Denise Richardson

Are you Savvy to the dangers of a data breach and the impact of an identity theft?

Mon, 17 Nov 2008 09:36:55 -0500

With the holiday season upon us, it's time to reiterate the importance of safeguarding your data and being alert to the dangers of criminal activity. Criminals want to infiltrate businesses one way or another and sometimes that means recruiting employees and members of the public do the dirty work for them.

Identity thieves often try to find employment at places of business specifically to gain access to sensitive information they can then easily pilfer. But if they can't get in through the front door of a business -there's always a chance they can get in through the back door.

One of their favorite methods of getting their hands on data involves offering employees a "second job" with promises of a lucrative stream of cash in return for passing on stolen information, such as Social Security numbers, credit card and account numbers. This technique essentially accomplishes the task...they get inside a business, university or government agency. This weekend's Associated Press story underscores the importance of being alert to the many of savvy methods criminals use to commit fraud or theft.

This weekend's AP report;

US postal carrier jailed for stealing credit cards on mail route

A Miami federal judge has sentenced seven people, including a postal carrier, to prison for their roles in a credit card and identity theft scheme.

The U.S. Attorney's Office says Dondre Green, a postal carrier, stole credit cards out of the mail from victims who lived on his delivery routes. He then delivered the credit cards to co-conspirators who recruited shoppers to make purchases at local businesses using the stolen cards.

Authorities say they were responsible for more than $150,000 in fraud losses. Green, who organized the scam, was sentenced Thursday to more than four years in prison followed by three years of supervised release.

See earlier blog: Keep your Data (and employees) Safe from Identity Thieves... .

**************************************************

The below story shows just how difficult it is to clear your name once a crime is committed in your name...

The Watchdog: A twist on identity theft

Michael Thomas of Arlington doesn't have a criminal history of his own. Yet, he spent years unknowingly lugging around the rather hefty criminal record of his older brother, Christopher, since 2004, when his brother used his name during a criminal trespassing arrest.

Later, through fingerprints, it was established who Christopher was, but because Michael's name was merged with Christopher's as an alias, the two brothers' histories became one.

Michael Thomas discovered this year, when he was applying for work, that his brother's record is linked to his name in criminal databases. After receiving a rejection letter from UPS based on that criminal record, Thomas, at the urging of girlfriend Kristen Hamilton, decided to try to correct the record that depicts him as his brother -- a convicted felon. Christopher Thomas pleaded guilty to a felony charge of unauthorized use of a vehicle late last year and is serving prison time in Huntsville.

"It's crazy. Not even McDonald's will hire me. I can't even serve burgers," Michael Thomas, 25, and the father of four children, told The Watchdog.

"People want to hire him, but they can't because of the liability," said Hamilton, 22, of Arlington. "It's just not right."

But as the couple, and Watchdog, discovered, separating your record from that of a criminal who has used your name as an alias is no easy task. Read More .

For more info on how criminal identity theft affects innocent victims, see earlier blog:
Identity Theft Victims find Themselves Thrown in Jail over Crimes they didn't Commit; Forced to Prove Innocence!

What happens when your Social Security number is used for employment purposes?
Authorities say $2.6 million in tax payments made to illegal immigrants

Here's a portion of a recent news item: Immigration Reform discussing the hardship caused when your SSN is used by undocumented workers for employment purposes. This practice can leave you in a mess with the IRS.

"...The investigation revealed that more than 1,300 illegal immigrants are suspected of using stolen identities to find work, and then filing tax returns through Amalia's Translation and Tax Services in Greeley.

So far, at least 15 people have been arrested for identity theft or criminal impersonation, and that number will climb. They face deportation in addition to the criminal charges. District Attorney Ken Buck said warrants will be issued for the rest of the suspects over the next year, and more arrests are likely.

It is estimated these suspects have received some $2.5 million in tax returns from the Internal Revenue Service.

