that describes something about you, such as "I hate green beans".  Put the first letters of each word into a set of characters: "Ihgb".  This becomes your static part of your password.  Tack on the month and year, such as "Mar12" to create a very long and complex password "IhgbMar12" that is easy to remember but hard to guess.  Every first of the month, you change the month/year part and update your sites' passwords.  Periodically vary the static part (ex: "My dog has fleas" becomes "Mdhf").

OK, maybe changing your passwords every month seems overkill.  Make the variable part quarterly (ex: "Ihgb1Q12" for Jan-Mar 2012).

The key is to take the time to change your password regularly so it isn't so vulnerable to hacking.

Identity theft sweep brings attention to tax season security concerns

JSOnline, a Wisconsin "paper" included this article March 5, 2012.  I'm including the full article.
===============
Tax time has a reputation for being almost universally stressful. As the looming April deadline closes in, Americans are concerned with getting their taxes done correctly and on time. As financial information starts to fly between individuals, tax preparers and the IRS, concerns about personal security are rising.
In late January, the federal government conducted a nationwide sweep to crack down on identity theft and tax fraud before the 2012 tax season. The timing of the effort was meant to stem the rising tide of fraudulent tax activity, which involves using stolen identities to file for tax refunds. In 2011, the IRS found as many as 260,000 identity theft fraud attempts, up from 49,000 in 2010.
While the IRS is taking action to help taxpayers avoid identity theft problems - ranging from cutting down on the use of Social Security numbers on IRS-generated notices to providing YouTube videos about fraud prevention - it's important for individuals to take steps to protect themselves.
To help cut back on your chances of identity theft during tax season - and year round - keep these tips in mind:
* Take digital precautions. Our increasingly digital world doesn't stop when it comes to taxes. With online filing opportunities and commonly used budgeting software, a lot of financial and sensitive identity information is on your computer. Make sure that you're using secure programs, anti-virus protection, firewalls and strong passwords - and be sure to change your passwords frequently.
* Keep an eye on your credit. Your credit report serves as snapshot of your financial profile, and it's one of the first places fraudulent activity will show up. Consider subscribing to a credit monitoring service.
* Be email savvy. Anyone who's looked at an IRS form knows that they are not a casual organization. In keeping with that, they don't send out emails asking for information. If the IRS wants more information from you, it'll be a formal request, so if an email shows up in your inbox, claiming to be from the IRS, don't click on anything - but be sure to report it to phishing@irs.gov.
* Understand tax fraud indicators. In addition to monitoring your credit, you need to be aware of the signs that identity theft tax fraud has occurred. Keep an eye out for IRS notices or letters saying that more than one tax return was filed for you or that IRS records show you've received wages from an employer you don't know. If you receive a notice from the IRS, respond as soon as possible and file an IRS Identity Theft Affidavit.
Happiness or frustration during tax time can go beyond whether you get a refund or have to pay in. Keep yourself protected against identity theft and you can be assured that your tax season will be simpler and safer.


Tuesday, February 7, 2012

Lexington Police Arrest Man for ID Theft

Police arrested a man at a Lexington motel and charged him with 19 counts of identity theft Monday night.
According to a police report, detectives located Jabari N. Cowart, 22, at the La Quinta Inn on Stanton Way during an identity theft investigation. Police say Cowart had 19 separate names, Social Security numbers and dates of birth in his possession. The police report also indicates detectives located a second person on his way to meet Cowart who was in possession of 40 more names. Investigators say Cowart planned to use the information to file fraudulent tax returns.
Police charged Cowart with identity theft, trafficking stolen identities and possession of marijuana.
Link to article

Friday, January 20, 2012

Watching Your Credit

Did you know that you can get a free credit report every 12 months from each of the credit bureaus? (Equifax, Experian, and Trans Union.)  You can request the report by going to annualcreditreport.com.  Just be careful, because the bureaus will try to steer you into monthly monitoring or other costly services you may or may not want to have.
I'd recommend that you stagger these reports every four months so that in a year you have one from every bureau (ex: get Equifax in Jan, Experian in April or May, Trans Union in Aug or Sept).

Why is this important, you might ask?  Things happen to our credit in the course of a year that might not be accurate, or may indicated a potential identity theft in progress.  Even if you have monitoring enabled, a monitor may not be able to pick out what is legitimate and what is bogus.  And it is possible, even likely, that things reported to Experian may not show up on Trans Union's report, depending upon the reporting agency.

