Cyber Monday Sales Skyrocket – Now Watch Those Credit Card Statements

December 3, 2011

It has been a profitable week for retailers. According to comScore, online sales rose 22% to reach a new all-time single day high of $1.25 billion. A separate report by IBM’s Benchmark research firm, reported a 33% Cyber Monday increase, but didn’t provide an actual dollar value.

The volume of internet sales highlights the comfort consumers have with online shopping, whether that is via computer, or increasingly, through mobile transactions. Last year 2.3% of Cyber Monday shopping occurred via mobile phone, this year that has increased to 6.6%[i].

Yet in spite of the convenience online shopping offers, too few consumers have adequately protected their devices or their information, too few carefully research the stores and store policies on sites they use, and during this busy season many will fail to closely monitor their credit card statements for signs of fraud. And the crooks are counting on these gaps.

To be safer when shopping see the blog I posted last week titled 6 Steps to Avoiding Black Friday Scams, but after you’ve shopped, stay alert. Watch your credit card statements. Check your credit scores. And act swiftly if something seems amiss.

Take 8 immediate steps if you discover that you have been the victim of identity theft:

  1. Contact the fraud departments of any one of the three consumer reporting companies:
    1. TransUnion: 1-800-680-7289;; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
    2. Equifax: 1-800-525-6285;; P.O. Box 740241, Atlanta, GA 30374-0241
    3. Experian: 1-888-EXPERIAN (397-3742);; P.O. Box 9554, Allen, TX 75013
  2. Close any account that you know or believe has been taken over, or been opened by, ID thieves.  Your credit card companies have 24 hour call service where you can report the theft or abuse of your card. Check the statements of any other credit cards you have to see if the thieves have also compromised those cards.  Ask your credit card company to send you any dispute forms you may need to fill out.
  3. Check your credit report to look for credit cards or loans you did not open. By law you have the right to three free credit reports per year; from Experian, Transunion, and Equifax. If you have already used these free reports, pay the few bucks to get your credit scores checked again.All three credit bureaus work together through a website called so you can quest one, or all three reports at once in one of the following ways:
    1. Go to the Web site. Through this highly secure site, you can instantly see and print your credit report.
    2. Call toll-free: (877) 322-8228. You’ll go through a simple verification process over the phone after which they’ll mail the reports to you.
    3. Request by mail. If you live in certain states, fill out the request form and mail it to the Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. (Get more details.)
  4. File a complaint with the FTC. A typical police report doesn’t contain the details about fraudulently opened accounts or accounts used by ID thieves. By reporting the ID theft to the FTC and filling out an ID Theft Complaint, you can add the supporting detail to a police report that is necessary to making it an Identity Theft Report.
    1. What should I know before filling out the FTC’s ID Theft Complaint Form?
    2. Instructions for completing the ID Theft Complaint Form
    3. What should I know once I’ve filled out and printed the FTC’s ID Theft Complaint Form?
  5. File a report with your local police. Filing a police report helps document that the crime occurred. Call your local law enforcement office and ask if you can come in and file the report in person or if this needs to be done online or by phone. Some jurisdictions are reluctant to let you file a report, so you may have to contact your state Attorney General’s office to learn whether the law requires the police to take your ID theft report. To find the contact information for the Attorney General in your state you can check
  6. Notify your health insurance carrier. Identity theft can also be used to commit medical fraud where someone poses as you to have medicines, checkups, even surgeries performed in your name. By contacting your insurance provider, you alert them to take extra precautions and can help prevent receiving a bill for someone else’s medical expenses.
  7. Set up a fraud alert. There are two kinds of fraud alerts, an ‘initial fraud alert’ that stays on your credit report for 90 days, and an ‘extended fraud alert’ that stays on your credit report for 7 years.You can set up an initial fraud alert the moment you suspect trouble – you can’t find your wallet, or you think you have been or will be a victim of ID theft (for example, you receive a notice from a company or bank you use notifying you that their data center has been breached and your information may be compromised).  With this initial alert in place, potential creditors have to take additional precautions to be sure that new credit isn’t given to the ID thieves by verifying your identity.

    To set up an extended fraud alert you have to have been a victim of ID theft and be able to prove this by showing one of the credit scoring companies your Identity Theft Report (see step #4). When an extended fraud alert is in place, creditors are required to contact you or meet you in person to verify your identity before they can extend credit.

  8. Stay alert. Watch for additional signs of identity theft like:
    1. False information on your credit reports, including your Social Security number, address(es), name or employer’s name.
    2. Missing bills or other mail. If your bills don’t arrive, or come late, contact your creditors. A missing bill may indicate that an ID thief has hijacked your account and changed your billing address to help hide the crime.
    3. Getting new credit cards sent to you that you didn’t apply for.
    4. Having a credit approval denied or being subjected to high interest rates for no apparent reason.
    5. Receiving calls or notices about past due bills for products or services you didn’t buy.

Once your identity has been stolen, you should also consider subscribing to a service that will constantly monitor your credit and alert you if something changes. Even though you change your credit card number, you aren’t likely to have changed companies, or changed your name, your social security number, your address, etc., and it is a stupid criminal who throws away such valuable information. In all likelihood, you will remain more vulnerable to future attacks and should monitor and protect accordingly.




2011 National Gang Threat Assessment – Emerging Trends and The Internet

November 7, 2011

The FBI’s National Gang Intelligence Center (NGIC)has just released their 2011 gang assessment and trends report view printable version (pdf), and it is another sobering read, particularly as it highlights the ways and means in which gangs are leveraging internet technology to expand their reach and the types of crimes they commit.

Here are the reports key findings:

Gangs are expanding, evolving and posing an increasing threat to US communities nationwide.

