All about how it happens and how you can keep it from happening to you.
April 2009 - Posts
An Indianapolis woman discovered her fiancée was a fraud when none of her sweetheart’s invited guests made it to the rehearsal dinner. No family, no friends … nada.
The two met on Match.com in November 2004, and by early the next year she was pregnant with his baby. A quickie wedding seemed in order, so they hotfooted it down to Florida for a spring wedding.
Mr. Smith apparently wasn’t able to come up with a suitable lie to explain the empty tables at the rehearsal dinner, so he confessed that his real name was Peter R. Ferguson. His erstwhile fiancée responded by rightfully kicking him to the curb.
And then she took him back.
(Editorial interjection: “Mr. Smith” is certainly a lowlife sleazebag, but the woman who nearly became “Mrs. Smith” apparently spent her childhood licking lead-based paint from windowsills.)
Ferguson told her he was a trader at the Chicago Board of Trade, and—get this—SHE BELIEVED HIM! That is, she believed him until he stole her MBNA MasterCard and used it to pocket $14,000. Well, that was finally the last straw.
Brokenhearted by the break up, Ferguson sought succor in the arms—and wallet—of a woman he met at a grocery store.
Karma and the cops caught up with Ferguson this month. When they arrested him he was driving a stolen Acura. (No mention of cans tied to the bumper.) He’s been charged with federal credit card fraud.
A recent arrest at Binghamton University reads like a case study in identity theft in all its guises: Stealing and using other people’s identities? Got it. Medical identity theft? Got it. Criminal identity theft? Got it. Credit card fraud? Got it. Government benefits fraud? Yep, got that too.
Police are having a hard time determining the man’s true identity because he’s gone by so many different names, and given different names during is several arrests in several states. So far authorities have discovered 26 stolen identities and aliases. Among his known monikers are: William F. Toy (the name authorities are using for the time being), Will Wendell, Josh Buntyn, Josh Brandon, and Toy Wendell.
Toy’s Binghamton arrest stems from a March 9 domestic violence incident, in which witnesses say he punched a Binghamton University student about 100 times before police intervened.
This is far from his first brush with the law. Known arrests under these and other names have occurred in Alabama, California, Minnesota, N. Dakota and New York. There’s also an arrest warrant for identity theft in Washington.
Police have discovered Toy used another identity to receive welfare benefits in California. He received medical care at a Michigan hospital that a North Dakota man is being billed for. He used yet another name for medical benefits in Utah. He applied for a Social Security card under another name in Broome County, New York.
As part of his modus operandi Toy claims to represent religious organizations and charities. He’s known to have posed as a Mormon missionary, and possessed contact information for several Broom County religious charities.
Whatever his real name, the scoundrel is being held on misdemeanor assault charges with $50,000 bail.
Want a glimpse into the world of identity theft? Check out these tweets posted within the last 24 hours on Twitter:
- Should make terrorism easier, imho (in my humble opinion) - the biometrics are woeful, and identity theft becomes easier with ID exposure
- steaming mad... collectors saying i owe 3800 to zales? what? no baubles on my fingr! never had a cc from them. id theft here we go again.
- Identity Theft Set To Double Within 5 Years: The number of people in the UK whose credit rating is damaged by id..
- u or someone u know may have been an ID theft victim. Thieves may rent an apartment, get a credit card, or open a phone in your name.
- the back of my debit card says "see id" and no one ever asks to. (micro-expletive deleted) I could commit identity theft. yup, easily. lol.
- Finding out more each day just how bad ID theft really is. The total now has grown to over $6,000.00 in forged checks alone. I HATE THIEFS
- Tweeps: Friend is does not trust his parents. Looking for a way to lock down his credit to prevent ID theft from close relatives. Ideas?!
- New blog post: ID Theft Victims Often Know Their Villains
- Oklahoma Human Service employee's stolen laptop put 500,000 Sooners at risk of ID theft.
- Former Federal Reserve Bank IT worker charged with ID theft
- Recovering from my second time being a victim of ID theft . . skimming on my ATM card. What a waste of time.
- Just found out I'm a victim of ID theft. Someone used my social to see a shrink -- for three years!!
- do you have a number for customer care? my yahoo accounts have been hacked by id theft.
