I Get Asked the Darnedest Things – Including How to Protect Ill-Gotten Gains

March 5, 2012

I recently spent a week teaching several hundred students, teachers and parents in several schools and school districts across North Carolina. The sessions are always great, but since there is never enough time to answer everyone’s safety, security and privacy questions, I encourage listeners to leverage the “Ask Linda” section on my website.

The questions I typically get asked range from “is_____ a strong password”, to questions about situations that need immediate intervention. However, among the many follow up questions from this trip came my first request for assistance in protecting stolen funds. The audacity and irony in the email are just too good not to share, so with identities hidden, here’s the original email – and my response. Enjoy.

On 12/16/2011 “Michael”:

Today, you spoke my school (xxxxx).  The talk was the best I have ever heard at a school event because during 2009-2010 I recovered other people’s old RuneScape accounts.  I learned many ways to look up people, many of which you mentioned today.  I have since stopped recovering because many people have found out this easy way to make money and so there are far fewer unused accounts to steal. I also did a fair bit of phishing on the system pelican (fish.in.rs) which is a mass mailer of runescape phishers, so all I needed was an email address owned by a scaper.

Since then, I have been sitting on a few thousand dollars worth of RuneScape currency. With college coming up, I am hoping to sell this on the RuneScape black market sythe.org .  The preferred method of communication of most members is MSN which I saw on your website that you used to work for.  One of the questions I had for you is: can another person that is chatting with you on MSN get your ip address?  I have heard many hackers claim they can get ips through skype, MSN, and email communications.

On another note, I plan on majoring in mathematics and becoming an investor.  However, I am wondering what classes are recommended to become an internet security consultant such as yourself.

Enjoy your stay in North Carolina,

Thanks,

Michael

“Michael”,

The answer to your question is yes, MSN or windows live uses the Microsoft notification protocol that carries the client IP address in some of its headers. While I’m pleased that you found my internet safety, security and privacy presentation to be useful, I’d say that given your phishing and account theft activities the field of security is not the right one for you, and recommend you stick to investing.

Linda

Comments Off | Linda's Blog | Tagged: , , , , , | Permalink
Posted by Linda Criddle

It is Absolutely Critical that you Understand YOU Are the Digital World’s Currency

October 15, 2011

In order to truly be a “free” website the provider cannot charge you fees, collect your information to sell, rent, lease, or share, or put advertising in front of you. Needless to say, there are very few truly free websites; most that are truly free are government, institutional, school, or non-profit websites, though even many of these types of organizations advertise and sell consumer information.

The way most ‘free’ services make money is not by selling advertising. What they sell is access to you, and information about you to advertisers, marketers and researchers, and others.

Your information is the commodity that drives the internet economy. It is collected through your online actions and the information you share, as well as through the exposure of your information by others.

Every piece of information you post, and every action you take online has value to some company or someone. That isn’t necessarily a bad thing. This trade in information lets you use the websites without paying money for your access. Your information helps companies provide you ads that are more targeted to your interests. It helps researchers and companies know what kind of products to design, and so on.

If you read a website’s terms and conditions you should be able to see just what information is being collected and how it is shared, though many companies make it very difficult to understand the full scope of their use of your information.

In addition to the information the hosting site is collecting and monetizing, an entire new industry has been created just to collect all the information posted by you or about you on any site – including government sites – to sell, rent, share, etc. to any interested party – see my blog Civil Rights Get Trampled in Internet Background Checks to learn more on this particular aspect.

And the data collection and reuse does not end with the hosting company or data collection companies. Your information is also collected and used by recruiters to make their hiring or enrollment decisions, potential dates or friends, by journalists interested in interviewing you. It’s searched by charitable organizations that are looking for sympathetic individuals to ask for charitable donations. And your information is collected and used and by far less pleasant people who want to use the information for things like bullying, cyberstalking, identity theft, home robberies, and other crimes.

To really understand your digital value and how this may have consequences far beyond those you feel comfortable with, let’s look at an example.

