Identity Theft Stories

Federal identity theft convictions increased 26 percent in 2007 from the year prior, according to a Bush administration task force report on identity theft unveiled Tuesday.

According to the “Identity Theft Task Force Report,” as many as 1,534 people were convicted in 2006, and a year later, 1,943 were convicted nationwide on various identity theft violations. The report, however, said there are about 1.6 million complaints of identity theft on file with the Federal Trade Commission.

“The profiles, purposes, and methods of the perpetrators are continually changing. Identity theft today can be the product of organized crime rings here and abroad using increasingly sophisticated technologies, such as installing malicious software, phishing, spoofing, and a database hacking, to tap into repositories of consumer data,” the task force wrote.

The 70-page document also includes 31 recommendations to combat identity theft. The recommendations state the obvious, but are important nonetheless. Among them, the task force wants to see a reduction in the use of Social Security numbers in the public and private sectors, more law enforcement training and better cooperation between the states and with other nations.

The report has a couple of interesting recommendations: the creation of a “National Identity Theft Law Enforcement Center” and providing victims of identity theft with a so-called passport “to prove they are who they say they are.”

“Such documentation is particularly important where a suspect has used the victim’s name in the commission of a crime,” the report said. The Identity Theft Center would act as an intermediary among the nation’s 50 states and federal government to investigate identity theft, the report said.

The report also calls for lobbying to “encourage other countries to enact suitable domestic legislation criminalizing identity theft.”

A Review of LifeLock vs Trusted ID

Now that 2008 has reached a new high in security breaches, identity theft protection is on the minds of more people than ever before. Two of the most popular protection plans are LifeLock and Trusted ID. Both of them offer outstanding protection at a reasonable price.

How are LifeLock and Trusted ID the same?

• Fraud Alerts (Called ‘Lender DoubleCheck’ by TrustedID)
• Opt-out of pre-approved credit offers
• Order yearly credit reports
• Have a $1,000,000 warranty
• Wallet protection
• Scan internet black markets looking for misuse of your information
• 24/7 on call helpline

Both services have strong scanning features that watch for your personal information being sold or traded on the black market. They look for your name, DOB, address and social security number. You can give TrustedID your bank account and credit card numbers and they will watch for them, too. You’ll be notified immediately if any activity with your info is found.

Wallet protection is a nice feature. The last time I thought I’d lost my wallet, I went into total panic mode. It’s like losing a part of your life. Knowing you have someone to call who will walk you through the steps necessary to replace your driver’s license and insurance cards, cancel and replace your debit or credit cards. And because you have the identity protection coverage, you’ll also be at less risk for the identity theft that goes hand-in-hand with a stolen wallet.

As you can see, both companies are quite similar and have the same basic features.

Here are a few differences in how their coverage works:

TrustedID sets your fraud alerts for you every 90 days like LifeLock. They also give you the option of placing a security freeze on your credit files if you prefer that. You have to pay the additional fee (usually $10) at each credit bureau to freeze and/or unfreeze your credit. The handy part about this is that they’ll administer this process for you, which can be a real nightmare if you lose your PIN number.

[Keep in mind that with a security freeze, no one can open any new credit – not even you – until the freeze is removed.]

In addition to watching for your information on the black market, LifeLock regularly scans the post office databases looking for a change of address. If they find you in there, they’ll contact you to confirm you made the change. Address changes are a popular way thieves hi-jack your mail and financial accounts.

An unsecure computer is a prime target for hackers and malicious software. Your passwords and email/financial account info are an open book to thieves if your computer gets infected. Trusted ID gives you an anti-spyware program you can install on up to 3 computers. This software is updated each day and is free for as long as you have your TrustedID membership. A good anti-spyware program is about $30 a year, so you’ll be saving the cost of that.

The biggest difference between TrustedID and Life Lock is the way they deal with an actual identity theft. Nothing can 100% stop a determined identity thief, so you get a million dollar warranty with your membership.

LifeLock has a service warranty that does the recovery for you. They’ll hire attorneys, investigators and case managers for you.

TrustedID has an identity theft kit that gives you the step-by-step process of what to do. You’ll be responsible for hiring any outside help but you’ll be reimbursed for expenses – including lost wages for things like having to appear in court to dispute a fraudulent account.

COST

The cost is nearly identical if you want individual coverage. Trusted ID has the better deal on family coverage. All adult family members (including elderly parents) and children living at the same address are covered with one low-priced membership.