Many gangs are sophisticated criminal networks with members who are violent, distribute wholesale quantities of drugs, and develop and maintain close working relationships with members and associates of transnational criminal/drug trafficking organizations.

Gangs are becoming more violent while engaging in less typical and lower-risk crime, such as prostitution and white-collar crime. Gangs are more adaptable, organized, sophisticated, and opportunistic, exploiting new and advanced technology as a means to recruit, communicate discretely, target their rivals, and perpetuate their criminal activity. Based on state, local, and federal law enforcement reporting, the NGIC concludes that:

  • There are approximately 1.4 million active street, prison, and OMG gang members comprising more than 33,000 gangs in the United States. This represents a 40 percent increase from an estimated 1 million gang members in 2009. Gang membership increased most significantly in the Northeast and Southeast regions, although the West and Great Lakes regions boast the highest number of gang members.
  • Gangs are responsible for an average of 48 percent of violent crime in most jurisdictions and up to 90 percent in several others, according to NGIC analysis. Major cities and suburban areas experience the most gang-related violence. Aggressive recruitment of juveniles and immigrants, alliances and conflict between gangs, the release of incarcerated gang members from prison, advancements in technology and communication, and Mexican Drug Trafficking Organization (MDTO) involvement in drug distribution have resulted in gang expansion and violence in a number of jurisdictions.
  • Gangs are increasingly engaging in non-traditional gang-related crime, such as alien smuggling, human trafficking, and prostitution. Gangs are also engaging in white collar crime such as counterfeiting, identity theft, and mortgage fraud, primarily due to the high profitability and much lower visibility and risk of detection and punishment than drug and weapons trafficking.
  • Many gang members continue to engage in gang activity while incarcerated. Family members play pivotal roles in assisting or facilitating gang activities and recruitment during a gang members’ incarceration. Gang members in some correctional facilities are adopting radical religious views while incarcerated.
  • Gangs encourage members, associates, and relatives to obtain law enforcement, judiciary, or legal employment in order to gather information on rival gangs and law enforcement operations. Gang infiltration of the military continues to pose a significant criminal threat, as members of at least 53 gangs have been identified on both domestic and international military installations. Gang members who learn advanced weaponry and combat techniques in the military are at risk of employing these skills on the street when they return to their communities.
  • Gang members are acquiring high-powered, military-style weapons and equipment which poses a significant threat because of the potential to engage in lethal encounters with law enforcement officers and civilians. Gang members also target military and law enforcement officials, facilities, and vehicles to obtain weapons, ammunition, body armor, police gear, badges, uniforms, and official identification.
  • Gangs are becoming increasingly adaptable and sophisticated, employing new and advanced technology to facilitate criminal activity discreetly, enhance their criminal operations, and connect with other gang members, criminal organizations, and potential recruits nationwide and even worldwide.

Current Gang-Related Trends and Crime

Many gangs have advanced beyond their traditional role as local retail drug distributors in large cities to become more organized, adaptable, and influential in large-scale drug trafficking. Gang members are migrating from urban areas to suburban and rural communities to recruit new members, expand their drug distribution territories, form new alliances, and collaborate with rival gangs and criminal organizations for profit and influence.

Local neighborhood, hybrid and female gang membership is on the rise in many communities. Prison gang members, who exert control over many street gang members, often engage in crime and violence upon their return to the community. Gang members returning to the community from prison have an adverse and lasting impact on neighborhoods, which may experience notable increases in crime, violence, and drug trafficking.

Gang Membership and Expansion

Law enforcement in several jurisdictions attribute the increase in gang membership in their region to the gangster rap culture, the facilitation of communication and recruitment through the Internet and social media, the proliferation of generational gang members, and a shortage of resources to combat gangs.

Nationwide Gang Presence

Source: NGIC and NDIC 2010 National Drug Survey Data

Threat Posed by Gangs, According to Law Enforcement.

The NGIC collected intelligence from law enforcement officials nationwide in an attempt to capture the threat posed by national-level street, prison, outlaw motorcycle, and neighborhood-based gangs in their communities.

Source: 2011 NGIC National data

Gang-Related Drug Distribution and Trafficking

Gang involvement and control of the retail drug trade poses a serious threat to public safety and stability in most major cities and in many mid-size cities because such distribution activities are routinely associated with lethal violence. Violent disputes over control of drug territory and enforcement of drug debts frequently occur among gangs in both urban and suburban areas, as gangs expand their control of drug distribution in many jurisdictions, according to NDIC and NGIC reporting. In 2010, law enforcement agencies in 51 major US cities reported moderate to significant levels of gang-related drug activity.

NDIC survey data indicates that 69 percent of US law enforcement agencies report gang involvement in drug distribution.

NDIC reporting suggests that gangs are advancing beyond their traditional role as local retail drug distributors in large cities and becoming more influential in large-scale drug trafficking, resulting in an increase in violent crime in several regions of the country.4

  • Law enforcement reporting indicates that gang-related drug distribution and trafficking has resulted in an increase of kidnappings, assaults, robberies and homicides along the US Southwest border region.

Juvenile Gangs

Many jurisdictions are experiencing an increase in juvenile gangs and violence, which is often attributed, in part, to the increased incarceration rates of older members and the aggressive recruitment of juveniles in schools. Gangs have traditionally targeted youths because of their vulnerability and susceptibility to recruitment tactics, as well as their likelihood of avoiding harsh criminal sentencing and willingness to engage in violence.

  • Juvenile gang members in some communities are hosting parties and organizing special events which develop into opportunities for recruiting, drugs, sexual exploitation, and criminal activity.

Gang Alliances and Collaboration

Collaboration between rival gangs and criminal organizations and increased improvement in communications, transportation, and technology have enabled national-level gangs to expand and secure their criminal networks throughout the United States and in other countries. 

