Identity Theft Secrets           Videos             News               SuperSleuths                Articles               About          Solution           Contact          Links

Join the IDT SecretsSuperSleuths.    Your Name:      E-mail:

Just yesterday I posted about how buying a shredder really doesn't make college students any more or less likely to become a victim of Identity Theft, and today, I find myself reading an article which proves exactly what I was saying.

Personal data may have been inadvertently mixed up if different users logged on at roughly the same time and performed the same Web site function, such as updating a home address. The department determined that less than one-half of 1 percent of the 6.4 million total borrowers -- or roughly 21,000 -- had logged on to the Web site between Sunday and Tuesday.

The Web site program includes names, birthdates, Social Security numbers, addresses, phone numbers and in some cases account information for holders of federal direct student loans.

Shredder companies are releasing statistics that would lead you to believe that buying a shredder would somehow help current and former college students to avoid this situation.

Yah.

There are real solutions to this problem. The people who have been affected by this are being offered credit monitoring, but that's just the first step in the process of making sure that your information, when used by someone else, can be easily restored.

Posted by Jonathan at 10:46 AM | Permalink | Comments (1)

The Washington Post blog ran an article today about college students and some recent statistics from a shredder company. The stats talk about how college students are just as vulnerable as anyone else to Identity Theft, and that one of the best ways to reduce the risk for college students is to buy a shredder.

Caroline Mayer, the author, mentions that this is likely a marketing ploy for this company. You're right Ms. Mayer. The other stuff they mix in as statistics is just to make their product sound more appealing to the parent of a college student.

And their ploy worked.

Ms. Mayer mentions that she talked to her daughter about getting a shredder, even though the article seems to regard the marketing tactic with some less than favorable responses.

The daughter (the college student) responded by rolling her eyes at Mom. Why?

Because the daughter is either:
1. Utterly unaware of the problems of Identity Theft (which is unlikely with a Mom who writes stories on the topic)
2. Hyper-aware of the problem, and knows that shredding really doesn't matter.

There have been no studies shown to me on shredder safety which have convinced me that shredding really does anything to lower your risk of Identity theft. In fact, I have seen articles and a satire on Meth Addicts spending all night pasting and taping together shreddings. The author's daughter has likely seen the news about stolen laptops, hacked databases, and stolen mail.

Is it likely her information will be stolen if she doesn't shred? IMO, not any more or less likely than it will be stolen anyway.

Posted by Jonathan at 11:51 PM | Permalink | Comments (0)

Actual statistics about online Identity Theft
I found this today and thought I would share it here. It's a summary from ABA Creative Web Services about a study done on online shopping and Internet-related fraud.

It is a commonly held belief that Internet use increases the chance of Identity theft. Thanks to a study by James Van Dyke this has all proven to be hype. Mr. Van Dyke had a hunch that the belief the Internet was causing an increase in identity theft and credit card fraud was not valid. The research he conducted debunks many of the myths between online activity and ID theft.

Van Dyke, a research analyst for Javelin Strategy and Research, found that using the Internet for bill paying and banking can reduce risk by up to 18 percent and potentially save consumers up to 60 hours of personal time and $1,100 in the cost of paper checks and postage. His report states that using the Internet for purchases and bill paying can significantly reduce the chance of identity theft. Many criminals get their information from very low tech methods such as thumbing through the trash or opening your mail.

If you can use a secure online method to pay bills, the chances of someone intercepting your information is slim to none. When you start with online payments, check to see if the payee can stop sending you paper bills that have a far greater chance of being stolen.

Another consumer fear is the use of a personal credit card for online purchases. Today most vendors have very secure servers that are difficult to hack into. There should be little fear of purchasing an item that can't be found anywhere else but online. A few hints to remember are:

1. Don't shop on sites you feel are not reputable. Try to find out if the same item is found elsewhere.
2. Make sure the vendor is using a secure server. Check for the little lock at the bottom right of your browser.