Years ago, when I was a young, romantic girl, I enjoyed a tender love story. These days, my taste runs more toward the Darwin Awards, honors given posthumously to those whose asinine antics have killed them, thereby eliminating the risk of their ever again peeing in the gene pool.
Nothing is more satisfying to my cynical soul than a story of someone else’s stupidity, especially if that someone else is a criminal caught in the act. And, today, I can thank Curtis and Kenneth Wiltshire for bringing a smirk to my face.
Curtis Wiltshire used to be an information and technical analyst with the Federal Reserve Bank in Manhattan, a job that gave him easy access to information about his coworkers. Curtis had their names, addresses, birth dates, Social Security numbers—even their photographs.
When Curtis came up with the bright idea of using that information to obtain student loans worth $73,000 in other people’s names, he must have thought he was a very clever boy, indeed.
Curtis was wrong. In fact, Curtis is such a moron, he got busted when a bank investigator found the applications on a thumb drive still attached to Curtis’s computer at the bank. The investigation also yielded a fake driver’s license bearing a photo of one of Curtis’s bank coworkers.
OK, so Curtis wasn’t such a clever boy, but he was kind and generous to his brother, Kenneth. It seems Curtis was sharing some of that coworker information so Kenneth could buy a boat in someone else’s name with someone else’s credit.
Kenneth was busted when a postal inspector investigating loans obtained with false identification documents was led to the mailbox Kenneth obtained with a phone driver’s license bearing the photo of one of his brother’s bank coworkers.
We were exposed to the Boob Bandit, the Breast Burglar and the Rhinoplasty Robber in March. With this month’s arrest of Patrice Thomas—the Tummy Tuck Thief--the strange club of women who steal identities to pay for plastic surgery has expanded.
Thomas, 33, is accused of stealing a stranger’s identity to acquire a credit card. She then allegedly used the card for partial payment on a $5,000 procedure to flatten her paunch; a second fraudulent credit card paid the $4,000 balance. She was arrested earlier this month and charged with credit card fraud, Social Security fraud and aggravated identity theft.
Federal agents discovered four credit cards in different names when they searched Thomas’ home in January as part of an unrelated criminal investigation, prosecutors said.
Thomas received the credit cards last August, and bolstered her credibility by obtaining a photo ID card at a passport shop, according to charges filed in Fort Lauderdale federal court.
Sheila Rodgers Cudgel, of the Houston area, was charged last month with committing identity theft to pay for a $10,500 nose job.
Yvonne Pampellonne was charged in March with committing identity theft to obtain liposuction and breast implants at a Huntington Beach, Cal. plastic surgery clinic.
Also in March, Julianne Johnson, of Bradenton, Fla. was arrested for stealing credit card information to pay for breast augmentation.
It’s a sad state of affairs when women so desperately want bigger breasts, smaller noses, narrower hips and tighter tummies that they’re willing to risk federal prison sentences to acquire superficial improvements. It must be especially frustrating for the women whose identities were stolen to pay for the procedures—they’ve probably spent years yearning for some of the same procedures themselves.
Looking for new ways to supplement your post-retirement income and boost your standard of living? Walter Healey, a retired New York state Office of Taxation and Finance, apparently had a good thing going—until he was arrested this week, that is.
It seems Healey helped himself to information from tax forms of thousands of New Yorkers and used it to take out nearly 100 credit cards and credit lines at a couple dozen different banks. Total value: more than $200,000.
So far, the NY Attorney General’s office has discovered accounts opened with Social Security numbers of at least 15 identity theft victims, including four dead people and a four-year-old boy. Among the dead people were his mother and sister (no harm, no foul?).
Of course, all these accusations are only allegations, but when Healey’s home was searched, officials found a boatload of damning evidence, including:
- Copies of over 700 New York State tax forms containing identifying information of New York taxpayers
- Numerous identity documents, including copies of over 300 birth certificates and over 1,000 Social Security cards in the names of various New York taxpayers and their children
- Hundreds of pages of credit card statements, credit card inquiry letters, credit applications and credit cards in the names of “Walter Healey” and numerous other individuals
- Approximately 2,000 Post-It notes with the Social Security Numbers of New York taxpayers handwritten on them - many of them accompanied by handwritten notes such as “good prospect,” “had money,” and “go with this one”
Ah, the good old days, when we were innocent enough to believe buying shredders and taking our Social Security numbers off our checks was all we had to do to protect ourselves from identity theft.