“Jenny” is 65. She loves using the internet to research information and stay in touch with friends and family. She’s on Twitter with friends, on Facebook with her grandchildren, and on a social networking site for seniors with her interests.

In Jenny’s profile she provides her full name, age, and location. She’s included a short line or two about her interests – chamber orchestra music, gardening, wine and photography. She’s taken a couple of online quizzes of her likes and dislikes which makes it easier for new people to see if they have something in common with her.

In one blog post she notes that she’s fed up with the democratic agenda. In another she talks about her grandkids that come to her house twice a week after school.  She complains that her knees and back hurt twice a week – on the days after her grandkids are over. And she says she hates exercising as much as she ever did, but that it’s even harder to get motivated since her mastectomy.

She tweets from the same doughnut shop every morning where she meets up with friends. On her senior site she joins a wine aficionado group and slyly acknowledges that while she only has one glass of wine a day – she frequently refills that glass several times over!

The photos Jenny has posted are of grandkids, her dog and nature shots.  There’s nothing embarrassing in what she’s posted, she wasn’t mean to anyone, but she doesn’t really understand the far reaching ramifications of what she posts.

How do others use this information?

The web service companies she uses collect this information – as well as information about the website she was on before she came to their site (ah, she banks at Chase) and the website she navigates to when she leaves – (oh, she went to the appointment scheduling page of a doctor in the ABC medical practice). They collect they type of computer/phone being used (wow, that’s an old HP!), it’s operating system, IP address, location, etc.

The web service companies are likely to cross tab this information with other information collected by data aggregators from government websites like Jenny her birth certificate – parents’ names, place of birth, date of birth, which when combined with records where Jenny has entered the last 4 digits of her social security number, provides her whole SSN – see my blog Kids and Financial ID Theft; a Growing Issue to learn how SSN’s are deconstructed.

Data aggregators have also collected the birth certificates of her children and grandchildren, her voter record, criminal record (clean), driving record (two speeding tickets in past 18 months). They’ve also gathered information on her deceased husband, what he did for a living (and her projected retirement funds), and information about her home, and previous properties she’s owned.

Crawling the web, data aggregators also see where she’s donated to charities, what her friends are saying about her, what information is discoverable through her photos, and the vehicles she has registered (one car, one boat).

And so on.

What surprises Jenny is that when she chooses to switch auto and boat insurers, she’s denied because of her potential drinking problem, which combined with her speeding tickets could be an expensive mess for the insurance company. She is also denied when she tries to purchase some life insurance – anyone who eats doughnuts every morning, hates to exercise and has already had cancer isn’t seen as a good risk.

Donation requests from music organizations, and catalogs from gardening, and pet supplies companies start showing up on a whole slew of websites Jenny visits online – and more arrive in her mailbox.

Her granddaughter discovers she will have to pay more for medical coverage because the insurance company learned through Jenny’s posts that breast cancer runs in the family.

Jenny falls for an ID theft scam that looked like a request for information from her doctor’s office asking her to reconfirm her billing and insurance data for their records.

To make matters worse, Jenny came home last week after her daily doughnut shop meet up, to find her home had been broken into. All of her photography equipment was stolen.

Once Jenny recognized how information she posted was affecting her, and her family members, she immediately took down some of her posts. Unfortunately, the data aggregators, and web service companies still have their data sets, so the damage is permanent.

If you take this scenario, and expand it to all the communications, contacts, and digital data collected about you, you’ll begin to see the magnitude of the financial model behind web services and data aggregators.

I am frequently asked why internet service companies don’t do a better job in giving their customers what they want. The answer to this is simple; they are giving their customers what they want – and what they want is your data.

In short, while you are the consumer of a websites services, you are not the service’s customers – those are companies paying to get access to you and your information.

A great illustration of this concept was created by the people behind Geek and Poke, and though the company targeted in the cartoon is Facebook, the concept applies to every other web service or product that makes their money behind the scenes.