Think about it: One tax preparer, 1,300 suspects, $2.5 million. Now, multiply that by the thousands of tax preparers nationwide who have provided a similar services for illegal immigrants. If that could be recovered, it could save the government potentially from the worst economic downturn in history. MORE

Malware Found on University of Florida Servers Compromises 338,000+ Dental School Patients

Fri, 14 Nov 2008 08:49:56 -0500

The University of Florida if notifying 330,000 dental school patients of a recently discovered data breach. The university learned that malware found on their server compromised names, Social Security numbers and other personal information. In addition to the 330,000 people who were notified, another 8,000 individuals whose current mailing addresses couldn't be found were affected by the intrusion, according to the statement and UF hopes the media reports will help in notifying them.

The compromised data, that now places these patients ad risk of id theft, included the names, dates of birth, Social Security numbers, and addresses of current and former College of Dentistry patients dating back to 1990, as well as information about dental procedures in some cases, the university said in a statement.

The data had been stored unencrypted in a database on the breached server In the wake of the discovery of the breach, the university is working to examine nearly 60,000 other computers on its campus to ensure that they aren't similarly vulnerable to security threats.

A spokesperson for the University said "It's unfortunate that like many large institutions we were targeted. We work hard to continually fine-tune our security protections, and maintaining our patients' trust and confidence is of utmost importance," said Teresa Dolan, dean of the UF College of Dentistry. "We cannot stress enough how seriously we take this matter. As soon as we learned of this situation, we launched an investigation and implemented additional safeguards designed to protect personal information. We urge patients to take the preventive steps we've outlined, and want to express our dismay at the inconvenience this occurrence may cause anyone."

An additional 8,248 patients had data stored on the server, but current mailing addresses could not be identified for them. The university is notifying the national media in an attempt to reach them. Most of the patients are from Florida.

The university has established a hotline 1-866-783-5883, to field patient inquiries.

If you believe you may be affected by this latest data breach, take the time to place fraud alerts and/or freeze your credit...and see earlier blog for additional steps you can take to avoid the impact of an identity theft: Are you one of the tens of millions to be notified your information is in the hands of thieves? Do you have a plan of action? .

Police Bust DFW Identity Theft Ring that Stole Data from Military Bases

Thu, 13 Nov 2008 11:57:23 -0500

Authorities have broken an identification theft ring that took in more than $1 million using information from 8,000 sailors and reservists at two Texas military bases.

The ring busted by Dallas police, included a former U.S. Navy petty officer who had been a payroll clerk at the Fort Worth Reserve Joint Reserve Base, police said.

Cora Dixon , 33,who was kicked out of the Navy last year, is accused of engaging in organized criminal activity. Her boyfriend, Seneca Willis, 26, also faces the same charge.

The two were arrested and later released on bail last year. They were formerly of Euless, but they live in DeSoto, according to Tarrant County criminal court records..

Dixon is accused of taking banking and personal information from the sailors and reservists to make fraudulent checks and identification cards. The information was taken from the Fort Worth base and a San Antonio base, authorities said.

Willis is accused of then going to homeless shelters in Dallas and getting several of those residents to cash the fraudulent checks. see more.

***********************************************

Express Scripts offers One Million Dollar Reward

Express Scripts posted a $1million dollar reward for help in catching whoever is trying to extort money from them by threatening to expose millions of patient records. See earlier blog: Express Scripts Reports Blackmail Threats over Data Theft

The company, the third-largest manager of US drug benefits, also reported that someone had written to "a small number" of clients and threatened to release members' personal information. The letters were "similar in form" to one the company received last month that I reported on in earlier blog:

Express Scripts said yesterday, "We hope that establishing a reward will bring forward useful information," said chief executive George Paz in a statement. "We will do what we can to help find those responsible as quickly as possible."

For tips on what to do if you are learn you could be affected by these, or any of the countless "reported" data breaches see earlier blog: What should I do?"

Citigroup Halts Foreclosures as Govt. Unveils Latest Plan to Help Homeowners

Wed, 12 Nov 2008 19:00:13 -0500

Citigroup announced that it would halt all foreclosure activities as it attempts to contact nearly 500,000 homeowners to rework their loans. The plan could lead the bank to renegotiate more than $20 billion in mortgages. The move comes at the same time that the federal government announced new plans to help homeowners by reworking federally guaranteed loans.