PROMOTION CODES AND DISCOUNTS

LifeLock – get a 10% discount and 30 days free – use the promo code – CPA22.

Adult – 16 and over

• $9 per month ($11 per month without coupon)
• $99 per year ($110 per year without coupon)

Children (per kid)

• $2.25 per month
• $22.50 per year

TrustedID – get a 10% discount. Just click here.
No Promotion Code Needed.

Adult

• $90 annual membership ($99 per year without coupon)
• $9 per month ($10 per month without coupon)

Family (all family members included)

• $170.99 per month ($189.99 without coupon)
• $17.99 per month ($19.99 without coupon)

LifeLock and TrustedID are both excellent companies that have stood the test of time. Either of them is a good choice.

I do like the anti-spyware program now included with Trusted ID’s service. I currently pay $30 a year for Spyware Doctor to protect me from all the nasty things trying to get into my computer. TrustedID will save me from having to renew that in a few months.

If you’re looking for coverage for a spouse and/or children, TrustedID has the best pricing available when you take advantage of the discount.

Whichever you choose, you’ll be able to stop worrying about identity theft because you’ll have a good company guarding your back. You’ll have unlimited help if you ever become an identity theft victim and you’ll never have to be alone to figure out what to do to restore your identity.

Republican presidential candidate John McCain made Samuel Joseph Wurzelbacher, otherwise known as “Joe the Plumber,” famous during the October 15 debate with Democrat Barack Obama, and in subsequent television advertisements. Since then, numerous personal details have been disclosed about this working class Ohio guy who did not want pay higher taxes on income over $250,000 that he had not yet earned.

And now, according to the Columbus Dispatch, it appears that government computers in Ohio may have been used to illegally access personal information about Wurzelbacher. In the days after the debate, information on Wurzelbacher’s driver’s license or his sport utility vehicle was retrieved from the Ohio Bureau of Motor Vehicles database three times, the Dispatch reported. With access to such information limited to legitimate law enforcement and government business, state and local officials are investigating whether the information was obtained illegally.

An Ohio spokesman for the McCain campaign told the Dispatch that the information breach may have been politically motivated. The Obama campaign has refuted the claim.

A college student who with her boyfriend stole the identities of friends and neighbors was sentenced Friday to five years in prison and ordered to pay more than $100,000 in restitution.

Jocelyn Kirsch, a former Drexel University student, and then-boyfriend Edward Anderton used the money for expensive salon visits, exotic vacations and fancy dinners.

Federal guidelines called for a prison sentence of 70 months, but U.S. District Judge Eduardo C. Robreno credited Kirsch for her apparent remorse and for her July 14 guilty plea to aggravated identity theft and other counts. Kirsch, 23, and Anderton acknowledged stealing the identities of friends and neighbors in the Philadelphia area in 2006 and 2007 to net more than $116,000 in goods and services.

The scheme unraveled when an employee at an upscale salon told police that a check for Kirsch’s $2,250 hair extension job had bounced. About the same time, a neighbor of the couple told police a package she did not order had been sent to her.

Police released photos showing the two posing in matching red swimsuits by a luxury hotel pool and kissing near the Eiffel Tower. Anderton, a 25-year-old University of Pennsylvania graduate originally from Everett, Wash., is to be sentenced Tuesday.

Deutsche Telekom’s German mobile phone subsidiary T-Mobile lost a disk containing personal information about 17 million of its customers in early 2006, the company said Saturday. Silent about the data loss for more than two years, the company published its version of events on Saturday following a report in German news magazine Der Spiegel that the data were being offered for sale on the Internet. T-Mobile’s data breach appears to be confined to customers of its German subsidiary. Data on the disk included customers’ name, date of birth, address and mobile phone number, and in some cases the customers’ e-mail addresses. No banking details were lost, the company said.

When the loss of the disk was discovered, the company reported the loss to the state prosecutor, and began monitoring Internet forums and sites where such stolen information is offered for sale, it said. T-Mobile found no evidence in the months following the loss that the missing data was on the market, it said.

That changed on Saturday, however, with Der Spiegel’s revelation that the data is now for sale on the Internet. The data for sale includes the home addresses and unlisted phone numbers of many German celebrities, business leaders, billionaires, religious representatives, government ministers and politicians, according to the report.