Gang Sophistication

Gang members are becoming more sophisticated in their structure and operations and are modifying their activity to minimize law enforcement scrutiny and circumvent gang enhancement laws. Gangs in several jurisdictions have modified or ceased traditional or stereotypical gang indicia and no longer display their colors, tattoos, or hand signs. Others are forming hybrid gangs to avoid police attention and make to it more difficult for law enforcement to identify and monitor them, according to NGIC reporting.

Many gangs are engaging in more sophisticated criminal schemes, including white collar and cybercrime, targeting and infiltrating sensitive systems to gain access to sensitive areas or information, and targeting and monitoring law enforcement.

Gangs and Alien Smuggling, Human Trafficking, and Prostitution

Gang involvement in alien smuggling, human trafficking, and prostitution is increasing primarily due to their higher profitability and lower risks of detection and punishment than that of drug and weapons trafficking. Over the past year, federal, state, and local law enforcement officials in at least 35 states and US territories have reported that gangs in their jurisdictions are involved in alien smuggling, human trafficking, or prostitution.e

Alien Smuggling

Many street gangs are becoming involved in alien smuggling as a source of revenue. According to US law enforcement officials, tremendous incentive exists for gangs to diversify their criminal enterprises to include alien smuggling, which can be more lucrative and less risky than the illicit drug trade. Over the past two years numerous federal, state, and local law enforcement agencies nationwide have reported gang involvement in incidents of alien smuggling. In some instances, gang members were among those being smuggled across the border into the United States following deportation. In other cases, gang members facilitated the movement of migrants across the US-Mexico border.f

An immigrant is smuggled in a vehicle

In October 2009, ICE agents in Los Angeles, California, arrested suspects linked to a drug trafficking and alien smuggling ring with close ties to the Drew Street clique of the Avenues (Sureño) street gang in Los Angeles. The ring allegedly smuggled more than 200 illegal aliens per year into the United States from Mexico, concealing them in trucks and hidden compartments of vehicles and then hiding them in a store house in Los Angeles

Source: FBI

Human Trafficking

Human trafficking is another source of revenue for some gangs. Victims—typically women and children—are often forced, coerced, or led with fraudulent pretense into prostitution and forced labor. Some gangs in the New England area are combining human trafficking and drug trafficking operations, where females are used to courier drugs and participate in prostitution.


Prostitution is also a major source of income for many gangs. Gang members often operate as pimps, luring or forcing at-risk, young females into prostitution and controlling them through violence and psychological abuse. Prostitution is reportedly the second largest source of income for San Diego, California, gangs. According to November 2010 open source reporting, African-American street gangs in San Diego are pimping young females to solicit males.18


Contraband Cell Phones

Smuggled cell phones are a continuing problem for prison administrators in correctional facilities throughout the country. Smuggled cell phones and Smart Phones afford incarcerated gang members more influence and control over street gangs through unrestricted access and unmonitored conversations via voice calling, Internet access, text messaging, email, and social networking websites. Instances of violence directed by inmates using mobile devices are also a growing concern for corrections officials. Incarcerated gang members communicate covertly with illegal cell phones to plan or direct criminal activities such as drug distribution, assault, and murder.

Cell phones smuggled into correctional facilities pose the greatest threat to institution safety, according to NGIC and BOP reporting.

  • In 2010 a New Jersey inmate was prosecuted for using a contraband cell phone to order the murder of his former girlfriend in retaliation for her cooperation with police regarding an investigation involving the inmate.

The majority of illegal cell phones in California prisons are smuggled in by visitors or correctional staff. Many cell phones have also been discovered
in legal mail and quarterly packages. In 2010, more than 10,000 illegal cell phones were confiscated from prisoners in California.

Historically, correctional staff who have been caught smuggling phones have been successfully prosecuted only when the phone was connected to a more serious charge such as drug distribution,
and district attorney offices rarely prosecute unless a more serious offense is involved. In March 2011, legislation was approved in the California State Senate to criminalize the use of cell phones in prison, including penalties for both smugglers and inmates.

Sources: US Bureau of Prisons and CDCR; California State Senate Press Release, 22 March 2011

Gangs, Technology, and Communication

Gangs are becoming increasingly savvy and are embracing new and advanced technology to facilitate criminal activity and enhance their criminal operations. Prepaid cell phones, social networking and microblogging websites, VoIP systems, virtual worlds, and gaming systems enable gang members to communicate globally and discreetly. Gangs are also increasingly employing advanced countermeasures to monitor and target law enforcement while engaging in a host of criminal activity.

Internet Use for Propaganda, Intimidation, and Recruitment

According to open sources and law enforcement reporting, since 2005, MDTOs have exploited blogs and popular websites like YouTube and MySpace for propaganda and intimidation. MDTOs have posted hundreds of videos depicting interrogations or executions of rival MDTO members. Other postings include video montages of luxury vehicles, weapons, and money set to the music of songs with lyrics that glorify the drug lifestyle. While some of these postings may offer specific recruitment information, they serve more as tools for propaganda and intimidation.
Gang members routinely utilize the Internet to communicate with one another, recruit, promote their gang, intimidate rivals and police, conduct gang business, showcase illegal exploits, and facilitate criminal activity such as drug trafficking, extortion, identity theft, money laundering, and prostitution. Social networking, microblogging, and video-sharing websites—such as Facebook, YouTube, and Twitter—are now more accessible, versatile, and allow tens of thousands of gang members to easily communicate, recruit, and form new gang alliances nationwide and worldwide.

NGIC reporting indicates that a majority of gang members use the Internet for recruitment, gang promotion, and cyber-bullying or intimidation. Many also use the Internet for identity theft, computer hacking, and phishing schemes.

  • According to NGIC reporting, gang recruitment and intimidation is heavily facilitated through the Internet. Gangs use social networking sites such as Facebook to promote their gang, post photos of their gang lifestyle, and display their bravado, which ultimately influences other youth to join gangs.