Citigroup's announcement will increase the banks efforts to work with homeowners. According to the bank, they have already modified or worked out payment plans for 120,000 customers. Their new plan is designed to help more homeowners stay out of foreclosure, but it will not work for everyone.

To qualify for a workout with the bank, homeowners must actually live in their home and have sufficient income to afford any reduced payments that are negotiated. In addition to this, homeowners have to actively be attempting to work out a payment plan with the bank. This means that the homeowners who are contacted by the bank, either by phone or by mail, need to be responsive. Surprisingly, this has been a significant issue for all banks that have been trying work with borrowers. Many borrowers who get behind automatically assume that when their bank contacts them it is simply for collection purposes. Because of this they avoid calls and don't open mail.

The banks plan only affects loans owned by the bank. This means that many loans serviced by the bank will not qualify for a workout.

In addition to the Citigroup announcement, the federal government unveiled its new plan to help homeowners. The government will work with FannieMae, FreddieMac and lenders to modify mortgages so that homeowners' monthly payments don't exceed 38% of their monthly income.

Under the plan, lenders may defer the amount of principle owed on a loan, reduce interest rates and extend loan terms to as much as 40 years. Homeowners will eventually have to pay the entire principle amount owed but under the restructuring plan, they may be able to defer these payments long enough to make the monthly payments affordable.

Unfortunately, the governments plan does have some ridiculous restrictions associated with it. To qualify, homeowners must have less than 10% equity in their homes. Additionally, they must be at least 90 days past due on their payments. This means that only the most cash-strapped borrowers will qualify and only after they have ruined their credit.

Homeowners who accept help under the government plan should do some investigation first. Because principle payments may be deferred, homeowners could actually find themselves owing a lot more money to the bank than they thought they would once their home is sold. And because the plan doesn't force banks to reduce the principle amount owed, many homeowners who qualify are likely to find themselves making payments for a house that it worth less than they actually owe. In these cases, the homeowner may actually be better off losing their home to foreclosure than they will be if they modify their loans.

By Guest Blogger: Jim Malmberg

Today is a day to remember our Vets & give thanks to our troops and their families...

Tue, 11 Nov 2008 11:00:54 -0500

Please take a couple of minutes today to remember those who have fought for our freedom and sacrificed so much!

Today (and always) I especially remember my grandfather, affectionately called "NONO" (Italian for grandfather) an immigrant from Italy who joined our armed forces.

Nono lived to be 100 years young! And before he passed, he was celebrated as the oldest living WW1 Vet in the State of Vermont.

Love, miss & remembering your heartfelt stories and great love for your fellow troops and our country, on this Veteran's day!

To our vets, our troops still fighting & their families...Thank you! ,

Cyber Underground Identity Theft Chat Room "Dark Market" Exposed by FBI

Tue, 11 Nov 2008 09:28:10 -0500

A few of my earlier posts have pointed out the growth of thriving underground chat rooms and forums that are regularly frequented by thieves who buy and sell your your personal information. Your identifying information has a growing market and bits of information such as drivers license numbers, SSN's, birth dates, and more, can be sold multiple times, to multiple thieves. By the time you learn you have fallen victim to an identity theft, spent months cleaning up the mess and restoring your identity, you just may find you have another incident on your lap to deal with...one that was brought about by a different thief who also purchased your information.

Last month, the FBI wrapped up a two-year undercover cyber operation that resulted in 56 arrests worldwide, the prevention of $70 million in potential losses, and the confirmation that while there might be honor among thieves, in the end, they are still just thieves.

Here's what happened in the words of the F.B.I.: 'DARK MARKET' TAKE DOWN

...A discerning group of cyber criminals established a forum on the Internet called "Dark Market," where they bought and sold stolen financial information such as credit card data, login credentials (user names and passwords), and even electronic equipment for carrying out financial crimes.

...At its peak, this vast criminal network had over 2,500 registered members, who all believed they were operating in a protected cyber environment because they went to great lengths to vet members and to weed out undesirable elements.

