All about how it happens and how you can keep it from happening to you.
June 2009 - Posts
The warnings about phishing attacks on social networking sites come so frequently, there’s probably a tendency to just tune them out. Well, listen to this: Phishing attacks on social networking sites are up more than 240%. According to a new report from MarkMonitor.
While massive data breaches are commonly blamed on cybercrime syndicates in Eastern Europe and Russia, the Americans are the phisher-men, hosting almost 50% of all phishing attacks. Last year, the United States hosted 36 of the attacks; so far this year, 46% of the phishing attempts call the U.S. home.
Strangely, Canada now holds the No.2 position, home to 4.7% of the attacks. The Russian Federation comes in third by hosting 4.5% of the attempts.
You know not to open a link in an email from someone you don’t know, but that advice doesn’t apply to Twitter, where users post abbreviated URLs in many of their posts. But you can still protect yourself.
If you click on a link that takes you to another page with instructions to log in with your Twitter password, don’t!
And, about those passwords … most of us use other sites along with Twitter. For instance, I use TweetDeck, Twitter Karma and Twitter Grader—all of which require login information. And, of course, I also use Facebook.
Don’t use the same passwords, user names and email addresses for all your accounts. Just one unguarded moment, when your curiosity leads you to click on a direct message that says, “Check out this funny blog about you” is all it takes.
That’s the ploy Tannette Johnson-Elie, a Milwaukee newspaper reporter, fell for last week. Johnson-Elie’s Twitter account was one of 33 hacked. Just that one click to see a funny blog, and a stranger now has access to all the information in all her social networking accounts and her email.
It’s wedding season, and as if the thousands of summer brides and grooms didn’t have enough to think about (Did you reserve a room for Aunt Tabitha?), comes now the bad news that identity thieves are targeting them.
Stolen mail has long been a source of information from identity thieves, but while the engaged couple is wrapped up in the madness of planning a wedding, a reception, a honeymoon and maybe a move to a new house, it’s not hard to imagine losing track of incoming or outgoing mail. (Did we ever get an RSVP from your cousin in Chicago?)
The average cost of a wedding is now $30,000, so any bride-to-be is likely to welcome an offer of a discount, a free honeymoon or a special gift for using an online gift registry. But not all that glitters is gold (When did the jeweler say our rings will be ready?), and some of those special offers are just come-ons to get your personal and financial information. Be careful.
There are a lot of fun websites just for sharing photos and plans related to your impending wedding with your friends and family. (If your best man gets drunk at the reception I’ll never forgive you). But don’t forget the rules that apply to other social networking sites apply to them, too. Don’t give out dates of birth or home addresses.
You’re going to be spending hours doing online research anyhow; spend a little more time becoming familiar with other common identity theft risks, and how to avoid them.
Walter Healey admitted to using his job at the New York Department of Taxation and Finance to collect personal information on more than 700 taxpayers, steal their’ identities and rack up about $250,000 in credit card debt.
Healey had an attorney, but didn’t put up a defense. He made his admission of guilt in a soft monotone voice. He volunteered that he takes medication for what he called “a mental condition,” but used neither the medication nor the condition as an excuse for the crimes he committed.
According to the complaint against him, Healey began stealing identities in 2006, and tampered with taxpayers’ records in August 2008.
Healey set the record straight today when he let the court know he actually began stealing identities in 1998 and tampered with records at other times during his employment, which stretched from 1986 to December 2008.
When authorities raided his house they found birth certificates, credit card statements and hundreds of Social Security numbers belonging to more than 700 people. The most promising prospects were written on Post-It notes with notes like “go with this one.”
His deceased mother and sister were among his victims.
Healey pleaded guilty to felony charges of tampering with public records, identity theft and unlawful possession of personal identification information. He also entered a guilty plea on a misdemeanor charge of official misconduct.
He’s been ordered to pay $200,000 in restitution. New York Assistant Attorney General Lauren Ellis said he’ll recommend Healey be allowed to serve his prison sentences concurrently, a total of 11/2 to 4 years, if he complies with the restitution order.
He’s free on $5,000 bail until his October 30 sentencing hearing.
Security experts have identified two new spams designed to infect recipients’ computers with malware.
WARNING NO. 1: Trend Micro just reported that there’s an email purporting to provide users with a “critical update” fro Microsoft Outlook and Outlook Express.