You want to feel safe anywhere you go, even online. Don't let myths and hype keep you from Internet transactions. It's far safer than traditional methods and it's a lot of fun.

The results of the full study are told here, and I think it's a worthwhile read.

Posted by Jonathan at 09:12 PM | Permalink | Comments (0)

How hard must it be to turn your own daughter over to the police? Well I, for one, want to salute this mother. Pamela Blais turned in her own daughter for Identity Theft.

Her daughter, Ryanne Blais, took out not one, not two, but THREE credit cards in her mother's name, racking up a total bill of over $15,000 in credit card debt.

The daughter's response when she was caught, according to this article, was that she thought the whole situation would "just take care of itself".

Now the article does mention that 24 year old Ryanne Blais had recently lost her job, and that was part of the reason for the credit she amassed in her mother's name, but really - if you're that desparate for cash, there are better ways to get it, other than stealing your own mother's information to rack up $15,000 worth of bills. Start working with a network marketing company, sell lemonade on the corner, mow lawns, do something.

Now here's the challenge of this situation. There's no reason it should ever have gotten this bad. Immediately after the daughter made the wrong decision once, the Mother should have known after the first credit card was taken out in her name, and had a freeze placed on her credit immediately . She would have known about doing this, and how to do it, and she could actually have had someone to do it for her if necessary, if she had seen our page about the solution to Identity Theft.

So why did the mother turn her daughter in?

If she doesn't, then the mother, Pamela Blais, is responsible for the $15,000 worth of debt. Depending on when Pamela reported the Identity Theft, the law assumes that with no person to pin the debt on, that Pamela actually spent the money, and makes her responsible for it.

And the daughter can walk away from the situation, thinking that the whole thing "just took care of itself", and when she has money issues again, can feel free to get lines of credit in other people's names. In a way, the mother in this situation has potentially protected someone in the future from becoming a victim of Identity Theft.

This way, Ryanne (the daughter) will learn the hard way. But hopefully, her attitude about Identity Theft will change through the process of being caught and dealing with the legal headaches and debt repayment she's about to go through. It's the school of hard knocks, but it's really the best teacher.

It could not have been an easy decision to turn your own daughter in for Identity Theft, so to the Mother who did, Ms. Pamela Blais, we simply want to say thank-you.

Posted by Jonathan at 10:44 PM | Permalink | Comments (1)

Here is a direct quote from a little web site (Sponsored by the IRS?) called Community Dispatch.

You Can Help Shut Down Phishing Schemes

The good news is that you can help shut down these schemes and prevent others from being victimized. If you receive a suspicious e-mail that claims to come from the IRS, you can relay that e-mail to a new IRS mailbox, phishing@irs.gov. Follow instructions in the link below for sending the bogus e-mail to ensure that it retains critical elements found in the original e-mail. The IRS can use the information, URLs and links in the suspicious e-mails you send to trace the hosting Web site and alert authorities to help shut down the fraudulent sites. Unfortunately, due to the expected volume, the IRS will not be able to acknowledge receipt or respond to you.

While this is a nice thought in theory, and while it is a good idea to notify the FBI and the IRS of any suspicious email you receive, here's the problem.

Let's play out a hypothetical. Let's say I'm a crook. I live in the Ukraine. (I'm entity #1). I have an online contact in Iran (Entity #2). He and I decide that we want to set up a web site to phish people's information. We choose a hosting provider based in Iran (Entity #3), and route the connection through a DNS server (Entity #4) that physically sits with a company in Russia (Entity #5).

Following me so far?

Good.

Now, I gather up about 10 million email addresses. It's not hard. There are many companies that will sell you 10 million email addresses for $100 or less. We pick one of these companies (Entity #6).

We find someone who we feel we can trust (Entity #7) through an online forum (entity #8), and pay them $500. They are a broker for us. and as the go-between, their job is to find us a way to send out 10 million emails. They find someone (entity #9) charging $350 for this service, and over the next 48 hours, from multiple IP Addresses, using a complex set of hacked computers (entity #10) (BotNets - a series of hacked computers), over 10 million emails are sent out on our behalf.

