All about how it happens and how you can keep it from happening to you.
May 2010 - Posts
Millions of offices use digital photocopiers that retain your copied information on their hard drive
Every time you use a digital photocopier, a copy of your document may be stored somewhere on the copier's internal hard drive. If the copied information includes your personal data, that too could be the source of identity theft. Al images scanned on the machines are stored in the hard drive, including documents with personal data such as medical history, Social Security numbers and bank account numbers.
If the copier is connected to a network, your information may be free to a hacker if the company's security is breached.
Even worse, after a company purchases a new copier, many copiers are recycled and shipped overseas, with the data on their internal hard drive intact – and ready for harvesting by identity thieves.
Businesses may think they have a bullet proof security system in place, but unless they have included their digital copier in the plan, there may be a gaping security flaw. Most states have passed legislation requiring that business owners take steps to protect consumers' personal information. But many businesses fail to take their copiers into account when developing security protocols. If they don't take the necessary precautions, copier hard drives could be resold to third parties, possibly in a foreign country, where identity theft is harder to control.
In order to protect the users and businesses from harm, there are some steps that can be taken:
Business owners and office administrators have several options to protect stored data:
Businesses can password protect the hard drive – this does not remove the data, but thieves would need the password or have sophisticated software to break the password code in order to access the data.
Businesses can purchase software that scrubs the disk or removes all the data from hard drives. This process, called “disk scrubbing,” leaves the thief no data to steal.
Software to prevent data from being stored at all or to encrypt data can be found on-line. Some photocopier manufacturers, such as Sharp or Xerox, offer this software with the copier when it is purchased.
Personal identity theft is hard enough to deal with, but criminals will steal your business' identity as well. How do your protect against business identity theft?
Although not nearly as common as personal identity theft, the recent study released by Javelin Strategy and Research revealed that small business owners are victimized one-and-a-half times more than other adults.
So what is the difference between personal identity theft and business identity theft? A victim of business identity theft, rather than simply being defrauded on a personal level, sustains damage to business relationships, credit and resources. The result of business identity theft can included damaged business credit ratings, large fraudulent purchases made in the business' name, a damaged reputation, costly deals made in the company's name or loans obtained in the company's name.
Although businesses of all size can be vulnerable to identity theft, small businesses and individual entrepreneurs are often hit hard because they lack the financial resources to recover from theft.
Business identity theft gets more common every day, but there are some simple steps you can take to significantly reduce your risk of becoming a victim:
- Keep a paper shredder in the office – and use it! Make certain that all records, credit cards, and any document with any personal information (SSN, addresses, names, birthdates, etc.) go into the shredder.
- Purchase security software that maintains an electronic firewall, encrypts your information, and protects your e-mail accounts from hackers.
- If you maintain a website, have a professional check your site for "holes." Information can leak through security holes, exposing your business to identity theft.
- Protect or eliminate your paper information. Keep files away from the public and accessible only to employees on a need-to-know basis. Because paper is more vulnerable than its electronic counterparts, store files in computers and switch to on-line banking, payroll and bill pay. Store documents that must bekept in paper form in a locked file cabinet.
According to a study by Javelin Strategy and Research, making these switches can potentially save consumers and businesses up to $4.8 billion and prevent more than one million cases of business identity theft each year.
There are at least 25 types of identity theft, according to sources such as the Identity Theft Resource Center (ITRC) and the U.S. Secret Service
Identity theft involves any instance where one person uses another's personal or financial information in order to impersonate that person for any reason. Identity theft represents America's fastest growing crime.
Many different studies have confirmed that there are at least 10 Million victims of identity theft in the U.S. alone each year. Victims can spend up to two years and hundreds or even thousands of dollars clearing their name. Victims of identity theft can experience difficulties in managing their financial affairs.
With more than two dozen different types of identity theft, the crime is difficult to combat since your personal information is almost everywhere and is easily accessible to identity thieves.