As you provide information consider how it is being sold, bought, or simply taken and make sure you’re okay with potential outcomes now and over time.

Learn more about the commodity model in this blog When it Comes to Online Ad Tracking, You Can Opt out Any Time You’d Like – But Can You Ever Leave?

Note: ilookbothways.com does not collect, trade, sell, or use any information about our readers, nor do we accept any advertising on our site. The occasional ad that does land on our pages is NOT associated with us in any way.

Linda

Comments Off | Linda's Blog | Tagged: , , , , , , | Permalink
Posted by Linda Criddle

Florida AG’s Office Estimates over 500k Kids ID’s Stolen Each Year

October 4, 2010

Although statistics are not kept on identity theft victims under 18, estimates indicate the crime affects more than 500,000 children nationally each year, according to the Florida Attorney General’s Office in an article in the Palm Beach Post.

The article goes on to quote Linda Criddle saying:

Children’s SSNs are highly prized because children have no credit history, said Linda Criddle, president of the Safe Internet Alliance in San Diego. She warns that theft of children’s SSNs is on the rise.

The two primary threats to children’s financial identities are family members, even parents, who want to open a new line of credit, and professional thieves who use computers and public information to find SSNs, Criddle said. They use sophisticated programs to search for the numbers through databases kept by schools, doctors and insurance companies. The criminals then sell the unblemished numbers to people who use them to obtain credit cards and rack up huge debts they will not have to repay.

Criddle offers these suggestions to reduce your child’s risk of financial ID theft:

  • Keep Social Security cards locked up. These don’t belong in wallets or loose in your home where others may come across them.
  • Tightly restrict sharing your child’s SSN. You may be asked to provide your child’s SSN in many circumstances, such as to enroll him or her for a sports team, or at the doctor’s office. However, you do not need to give their SSN – you can show other evidence of age or information that your health care provider needs for billing.
  • Teach your children not to share their SSNs. When they are applying for jobs, at which point they finally do have to share the number, make sure the employer and company are legitimate so the risk of resale is low.
  • When creating a bank account for your child, set up only a savings account and make sure there is no overdraft protection included.
  • Monitor your child’s credit as you do your own. If you wait until you see a red flag, a lot of damage may have occurred, and often you’ll see no red flag at all until your child seeks credit. Running a credit report does introduce some risk, but you can mitigate this by freezing their credit. This way, if the very act of checking your child’s credit history generated a credit file you have squashed the chances for abuse. Unfreeze their credit when they do seek a loan.

To read the full article, click here.

Linda

Comments Off | Linda's Blog | Tagged: , , , , , | Permalink
Posted by Linda Criddle

Kids and Financial ID Theft; a Growing Issue

September 11, 2010

Stealing children’s social security numbers (SSNs) to use or sell is not new, but it is becoming more widespread. The problem is expected to get worse before it gets better, according to the Associated Press.

Financial identity theft has grown into a multibillion-dollar problem, and at least 7% of the cases that are reported target children’s identities. The actual number of child victims may actually be much higher, as the theft of a child’s financial identity is often not discovered until the child applies for credit.

It is precisely because kids aren’t seeking credit that make theft of their Social Security numbers so lucrative. The allure of an untainted SSNs (one with no credit problems) is in the opportunity it represents for creating fake lines of credit and charge up high debts.

How kids financial ID theft happens

There are two primary threats to kids’ financial identities. The first comes from family members looking for a new line of credit. They steal their children’s, nieces’ or nephews’, even younger siblings’ identities, primarily to use themselves to create new lines of credit.

The second threat comes from criminal businesses that use computers and publicly available information to find Social Security numbers for which no line of credit has been established. You may wonder how criminals steal numbers that aren’t in any system, but that’s the beauty of it. They don’t have to know whose SSN they’re stealing, they just have to find SSNs that are legitimate and have no credit history.

The way these criminals collect the SSNs is tied to the antiquated method by which SSNs are generated.