The proliferation of social networking websites has made gang activity more prevalent and lethal—moving gangs from the streets into cyber space. Gang members, criminals, and drug traffickers are using the Internet not only to recruit and build their social networks, but to expand and operate their criminal networks without the proximity once needed for communication. Likewise, youth in other regions and countries are influenced by what they see online and may be encouraged to connect with or emulate a gang, facilitating the global spread of gang culture.

According to information obtained from multiple state and federal law enforcement sources, incarcerated gang members are accessing micro-blogging and social networking web sites such as MocoSpace and Twitter with smuggled prepaid cellular telephones and using the messaging features to coordinate criminal activity.

Street gang members are also involved in cyber attacks, computer hacking, and phishing operations, often to commit identity theft and fraud. 

Gangs and White Collar Crime

NGIC reporting indicates that gangs are becoming more involved in white collar crime, including identity theft, bank fraud, credit card fraud, money laundering, fencing stolen goods, counterfeiting, and mortgage fraud, and are recruiting members who possess those skill sets. Law enforcement officials nationwide indicate that many gangs in their jurisdiction are involved in some type of white collar crime.

  • Members of the Black Guerilla Family in Maryland used pre-paid retail debit cards as virtual currency inside Maryland prisons to purchase drugs and further the gangs’ interests, according to August 2010 open source reporting.52

Some gangs, such as the Bloods and Gangster Disciples, are committing sophisticated mortgage fraud schemes by purchasing properties with the intent to receive seller assistance loans and, ultimately retain the proceeds from the loans, or to comingle illicit funds through mortgage payments. Gang members are also exploiting vulnerabilities in the banking and mortgage industries for profit.


Street, prison, and motorcycle gang membership and criminal activity continues to flourish in US communities where gangs identify opportunities to control street level drug sales, and other profitable crimes. Gangs will not only continue to defend their territory from rival gangs, but will also increasingly seek to diversify both their membership and their criminal activities in recognition of potential financial gain. New alliances between rival gangs will likely form as gangs suspend their former racial ideologies in pursuit of mutual profit. Gangs will continue to evolve and adapt to current conditions and law enforcement tactics, diversify their criminal activity, and employ new strategies and technology to enhance their criminal operations, while facilitating lower-risk and more profitable schemes, such as white collar crime.

The expansion of communication networks, especially in wireless communications and the Internet, will allow gang members to form associations and alliances with other gangs and criminal organizations—both domestically and internationally—and enable gang members to better facilitate criminal activity and enhance their criminal operations discreetly without the physical interfacing once necessary to conduct these activities.

Globalization, socio-political change, technological advances, and immigration will result either in greater gang expansion and gang-related crime or displace gang members as they search for criminal opportunities elsewhere. Stagnant or poor economic conditions in the United States, including budget cuts in law enforcement, may undercut gang dismantlement efforts and encourage gang expansion as police agencies redirect their resources and disband gang units and taskforces, as reported by a large number of law enforcement agencies.

Maps. Gang Presence in the United States

FBI Uniform Crime Report (UCR) Violent Crime, 2009


Every 3 Seconds an Identity is Stolen – Don’t Be Next

June 5, 2011

Between careless clicks, falling for scams, and companies’ data breaches, your identity is under escalating threat as crooks find ever more ways to use your information.  In fact, the onslaught is so aggressive that a new Javelin Research 2010 Identity Fraud Survey calculated that a new identity is stolen every 3 seconds.

You are worth a lot of money – even if your wallet is feeling the economic pinch.  It’s not just your financial identity criminals are after, they may also want to impersonate you, steal your medical identity, or go after the identity of your children.

The results of having your identity stolen can be devastating. The FTC’s website lists the following ways in which they are seeing ID thieves use consumers’ personal information:

  • They may call your credit card issuer to change the billing address on your credit card account. The imposter then runs up charges on your account. Because your bills are being sent to a different address, it may be some time before you realize there’s a problem.
  • They may open new credit card accounts in your name. When they use the credit cards and don’t pay the bills, the delinquent accounts are reported on your credit report.
  • They may establish phone or wireless service in your name.
  • They may open a bank account in your name and write bad checks on that account.
  • They may counterfeit checks or credit or debit cards, or authorize electronic transfers in your name, and drain your bank account.
  • They may file for bankruptcy under your name to avoid paying debts they’ve incurred under your name, or to avoid eviction.
  • They may buy a car by taking out an auto loan in your name.
  • They may get identification such as a driver’s license issued with their picture, in your name.
  • They may get a job or file fraudulent tax returns in your name.
  • They may give your name to the police during an arrest. If they don’t show up for their court date, a warrant for arrest is issued in your name.

In addition to these losses, you may have also your social security or other government benefits stolen, your reputation damaged, and your medical records hijacked.

The good news is that you can beat the odds of falling victim with a few basic preventative steps.

What this means to you

Here’s a 12 point checklist to get you started on the road to ID theft protection. If you want more detail, look to for straightforward practical advice on how to

  1. Secure your computers and smartphones with anti-virus, anti-spyware, and tools.
    Keep them current and use them unfailingly-as automatically as locking your door when you leave the house. A computer that does not have security software installed and up-to-date will become infected with malicious software in an average of four minutes. That malicious software will steal your information and put you at risk for crimes.