Take a look at the article by Ben Popken of The Consumerist on this subject. Great example of why it is good to be on top of your credit.

Wednesday, January 11, 2012

Teenager Sentenced for Card Skimming

Tracy Kitten of www.bankinfosecurity.com writes 1/11/12 about a teenager working at McDonald's used a card skimmer to commit identity theft.  Link to article HERE.
==========================

A 17-year-old was slapped with a 60-day jail sentence after he was busted for skimming credit and debit details while working the drive-thru window at a McDonald's restaurant in Olympia, Wash. This insider scam highlights a card fraud trend the industry needs to watch, experts say

Card-skimming expert and fraud consultant Jerry Silva says the case highlights just how easy it is for insiders to perpetrate card fraud, especially in a retail environment.

"It truly is remarkable," Silva says. "Even if we protect the ATMs and POS devices, insider fraud like this will take place due to the ease with which criminals can get their hands on the appropriate devices. This is an industry that clearly needs an elegant and innovative solution (not EMV) that can at least make it an order of magnitude harder for skimmers to succeed."

Silva argues that the problem "isn't big enough at top tier-banks to warrant any kind of financial disclosure, much less a preventive response. They just write it off as the cost of doing business."
Transactions Monitored

In the McDonald's incident, the teen's card-fraud scheme was foiled before exceeding $13,000 in losses after transaction monitoring traced the fraud. Detectives connected the dots and linked fraud to the Olympia McDonald's when contacted by the Washington State Employees Credit Union about fraudulent transactions hitting member accounts. The credit union found one commonality: All of the compromised cards had been used at the same McDonald's. McDonald's management later confirmed the juvenile suspect had worked the drive-thru every time one of the compromised cards had been used.

The teenager used the stolen card numbers, which he collected with a handheld skimming device, to buy gift cards at retail stores such as Walmart and Toys R Us, according to a news report. With the fraudulently purchased gift cards, he allegedly bought about $13,000 worth of merchandise that he later sold on Craigslist and eBay for profit.



Five Tips To Protect Your Smartphone from ID Theft

Here is a pretty good article by Brian O'Connell of thestreet.com, written 1/10/2012.  Article link HERE.
===========================
Identity fraud thieves are increasingly targeting smartphones as a gateway to grabbing consumers' private financial data.  If you don't act to safeguard your smartphone from I.D. thieves, you could be taking a big risk, but some preparation and a little bit of help from financial services companies are good places to start protecting yourself.

With smartphone use growing by 40% last year from 2010, the potential for increased identity theft activity will rise too.

To guard personal data on your smartphone:
  • Make sure your bank's firewall is strong. Don't sign up for mobile banking unless you have assurance from your financial institution that it can protect you against viruses and security breaches. Consider the Zeus virus, which recently haunted Android phone users: Hackers were able to use the virus to access Droid users' personal banking data without them even knowing it.
  • Lock your phone. Lock your smartphone when you're not using it. Ask your phone provider about password protection settings for your phone if you don't know how to set up the feature. Then choose a password that's not obvious.
  • Work with your bank. If you're doing some mobile banking, make sure you sign up for automatic alerts when money leaves your account, or at worst, for "unusual" withdrawals (say, $250 or more).

  • Disable text notifications from your bank or credit card. Many financial institutions communicate with customers via text messages, and while banks aren't likely to include your account number, other data such as your address may be visible to anyone who looks at your phone. Make sure to erase all texts from your bank or card carrier as soon as you've read them, or disable the function altogether.
  • Have an emergency plan if your phone is lost or stolen. If your smartphone disappears, don't take anything for granted. Chances are it has an "enable remote tracking" feature where your carrier can track its whereabouts. Find it and activate it now.
In general, experts say you should also be cautious about downloading free apps, which may come from disreputable sources. You're giving away private data to strangers every time you install one, and you have no way of knowing whether the app's publisher is legit or not. Always check the app's security features before pressing the button. If they don't offer any, don't download the app.

Protecting the personal data inside your smartphone should be priority one, but combine it with a close monitoring of your financial accounts. If you let things slide, your next call may be to your bank's claim processing service.