SSN’s have three sections; the first three numbers represent the state in which the SSN was issued (after 1972 they represent the zip code). Anything between 001-003 and before 1972 for example, is issued in New Hampshire.

The second set of numbers in the social security string represents a specific window of time during which the number was generated, quickly identifying the age of the legitimate SSN recipient.

The last four digits are the only random numbers – and ironically those are the ones you’re asked to provide most frequently.  Knowing how SSNs are created, criminals can use a computer program anticipate the next set of numbers to be generated, then they can test these to find which are legitimate.

Criminals then take these SSNs and sell them to people who want credit they can use to accumulate huge debts they won’t have to repay. These numbers sell for anywhere between a few hundred to several thousand dollars apiece.

“When a creditor gets a request in with a valid SSN, one that they can confirm has been issued, they don’t get information telling them to whom the number was issued,” says Linda Foley, of the Identity Theft Resource Center (ITRC), an organization that offers counseling and resources to identity theft victims.

“That’s not information Social Security gives out.  Nor is it information that the three credit reporting agencies have access to.”

From that point, it is easy for the thief to put down his name, a date of birth, and a reasonable excuse for why he his Social Security number had been issued recently.

Once the purchaser of the stolen SSN defaults on their loans, the credit line is shut down and that SSN is no longer of use – but serial SSN thieves simply buy a new SSN and continue running up debt. Assistant US Attorney Linda Marshall from Kansas City states, “If people are obtaining enough credit by fraud, we’re back to another financial collapse. We tend to talk about it [identity theft fraud] as the next wave.”

Because SSNs with no credit line often come from young children who have no money of their own, these numbers are ideal candidates for opening a new, unblemished line of credit. Add to that the low likelihood that anyone is monitoring that child’s financial identity, and crooks have a winning combination.

Julia Jensen, an FBI agent in Kansas City, recently discovered a ring of criminals using public searches to identify SSNs without credit lines while investigating a mortgage-fraud case. “The back door is wide open,” she said, comparing the businesses that sell the numbers to drug dealers.

“There’s good stuff and bad stuff,” she said, referring to the value of a stolen SSN. “Bad stuff is a dead person’s Social Security number. High-quality is buying a number the service has checked to make sure no one else is using it.”

Unfortunately, experts say, it’s nearly impossible to prevent the fraud because it’s so easily concealed and targets such vulnerable people.  “There’s no way to protect your child completely,” says Foley.

The difficulty in protecting children’s SSNs and financial identity is multifaceted:

  1. Financial ID thieves are using sophisticated programs to search for dormant SSNs through databases kept by schools, doctors, and insurance companies, which typically require children’s Social Security numbers be provided.  Rapidly evolving methods used for selling the numbers make tracking this kind of theft particularly difficult.
  2. Credit issuers typically do not keep track of the age of Social Security number holders, so they cannot alert families when a child’s number is being used – something Foley’s organization has been trying to change since 2005, and a protection she considers vital for preventing child identity theft on a large scale.\
  3. Even parents who routinely check their own credit information rarely think to check reports for their children, particularly if the children have not yet begun to work. But if a SSN is compromised, criminals can run up tremendous charges in a child’s name.
  4. The methods and locations used to sell SSNs change frequently, and may be camouflaged under legal transactions. Some of these sketchy companies have impressive, high-tech websites. Others advertise on sites like Craigslist.

The impact of financial ID theft on a child

It takes time and a lot of work to restore a financial reputation, and the repercussions of a damaged credit score can impact a child for life. As they seek loans for college, cars, and homes, they may struggle to qualify and be permanently subject to  higher interest and mortgage rates.

Someone has to pay the debts accrued against that SSN. Sometimes it’s the victim or the victim’s family that pays. More often it’s the businesses that sold whatever goods were purchased that get stuck with the costs, which of course get passed on in the form of higher prices for all their customers.

