Article: Identity theft risk greatest in major cities

News.com reports: Identity theft risk greatest in major cities

“Residents of New York, Detroit and Los Angeles are the most at risk of having their identity stolen, according to new research.” Other states with low rates of identity related fraud are Wyoming, Vermont and Montana.

“Moving is a very dramatic way to reduce your identity risk. It is more appropriate for people to understand the risk of their area and to take the appropriate precautions.”

I’m a bit leary to believe this is entirely true. Consider the far-reaching nature of electronic identity theft. Consumer Bob could live in Wyoming and use his credit card with a company based in New York. If that company falls victim to losing their consumer data files to a thief, Bob in Wyoming is a risk just like anyone else.

Another scenario. Black hat Ted in Los Angeles calls Vermont Martha and manages to con (”social engineer”) info — social security number, checking account number, etc. — out of her over the phone. Ted can then use that info to portray Martha, open a credit card, ship to another address, etc.

My point… Don’t falsely believe that your safe anywhere you live. Take precautions and be vigilant to guard against bad behavior.

-Roland

Article: ID Theft Growing Concern for MySpace Users

A scam for MySpace users to be aware of and defend themselves against…

Associated Press reports “ID Theft Growing Concern for MySpace Users”

MySpace bills itself as a “place for friends.” Increasingly, it is also a place for unfriendly attacks from digital miscreants on the prowl, luring users to sexually explicit Web sites, clogging mailboxes with spam messages and playing on the trust users have when speaking to “friends” to obtain passwords that could lead to identity theft.

One recent scam works this way: A spammer posts a number of phony profiles featuring pictures of cute women, often promising nude photos. A “friend request” with the woman’s photo is sent to hundreds of users.

Once the fake profile loads, a blue screen descends, saying the profile is protected by the “MySpace Adult Content Viewer.” Unsuspecting users who try to download the viewer instead get a worm that installs adware on their computers.

Social-networking sites make good targets because of the implicit level of trust users have when they’re interacting with “friends.”

Article: Medical Identity Theft: Providence Health’s Serious Pain

Baseline Magazine reports: Medical Identity Theft: Providence Health’s Serious Pain

“A phone call that Tuesday, Jan. 3, 2006 brought news that every CIO dreads. Someone had stolen a computer bag out of a systems analyst’s car four nights before. Gone were 10 computer disks and tapes holding information on what would turn out to be more than 365,000 patients—everything from Social Security numbers and birth and death dates to diagnoses, prescriptions and insurance numbers. Data on doctors was missing, too, including Medicare and Medicaid numbers, state license numbers, names, addresses and phone numbers.”

Employees were foolish and reckless with how they handled the health records…

“At most facilities across the company, employees back up data daily to tapes and disks and send it off to be stored in a secured building, O’Brien says. But at the company’s Home and Community Services unit in Portland, which cares for frail and elderly patients in their homes, employees took the backups home themselves, in their own cars, she says.”

These foolish and careless actions have a significant impact on the company as well. Not only has their reputation been badly damaged, but…

“Providence has spent $7 million so far responding to the breach. “This was not a cheap mistake,” CIO O’Brien says.”

Ultimately consumers end up paying the bill for all this nonsense that could have easily been prevented.

Related Links:

• More articles about careless organizations that allow data to be stolen…

Roland Reinhart is an interactive marketing professional concerned about how companies handle personally identifiable information. His observations can be found at Chaos365.com and AdMadMan.com.

©2006 Roland Reinhart. All Rights Reserved.

Most identity theft begins in the offline world

According to research by Javelin Strategy & Research:

“While keylogging software, phishing e-mails that impersonate official bank messages and hackers who break into customer databases may dominate headlines, more than 90% of identity fraud starts off conventionally, with stolen bank statements, misplaced passwords or other similar means.”

“Shredding financial documents certainly protects you from dumpster divers. Yet only 1 percent of all cases of ID theft employ that technique.”

“In contrast, you’re 15 times as likely to have your identity swiped if your company loses control of its financial records – and 30 times more likely if you lose your wallet. And who are ID thieves? They might be your friends, coworkers, or neighbors. They’re not going through your trash; they’re rifling through your filing cabinet while you’re in the kitchen fixing drinks, or they’re checking out the 401(k) forms you submit at the office. Still, despite the hysteria, only 29 in 1,000 people will ever get their identity stolen.”

Related links:
Protect your privacy at home
Tips to keep your search history private
Protect your personal info. Tips for data safety.

Article: Portrait of an identity thief

I found a thread on Slashdot.org this week: “Portrait of an identity thief” talking about a profile The New York Times did recently on a young man in his early twenties, who scammed hundreds out of thousands of dollars.

NYTimes.com (07/04/2006): Identity Thief Finds Easy Money Hard to Resist

Excerpts…

Identity theft can, of course, have its origins in a pilfered wallet or an emptied mailbox. But for computer-savvy thieves like Mr. Sharma, the Internet has forged new conduits for the crime, both as a means of stealing identity and account information and as the place to use it.

Apparently, he became quite adept at being able to con novice Internet users out of their personally identifiable information. With the money, he acquired better tools to conduct more elaborate online cons.

Among the items seized from his parents’ basement were a computer, two digital cameras, a scanner, nearly 500 blank plastic identity cards with magnetic strips, two Marine Corps ID’s — with Mr. Sharma’s name and photo — and a newer model Eltron photo ID printer. A search of his computer revealed personal identifying information on hundreds of people from across the country.

Take away lessons…

• Use common sense.
• Don’t believe every thing you read online. Be suspicious of any email that asks you for your information, credit card, or to login to your account. Especially watch for misspellings, a common sign of a con. If the email seems legitimate, call the customer service number of the company you deal with to verify.
• Be mindful of social engineering traps. Con artists might call you over the phone for a simple request. Before you realize, you may have given away a piece of private information.
• Look carefully at the Web page url. A common trick is to substitute other characters or numbers in a url. At brief glance, you may not realize the deception. For example, www.aol.com might have a zero substituted for the “O”, or a capital “I” for the lowercase “L”.
• Never, never, never send private details by email, even to close friends or relatives. Although extremely convenient, Emails sent over the Internet are often insecure packets of information that can be viewed or intercepted by people with the right tools. It is better to call the other person and verbally pass confidential information, passwords, etc.
• Watch your home mail box. Put a lock on it if possible, or be vigilant to pick up the mail as soon after the letter carrier has delivered. If you can afford it, a P.O. Box is safer.
• Shred papers and statements before you throw them out. Tear the name and address labels off your magazines, too, before you discard them.
• Watch the gas station attendant or restaurant server when they take your credit card. Some carry special hand held card readers to pull the data off the magnetic strip of your card. Then they sell all that data to some thief with the equipment to manufacture replacement cards with your data on them.

Links…

• NYTimes: Graphic of an identity theft scheme
• Chaos365: Protect your personal information

I hope you find this useful. Please post your opinion.
-Roland

Roland Reinhart is an interactive marketing professional who is concerned about how personally identifiable information is handled. His observations can be found at Chaos365.com and AdMadMan.com.

©2006 Roland Reinhart. All Rights Reserved.