T-Mobile maintains that there is no evidence that the data has been used to harass or to steal the identity of any of its customers. The company has improved its security procedures since the disk was lost, it said. Those procedures now include the use of stronger passwords and access controls, and the logging of accesses to customer databases. However, no one at the company was immediately available to explain how the loss occurred. Customers worried about the disclosure of their mobile phone number can have it changed for free, the company said.

Deutsche Telekom is also in hot water for paying a little too much attention to the personal details of some of its customers. Its internal security staff are accused of spying on the private phone use of members of its board of directors, whom the company suspected of leaking sensitive information to journalists. The company said in May that it had called for an independent investigation of the affair.

The best defense against ID theft is to be educated on the subject and have a backup plan if someone were to get your personal information. LifeLock is the #1 Identity theft protector and if you would like a discount on a LifeLock membership use LifeLock Promotion code, JBAZ35.

Ten thousand users of LinkedIn, a social networking site for professionals, were recently targeted in a “spear phishing” email scam trying to lure them into downloading a malicious software attachment.

In a blog post Wednesday, Brian Krebs of the Washington Post, who first reported the story, said recipients of the email were addressed by name, aiding in the authenticity of the email.

What sets spear phishing attacks apart from traditional malware attacks is that the sender includes information about the intended target in hopes of lending even more legitimacy to the email, David Marcus, director of security research and communications for McAfee Avert Labs, told SCMagazineUS.com Thursday.

The message was sent from the domain “support[at]linkedin[dot]com” with a subject line of “Re: business contact.”

The email read: “We managed to export the list of business contacts you have asked for.” The message then directed the recipient to open an attachment that was supposedly a list of business contacts that the user requested. In reality, it loaded malicious software to steal data such as usernames and passwords from the victim’s computer.

According to Marcus, the success rate of spear phishing attacks is significantly higher than traditional malicious attacks. Most people have received some sort of spam or phish message reading, “Dear banking customer” and deleted it. But not many people have gotten an email specifically addressed to them, he said.

“The likelihood that you’re going to think its real is certainly going to go up,” Marcus said.

To pull off an attack like this, fraudsters must already have obtained a certain amount of information about their targets, Marcus said.

Generally, an attacker would have acquired a database of information with names, email addresses and other identifying information either through a previous hack or having bought the information from cybercrime markets, he said. The attacker would use that information to craft a legitimate looking email directed to their target.

“It’s certainly troubling that the person who instigated the attack had pieces of information on 10,000 people,” Marcus said.

Attackers are targeting the users of social networking sites such as LinkedIn because members are used to receiving emails from the site.

Marcus recommended that if users receive the phishing scam, they should monitor their bank and credit statements because it means that someone already has some information about them.

Krista Canfield, spokeswoman for LinkedIn, told SCMagazineUS.com Thursday that the emails were not sent by LinkedIn.

“LinkedIn never advocates that its users be ‘open networkers,'” Canfield said in an email. “In fact, it can be downright dangerous. We always advocate that our users keep their network tightly knit. Users should only connect to people that they know and trust, or people that they have actually met and worked with before.”

Submitted by Philip G. on Friday, 10/10/2008 – 8:17pm.

Last year in late November I was the victim of identity theft, my SS#, DOB, Mother maiden name, Discover Card number and security check were comprised and used to change address information at Discover Card’s web site.

I was called in early December from Discover Card fraud asking me if I had made some purchases (at a major computer manufacturer) and had I recently changed my address at their web site. The answer to both was no. I was informed that someone had made purchases using my account and changed the mailing information on my account at their web site. In order to do this the individual had to have had the above information to change the password at Discover.

Two ways this could have happened I had applied for a store Credit Card (national chain) using my Discover Card as a credit reference. Or the Saturday before the incident I tried to log into the Discover web site and could not because my password did not work. I didn’t think anything of it since it seems at different sights you cannot use the same characters to create a password. So I went through their checks to change it, this required the above information.

So my current account was closed, and a new one opened for me. I was informed there would be an investigation as to what happened. I called back after a couple days only to find the account had not been given to a specialist yet. In the mean time I provided the individual with all the information I had including; order numbers, rep I talked with from the computer manufacturer, phone of their fraud rep etc. and what I thought could have happened.

In the mean time I found out from a rep we could place alerts with the 3 major credit-monitoring services. We also checked with any other financial account if anything had happened with them. I established a account monitoring with one of the credit services in case this info was used to get a new card of some type. I filed reports with the local police and the FTC.