    1. You must have anti-virus and anti-spyware software installed and up-to-date. If your computer or phone isn’t protected from Trojans, viruses and other malware, your financial information, passwords and identity will be stolen. This concept is so basic, yet only 20% of the US population adequately protects their computers. If the cost of security software is prohibitive, use a free service.
    2. Secure your internet connection – Make sure your computer’s firewall is on. If you use a wireless network it needs to be encrypted so someone who is lurking outside the house can’t collect your information. If you need a free firewall, click here. Never use a public WiFi service for any type of financial transaction or other type of sensitive information transfer.
    3. Use added protection on sensitive financial information with passwords or store on a flash drive, CD or external hard drive For added protection all year, keep your finances inaccessible to anyone who uses (or hacks into) your computer. You can do this by password protecting individual files or folders on your computer, or choose to keep this information on a flash drive or CD that you keep in your safe or other secure location.
  2. Use caution on public WiFi hotspots. Do not log onto sensitive sites (banking, shopping…) from an unsecured connection.  When using a public computer, uncheck the box for remembering your information.
  3. Use strong, unique passwords for every site. Creating strong memorable passwords is easy and can actually be fun – and the payoff in increased safety is big. The key aspects of a strong password are length (the longer the better); a mix of letters, numbers, and symbols; and no tie to your personal information. Learn how with my blog Safe passwords don’t have to be hard to create; just hard to guess
  4. Watch your surroundings. Pay attention to who is around you so that they do not see you type your passwords, credit card numbers, PIN’s, etc., or read sensitive information you may be sharing.
  5. Put a credit freeze on your accounts. Block ID thieves from opening new accounts under your name by freezing or blocking access to your credit files. Learn more about creating a credit freeze here.
  6. Discuss online safety with your family and friends.  Decide together how you will help protect each other’s identity online and set rules that reflect your choices. Decide what information about yourself you are willing to have shared online, and with whom you are willing to share it. This includes asking friends to put your email address on the Bcc: line if they are including you on an email to people that you don’t know. Learn more here
  7. Be selective about who you interact with online and what information you make public.
    1. The risks are relatively low when you stick with people you know—your family, and friends. Going into public chat rooms or opening your blog up to the general public, for example, significantly increases your risk.
    2. Think carefully before you post online any information that can personally identify you, a family member, or friend on a public site like a blog, in online white pages, on job hunt sites, or in any other place anyone on the Internet can see the information. Sensitive information includes real name, birth date, gender, town, e-mail address, school name, place of work, and personal photos.
  8. Pay attention to messaging risks.
    1. Think twice before you open attachments or click links in messages -even if you know the sender-as these can be used to transmit spam and viruses to your computer.
    2. Never respond to messages asking you to provide personal information, especially your account number or password, even if it seems to be from a business you trust. Reputable businesses will not ask you for this information in e-mail.
    3. Never click on links provided in messages, unless you are sure of the sender. Instead, use a search engine to find the website yourself.
    4. Don’t forward spam. Whether it’s a cute ‘thought of the day’, ‘set of jokes’, ‘amazing photo’,  ‘recipe tree’ or similar email, if you don’t personally know the sender the email is surely a scam designed to collect the email accounts – and relationships – of everyone you share it with.
  9. Don’t trade personal information for “freebies.”   Online freebies come in two forms:
    1. The free games, free offers, and ‘great deals’. Just as in the physical world, if these types of offers sound too good to be true, they probably are. Not only will these collect and sell your personal information, these ‘deals’, and ‘free’ applications are usually riddled with spyware, viruses or other malicious software.
    2. Through survey’s, sweepstakes, quizzes, and the like. These marketing tools are designed for one purpose – to get as much information from you as they can, so they can sell that to interested parties. Even the most innocuous ‘survey’s learn far more than you imagine, and they may give you malicious software or download tracking cookies, so just skip these entirely.
  10. Check your credit reports.  Under the Fair Credit Reporting Act, you have the right to one free credit disclosure in every 12-month period from each of the three national credit reporting companies: Experian –, Equifax –, TransUnion –
    1. Request a free credit report from one of the three companies for yourself, your spouse, and any minors over the age of 13 living at home to check for credit fraud or inaccuracies that could put you at financial risk. (Although exact figures are difficult to get, the latest data shows that at least 7 percent of identity theft targets the identities of children.) The easiest way to do this is through
    2. You can also pay for credit monitoring services that will alert you to any suspicious activity or changes in your credit scores.
  11. Trust your instincts.   Online and offline, your instincts play a critical role in your protection. If something feels ‘off’, go with your instinct. You don’t have to explain your reasoning to anyone.
  12. Shred sensitive documents. Do not just throw bank statements, bills, or other sensitive material in the garbage.

If your identity has been stolen or compromised, take action.

If your identity has been stolen or compromised, act immediately.

  1. Contact your credit card companies and financial institutions of all affected accounts. Monitor your accounts closely for any fraudulent charges or withdrawals and notify the companies immediately.  Check to ensure charges are removed from your account, and retain documents of the incidents.
  2. If your Social Security number has been compromised, contact the Social Security Administration Inspector General, they will determine if you need to get a new number.
  3. Alert the credit bureaus and request a fraud alert be placed on your accounts. This will require that companies call you before opening a line of credit.
  4. Report the incident to the police. You should be asked to fill out an identity theft report, and you’ll want to keep a copy of that report as you may need to show this to prove to creditors that your identity was indeed stolen.
  5. If the problem is large, consider hiring a service that helps restore your credit.
  6. Recognize the emotional impact ID theft may have on you.  Given the severity of an incident, and whether you knew the person who stole your identity or not, the emotional toll of dealing with ID theft can be high. Be sure to take care of yourself and to reach out to others for support if needed.

Additional Resources:


Oops! Sony did it Again….Another 24.6 Million Accounts Exposed

May 13, 2011

Another week, another security breach announcement from Sony.  The first breach compromised 77 million Sony consumers – add 24.6 million additional compromised users with this latest announcement and the total users affected is over 100 million. The company has also disclosed that 12,700 accounts included credit card numbers – though none from U.S. consumers as if that makes a difference.