Within the body of the email are what appear to be authentic links to authentic Microsoft sites. But a click on the link downloads a key logger virus that records keystrokes on banking and social networking sites.
If you receive an email purportedly from Microsoft DON’T CLICK ON THE LINK! GO DIRECTLY TO THE MICROSOFT SITE FOR UPDATES!
WARNING NO. 2: There’s also a fake Twitter invite going around. If you receive an email inviting you to join Twitter, check to see if there’s a URL link within the body of the email. If there is, the invitation is legitimate.
The bogus invitation has an attachment with a .zip file. DON”T OPEN THE ATTACHMENT! It’s a malicious Ackantta worm that will suck away all your email addresses and copy itself over and over.
Twitter has become Iran’s virtual battleground and the primary news source since Iranian officials have silenced journalists. Before the Iranian election, there were an estimated 5 to 10 million users.
“As Twitter continues to gain popularity among social networking users, people are regularly receiving invitations and email updates from fellow users," Symantec researcher Sammy Chu said in a blog last week. "We expect that spammers will continue to use Twitter and other popular social networks as bait in their attacks."
Earlier this month Twitter users were directed to a fake YouTube site built to infect PCs.
Maybe it was just too many astronomical medical bills that pushed Desire Gordon over the line. Maybe she decided it was time for her to get even. Whatever inspired her, it looks like she’s going to paying big time now.
A Middlesex, MA grand jury indicted her today on charges of larceny, identity theft, identity fraud and credit card fraud for stealing the identities of at least 34 individuals, many of whom were doctors.
Gordon, 38, is accused of using her job to get her victim’s information and then using it to take out credit cards in their names, according to Middlesex District Attorney Gerry Leone.
The DA’s office hasn’t name the company Gordon worked for, but whatever it was, it gave her access to a large database of health care professionals and their personal information.
Like a lot of identity thieves, Gordon wasn’t very smart; she secured the P.O. box she used to receive all those new cards with her driver’s license. Once the docs discovered the new card accounts in their names, it was simple enough to find out where the new cards were mailed.
Gordon’s been charged with 15 counts of grand larceny, 20 counts of credit card fraud, 22 counts of identity theft. She also faces an additional 20 years for being a “common and notorious criminal.” If convicted—and if the jurors aren’t themselves facing sympathy-inducing astronomical medical bills—she could be sentenced to as many as 250 years.
Maybe it’s the way the stars are aligned, but lately I've been stumbling over ID theft stories involving home purchases. You, know the kind where someone steals your info and uses it to buy them self a new house—sometimes the one you already own. It’s great stuff.
The one I read yesterday is one of the saddest ever because the victim—though he’s aware of what’s happened—doesn’t understand it, and doesn’t believe he’s been victimized. In fact he loves the man who’s been using his identity and appreciates all he does to take care of him.
Philip Johnson is mentally disabled, which made him an easy target for Donald Zouras, the man whom Johnson thinks of as a caregiver, and for John Parsons, Zouras’ friend of 30 years.
The first crime to come to light was Parsons’ using Johnson’s identity to receive $350,000 in medical care. Care to venture a guess where he got the information?
If you look at the mortgages on the Joliet, Illinois house Philip Johnson shares with Donald Zouras and Zouras’ wife, Mona Lisa Russell, you’ll see the house belongs to Johnson. Zouras admits he used Johnson’s information to buy and then twice refinance the house. He also used Johnson’s identity to buy two cars (Johnson can’t drive) and invest in a Mexican restaurant.
Zouras has since defaulted on all the loans, and Johnson’s Medicare coverage has been frozen. As a result, the home Johnson shares with his “caregivers” is in foreclosure and he can no longer receive medical care—even an infected leg wound had to go untreated.
Authorities say Zouras has used at least 15 aliases over the years, and has a record of assault, armed robbery and pandering. He was convicted and spent four years in prison on charges of forcible detention for keeping a 16 year-old-prostitute under his control. He was also convicted for beating an exotic dancer who helped the 16-year-old victim escape.
“An ounce of prevention is worth a pound of cure.” Just about anyone who has a mother has heard those words, and mama was right—especially when it comes to medical identity theft.
The time to protect yourself is now.