Remember, our total cost at this point is about $600. Before the email has reached the victim, there are already 10 completely separate entities involved in this crime.

What do we send out? Well, we write an email that is HTML based (meaning it looks pretty - more than just text), and we build the email to look like it has come from XYZ bank (Entity #11). Your bank is XYZ Bank, and their web site is XYZBank.com, and we know you trust them, because you put your money with XYZBank. You must trust that they will keep track of your hard earned cash.

We tell you to come directly to our web site. XY.ZBank-security.com (Entity #12). Oh yeah, when we set up XY.ZBank-security.com, we used a person's information from a previous Identity Theft. So the web site is actually registered to John Doe (Entity #13), 123 Anywhere Street, Somewhere USA

You read the email. You're not fooled. You don't click, and you don't open our phishing web site.

But your daughter/son/grandma/dad (Entity #14)... doesn't know about phishing scams. They open the email. They log in to their account. It takes them to a "Security Verification Page" which grabs their social security number, their name, and their address.

Out of 10 million emails we send out, 10000 people actually come through to our phishing web site. 100 of them (Entities #15 - #114) actually put in their full information.

This happens within 72 hours from the time we send out the email. We decide that's pretty decent, and we take the site down.

We take it down before we're even discovered, because remember, anyone who is looking for us, is looking via the DNS Server in Russia. They think we're in Russia. And then poof, the site goes down.

Then we each take a copy of the 100 names. At this point, I part ways with the guy in Iran. He has his 100 names, and I have mine.

Now, as a criminal, I know 10 or so people who will buy this information from me for $20/name. So I set appointments with them (online, and anonymously of course), and at 9:00 AM, I sell 100 names to onlne_crook1 (Entity #115), at 10:00 AM, I sell 100 names Online_crook2 (Entity #116), at 11:00 AM, I sell 100 names Online_crook3 (Entity #117) and so on. (Through Entity #124) I collect my payment through an anonymous payment method (Entity #124-A), and walk away at the end of the day with $20,000 for my last 4 days work.

Online_crook1 (the first person I sold to) decides to resell the information to Joe_Criminal (Entity #125), on an online message board, anonymously, for $50/name. Joe_Criminal goes and gets a driver's license and a home loan from an online loan processor (Entity #126) in the name of your daughter/son/grandma/dad.

Six months later, your daughter/son/grandma/dad calls you in a panic. They're being sued by a large mortgage company (Entity #127) (the loan was sold) for the full amount of the mortgage that they owe on a house in a state where they have never even set foot.

Remember, over 100 people (EASILY over 100 people) have been involved in this transaction before your daughter/son/grandma/dad ever knew they had become a victim of Identity Theft.

That is the monumental task that faces fraud investigators, the secret service, the FBI, and local and state law enforcement.

That is also the monumental task that many victims of Identity Theft find themselves up against when they attempt to restore their good name.

Now, sending the phishing email to the FBI is a great idea. In fact, send all IRS-related phshing emails to phishing@irs.gov. It can't hurt, and it helps the FBI and IRS to track patterns in these types of crimes.

But also know that only 1 in 700 identity thieves is ever caught.

If this topic has interested you, please leave your comments below, and take a look here to see an actual solution to this problem for individuals.

Posted by Jonathan at 09:07 PM | Permalink | Comments (0)

Liz Pulliam Weston wrote an article responding to someone who wrote to her, asking what they should do in the following situation:

A woman's sister has stolen the information of their mother...

and committed an identity theft, getting loans or other credit in the mother's name, to the tune of $30,000.

The question of the person writing in is basically that Mom and Dad don't want to file a police report on their own daughter, but if they don't, they're stuck holidng the bag, because the $30,000 was taken out in the mother's name.

I'm generally a fan of Ms. Weston. She is very knowledgeable with regard to financial matters. However, her advice in this situation seems less than adequate to me.