There are several reasons to be frustrated with Sony’s behavior:

1)      Delayed notice. Sony chose once again to delay informing users about this second breach of their data records when every day that goes by counts. The value of a stolen credit card number decreases daily after the theft is discovered as users scramble to notify banks of the risk, but consumers can’t react to a risk unless companies inform them of a breach. Waiting a week after the first incident, and nearly two weeks after the second incident represents a careless disregard of the risk to users.

According to testimony Sony provided to a House hearing (the company chose not to attend in person) Sony said that it waited to inform consumers until it had more complete information on the attack, and that they have not received any reports of fraudulent credit card transactions linked to the attacks.

Well gee whiz. If you don’t inform the users of a risk, they are less likely to be watching for, or discovering, fraudulent charges.

2)      Cavalier response Sony chose to first notify their users via a company blog – if users didn’t actively go to the Sony site, they had no way of discovering their data was at risk until the media broadcast the breach.  When a company knows they’ve exposed their consumers to risk, and know exactly how to contact their users – including the names, addresses and email aliases – failing to email or use other means to contact each user immediately is shocking, careless, and disrespectful.

This isn’t 1980 when it could take a company a week to get their notification content approved through a slew of PR and legal folks, then another week to send and get back the material from a printing service, then a week to stuff and address 100 million+ envelopes, and possibly another week before the notices to arrive to consumers via snail mail.

Sony has earned every criticism aimed in their direction over the blatant delays and disregard they’ve shown their users safety and privacy and put their brand name in the toilet.  As Rep. Mary Bono Mack (R-Calif.) put it, Sony’s efforts were “half-hearted, and half-baked.”

3)      Pitiful “restitution”.  In Sony’s blog after the first data breach, they dumped the onus of defending against potential fraud on users. By collecting and storing consumer information the company took upon itself the responsibility for the safety and security of that information.

Yet, in these three paragraphs of that first blog Sony distances themselves from responsibility by urging consumers to be vigilant without stepping up to provide protection.

This tune has changed somewhat. In a blog released today, Sony Corp. Chief Executive Howard Stringer apologized to users for their “inconvenience and concern” and announced the launch of an identity theft protection program for U.S. account holders.

The service includes a $1 million identify theft insurance policy and will be free for 12 months after enrollment.

While it’s poor etiquette to look a gift horse in the mouth, let’s be clear this is program is neither a gift nor a horse. More like a Band-Aid and a donkey.

When any company collects your information and then fails to protect it, you should darn well expect ID theft insurance as a minimum, and without a paltry 12 month limit. Their loss of your information may expose you to increased risk of ID theft, targeted scams, and reputational damage for years, even for the rest of your life.

Think about it. You may jump to change your credit card number, and hopefully you’ll change passwords. But you can’t change your date of birth, and you aren’t likely to change your name or address. In fact, few of you will even consider changing email aliases. What this means is that crooks have all the key pieces of information needed to continue targeting you. Only really stupid criminals throw away information about you, it is likely to get sold, resold, repurposed, and accessed many, many times.

Other ways to discover that this horse is really a donkey is by looking into exactly what that $1million ID theft insurance policy does and does not cover. That insurance is likely only going to help you with financial ID theft, but how that term is defined is worth understanding.  Does it only cover credit card charges and credit restoration costs?

Will it cover you if you fall for a carefully crafted, personalized scam that leveraged the stolen information? Will it cover the potential reputational damage of having your accounts manipulated in unflattering ways? Or loss of business profits if information from one of your accounts that used the same password is also exposed? If you are like the vast majority of users who use a single password on all or many of your accounts the damage could be far reaching.  Will this policy cover the costs of trying to recover compromised information that is not financial in nature – i.e. if the hackers gained your password, and you used that same password on your Facebook account where now your family photos have been stolen, will they take care of the recovery/takedown of these images posted elsewhere?

Few users really understand the potentially far reaching risk ripple effect these types of data breaches may have on you – and beyond you. The theft of your personal information may increase the risk of ID theft and fraud to your family members and friends.

A criminal may use your information as a means of building trust with their next victim – your family member or friend.  If a criminal knows your name then your children may be at increased risk because crooks will know the answer to that frequently used ‘security question’ of what is your mother’s maiden name. They may use the information to identify the addresses and other information of those you live with.

And lest I forget, Sony’s plan to lure distrustful customers to return is to offer users a 30-day membership to their PlayStation Plus service and free entertainment downloads.  Yep, that should just about balance out the risks.

So what can you do?


For a fuller set of recommendations  and how to accomplish them see my blog Sony’s Security Breach, their Delay in Reporting, and their “User’s it’s Your Problem” Stance Deserves close scrutiny.

  1. Be diligent in monitoring your financial and medical identities. The information accessed by these hackers has significant value and criminals will exploit any information they acquire.
  2. Understand the scope of the ID theft problem
  3. Be wary of allowing additional information about yourself be placed online with Sony before better security standards are in place.
  4. Demand better security and accountability of the companies, institutions, and government agencies holding your records.
  5. National requirements for security standards need to be strengthened
  6. Learn to identify scams.

To be clear, it appears at this point that the hackers were very sophisticated, and though Sony has taken steps to further strengthen their security, they have not been accused of being security slackers. Hacks can occur in even tightly secured environments (just ask our military!).

The truly objectionable pieces in these incidents is that not only did Sony fail to protect your data, they failed to take immediate steps to inform consumers, and they did not step up to their responsibility to help users remedy the problem until pressure forced them to change positions – and even now it’s too little and too late.

Let the company know just how unhappy you are, and let your elected officials hear your dissatisfaction along with a request for stronger security requirements and penalties for companies holding consumer data.


How to Securely Erase ALL Your Data Before Recycling or Donating a PC

November 17, 2010

It takes more than simply deleting your files to ready a computer for recycling or donation.