- Step 1: Be as cautious with your insurance cards as you are with your credit cards. Make a copy of your insurance card. Then, on the copy blacken out all information except the provider’s name and your own. If you carry a Medicare card use the same tactic by blackening out the last four digits of your Social Security number on the photocopy. Keep the original insurance card locked up safely at home.
- Step 2: Go over any statement of benefits you receive from the insurance company. If you find any claims for services you never received, contact your insurer immediately.
- Step 3: Don’t wait for a statement of benefits; be proactive. Identity thieves routinely have mail redirected to elude detection. Ask your insurance provider to send you an annual statement of benefits.
- Step 4: Check your credit report at least annually. If someone else is receiving medical care using your name, it’s a sure bet they’re not paying the bills for you, too. Sooner or later those bills will end up in the hands of a collections agency and on your credit report.
- Step 5: Routinely obtain copies of your medical records, and keep them locked away safely at home. Not only will having these records make it easier to detect any erroneous information that might have already been inserted, it will also make it easier to restore the correct information.
The New York Times ran a story over the weekend about medical identity theft. They used Brandon Sharp’s story as an example and ran the story in the paper’s health section.
Medical identity theft stories can be found in just about any section of a newspaper: health, crime or finance—even obituaries--because medical ID theft can affect so many areas of its victims’ lives.
Sharp enjoyed good health and good credit until he became an identity tehft victim. Now he medical services accounts in collections, including a $19,000 charge for Life Flight air ambulance service. There are several more charges for emergency room visits in cities he’s never visited.
Besides wreaking havoc on victims’ credit score, some ID thieves use victims’ identity when arrested. Once out on bond, they skip their court dates, which results in an arrest warrant for the ID theft victim and sometimes multiple arrests. With a record like that, it’s all but impossible to get a job.
Anndorie Sachs learned she was a medical ID theft victim when authorities called to tell her that her newborn baby tested positive for methamphetamine. The next day a child services worker came to her home to take away her four children.
Sachs’ purse was stolen from her car months before, and her identity used in an emergency room by a woman who gave birth to a sickly baby girl and then abandoned her. Sachs was left with a $10,000 hospital bill, a criminal record and a legal fight that went on for years.
Sachs still worries the fraud may have introduced dangerous—even deadly--errors into her medical records. Incorrect entries about blood type, current medications or drug allergies could cost medical identity theft victims more than their good credit—it could cost them their lives.
The word “pickpocket” inspires Dickensian images of Fagin and his apprentice, the Artful Dodger, working the crowded streets of 1830s England.
Unless, that is, you’re one of the victims of the 200-strong “Cannon to the Wiz” identity-theft ring.
Leonardo Darnell Zanders, 39, the alleged ringleader was arrested in Detroit in April after several people’s pockets were picked at the Final Four basketball games. The group was based in Chicago, but they picked pockets and used other more high-tech methods stole checks and identities from victims all over the country, especially targeting crowded events.
Once the thieves lifted their victims’ wallets, they raced them to cars equipped with computers, cameras and printers, where they swiftly replaced the photos on the stolen driver’s licenses. The set up allowed the thieves to max out the stolen credit and bankcards before the victims even knew they’d be hit.
Postal inspectors searched Zanders’ house in February and found documents for 36 victims from nine state and Washington, D.C. Also in February, Secret Service agents searched the home of an alleged associate, Clyde Austin Gray Jr. where they discovered I.D. and bank documents for another 85 victims.
Each victim’s identity was comprised in rubber-band bound packets including personal checks, bankcards and original driver’s license along with another fake driver’s license bearing the photo of one of the thieves.
Other victims weren’t pickpocketed, but had their bank account information stolen from checks donated to a D.C. area nonprofit. Several checks were found in an employee’s desk at Combined Federal Campaign for the National Capital Area.
Feds got much of their information from informants within the crime ring, including one who said he or she charged between $200 and $500 for each set of documents sold to the syndicate.
Another insider claimed the 37 information packets he turned over to the Cannon to the Wiz resulted in $385,000 in losses.
Also charged were Wenona Latrice White, Sydney Anthony Charles, Shonya Michelle Young, Darryl Earl Price, Sylvester Vaughn, George Lee Reid, Claire Barker and Lennier McLeod.