Reduce your child’s risk of financial ID theft

  • Keep Social Security cards locked up. These don’t belong in wallets or loose in your home where others may come across them.
  • Tightly restrict sharing your child’s social security number. You may be asked to provide your child’s SSN in many circumstances like to enroll them for a sports team, or at your doctors office.  However, you do not need to give their SSN, you can show other evidence of age or information that your health care provider needs for billing.
  • Teach your child not to share their SSN. When applying for a job, make sure the employer and company are legitimate so the risk of resale is low.
  • When creating a bank account for your child, only set up a savings account and make sure there is no overdraft protection included.
  • Monitor your child’s credit as you do your own. If you wait until you see a red flag, a lot of damage may have occurred, and often you’ll see no red flag at all until your child seeks credit. Running a credit report does introduce some risk, but you can mitigate this by freezing their credit. This way, if the very act of checking your child’s credit history generated a credit file you have squashed the chances for abuse. Unfreeze their credit when they do seek out a loan.

Red flags that your child’s financial ID has been stolen

There is no silver bullet to protect your child from ID theft, but there are some red flags:

  • Be suspicious if your child receives any unsolicited credit offers in your child’s name, or notices from debt collectors.
  • Or Someone who has access to the child’s SSN has sudden prosperity
  • Or if you get a  notice from the IRS saying the SSN number you used on your tax return (or on their tax return) is a duplicate number.
  • Or your insurance company denies a claim for your child because they have already covered the procedure.
  • Or the bank notifies you when you go to establish a savings account for your child, that an account using that SSN already exists.
  • Or you receive a warrant for a traffic violation for a child without a drivers license.
  • Or your child is denied government assistance because records show they are already receiving benefits
  • You get a request for a job verification when your child has never had a job

If your child’s credit has been compromised, take immediate action

Report any suspected theft of your child’s financial identity. Use the Federal Trade Commission’s Web site to find and follow the steps needed to report fraud. Or call their toll-free identity theft hotline at 1-877-ID-THEFT (438-4338). THEN call Social Security. You may also want to visit the ITRC’s website for facts and information, or call its hotline at (888) 400-5530.

What’s happening to reduce the risks

The non-profit Identity Theft Resource Center has proposed a solution to the growing problem of illegal use of children’s SSNs: the creation of a Minors 17-10 Database, which would include not only the Social Security numbers, but also first and last names and birth month and year to credit organizations, departments of motor vehicles, and other institutions that require a Social Security number for background checks. The information would be kept on until the child is 17 years, 10 months old. This age was chosen, Foley said, because this is the time when teenagers are putting in paperwork for student loans and other credit forms.

Linda

Comments Off | Linda's Blog | Tagged: , , , , , , , | Permalink
Posted by Linda Criddle

T-Mobile Confirms Biggest Data Breach; Affords Glimpse of Internet’s Financial Underbelly

November 17, 2009

Thousands of personal record details of British T-Mobile customers were stolen and sold by an employee for “substantial sums” to rival carriers putting a spotlight on the unlawful trade in personal data in the UK.

According to an article in the Guardian, the employee allegedly sold the account information to a number of “brokers”, who then resold the data to competing mobile services so they could target T-Mobile customers.

“The number of records involved runs into the millions, and it appears that substantial amounts of money changed hands,” according to Christopher Graham, the UK’s Information Commissioner. “We are considering the evidence with a view to prosecuting those responsible and I am keen to go much further and close down the entire unlawful industry in personal data.”

Pressing for change, Graham said “More and more personal information is being collected and held by government, public authorities and businesses. In the future, as new systems are developed and there is more and more interconnection of these systems, the risks of unlawful obtaining and disclosure become even greater. If public trust and confidence in the proper handling of personal information, whether by government or by others, is to be maintained, effective sanctions are essential.”

Why this matters

It is not just Social Security numbers, account numbers, and driver’s license numbers that have value to criminals and legitimate corporations alike. In the data age, you are a commodity. Every piece of your personal information, your preferences, your relationships to others, your financial value, information about services you currently use, your location, even your emotions has significant economic value.