Alas, the data breach and identity theft headlines make it clear those days are over. The Identity Theft Resource Center announces there were 656 reported data breaches in 2008. Verizon Business’ Data Breach Investigations Report reveals a total of 1,152 data breaches (70% of which were unreported) with more than 285,000,000 records compromised. And every day there are more reports of threats as low-tech as mail theft, or as high-tech as the attacks by international identity theft syndicates.
In light of the escalating identity theft risks, LifeLock has launched a program to bring identity theft education and prevention resources to communities nationwide. The LifeLock Speakers Series features Certified Identity Theft Risk Management Specialists who deliver free audience-tailored presentations to update groups on identity theft trends and protection strategies.
They’ve already delivered several talks in Texas, Michigan, North Carolina and the District of Columbia, but if you’ve missed those, the schedule below provides some additional opportunities.
If you’re interested in scheduling a speaker for your group (senior citizens, high school and college students businesses and law enforcement agencies are among the groups who’ve already been scheduled), or if you’d like more details about the dates below, contact Cortney Read at (480) 457-2032.
- 5/18 Newark, Delaware
- 5/18 Pittsburgh, Pennsylvania
- 5/18 Benincia and Escalon, California
- 6/8 Cleveland and Columbus, Ohio
- 6/8 Detroit, Michigan
- 6/15 Las Vegas, Nevada
- 6/15 Pasadena and Newport Beach, California
- 6/22 Reno, Nevada
- 7/06 Chicago, Illinois
- 7/13 Ann Arbor and Warren, Michigan
- 8/3 Oklahoma City, Oklahoma
- 8/10 Dallas, Texas
- 8/10 Orlando, Florida
- 8/10 Denver, Colorado
- 9/21 Seattle, Washington
- 10/12 Kansas City, Missouri
- 11/2 Tampa, Florida
- 12/1 Los Angeles and San Diego, California
Retired NYPD cop Lisa Hazamoon Cahill knew something was wrong last spring when her debit card was rejected at a gas station. Her first thought was that the bank had made a mistake, but when they told her the account had been emptied and was overdrawn, she said her heart stopped.
Cahill had become an identity theft victim.
Fellow officer Debra Schymanski, a woman Cahill considered a friend, was charged this week with two counts of identity theft and one count of grand larceny.
Schymanski helped Cahill set up online banking accounts in 2003, when Cahill was sick and suffering from a seizure disorder. She then took advantage of her inside information to drain Cahill’s accounts, sometimes shuffling money between the accounts to cover her withdrawals.
“She also took mail out of my mailbox, changed the address on a dormant account, had the statements sent to her, stole money from one account and covered it with money from another account,” Cahill said.
Cahill sued the NYPD because a supervisor forced her to wash and iron his uniform shirts. She won the lawsuit in 2005, and had just deposited the $120,000 settlement when the Schymanski started taking money from the accounts.
Cahill is certain that another fellow officer, Edward Schymanski—Debra Schymanski’s husband—was in on the scheme, but he hasn’t been charged yet.
Investigators allege the stolen money was used to pay off more than a dozen credit cards, and might have been used to buy cars, a motorcycle and appliances.
Verizon Business released their Data Breach Investigations Report (DBIR) today, an analysis of 1,152 data breaches that occurred in 2008, only 30% of which were reported. The DBIR reveals that 285 million records were exposed—more than the total number of records from 2004 to 2007.
The causes of those data breaches is alarming, enraging and disheartening. According to the DBIR,
- 62% of the data breaches occurred within the retail and financial services sectors, which are required to meet Payment Card Industry Data Security Standard (PCI DSS).
- More than 80% of the organizations affected by data breaches were not compliant with PCI DSS.
- The financial industry lost 93%, or 265,050,000, of the compromised records.
- 72% of the attacks were determined to be opportunistic; the attackers identified vulnerability and exploited it.
- 73% of the attacks were determined to be of no difficulty (requiring no special skills or resources; the average user could have done it), or low difficulty (basic methods, no customization, and/or low resources required).
- 67% were aided by significant errors.