What she advises the sister to do is have everyone in the family place credit freezes on their accounts, and to then point her parents in the direction of the Identity Theft Resource Center (a very helpful group). While credit freezes are, generally speaking, the best way to prevent criminals from using your personal credit to their advantage, and credit freezes probably are the right thing for everyone in the family to do in this case, Ms. Weston has only addressed one of the five major types of Identity Theft.

What if the daughter decides to use the mother's health insurance information to get treated, or tested for disease (which can later show up on the mother's Medical Records)?
What if the daughter decides to get a driver's license in her mother or sister's name and gets a DUI or other ticket?
What if the daughter applies for a job in the mother's name, and the mother is now responsible to pay the IRS the taxes on that job?

A credit freeze only addresses 20% of the problems that this family can face going forward, which is why I consider this advice to be less-than-adequate.

This is their daughter, the mother of their grandchildren, and certainly, they have spent more than $30,000 in the process of raising her. While the parents may be able to recover from this loss, $30,000 is a lot of money. If their daughter is allowed to simply get away from this issue by pawning her debt off on her parents, then she is free to rationalize that if it was okay to do it once, it's okay to do it again, and if it was okay to commit identity theft using her own mother's information, then why not the information of her kids, her neighbors, or even complete strangers? It's not that hard to get someone else's name, address, and social security number, which is all you need to get approved for credit in their name.

All unknown circumstances excluded, the SuperSleuth thinks that it is really in the best interest of everyone, including the public at large, for the parents to file a police report, and set up a system which monitors not only their credit, but also the rest of their public information that is available under the freedom of information act. They need a plan which will monitor their DMV Records, their MIB (Medical Information Bureau) Records, and (supposedly) non-public information like their Social Security Record.

What do the rest of the SuperSleuths think? Your comments below are most welcome.

Posted by Jonathan at 08:31 PM | Permalink | Comments (1)

Tell your friends and family - If you get an email from Identity Angel, DO NOT DELETE IT! It's a GOOD THING!

Here at IdentityTheftSecrets, it's my job to rat on, and root out scammers, thieves, and crooks. Many of them are very intelligent, and they use their intelligence to destroy other people's lives through the awful crime of Identity Theft.

So, it's a refreshing change when I get to talk about someone who is making a difference, and is using their powers for good.

Meet Dr. Latanya Sweeney, Ph.D. This brilliant woman, a professor at Carnegie Mellon University, has invented something called Identity Angel. This benevolent program will search through documents on the internet (I assume including PDF's, Word Docs, and other harder to reach file types), to find your information.

If it finds your information, it attempts to email you to let you know.

What's the advantage of this, you say?

I know none of the SuperSleuths would do this, but let's say that you, or someone you know, is going to apply for a job, and unthinkingly posts a name, address, AND social security number on a resume'. If these three pieces of information all exist in one place, then the Identity Angel will attempt to send an email to let you know that posting this information opens you up to Identity theft. (At the very least, you should remove your Social Security number from this document, because with these pieces of information, an Identity Thief can assume the role of YOU, for whatever type(s) of Identity Theft and crimes they would like to commit on behalf of you - meaning, AS YOU.)

I don't know what servers are being used to power this technology, but IdentityTheftSecrets would love to see Google or another company with large server capability take on this philanthropic and empowering software, and put it to work in a large scale environment.

Testifying before the Department of Homeland Security's Privacy and Integrity Advisory Committee in June 2005, Sweeney advocated the belief that tools like Identity Angel would enable people to secure their identities while not sacrificing their privacy rights. "Following the events of September 11, there is a common false belief that in order for America to be safe, the public must give up its privacy. This is not necessary, "Sweeney said.

Dr. Latanya Sweeney, Ph.D., a patriot and brilliant philanthropist, is a powerful person because she's using technology and her mindpower to further the development and protection of humankind. (What do you want to bet she doesn't spend a lot of time watching television?)