Given the value of the data the temptation to steal and sell it is huge – there’s a reason that over 340 million personal data records have been breached in the US alone since Jan. 2005.

Companies and criminals purchase this information to help in the design products (including malware), shape and target advertising (and fake ads), even help build socially engineered scams tailored to you.

The Information commissioner is right. Slapping small fines on those who steal and sell consumers private information offers little deterrent when the data sellers can collect premium prices. When the only consequence is a fine, it’s nothing more than another cost of doing business.

In the T-Mobile case, not only should the T-Mobile employee who stole the information receive a strong punishment, the competitors bought the data to poach customers should be charged with purchasing stolen goods.

Without punishing every piece of the “entire unlawful industry in personal data” it will be difficult to make headway against the crimes and protect consumers.

Linda

Comments Off | Linda's Blog | Tagged: , , | Permalink
Posted by Linda Criddle

New tool calculates Your ID Theft Risk

November 3, 2009

newtool1Symantec has released a new Risk Calculator tool that lets you get a sense of how much your information is worth to online thieves, and how at risk you are to having that information stolen.

It’s a useful tool for not only understanding the underground economy, but for reviewing your own online actions from a security perspective.

Linda

Comments Off | In The News | Tagged: , , , , | Permalink
Posted by Linda Criddle

Latest ID Theft Stats

July 27, 2009

Identity theft continues to hold our attention – and rightly so. Here are some recent stats from SpendOnLife.com that bear consideration:

  • There were 10 million victims of identity theft in 2008 in the United States
  • Households with incomes higher than $70,000 were twice as likely to experience identity theft than those with salaries under $50,000
  • Online methods accounted for only 11% of ID theft
  • Stolen wallets and physical paperwork account for almost half (43%) of all identity theft
  • More than 35 million data records were compromised in corporate and government data breaches in 2008
  • 43% of victims knew the perpetrator
  • In cases of child identity theft, the most common perpetrator is the child’s parent
  • 38-48% discover their identity has been stolen within three months, but 9-18% of victims don’t discover problem for four or more years
  • The mean cost per victim is $500

6 steps to reduce your risk of identity theft and deal with the aftermath

  1. Everyone above the age of 14 needs to actively monitor his or her credit history. You have the right to one FREE credit disclosure in a twelve-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax. The easiest way to get these reports is through AnnualCreditReport.com, a service created by these three credit institutions specifically to help consumers get free annual reports. You can also pay credit monitoring services to watch your account for you.
  2. Consider if you want all, part, or none of your information viewable in online directory searches. It usually costs money to keep your information private (often referred to as a privacy tax) but the few dollars it costs may be well worth it to you.
  3. If your identity has been stolen, contact your bank(s) and other financial institutions immediately. Contact local law enforcement and file a report. Contact your insurance company. Freeze your credit with the three credit reporting companies listed above.
  4. If you are a victim of identity theft, go to the FTC’s Identity Theft Web site to get information about additional steps you may need to take.
  5. If your reputation or images have been stolen, contact the Web site where the abuse occurred and where the material is displayed. They should work with you to take it down and discipline the offender.
  6. Identity theft victims should alert their friends and family. Your identity theft means friends and family may also be affected, depending on the information stolen or abused.

Click to read the full data set.

Linda

Comments Off | Linda's Blog | Tagged: , , , , | Permalink
Posted by Linda Criddle

Threat Report – Cybercrimes Continue to Rise in 2009

July 26, 2009

New research just published by Sophos Security outlines the increase in sophistication of cyber attacks and the new vectors criminals are targeting for their exploits. It also points out that it is the US, not some foreign entity, that hosts more malware and distributes more spam than any other country – nearly 3 times the amount of China which ranks second on malware hosting, and 50% more than Brazil which ranks second in spam.