...What they didn't know was that one of the site's administrators and most respected members, who called himself Master Splyntr, was one of us--an undercover FBI agent who had infiltrated the site posing as a cyber crook.

"It was a group of people who trusted each other," said the undercover agent after the arrests. He explained that there are two types of cyber criminals: those who steal, but not from one another, and "rippers," who steal from anyone.

Keeping the rippers off the Dark Market site, the agent explained, gave the other members a false sense of confidence. "They did a good job of trying to be secure, and they felt secure. There was honor among thieves, so to speak."

Master Splyntr was on the site nearly every day, anywhere from one hour to 15 hours a day. Dark Market was like an exclusive club for cyber crooks, a meeting place for getting advice and brokering deals. During his time online, the undercover agent said, "we saw millions of dollars being exchanged." At the same time, the operation prevented the millions of dollars in losses by tipping off potential cyber crime targets.

From the outset, our agent pointed out, "the goal was to infiltrate the organization." The operation was extremely successful in developing intelligence on Dark Market's leading members and the ways in which they conducted their far-flung crimes.

Throughout the operation, we worked closely with our international law enforcement partners, including the U.K.'s Serious Organised Crime Agency, the Turkish National Police, and the German Federal Criminal Police.

"What's worked for us in taking down spy rings and entire mob families over the years--embedding an undercover agent deep within a criminal organization--worked beautifully in taking down Dark Market," said our Cyber Division Assistant Director Shawn Henry. "And once again, our global partnerships paid off."

As for our undercover agent who became a trusted member of the forum, he explained that he often had to think like a crook when signing on as Master Splyntr. "But at the same time," he added, "you remember what your job is--to get the criminals."

"What's worked for us in taking down spy rings and entire mob families over the years--embedding an undercover agent deep within a criminal organization--worked beautifully in taking down Dark Market. And once again, our global partnerships paid off."
FBI Cyber Division Assistant Director Shawn Henry

***********************************************

See video in an earlier blog: LifeLock Announces eRecon to watch how these chat rooms thrive!

And for tips on what you should do to avoid fraud see earlier blog: "To Catch an ID thief".

Arizona data loss; 40,000 kids placed at risk of identity theft

Mon, 10 Nov 2008 15:34:31 -0500

An Arizona state agency reported that a disk containing sensitive and personal information including names, addresses and phone numbers of 40,000 children, was stolen from a commercial storage facility. I think it's vital that the parents of these 40,000 children take precautionary measures NOW to prevent their kids from becoming victims of identity theft in the future. If a child's stolen information lands in the hands of a criminal intent on using it to get a job, home, car, cell phone, utilities, medical services, credit or commit a crime in their name, it could prove quite costly as they battle for years to recover their name, reputation, and credit.

Arizona's Department of Economic Security (DES) began notifying the families of about 40,000 children that their personal data may have been compromised following the theft of several hard drives from a commercial storage facility. The information stored on the stolen disks included the names, addresses, phone numbers and in some cases, also included Social Security numbers

What should the parents do? Take safeguards before their kids fall victim to a costly identity theft!

These almost daily reports of data loss serve as a constant reminder that we are not in control of our own information or our identities. In fact, odds are pretty good that everyone, including our children, will be affected by an identity theft at some point!

A child's identity is like gold to a thief because they can use the identity for quite a while without being detected.

Criminals can use it to find employment, housing, obtain credit, medical services, commit crimes and create new accounts, all in you child's name. Often the crime goes undetected until your child has grown and is denied credit, student loans, employment, insurance or housing, long after much of a lot of damage has been done.

For more info and steps you should take to protect your kids, see earlier blog on kids & identity theft.

The thing is, starting out as a young adult is hard enough...but starting out with the burden of destroyed credit due to an identity theft, makes it all that much harder. Remember, the best way to prevent an identity theft from occurring -is to plan for one!