Who committed the attacks?
- 74% resulted from external sources
- 39% involved multiple parties
- 32% implicated business partners
- 20% were caused by insiders
Though insiders are to blame for only 20% of the data breaches, they did far more damage. Per data breach committed by insiders, the median number of compromised records is 100,000, compared to a median of 37,847 records from each external breach and 27,000 (median) from a breach traced to partners.
Hackers were responsible for 64% of the data breaches, but claimed 94% of the 285 million records compromised, or 267,900,000.
Some call PINs the Holy Grail; others refer to them as the keys to the kingdom. Now--thanks to hackers--you can call them gone.
Until now, hackers could only harvest PINs one by one, or in small crops by phishing, or by attaching skimmers or small cameras to ATMs, gas pumps and the like. But now hackers are one step ahead of banking security, and applying sophisticated new techniques,
“We’re seeing entirely new attacks that a year ago were thought to be only academically possible,” Bryan Sartin, director of investigative response for Verizon Business, said in an interview with Wired.com.
The source of millions of dollars in fraudulent ATM withdrawals reported nationwide were a mystery until this discovery. It’s a grim revelation for consumers and the banking industry that encryption security measures are an inadequate defense against hacking evildoers.
PIN hacking is an even greater slam to consumers than is credit card fraud; credit card issuers pick up the tab on fraudulent charges, but, because it’s nearly impossible to prove cash withdrawals are fraudulent, the consumer is often left holding the bag.
Academic researchers have written papers and issued warnings about the banking industry’s vulnerability to PIN hacking for years. In 2003 a Cambridge University researcher outlined a scenario in which PINS could be stolen with the help of an insider. Another paper was presented in 2006 with a similar theme that also involved inside assistance.
Why would your health insurer refuse to pay the bill for your appendectomy, claiming they’d already paid for one a month before? Why would your doctor prescribe a blood pressure medication though you have no history of hypertension? What if you receive a letter from a bill collector demanding payment for breast implants you’ve never had?
Any of these things can happen to victims of medical identity theft, and in Las Vegas police say it’s happening a lot, according to investigators with the city’s Metro Financial Crimes department. In fact, the valley police say they’re working right now on five recently reported cases of medical identity theft.
“I’ve had doctors call and tell me they don’t know who they operated on,” said Lt. Robert Sebby.
People who lose their jobs often lose their health benefits, but their need for health care doesn’t go away just because they’ve lost their ability to pay for it. And when illness and desperation converge, medical identity theft becomes a painful option.
Drug addicts and dealers find it easier to steal an insurance card than to rob a house and sell a stolen TV. Armed with a stolen insurance card, it’s easy enough to receive prescription drugs for painkillers or anti-anxiety drugs.
So, how can you protect yourself and your family from medical identity theft? Protect your insurance card the same way you do your credit cards:
- Don’t carry insurance cards with you unless you know you’ll need them.
- Check any statement of benefits with the same diligence you review credit card statements.
- Ask your doctor at every visit to review your records for allergies, prescribed medications and recent visits.
- If you find any irregularities in your benefits statements or medical records, contact your insurance company and the police.
If the IRS rejected your tax forms, claiming they’d already been submitted and a tax return paid, what would you think? Would you accept the IRS’s assumption that some dunderhead had made an error while filing his tax forms and inadvertently entered your Social Security number instead?
Tightwad Tod, a blogger for Consumer Reports, accepted that explanation when it was seconded by Turbo Tax. It was probably nothing more than an innocent mistake, an aggravation, and a nuisance. At the time, there didn’t seem to be any reason to even consider that something more sinister might be at play.
It wasn’t until several months later when a sympathetic IRS representative faxed him a copy of the other tax return that the reality and severity of the situation finally hit home: Someone in a New York City apartment was using his name and his Social Security number. He’d become an identity theft victim.
Dealing with the IRS is never a picnic, but when there’s no way to prove that you are who you say you are, the challenge increases exponentially. Ironically, Tod had to submit a formal change of address to the IRS, though he’s lived at the same address nearly all his life. As frustrating as that must have been for him, at least it made receiving responses possible; until he submitted the address change, the IRS was sending their correspondence to the New York address.