My guess is that if you’re reading this, you’re probably not a prisoner, and so, not especially vulnerable to a scheme like the one allegedly perpetrated by Anthony Davila. Read on anyhow and you’ll get some idea of how easy it is to get someone’s Social Security number--in some cases, your government will happily assist you. You’ll also see how Davila is said to have turned identity theft into a very lucrative, full-time job in only five easy steps.
According to IRS Special Agent Jeff Hale:
Step 1: Davila perused the Florida Department of Corrections Website looking for criminals with the longest sentences.
Step 2: A simple call to the county clerks’ offices put in him touch with the nice folks who happily divulged case information including the inmates’ birthdates and Social Security numbers.
Step 3: Back to the Internet where he made a quick visit to the Florida Secretary of State’s Website to find the tax ID numbers of some of the biggest employers in the state.
Step 4: Next, he combined results of first three steps to create fake W-2 forms and tax returns.
Step 5: Finally, he sat back and waited for the tax return checks to be deposited.
Federal agents said Davila’s scheme resulted in 87 tax return checks totaling $423,531 being deposited into 14 bank accounts opened by Davila.
He faces charges of conspiracy, filing false income tax claims, mail fraud and aggravated identity theft. He’s sitting in jail now and has just been denied bond by a federal judge in Augusta, Georgia.
I choose a pharmacy based on (a) location, and (b) store hours. However, now that I know more about identity theft and data breaches, I think I’m going to do more research on the pharmacy we’ve been using for the last couple years.
I’m going to start by looking into the dumpster out back of the store.
CVS Caremark Corp. was made to pay a $2.25 million fine in February after an investigation by the Department of Health and Human Services and the Federal Trade Commission discovered their widespread practice of casually dumping sensitive information in open dumpsters, a violation of HIPPA regulations.
The found information included pill bottles with customer info on the labels, credit card and insurance account information, employment applications and payroll records.
The investigation was instigated by an investigation by WTHR TV in Indianapolis. Their nationwide research revealed Walgreen is as bad if not worse. Besides carelessly tossing customer info into a open dumpsters, a Walgreen in Creve Coeur, MO was found to be storing hundreds of prescription records in an unlocked file cabinet in a women’s restroom.
A peek into the dumpsters behind Rite Aid stores revealed the same disregard for their customers’ personal privacy.
Independent pharmacies are also clueless about protecting private information. Just this week the Indiana attorney general’s office reached a settlement with Low Cost Pharmacy in Indianapolis for dumping personal info in an unsecured dumpster.
Just one bag of trash found behind Tucker Pharmacy contained 732 patient records, some of them financial, others deeply personal. For instance a WTHR investigative reporter discovered that “Jose takes medication for athlete’s foot. James has a prescription to deal with his constipation. Lily’s lotion is for scabies. And Donald takes pills for schizophrenia.”
Think about it: What prescriptions do you take, and who do you want to know?
Susan Shaw was Miss Hawaii International in 1992. She had a home on Oahu that she shared with her husband and kids. She had another home in Manhattan Beach, Cal., that she shared with her boyfriend. And, when police searched that house, they discovered she also had hundreds of stolen credit cards.
Shaw was arrested at the Honolulu airport and later indicted by a Hawaii grand jury on May 12 on 122 counts of identity theft, credit card theft, forgery and money laundering. She is suspected of stealing at least $160,000 from at least 11 people, according to Manhattan Beach police, but new evidence indicates there are at least 25 additional victims.
The investigation began when people called police claiming their bank statements and credit card applications were being held or forwarded to another address without their permission. Credit cards accounts had been opened in their names.
Most of the credit cards had been applied for online from Wi-Fi cafes, like Starbucks, making it impossible for police to trace the perpetrator’s Internet service provider.
The break finally came when detectives got a tip about the delivery address where another card would be delivered. Cops staked out the address and watched Shaw pull mail from the mailbox.
They followed her car for a while, and when she ran a stop sign, they pulled her over and issued a warning. That traffic warning gave them the identifying information they needed to tie Shaw to the crimes.
Shaw’s husband, other family members, friends and boyfriend all claim to be shocked by the accusations and evidence against her, though they admit they were curious about how she financed her lavish lifestyle.
Her husband and boyfriend each claim to have been unaware of the other.