I felt I did as much as I could and left the investigation to the pros, sure. This week (1/2/2006) I got a letter from Discover saying they were closing the case because the old account was closed a new account was opened and financial loss had been recovered.

Short version; they got their money back and don’t care that somebody stole my personal information. When I called them and questioned the rep and her supervisor, I was informed any further investigation would have to be done by my local police agency.

Why is there identity theft, because all this credit card company cared about was recovering their funds. They didn’t pursue any of the leads I gave them; they didn’t contact the other manufacturer or my local police and try to resolve the bigger issue. They didn’t want to find the person who did this. They just wanted their money back.

If my account information had been changed weren’t they able to follow up on it. They had the order number and reps name from the computer manufacture but didn’t follow up on it. They didn’t contact my local police even when they were provided with the case report and officers name. It was like it was a dead end, they got their money back and that was all they cared about. We used to use their card as our first choice, but as I told them it just became our last choice.

Submitted by Brian P. on Tues, 9/23/2008 – 12:07pm.

The first I knew about it was a phone call. My girlfriend admonished me for succumbing to the temptations of Facebook, a website whose poisoned fruits I had previously said I found unappealing. I stood accused of two crimes: a lack of willpower and a failure to confess. Not guilty on both counts, I pleaded.

Alas, I was the victim of a fraud. Somebody, somewhere – and believe me, I’m pretty sure I know who you are – had launched a vendetta. They hated me. And what a visceral, calculating and malicious hate it was.

A profile was launched under my name which gave personal details including my sexuality, relationship status, political views and date of birth. Thirteen friends, online nuts all, had befriended whoever was pretending to be me. They included people with whom I have made a concerted effort not to remain in touch. Goodness knows what messages passed between them and my usurper.

Did my online self profess love to an ex-girlfriend? Did “I” tell an old schoolmate that I never really liked him anyway? Once I reported the fraud, Facebook removed the profile – although not without delay. I was assured that a block would be put up to stop anyone else stealing my identity online.

In the following months, four profiles of me, each with subtly differing labels, but each including my first and second name, were uploaded onto the site, and simmered there for several months despite repeated requests to Facebook for their removal.

More recently, a named woman set up a fan club called “Amol Rajan fanclub” [sic], with the description “Just for Fun”. It contained a highly defamatory and professionally damaging biography of me that was soaked in false information.

Another profile, which makes reference to my last job, is still active. It is now customary to describe Facebook as a modern miracle.The wealth of Mark Zuckerberg, its 24 year-old billionaire founder, does much to give that cliché merit. Online social networking is having a profound effect on the way in which people communicate, chiefly by substituting virtual association for real friendship. In so doing, it is also redefining friendship, giving it more porous boundaries and relaxing the rules by which two people, or a group, interact. In this respect, as in others, the Facebook phenomenon merits both close attention and respect.

Politicians who have their wits about them know it cannot be ignored; witness Barack Obama’s extraordinary fundraising prowess, which owes a substantial debt to the capacity of online networking.

Nevertheless, a skeptic should risk sounding priggish in highlighting attendant dangers, to whose existence Matthew Firsht for one can testify.

At present, there are almost no impediments to online identity theft. That means those with a vendetta, such as Grant Raphael, can infect personal relationships and ruin careers. Online networking also destroys the boundary between public and private. My public identity becomes not so much a consequence of my achievements as of your dodgy snaps from last Friday.

Little would be achieved in wishing Facebook away. In dissolving the boundaries between people in a shrinking world, it is a marker of modernity. But it cannot fulfill its potential, and it could cause immense damage, if users abandon their skepticism, or thieves remain free.

Submitted by Mary M. on Tues, 9/02/2008 – 10:47am.

With ID fraud on the rise, the assumption is you’ll lose money which can be claimed back. But Simon Bunce lost his job, and his father cut off contact, when he was arrested after an ID fraudster used his credit card details on a child porn website.

Simon Bunce used to be a keen internet shopper, delighted to escape the hordes and have goods delivered to his door. Wary of fly-by-night operators, he bought only from big name retailers with secure websites.

But then, four years ago, he was astonished to find himself embroiled in Operation Ore, the UK’s largest ever police hunt against internet paedophiles. He was arrested on suspicion of possession of indecent images of children, downloading indecent images of children and incitement to distribute indecent images of children.

Hampshire Police took away his computer and data storage devices including flash drives, CDs and floppy disks, as well as examining the computer and storage devices that he used at work.