When you use a computer, a lot of different files and traces are created that contain information about your actions, as well as data that you may have created or downloaded including personal and financial information.  Depending on the skill level of the person who takes possession of that donated or recycled computer, elements of this information can be reconstructed and used against you.

For example, it is easy to find an application that can ‘undelete’ files. Using such an application doesn’t require any skill beyond knowing these applications exist. If you’ve just deleted anyone can install an undelete application and recover those files.

Even when you have securely deleted your personal files, your memory dumps, browser history, browser temporary files and cookies can be accessed and used to recover usernames, passwords and other personal data that can be used to take over accounts, steal identities or be abused in other ways.  While not everyone can make sense of this data, but there are enough computer literate crooks that have these skills for you to want to take that gamble.

The best approach is to not take any chances and to thoroughly, securely erase everything. The best way I know for you to do this, is as follows:

NOTE: THIS IS EASY TO DO. If you have ever installed or uninstalled a program, you have all the skills you need.

  1. Save any information you want to keep from your computer to an external location like an external drive, CD’s, Flash drives, or a cloud storage location – after you take the steps outlined below, your information will NOT be recoverable.
  2. Using your file explorer, delete all the files and directories that may contain personal information.
  3. Uninstall any applications you have ever used to access or create personal information.
  4. Run a secure file deletion or computer clean-up application. An excellent choice is the award winning R-Wipe and Clean.
    1. Download the software and install it.
    2. Run the software and check (select) ALL the check boxes on the left column, including the Unused space check boxes (this may seem counterintuitive, but the purpose of wiping unused space is to scramble any underlying data and prevent recovery of deleted files). Look at the graphic below to see all the boxes you need to check/select.
    3. Click “Start now” and let the program run its course.

You’re done.

These four simple steps should give you piece of mind that the computer you are recycling or donating is now free of your personal information.


Florida AG’s Office Estimates over 500k Kids ID’s Stolen Each Year

October 4, 2010

Although statistics are not kept on identity theft victims under 18, estimates indicate the crime affects more than 500,000 children nationally each year, according to the Florida Attorney General’s Office in an article in the Palm Beach Post.

The article goes on to quote Linda Criddle saying:

Children’s SSNs are highly prized because children have no credit history, said Linda Criddle, president of the Safe Internet Alliance in San Diego. She warns that theft of children’s SSNs is on the rise.

The two primary threats to children’s financial identities are family members, even parents, who want to open a new line of credit, and professional thieves who use computers and public information to find SSNs, Criddle said. They use sophisticated programs to search for the numbers through databases kept by schools, doctors and insurance companies. The criminals then sell the unblemished numbers to people who use them to obtain credit cards and rack up huge debts they will not have to repay.

Criddle offers these suggestions to reduce your child’s risk of financial ID theft:

  • Keep Social Security cards locked up. These don’t belong in wallets or loose in your home where others may come across them.
  • Tightly restrict sharing your child’s SSN. You may be asked to provide your child’s SSN in many circumstances, such as to enroll him or her for a sports team, or at the doctor’s office. However, you do not need to give their SSN – you can show other evidence of age or information that your health care provider needs for billing.
  • Teach your children not to share their SSNs. When they are applying for jobs, at which point they finally do have to share the number, make sure the employer and company are legitimate so the risk of resale is low.
  • When creating a bank account for your child, set up only a savings account and make sure there is no overdraft protection included.
  • Monitor your child’s credit as you do your own. If you wait until you see a red flag, a lot of damage may have occurred, and often you’ll see no red flag at all until your child seeks credit. Running a credit report does introduce some risk, but you can mitigate this by freezing their credit. This way, if the very act of checking your child’s credit history generated a credit file you have squashed the chances for abuse. Unfreeze their credit when they do seek a loan.

To read the full article, click here.


Kids and Financial ID Theft; a Growing Issue

September 11, 2010

Stealing children’s social security numbers (SSNs) to use or sell is not new, but it is becoming more widespread. The problem is expected to get worse before it gets better, according to the Associated Press.

Financial identity theft has grown into a multibillion-dollar problem, and at least 7% of the cases that are reported target children’s identities. The actual number of child victims may actually be much higher, as the theft of a child’s financial identity is often not discovered until the child applies for credit.

It is precisely because kids aren’t seeking credit that make theft of their Social Security numbers so lucrative. The allure of an untainted SSNs (one with no credit problems) is in the opportunity it represents for creating fake lines of credit and charge up high debts.

How kids financial ID theft happens

There are two primary threats to kids’ financial identities. The first comes from family members looking for a new line of credit. They steal their children’s, nieces’ or nephews’, even younger siblings’ identities, primarily to use themselves to create new lines of credit.

The second threat comes from criminal businesses that use computers and publicly available information to find Social Security numbers for which no line of credit has been established. You may wonder how criminals steal numbers that aren’t in any system, but that’s the beauty of it. They don’t have to know whose SSN they’re stealing, they just have to find SSNs that are legitimate and have no credit history.

The way these criminals collect the SSNs is tied to the antiquated method by which SSNs are generated.

SSN’s have three sections; the first three numbers represent the state in which the SSN was issued (after 1972 they represent the zip code). Anything between 001-003 and before 1972 for example, is issued in New Hampshire.

The second set of numbers in the social security string represents a specific window of time during which the number was generated, quickly identifying the age of the legitimate SSN recipient.

The last four digits are the only random numbers – and ironically those are the ones you’re asked to provide most frequently.  Knowing how SSNs are created, criminals can use a computer program anticipate the next set of numbers to be generated, then they can test these to find which are legitimate.

Criminals then take these SSNs and sell them to people who want credit they can use to accumulate huge debts they won’t have to repay. These numbers sell for anywhere between a few hundred to several thousand dollars apiece.