After reading what probably amounts to thousands of identity
theft stories and hundreds of studies on the same subject, there’s nothing like
a good stupid criminal story to break the monotony. Those are stories I can
write about with a smile on my face.
Barbara Glass has been with the Portland Police Bureau in Oregon for almost 20
years, and for the past eight she been the Bureau’s resident expert on identity
theft and fraud investigations.
Imagine Officer Glass’s surprise when, in the midst of an
investigation into a major counterfeit check ring, she received an email from a
local Safeway grocery store alerting her that her own name showed up on one of
the bad checks they’d received.
According to the Safeway email, Glass’s full name was
handwritten on a check for $314.97 that was cashed on April 16.
That’s right: The counterfeiters were stupid enough to use a
cop’s name—a fraud investigator’s name, no less—on a bogus check. And,
apparently they got such a giggle out of doing that, they also used the East
Precinct address where Glass works as the address for their fake business,
Swept Up Cleaning Company.
Naturally, the nitwit crooks got busted. Police arrested
Marcus Wilson, 27, and Carry Pepin, 33, on probation violations. A third
suspect, Rachelle Ross, 35, was accused of identity theft when it was
determined that she was most likely the one who posed as Glass to pass the
Stupid criminals … you gotta love ‘em.
Paul L. Kelly used to be the district attorney in Eau Claire County, Wisconsin. After that he was an attorney in private practice. He was a dad and grandpa.
As of yesterday, though, he’s a convicted felon found guilty of 35 of 43 charges of identity theft, fraud and forgery. The victim of these crimes is Kori L. Kelly, Paul L. Kelly’s daughter. More charges pertaining to his grandson are pending.
According to the criminal complaint, Kelly said he had power of attorney for his daughter, who then lived in Colorado. He bought a $7,500 car and a $7,200 conversion van. He also took out a $128,000 mortgage to buy a house in her name. The he filed Chapter 13 bankruptcy on his daughter’s behalf.
There may yet be a second trial to determine Paul L. Kelly’s guilt or innocence on four more charges that he committed additional crimes of the same nature using his grandson’s identity.
Kelly’s accused of using his grandson’s Social Security number on an application for a $56,000 loan to buy a piece of land. He again claimed to have power of attorney, but said on the application his grandson was a 25-year-old construction worker.
To strengthen the ruse, Kelly took forged W-2s, employment records and another man who posed as Kelly’s grandson.
The grandson was 8 years old at the time the crimes were committed.
Kelly was Eau Claire County district attorney from 1965 to 1968. He was a private practitioner until 1982 when he was disbarred under accusations of unprofessional conduct, misusing clients’ funds and filing false reports.
Experian knows a lot more about you than you know about them, and everything they know about you is up for sale.
You might think of Experian as “the credit bureau”—a repository of your financial history, the good, the bad and the ugly. And, yes, they’re all that … all that and so much more.
Experian knows all about your cars, businesses, insurance policies and lifestyle. And, if someone offers them money for it, they’ll even send someone to interview your friends, neighbors and associates to learn more about your character, reputation, personal characteristics and mode of living.
Experian boasts on their website that they hold credit information on 215 million Americans. They have title and registration data on 450 million vehicles. Every year, more than 100 million American households receive more than 20 billion pieces of advertising, all thanks to the databases Experian sells.
What their website doesn’t tell you about is the legal problems the Dublin-based company has in the United States.
Most of Experian’s problems are related to the “freecreditreport.com” marketing and sales of their Triple Advantage credit monitoring service—a subscription service that costs $79.95 a year.
The Federal Trade Commission has repeatedly investigated, found guilty and fined Experian for deceptive advertising, charging consumers’ credit cards without permission, failing to cancel subscriptions during the “free” trial period, or even letting consumers know they have the option of canceling.
The Florida Attorney General’s office has been investigating Experian since 2006. The AG’s office is looking into accusations that Experian’s marketing and sales of their Triple Advantage credit monitoring service violated the state’s Deceptive and Unfair Trade Practices Act.
Some of Experian’s problems are only public relations headaches, like the time Privacy International “honored” Experian with the Big Brother Award for being the UK’s most invasive company.
And then there’s the time FTC gave Experian’s customer service practices a grade of “F” because they refused to provide consumers with a customer service phone number.
More Posts Next page »