The effect was devastating. When his employers became aware of the reason he had been arrested, he was abruptly dismissed from his £120,000 a year job, and close members of his family disowned him.

“I made the mistake of telling my father, and he cut me off,” Mr Bunce says. “He then told all my siblings and they also cut us off.”

Suddenly deprived of his income, Mr Bunce had to consider selling the family home. But his wife, Kim, stuck by him, and supported his mission to clear his name.

Mr Bunce knew he was innocent – he had never downloaded indecent images, and so he knew that the police would not find any evidence on the computers or storage devices they had taken away.

But the police’s computer technicians take several months to examine these, and Mr Bunce could not afford to wait to repair the damage done to his reputation. “I knew there’d been a fundamental mistake made and so I had to investigate it.”

Identity fraud occurs when personal information is used by someone else to obtain credit, goods or other services fraudulently. Recent surveys suggest that as many as one in four Britons have been affected by it. In 2007 more than 185,000 cases of identity theft were identified by Cifas, the UK’s fraud prevention service, an increase of almost 8% on 2006.

Tarnished name

Operation Ore targeted suspected paedophiles believed to have been downloading indecent images of children, those whose credit card details had been used to buy pornography via an American portal called Landslide – the gateway site and central credit card handler for hundreds of websites.

Hundreds of successful prosecutions ensued, with extensive media coverage given to high profile suspects, including actor Chris Langham of The Thick of It.

As Landslide was based in the United States and under investigation there, Mr Bunce was able to use the US Freedom of Information Act to obtain a complete copy of all of the relevant material, including databases, access logs and credit card information, together with detailed information of the webmasters, which allowed him to find out how his credit card details had been used.

Each computer has a unique internet protocol number, or IP address, which identifies the specific computer and its geographic whereabouts whenever it is used to access the internet.

Mr Bunce discovered that the computer used to enter his credit card details was in Jakarta, Indonesia, and the date and time that his credit card details were entered onto the Landslide website was at a time when he could prove that he was using the same card in a restaurant in south London.

“I can’t be in two places at once, so somehow my data had got to the man in Indonesia.”

He was also able to discover that his credit card details had been obtained from a popular online shopping site, but he doesn’t know how these came to be in the hands of a criminal.

The man responsible for using his credit card details hid behind the online name “Miranda” – a webmaster who hosted and produced pornographic websites and received a commission from Landslide for subscriptions to his website which were paid by credit card. “Miranda” had used Mr Bunce’s credit card details – without his knowledge – to take out a subscription to one of his websites.

Cash convert

In September 2004, the police told Mr Bunce they would not proceed with any action against him. They had not found indecent material, and accepted that it wasn’t him who had entered his credit card details on the Landslide website.

It took another six months before he got another job, earning a quarter of the salary he’d earned before his arrest.

Mr Bunce has also reconciled with his family, having explained to them how he came to be implicated and then cleared. Are bygones bygones? “I’ve forgiven them [my family] – there’s no point in bearing a grudge.”

Four years on, he is bringing a High Court action against the shopping website for allowing his personal details to be compromised. So no more internet shopping? “No, no, no. Once bitten, twice shy,” says Mr Bunce, who now sells encryption services.

“I wouldn’t say that I live in the cash economy now, but I’d rather go to the bank to withdraw money to buy petrol, as you hear of card details being harvested at garages. I’m paranoid about data security. I shred everything, I never use credit cards anymore.

“Being arrested and accused of what is probably one of the worst crimes known to man, losing my job, having my reputation run through the mud, it’s a living nightmare.”

The number of reported data breaches has been soaring, with the figure from the first six months of 2008 some 69 percent higher than the number from the identical period last year. Among those were little-known recent breaches of Facebook, H&R Block and BearingPoint.

The report from the non-profit San Diego-based Identity Theft Resource Center lists 342 data breaches since Jan. 1, 2008. Of those 342 breaches, about 12 percent were cyber thieves, 16 percent were insider theft, 15.2 percent were accidental exposure and 13.5 percent were subcontractor issues. Also, about 20 percent of the data breaches involved data “on the move,” referring to laptops, thumb drives or PDAs.

The Identity Theft Resource Center “data breach count has reached an all-time high,” the report said. “The actual number of breaches is more than likely higher, due to underreporting, and the fact that some of the breaches reported, which affect multiple businesses, are listed as a single event.”