New Alerts from the BBB...and warnings of Smishing & Vishing Scams

Mon, 10 Nov 2008 10:29:47 -0500

The Better Business Bureau of Northern Indiana has released its latest list of consumer hints and warnings. Though the BBB has offered these warnings for Indiana residents, it's important to note that these types of practices and complaints often take place across the country. Every consumer should be aware of these types of complaints handled by the BBB as well as the latest scams.

This list is current as of Oct. 31. (see earlier list here)

The BBB asks readers to take into consideration the importance of the practice in question, and the total performance of the company. For complete information on these and any other businesses, please visit bbb.org.

1. Craigs List operates Internet classifieds, personals, job postings, items for sale, discussion forums and resumes, etc. They state they have the right "to change, modify or otherwise alter" their terms and conditions "at any time." They also state, "We may charge a fee to post content in some areas of service." A consumer said he paid $1.95 for information and then was charged $39.90 monthly. He told the BBB that he never saw anything about charges until the company pointed to the "fine print." This San Francisco company has the BBB's lowest rating because of unanswered complaints.

2. Cash 4 Gold is advertising on TV. They state they will pay consumers cash for unwanted gold. One consumer mailed her gold fillings to them, and was promised $300. She didn't get it. The company advertises they are accredited through the BBB. They are NOT, and the BBB says it is pursuing this issue. This Florida company has 149 complaints against it, with 133 about the company not performing as they claimed.

3. DirecTV has 22,010 complaints filed against them, generally alleging problems relating to billing disputes and discrepancies concerning pre-paid programming, introductory specials or late statements resulting in late fees. Others complain of inadequate customer service and inability to contact the company. The majority of their complaints have been resolved.

4. Gas Card Con Men are calling Consumers offering free gas -- BUT there is a $1.97 shipping fee. The caller just needs your credit card number. An Indiana consumer has been called three times. The caller ID shows up as "Unknown Caller." The BBB says that most likely, these scammers are calling from a foreign company using a disposable cell phone. Don't give out your credit card information -- it's a scam.

5. DLH Marketing is advertising a "genuine opportunity" in Indiana newspapers. An Indiana consumer thought he was going to be a home mail processor, so he sent $35 to the offer, thinking his "earning potential was unlimited." The company was guaranteeing "100 percent" satisfaction. The consumer did not receive his start-up kit. The BBB believes this may be the age-old stuffing-and-addressing envelopes scam. Warning: if you get involved, you risk investigation and prosecution by the Postal Inspectors.

6. Imperial Majestic Cruise/Plaza Resorts is contacting Consumers about a vacation they have "won." According to an Assurance of Voluntary Compliance signed with the Florida Attorney General's office, this company agrees to give the actual company name and additional fees, advise if the fee is non-refundable and to inform consumers that one of the conditions of the vacation is a "guided tour of a vacation ownership resort." So far 1,218 complaints have been filed against this Florida company.

7. SAS Group sells various products on TV such as Smart Lids and Awesome Auger and others. The BBB warns consumers to be aware that shipping, handling and processing fees are nonrefundable. These fees are charged per item, and are not based on the total weight. So far 539 complaints have been filed against this Wisconsin company.

8. Lighting Products Company of Connersville is cold-calling consumers and businesses, asking consumers to verify their phone number, and then their name, in order to receive a free gift. Then the consumer usually receives two boxes of light bulbs with two invoices amounting to $600 to $700, whether requested or not. If the consumer refuses to pay, a 25 percent re-stocking fee is charged, plus shipping and handling. Consumers state they did not receive the free gift.

9. Consumer Resource Network/Kohl Group sells publications containing information on foreclosures and auctions of personal property that the BBB says can be found in local newspapers. One Hoosier thought he was buying one book. He was debited $39.99 a month for a year on a credit card he rarely used before he discovered the problem. Complaints allege unauthorized charges and difficulty obtaining refunds. This California company has the BBB's lowest rating.

10. Union Workers Credit Services is mailing a solicitation to Consumers offering a credit card, but after paying $37 for it, consumers find they can only use the cardboard card to buy items from the company's catalog. So far 365 complaints have been filed against this Texas company.