Tell your friends and family: If you get an email from Identity Angel, DON'T DELETE it! It's a GOOD THING!
Click here to listen to the interview on NPR

Read more here.

Posted by Jonathan at 10:37 PM | Permalink | Comments (0)

The RIAA (Recording Industry Association of America) has taken to recouping losses (due to the millions of people now downloading music online) by filing small to medium sized lawsuits against every day people. Have most of these people downloaded music online? Probably. The cases rarely go to trial and are usually settled out of court, because most people realize, at some point in the process, that it would generally cost more to fight the RIAA than it would cost just to pay them (Unless you have a legal plan)

But here's something interesting. As stated on OUT-LAW,

Tammie Marson of Palm Desert, California refused to pay the initial $3,500 demanded by a group of record labels and opted to fight the case in court. Marson and her lawyer Seyamack Kouretchian of Coast Law Group argued that the fact that Marson's computer contained illegal music files downloaded over her internet connection was not proof that she had committed a crime.

The court didn't have to rule in her favor, because the record labels backed away from this lawsuit, presumably as a result of hearing the defense and realizing that Ms. Marson and her attorney would be willing to go the distance to take the case through trial.

The Identity Theft SuperSleuth isn't going to make a statement about downloading music. However, this is interesting from an

identity theft point of view.

The reason that this article is even mentioned on IdentityTheftSecrets is because this sort of thing can establish case law. Case law is any law that is created from a ruling that happens inside of courtroom.

If a person actually gets a court to agree with them that there is no way that it can be proven that he/she was the actual person downloading music onto their home computer, even though there are music files and file sharing software on his/her computer, then it creates case law. The case law could be interpreted as "The individual is not necessarily responsible for what happens over his/her Internet connection."

As far as I'm aware, no law like this exists at present. But we're not far away.

This case law can then be used in future trials.

Now let's play out a scenario. Let's say that I am a less-than-honest person. I buy something online. I do it from my home computer. I receive the item, I use the item, and I throw it away. I then call my credit card company within 30 days and say that it was not my charge. I didn't actually charge this item to my card - it must have been fraud.

The Credit Card company begins their investigation, and finds out that the purchase originated from my IP address.

"But it wasn't me," I say. "And I never received the item. Someone must have stolen my identity and bought that thing from a laptop on my Internet connection. I have a wireless connection, and it's WEP enabled (Wireless security key), but the Identity Thieves must have found a way to hack in."

But it was purchased through the Internet connection originating from my location.

The Identity Theft SuperSleuth doesn't have problems with downloaders of music per se, but if there is case law defending Tammie Marson, or someone like her, saying that I'm not responsible for what happens on my Internet connection, well, that law can be used by people doing more unscrupulous things than downloading music.

And that's a problem.

And who does this all really hurt?

Two groups:

The actual victims of Identity Theft
and
Everyone Else

We all end up covering the losses due to fraud.

(As a side note to conclude this post - if you have been doing a bunch of music or software or video downloading, you really should be doing something to protect yourself against the lawsuits you could face.)

Posted by Jonathan at 12:29 AM | Permalink | Comments (0)

Someone posted these online, so I thought I would share with you here.

Please make sure to leave your comments below!

In my opinion, Citibank's product won't protect your identity (their protection won't charge you to protect your own cards through CIti, but it doesn't help with your credit identity, your social security identity, your medical identity, etc., unless you pay extra). However, their marketing department is really, really brilliant.

Don't take my word for it with regard to their "Identity Theft" service, check it out for yourself. If you think that the Citi Identity Theft plan is a complete solution for Identity Theft, then it is recommended that you really understand what you're getting.

But please, do enjoy the Identity Theft videos, courtesy Citi marketing.

Someone added the Citibank "Stirrup Pants" video to the comments below, so I've added it to the post on Identity Theft Commercials.

If you have the other Citibank Identity Theft Commercials available, let me know and I will post them here as well.