Sobering statistics from their report:

  • 23,500 new infected web pages are discovered every day. That’s one every 3.6 seconds, 4 times worse than what it was in the same period in 2008.
  • 15 new bogus anti-virus vendor websites are discovered every day. This number has tripled, up from an average of five detected per day, during 2008.
  • Approximately 6,500 new spam-related websites are discovered every day – accounting for one new website every 13 seconds, 24 hours a day. This figure is almost double what it was in the same period in 2008.
  • Over 99% of spam is sent from home computers that have become part of botnets because they were not properly protected with up-to-date anti-virus software, firewalls and security patches.

Existing exploits persist, and new threats emerge

Data loss/theft remains a top concern in 2009 as many corporations and government institutions have failed to protect employees and customers sensitive information.

Hacking legitimate websites so they distribute malware continues. Infected sites have included government and educational sites that consumers know and trust, yet simply visiting these sites, or downloading materials leaves users infected.

Email attacks continue and an even greater percentage of these come from the US in 2009 with 15.7% as compared to 14.9% in the same period in 2008.

Criminals have begun to leverage social networks in a concerted way to expand their methods of exploitation. Sophos found that 25% of businesses have been the victim of spam, phishing or malware attacks generated through networks like Twitter, Facebook, LinkedIn and MySpace.

2009 has also seen an increase in using USB sticks to spread malware, and hackers are moving beyond traditional programs to find and exploit security holes in programs and tools like Adobe Flash and PDFs.

Digital espionage in the first half of 2009 continued to expand in spite of governments increasing the shutdowns, arrests and harsher sentences for criminals involved in cybercrimes.

Bleak Predictions

Sophos believes Web 2.0 sites like Facebook, Twitter and MySpace will become the primary battleground for malware authors, identity thieves and spammers. Cybercriminals will increase the number of legitimate, but hacked, web pages. The variety, and number of attacks will continue to increase, as criminals find new security holes, adopt new techniques, and create new disguises to infect the unsuspecting. Compromised computers will continue to be the primary source of spam. ID theft will become an even larger problem and will adversely affect customer trust. Email and web attacks will increasingly use Word Documents and PDFs to trigger unseen downloads of viruses and Trojans.

Prevention is better than a cure

The report concludes by noting the current path does not have to continue. Detection of new malware threats is at an all-time high, and with solid security practices, up-to-date security software, and a commitment to stay safe we can go a long way towards defending home computers and business networks.

Click here to read the full report.

Linda

Comments Off | Linda's Blog | Tagged: , , , , | Permalink
Posted by Linda Criddle

Protect your credit: one free step towards peace of mind

January 14, 2007

When did you last check your credit report?

It’s a question I frequently ask audiences, yet invariably only a few hands go up. If I ask when they last checked the credit report for their teen, no hands go up. Why aren’t people checking? The answer appears to be twofold:

  1. It hasn’t become a habit. We lead busy lives and checking credit scores hasn’t yet become part of our things-to-do lists.
  2. People don’t know how to get a credit report, and don’t trust that it’s really free.

Yet you have the right under recent amendments to the Fair Credit Reporting Act to one free credit disclosure in a twelve-month period from each of the three national credit reporting companies—TransUnion, Experian, and Equifax. You can compare your credit reports from all three companies once a year, or you can get a report from each company separately spaced over the year—say Feb 1st from TransUnion, June 1st from Experian, and October 1st from Equifax.

The easiest way to do this is through AnnualCreditReport.com, a service created by these three credit institutions specifically to help consumers get free annual reports. You can also pay for credit monitoring services from each credit reporting company. Decide for yourself if you want to pay for more proactive protection or stick with the free services. [1]

Get a free credit report

First off: get it on your calendar to check your credit and that of any minors over 13 in your care. Then, there are three ways to request all three reports at once from AnnualCreditReport.com:

  • Go to the Web site. Through this highly secure site, you can instantly see and print your credit report.
  • Call toll-free: (877) 322-8228. You’ll go through a simple verification process over the phone after which they’ll mail the reports to you.
  • Request by mail. If you live in certain states, fill out the request form and mail it to the Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. (Get more details.)