TIP OF THE WEEK: Don't be fooled by credit card offers that aren't really credit "cards." Get out your magnifying glass and read the fine print before committing yourself to one of these offers, or sending money to them. If it's not a major credit card or company or retailer, very often these offers are memberships to buying warehouse or catalog buying "clubs" that obligate you to monthly charges where you purchase something or not. They also often restrict you to using your "card" only for the products the club carries.

**********************************************
With the economy spiraling downward, criminals are always on the prowl to find new and innovative techniques to con you out of data and money. Scams to be on alert for, and growing in popularity, are the two equally dangerous sister scams, to the better known scam called "phishing".

Beware of "smishing" and "vishing" scams! These scams come via your cell phones -as opposed to your email.

The term "Vishing" comes from a combination of voice and phishing. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. The potential victim may receive a voice mail that may be generated by speech synthesis. The message may claim that suspicious activity has taken place on one of your credit card accounts, bank account, mortgage, cell phone account or other service in your name. See earlier Blog: "Vishing" Scam turning popular for thieves...don't fall victim to voice mail scam!

"Smishing" is derived from the familiar "phishing." The "sm" comes from SMS, the protocol used to transmit text messages via cellular devices. Smishing victims receive SMS (text) messages. See earliers Blog:"Smishing": The Wicked Twin of "Phishing"... may be Targeting your Cell Phone .

Also read Mark Kellner from the Washington Times story today: Don't get hooked...

ClickJacking - Another security challenge

Sat, 08 Nov 2008 18:32:54 -0500

Has your machine been slow to respond lately? I don't mean on start-up, we all know that this is an indication that you've collected to many SpyWare programs. I am referring to when you are surfing the Web with your Browser. Have you noticed that it is starting to take more than one click to get where you want to go? If so, then you may already be experiencing a new security threat, called Click Jacking.

Click Jacking is what happens when you are viewing a website, and the attacker (which you never see), is able to select the links on the page that they want you to be directed to. Imagine that they have embedded a new link on a web site with less than adequate security, and now they are redirecting you to an even more hostile site to subject your computer to even more attacks by their new web site. This redirection of clicks, is called Click jacking.

ClickJacking was to be a presentation at a security conference in September. The original authors were ready to present their findings at the New York Open Web Application Security Project (OWASP) in September. When they discovered how serious the issues with Click Jacking really were, they withdrew their presentation so that they could present their findings to the vendors of the Web Browsers. In case you were thinking, yes the Internet Explorer is subject to this type of attack, along with Adobe.

Fortunately, those of you that have already switched your browsers by installing the Mozilla Firefox browser, have a solution for protecting themselves. The No Script add-on will protect the Firefox browser from getting clicked jacked. If you have not gotten the Fire fox browser yet, I highly recommend that you do, as it can protect you now, rather than waiting for the other browser vendors to update their software.

While there are many security issues on the web today, the number of vulnerabilities continues to grow on almost a daily basis. Your best approach to being protected is to use the best tools for security -any questions or concerns feel free to email me.

By: Guest Blogger
Albert E. Whale,
ABS Computer Technology, Inc

For more info on computer security see a few earlier blogs by Albert;

Protecting your Smart Phones

Is your PC slow of finicky?

Protect your Wireless Access Points

Tips to Shop Safely this Holiday Season...Avoid the Identity Theft Grinch!

Sat, 08 Nov 2008 09:51:02 -0500

Though identity theft happens throughout the year, the holiday season is the busiest time of year for thieves!

Personal information has become the currency of choice for criminals. Thieves would much rather steal an individual's reputation than what is in his wallet.

Your personal identifying information is routinely bought and sold by individuals and organized crime rings (see video) and the holiday season is peak season for thieves!

While you are busy preparing for the holidays it's crucial you pay close attention to safeguarding your personal information by taking some commonsense safety measures.

Having a plan of action and taking a few simple precautions, such as making sure you balance your bank statements, checking your credit reports, shopping on secure websites, NOT using debit cards, detecting fraudulent email scams and reviewing your credit reports, you can minimize your chances of falling victim to fraud.

Here are 10 tips to avoid fraud .