The non-profit Identity Theft Resource Center (ITRC) sub-divides identity theft into five broad categories:
Business Identity Theft
- Business/commercial identity theft (using another's business name to obtain credit)
- Criminal identity theft (posing as another person when apprehended for a crime)
- Financial identity theft (using another's identity to obtain credit, goods and services)
- Identity cloning (using another's information to assume his or her identity in daily life)
- Medical identity theft (using another's identity to obtain medical care or drugs)
is similar to identity theft committed against an individual. Business identity theft targets the commercial identity of a small business or corporation. Criminals use stolen business identities to secure lines of credit, purchase goods and services under the name of the victimized business or as tools to help during the theft of large numbers of individual identities.Criminal Identity Theft
occurs when someone commits a crime in your name. If a person masquerades as you and commits crimes, this can result in a criminal record being recorded in your name, you may receive a notice to appear in court for violations you are not responsible for and warrants for your arrest can even be posted nationwide. You might not even know of the theft until you apply for a job, apply for credit, or when the police show up at your home.Financial Identity Theft
is a common type of identity theft. It is important to monitor your financial relationships with creditors, banks and lenders. Credit reports provided by the three main credit bureaus are perhaps the best way to monitor existing and any newly created fraudulent relationships. You can check for fraudulent activities in you name by periodically reviewing your credit record, or by subscribing to an identity theft protection service such as Lifelock.Identity Cloning
occurs when you are impersonated by someone else in order to conceal their own true identity for whatever purpose. Illegal immigrants, people hiding from creditors or other individuals, or those who simply want to become "anonymous" for personal reasons have successfully used cloning to pretend they are someone else, sometimes for years. Unlike the traditional idea of identity theft, the may con deception may continue almost indefinitely without being detected.
Particularly disturbing is Medical Identity Theft
, occurring when someone uses a person's name and personal, financial and insurance information to obtain medical services. Medical identity theft frequently results in false entries being entered into existing medical records, which can then lead to inappropriate and potentially life-threatening decisions by medical staff – based on the false information. An example would be inaccurate information about allergic reactions to medications or incorrect blood type information.
After being lost for almost a decade, an unreleased documentary about hacking reappeared on “Pirate Bay,” a Swedish peer to peer file sharing site.
Narrated by actor Kevin Spacey, the 90-minute Hackers Wanted follows the exploits of Adrian Lamo, who pleaded guilty in 2004 to cracking the internal network of The New York Times.
Lamo made his mark early in the decade with a string of hacks against prominent companies, including Yahoo, Excite, Worldcom, Microsoft and the New York Times. His attacks were characterized by a sense of humor – in 2001, Lamo snuck into an unprotected content-management tool at Yahoo’s news site to tinker with a Reuters story, adding a made-up quote by then-Attorney General John Ashcroft. He staged other hacks, first alerting the press and often working with the hacked company to close the security holes that he exploited.
Typically wandering the country by Greyhound bus, Lamo gained the nickname “the Homeless Hacker.” He ultimately surrendered to face charges related to the New York Times hack, and was sentenced to six months home confinement at his parents’ house and two years of probation.
“It’s ironic that a film about overcoming barriers, about new technologies, about thinking differently, had to come to the public eye by being hacked out of the hands of people who, after making a film about the free flow of information, tried to lock away that information forever,” says Lamo.
The Pirate Bay is "one of the world's largest facilitators of illegal downloading," and "the most visible member of a burgeoning international anti-copyright or pro-piracy-movement" according to an editorial published in the Los Angeles Times,
Google users can now run encrypted searches simply by using the company new “beta” site
The search engine GOOGLE has launched a “beta” encrypted search web site. The change brings the same web security system that protects online bank transactions and secure shopping to search engines. Encryption makes it hard for anyone in between your computer and Google’s servers to intercept and see the terms you search for or the results Google returns. Google's new search option does not however, keep Google from storing and analyzing your searches, nor does it disable “smart” software that tracks your marketing preferences. The encryption software is designed only to prevent eavesdroppers from analyzing the URL or content to see the search terms you are sending to Google, or the results.
To use Google's new encrypted site, go to https://www.google.com
. Make sure that the URL is for "https" and not "http" - look for the lock symbol over the "e" in "Google." When you use the encrypted site, all an eavesdropper can see is that you are using Google, nothing else.
Before you decide that Google is a selfless provider of new security measures to keep online users safe – Google decided to launch the option only after the search company admitted it had been eavesdropping on and recording user activity on unencrypted Wi-Fi networks. It turns out that whenever Google's “Street View” cars were taking pictures of cities around the world, they were also recording activity on local Wi-Fi networks.
A worm is spreading via Yahoo Instant Messenger that tricks people into downloading what they think is a photo from a friend but instead accesses a victim's IM contacts.