“When a creditor gets a request in with a valid SSN, one that they can confirm has been issued, they don’t get information telling them to whom the number was issued,” says Linda Foley, of the Identity Theft Resource Center (ITRC), an organization that offers counseling and resources to identity theft victims.

“That’s not information Social Security gives out.  Nor is it information that the three credit reporting agencies have access to.”

From that point, it is easy for the thief to put down his name, a date of birth, and a reasonable excuse for why he his Social Security number had been issued recently.

Once the purchaser of the stolen SSN defaults on their loans, the credit line is shut down and that SSN is no longer of use – but serial SSN thieves simply buy a new SSN and continue running up debt. Assistant US Attorney Linda Marshall from Kansas City states, “If people are obtaining enough credit by fraud, we’re back to another financial collapse. We tend to talk about it [identity theft fraud] as the next wave.”

Because SSNs with no credit line often come from young children who have no money of their own, these numbers are ideal candidates for opening a new, unblemished line of credit. Add to that the low likelihood that anyone is monitoring that child’s financial identity, and crooks have a winning combination.

Julia Jensen, an FBI agent in Kansas City, recently discovered a ring of criminals using public searches to identify SSNs without credit lines while investigating a mortgage-fraud case. “The back door is wide open,” she said, comparing the businesses that sell the numbers to drug dealers.

“There’s good stuff and bad stuff,” she said, referring to the value of a stolen SSN. “Bad stuff is a dead person’s Social Security number. High-quality is buying a number the service has checked to make sure no one else is using it.”

Unfortunately, experts say, it’s nearly impossible to prevent the fraud because it’s so easily concealed and targets such vulnerable people.  “There’s no way to protect your child completely,” says Foley.

The difficulty in protecting children’s SSNs and financial identity is multifaceted:

  1. Financial ID thieves are using sophisticated programs to search for dormant SSNs through databases kept by schools, doctors, and insurance companies, which typically require children’s Social Security numbers be provided.  Rapidly evolving methods used for selling the numbers make tracking this kind of theft particularly difficult.
  2. Credit issuers typically do not keep track of the age of Social Security number holders, so they cannot alert families when a child’s number is being used – something Foley’s organization has been trying to change since 2005, and a protection she considers vital for preventing child identity theft on a large scale.\
  3. Even parents who routinely check their own credit information rarely think to check reports for their children, particularly if the children have not yet begun to work. But if a SSN is compromised, criminals can run up tremendous charges in a child’s name.
  4. The methods and locations used to sell SSNs change frequently, and may be camouflaged under legal transactions. Some of these sketchy companies have impressive, high-tech websites. Others advertise on sites like Craigslist.

The impact of financial ID theft on a child

It takes time and a lot of work to restore a financial reputation, and the repercussions of a damaged credit score can impact a child for life. As they seek loans for college, cars, and homes, they may struggle to qualify and be permanently subject to  higher interest and mortgage rates.

Someone has to pay the debts accrued against that SSN. Sometimes it’s the victim or the victim’s family that pays. More often it’s the businesses that sold whatever goods were purchased that get stuck with the costs, which of course get passed on in the form of higher prices for all their customers.

Reduce your child’s risk of financial ID theft

  • Keep Social Security cards locked up. These don’t belong in wallets or loose in your home where others may come across them.
  • Tightly restrict sharing your child’s social security number. You may be asked to provide your child’s SSN in many circumstances like to enroll them for a sports team, or at your doctors office.  However, you do not need to give their SSN, you can show other evidence of age or information that your health care provider needs for billing.
  • Teach your child not to share their SSN. When applying for a job, make sure the employer and company are legitimate so the risk of resale is low.
  • When creating a bank account for your child, only set up a savings account and make sure there is no overdraft protection included.
  • Monitor your child’s credit as you do your own. If you wait until you see a red flag, a lot of damage may have occurred, and often you’ll see no red flag at all until your child seeks credit. Running a credit report does introduce some risk, but you can mitigate this by freezing their credit. This way, if the very act of checking your child’s credit history generated a credit file you have squashed the chances for abuse. Unfreeze their credit when they do seek out a loan.

Red flags that your child’s financial ID has been stolen

There is no silver bullet to protect your child from ID theft, but there are some red flags:

  • Be suspicious if your child receives any unsolicited credit offers in your child’s name, or notices from debt collectors.
  • Or Someone who has access to the child’s SSN has sudden prosperity
  • Or if you get a  notice from the IRS saying the SSN number you used on your tax return (or on their tax return) is a duplicate number.
  • Or your insurance company denies a claim for your child because they have already covered the procedure.
  • Or the bank notifies you when you go to establish a savings account for your child, that an account using that SSN already exists.
  • Or you receive a warrant for a traffic violation for a child without a drivers license.
  • Or your child is denied government assistance because records show they are already receiving benefits
  • You get a request for a job verification when your child has never had a job

If your child’s credit has been compromised, take immediate action

Report any suspected theft of your child’s financial identity. Use the Federal Trade Commission’s Web site to find and follow the steps needed to report fraud. Or call their toll-free identity theft hotline at 1-877-ID-THEFT (438-4338). THEN call Social Security. You may also want to visit the ITRC’s website for facts and information, or call its hotline at (888) 400-5530.

What’s happening to reduce the risks

The non-profit Identity Theft Resource Center has proposed a solution to the growing problem of illegal use of children’s SSNs: the creation of a Minors 17-10 Database, which would include not only the Social Security numbers, but also first and last names and birth month and year to credit organizations, departments of motor vehicles, and other institutions that require a Social Security number for background checks. The information would be kept on until the child is 17 years, 10 months old. This age was chosen, Foley said, because this is the time when teenagers are putting in paperwork for student loans and other credit forms.