Stirrup Pants

Between YouTube and Google Video, I've managed to get the rest of the Citibank Identity Theft videos for display here. If I'm missing one, please let me know.

Also, please make sure to leave your comments using the form below!

The old Lady Cleaning her pool. Redneck purchases everything for free!

First I needed to power-up my old babemagnet ... There's enouch Larry for everyone

Honey, Bikini season is coming ... Liposuck my saddlebags

Hi .... child.

$1500 for a leather Bustier? It's not like I'm paying for it.

Citibank Identity Theft commercial with Darrel P. Bodybuilder auditions for American idol

A Statue of David...But with his Underpants On- Identity Theft Commercial

She left her card at the cafe', and Voila! I'm off to Las Vegas

Hacker Geek - My Girl Robot...This is going to be the best PROM ever.

And finally, Stephen Colbert's Tips for Protecting Your Online Identity

Posted by Jonathan at 12:48 AM | Permalink | Comments (6)

While IdentityTheftSecrets.com hasn't been able to ascertain the exact topics that these police officers were being trained on, offering any type of class to law enforcement on identity theft, even if it's just awareness training, is definitely a step in the right direction.

"A new identity theft investigation training course has helped to better prepare 476 Michigan law enforcement officers to investigate identity theft, credit fraud and counterfeiting complaints. The free training course was offered from July 10 through Aug. 3 by the Identity Theft Teams of the Michigan State Police (MSP), in conjunction with the Michigan Association of Chiefs of Police (MACP) and the Michigan Sheriff's Association (MSA)."

Read Posted by Jonathan at 07:30 PM | Permalink | Comments (2)

If you, or anyone you know, has been to Dollar Tree in the last... well... ever, NOW would be an excellent time to have them check on their debit card statement.

"Using stolen personal identification and account numbers, thieves have withdrawn hundreds of thousands of dollars from the bank accounts of consumers who used debit cards at Dollar Tree stores in California and southern Oregon, police departments in the two states said."

Over $700,000 has already been reported missing, and today is only August 4th.

The sophisticated scammers apparently broke in to this account information via a credit card processor. "It appears that the losses suffered by debit card users who made purchases at Dollar Tree stores involved a breach at a card-processing company rather than a problem at the retailer's stores."

Here's what you need to know:

If you suspect you have EVER shopped at a Dollar Tree in California or Oregon, check your debit card statement right away.

Your dollar loss is covered under what is known as the Electronic Funds Transfer Act. According to this law, if you report your loss within two days of the date the transaction occured, your liability is $0. If you report your loss within 60 days, your loss is limited to $500.

If you do not report your loss within 60 days, you can be held responsible for ALL money that is drained from your account.

If you suspect you have EVER shopped at a Dollar Tree in California or Oregon, check your debit card statement right away. If anything funny shows up on your statement, call and then write your bank to have the item removed or taken care of. When you write, you may want to send the letter as a certified piece of mail, and get a return receipt, so that you have proof of when you sent the letter and when it was received.

Just another reminder - how secure is your information? Only as secure as the people who hold your information keep it.

Read more on this latest data breach here.

Posted by Jonathan at 12:39 PM | Permalink | Comments (1)

What people don't understand about identity theft is that once your information is stolen, it's gone forever. You can never be sure that your information, taken through a phishing site, data breaches, or other types of scams, will ever be secure again. Why?

There is a reseller network. This is a network of people who are buying and selling information, and through a series of resellers, your information gets sold to the highest bidder. This thief is usually not the person who actually got a hold of your information in the first place, but they are the person who will cause the most damage to your name.

The challenge? The reseller network hangs on to your name FOREVER, where it can be sold, re-sold, and sold again, each time, netting the invisible network head a small amount of money, for which they will likely never be prosecuted.

How can you secure your information? The sad truth is that you can't. If you think your information is safe, you're simply naive.

Take a moment today to check out a video presentation which will help you understand The Path of Identity Theft

Posted by Jonathan at 02:52 PM | Permalink | Comments (0)