If you receive a message from someone you know, with the word "photo" or "photos" and a smiley face icon, along with a link to a Web site resembling a Facebook page, MySpace page, or some other page, you may become one of the latest victims of a “worm,” a malicious computer program that can intercept passwords and other sensitive personal information and send it out over the internet.
If the program is downloaded and opened in Windows system, the computer will become infected and the malicious message will then be re-distributed to all of the user's IM contacts.
Yahoo has recommended that any Yahoo Messenger user who receives a suspicious instant message with a link first IM their friend to ensure the message is legitimate before moving forward. Users should not download executable (.exe) files that are sent through Yahoo Messenger." The company also warned that Internet users should always make sure that their antivirus program is up to date.
The Internal Revenue Service has issued its 2010 “dirty dozen” list of tax scams, including schemes involving return preparer fraud, hiding income offshore and phishing fraud schemes.
In a statement, IRS Commissioner Doug Shulman said that “Taxpayers should be wary of anyone peddling scams that seem too good to be true.” Tax schemes are illegal and can lead to imprisonment and fines for both scam artists and taxpayers. Taxpayers who find themselves victims of these schemes must repay any unpaid taxes plus interest and penalties.
Some tax-related fraud can lead to, or is related to identity theft.
During tax season the number one complaint from consumers, identity theft, increases. And the IRS is well aware of it. On the IRS website, http://www.irs.gov/
, there is an article dedicated to "Identity Theft and Your Tax Records."
In this article the IRS gives information on how to protect yourself from tax related identity theft and steps for alerting the IRS if you believe your identity has already been stolen. The IRS makes it very clear at the beginning of the article that the IRS never initiates contact with taxpayers using email. So - if you receive an email message that looks like it came from the IRS, it is a scam. While it's always important to protect your personal and financial information, it is especially important to be vigilant during tax season!
Also important is the IRS article "Suspicious E-Mails and Identity Theft,"
which includes links to various IRS documents warning of tax refund phishing scams, tips on how you can shut down phishing scams, tips on how to protect your identity, descriptions of recent schemes and how to report suspected fraud to the IRS.
Is your personal and financial information safe on your computer? Take the Identity Theft Resource Center's “PC Perfect Information Safety Quiz” and find out!
- Keep personal identifying information such as Social Security numbers, account numbers, passwords or financial records on a computer connected to the Internet?
- Trust those you share your PC with, i.e. co-workers, relatives and roommates?
- Verify which of your folders are opened for sharing (open to others) when you use peer-to-peer file Run a full virus scan on your hard drive at least every week?
- Open email documents, or attachments to email documents without verification of the sender?
The ITRC has created a short – 20 question – quiz to rate just how safe your sensitive personal and financial information may be on your home or work computer. I took the quiz – it only took a few minutes, and some of the questions were eye-openers.
Obviously, when you score your answers, the higher your score, the safer you are. If you answered any questions incorrectly it may be time to rethink how you handle sensitive information.
The quiz can be found at http://www.idtheftcenter.org/PC_Perfect_-_information_Safety_Quiz.shtml
North Carolina man attempts to hack into an ATM, only to be arrested at the scene.
In a series of events reminiscent of a T.V. Crime investigation, a North Carolina man was arrested in Houston, TX in April after he tried to hack into an ATM and change its passcode, according to the FBI. The suspect's plan was to hack into the ATMs using the manufacturer's “default” passcode in order to set up the machines to think they were loaded with $1 bills instead of $20 bills. This would allow the thief to pull out $8,000 in cash with a $400 withdrawal from a prepaid debit card.
The plan was to reprogram ATM machines all across Houston. The thief's error was in choosing a fellow conspirator who happened to be an F.B.I. Informant – as a result, officials knew about the plan all along – and were just waiting for him to make his first attempt.
The plan was foiled when the ATM machine failed to recognize the “default” pass-code, which had been changed by investigators – and the arrest was made on the scene.
According to F.B.I. identity theft experts, this kind of ATM crime is more commonplace than people believe. Manufacturer's manuals are available online, explaining how to switch ATMs into diagnostic mode. The manuals often list typical factory-set default passwords. Before the Internet, it was unlikely that anyone but dealers had access to the manuals – but not any more. Most ATM manufacturers have updated the machine software to prevent scams such as this one, but not all machines have been properly updated. So, the opportunity for fraud still exists.