Note: Remember that after you request a report, you will have to wait a year to get it free of charge again from the same credit reporting company. (Of course you can pay for a copy of your credit report at any time.)

Review your credit report to see if there are new credit cards, loans or other transactions on your account that you are not aware of.

If you have been a victim of credit card fraud,

If you think your identity has been stolen, here’s what to do:

  • Contact the fraud departments of any one of the three consumer reporting companies
  • Close the accounts that you know or believe have been tampered with or opened fraudulently
  • File your complaint with the FTC.
  • File a report with your local police or police in the community where the identity theft took place.

Get the details at: http://www.ftc.gov/bcp/edu/microsites/idtheft//

Protecting your credit from fraud

Ironically, in spite of repeated measures to congress, no national legislation has been passed to better protect consumers from ID theft. 18 states currently allow you to place an “extended fraud alert” (the term for protection that stays on your account for 7 years) An additional 7 states allow consumers to protect yourself from identity theft or credit fraud AFTER you can prove you’ve already been a victim. (For proof you’ll need an identity theft report that includes a copy of a credit fraud report filed with local, state, or federal law enforcement).

Help change this by contacting your state and national elected officials (click for listing of Senators, representatives) to demand three things:

  • The right to place a freeze on your credit history before you’re a victim to prevent thieves from opening new accounts in your name
  • The right to know if your private information has been stolen or exposed – something businesses are not required to do for citizens in most states
  • Stronger security to protect your personal information, and more help for victims

To learn more about Internet fraud and protecting personal information, read Chapter 14 (“Get Savvy About Financial Scams and Fraud”) in Look Both Ways: help protect your family on the Internet and go to OnGuardOnline.gov.

Linda

[1]

 

Equifax: 1-800-525-6285

Experian: 1-888- 397-3742

TransUnion : 1-800-680-7289

Comments Off | Linda's Blog | Tagged: , , , , | Permalink
Posted by Linda Criddle

An Ominous Milestone: 100 Million Data Leaks

December 18, 2006

Summary:

A sobering milestone was crossed last week when the count of personal records compromised by companies and educational institutions in the last two years alone surpassed the 100 million mark (out of a U.S. population of over 300 million). Of these, educational institutions represent more than 40 percent of known data breaches according to AARP research in July 2006. This is about twice the rate of other government agencies and businesses. Databases maintained by universities and colleges are of particular interest to cybercriminals because of the huge quantity of personal and financial information these contain about students, their parents, and alumni.

Although identity loss does not automatically mean identities stolen, the critical issue is creating the potential for abuse.

“Right now, there is just too much data, and the criminals simply have not figured out a way to commit crimes against a million individuals all at once” says Julie Fergerson, a vice president at Debix, an identity protection firm. “At some point organized crime is going to get real organized and actually figure out what to do with the millions of identities and user accounts sitting on these thieves’ computers.” Read the article.

Things to think about when reading this article

  • Congress has been unsuccessful in passing national legislation that will help consumers better protect their data. Only 18 states have passed bills allowing consumers to proactively freeze their lines of credit; seven more allow consumers to freeze credit only after they are victims of identity fraud.
  • Although the loss of your data doesn’t necessarily result in identity theft,  you may find that as thieves get more sophisticated you suffer ID theft many times over as crooks apply for car loans, create fake identity cards, steal your medical record or play  confidence tricks—all using your good name.
  • You need to actively monitor your credit history. See my blog, “Protect your credit,” to learn more on how to do this, and to demand better consumer protection.

To learn more about how to protect your information read Chapter 14 (“Get Savvy About Financial Scams and Fraud”) in Look Both Ways: Help protect your family on the Internet.

Comments Off | In The News | Tagged: , , , | Permalink
Posted by Linda Criddle

Follow

Get every new post delivered to your Inbox.

Join 1,753 other followers