Thirteen months and at least as many contacts to the IRS later, there might be an end in sight. The IRS investigators and examiners have nearly completed their work, and there’s a light at the end of the tunnel, his tax advocate said.
Unfortunately, his 2008 tax return has just been rejected.
If you’re one of the more than 20,000 Tennesseans who have kids in Nashville schools, or pay or receive child support, you’re at a significantly increased risk of identity theft this week.
Today, there’s news about a massive data breach by a contractor for the Tennessee Department of Education. A Public Consulting Group owner, Stephen Skinner, said it was a simple human error that caused the names, gender, race or ethnicity, birth dates, Social Security numbers and some parents’ names to be posted on the Internet for three months.
Public Consulting Group took down the page March 5 without notifying any parents of the data breach. Unfortunately, Public Consulting Group didn’t realize Google had already indexed the page, so the information was still available last week when Art Staehling discovered his teenage daughter’s information on the Internet.
“I find it hard to believe that an established company had a problem of this magnitude.” Staehling said.
Public Consulting Group has a 5-year, $13 million contract with the state DOE, and will keep that contract despite the data breach.
Skinner said no action will be taken against the responsible employees because the data breach was a simple human error, Skinner said. He also apologized for the data breach.
Two weeks ago, Steven K, Gilmore was arrested for stealing the personal and financial information of thousands of people from the Tennessee Department of Human Services. Gilmore worked for Policy Studies, a contractor hired to process child support services.
The Pentagon has implemented another Iraq-style surge, but this time the counterattack is in cyberspace.
Brig, Gen. John Davis of the U.S. Strategic Command said today that the U.S. military has spent at least $100 million in the past six months to ward off additional Pentagon network attacks.
A month ago the government released information about the downloading of engineering and communication documents of the president’s helicopter, Marine 1. The information was downloaded to an IP address in Iran, after being accessed through a defense contractor’s file-sharing program.
In 2007, computer hackers breached an unclassified e-mail system in Defense Secretary Robert Gates’ office.
In 2006, a Japanese lieutenant inadvertently published U.S. military and coalition movements in Iraq on the Internet. The leak was attributed to a virus on the lieutenant’s personal computer, which was launched through Winny, a file-sharing program.
File-sharing software was recognized as a huge security threat as early as 2004 when a civilian launched the website “See What You Share” to publish pictures, documents and letters from soldiers and military bases in Iraq and other locales.
“We are finding ourselves in an ever-increasing, sophisticated environment where our networks at (the Department of Defense) are increasingly in a contested environment,” Davis said in a CNN interview.
Davis said the $100 million was spent on tools, training and technologies in response to infiltrations and viruses. He also announced plans to increase the number of “cyber-experts” from roughly 80 to 250 by 2010, but said even that cyber-security surge would be inadequate.
“It’s got to be more,” he said. “But it is a sign of progress.”
You pride yourself on your security practices, so on the way to work you drop off the mail you’ll send from a post office, you set the house alarm system and lock the deadbolt. All these things give you a peace of mind.
But if you or your kids are using file-sharing peer-to-peer (P2P) software to work from home to download music or videos, you have effectively left the doors standing open and left all your credit cards on the dining room table with a plate of cookies.
LimeWire is the most commonly used P2P software, and was the tool of choice for two Seattle men recently arrested on charges of aggravated identity theft, wire fraud and computer crimes.
Federal prosecutors accuse Frederick Eugene Wood of targeting P2P users to obtain personal information on at least 120 people from all over the United States. Wood was indicted by the U.S. Attorney’s office and has been arrested.
If convicted on all charges, he faces up to 22 years in prison.
Seattle police began investigating Wood after Gregory Kopiloff was arrested for his part in the scheme. Kopiloff was sentenced in 2008 to four years in prison after confessing he was part of a similar scheme. Investigators belief Wood trained Kopiloff to use LimeWire to steal identities and financial information from other users.
There have been thousands of incidents of criminals using file-sharing software to access financial records and even tax information. Hackers use the open door to install keystroke-recording software on other computers to gain access to Social Security numbers and credit card accounts and passwords.
Jay Foley, founder and executive director of the non-profit Identity Theft Resource Center recommends users of file-sharing software either eliminate it all together or set it up on a computer not used for any personal, financial or work-related purposes.
More Posts Next page »