And below find tips offered by the Identity Theft Resource Center to help you shop safely this holiday season...

Is Shopping On-Line Safe? It All Depends on You!

The Identity Theft Resource Center has some safety tips that it recommends all consumers follow when ordering gifts over the Internet or by mail. See also a more detailed ecommerce shopping list here.

* You must make sure you are doing business with a legitimate company. Check out companies with the Better Business Bureau and with the Secretary of State where the business is located to check for complaints and to verify they have current business licenses.

* Internet shoppers should take several proactive steps to make their on-line shopping spree as safe as possible. When you order items, the website should be a secure website, indicated by "//https:" beginning the address, and a locked padlock icon on the web browser indicating a secure website.

* Research the company using the Internet. Make sure that the company has a legitimate street address and a phone contact number that actually delivers the caller to a person. These will become vital if there is a problem with the order. Search for any complaints on the company that people have posted. Often a simple Google search for "xxx company complaints problems" may influence your purchasing choice.

*Also, you may want to shop in stores located in the United States. If you choose to shop outside the U.S., know the regulations of the country involved. U.S. companies are more closely regulated than those outside of the U.S.
When you shop on-line, read the fine print.

*You should know the return policy and the procedure the company uses to process your orders. Read the shipping rules to find out who pays for shipping. They may have different policies for shipping to you versus a returned item. It might be wise to ask if they insure the package when shipping.

* Ask whether you get a store credit or a full refund if you must return the item. Ask about any restocking charges.

* Confirm that they do not share your information with other companies. Remember that you can you "opt-out" of further promotional offers if you wish.

* Keep a photocopy of your order, the mailing address and phone number of the company, and the confirmation of your order. Use a credit card that you designate for online shopping only. This means you have a single statement that is easier to check for fraudulent purchases.

* Do not use debit cards for on-line shopping, as debit cards do not have the same protections as credit cards, and can be used to remove funds immediately from your account.

* Never send a check to pay for a purchase. Checks can be copied and used in many ways for fraudulent activity.

Finally, make sure that your computer is safe for Internet shopping. Keep your computer protection programs, such as firewall, anti-virus, and anti-spyware software updated. If you have questions about your computer security system, ITRC's Solution 13 might help:

ITRC wishes everyone a safe and happy holiday season. Please remember to guard your wallet if you visit the malls and shopping centers, and keep your Social Security card at home. Limit the number of credit cards you carry with you! And by the way, shredders and computer security programs make excellent holiday gifts.

The Identity Theft Resource Center® (ITRC) is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. For more info visit idtheftcenter.org

**********************************************
For tips on what to do if you become a victim of identity theft see earlier blog:

What to do if someone steals your information...

Express Scripts Reports Blackmail Threats over Data Theft...

Fri, 07 Nov 2008 08:48:57 -0500

Data thieves are blackmailing a U.S. prescription drug management company threatening to release millions of patient records held by the company unless they pay up. Is extorting money for data -the sign of things to come in this down economy? Historical data proves that when the economy is down, identity theft and white collar crime spikes -and criminals continue to find new and innovative ways to steal, hack or pilfer data!

Express Scripts, said on Thursday it received a letter in early October with the names, birth dates, Social Security numbers and some prescription information for at least 75 patients. The company provides benefit management services to health care organizations, insurers and other businesses.

The FBI is investigating these threats and Express Scripts is offering credit monitoring services and has dedicated a website to provide information on this incident to its customers, and those who this breach may affect.

Express Scripts website states:

"In early October, Express Scripts received a letter from an unknown person or persons trying to extort money from the company. This unknown person or persons threatened to expose millions of the company's members' records on the Internet if the extortion threat was not met. The extortion letter included personal information on 75 members including their social security numbers, addresses, dates of birth, and in some cases, prescription information.

Express Scripts notified the FBI immediately after receiving the letter and there is an official investigation underway. We also notified the members whose information was contained in the extortion letter. The company has also launched its own investigation with the help of top experts in data security and computer forensics.

While we are unaware at this time of any actual misuse of any members' information, we understand the concern that this situation has caused our members.

This site is designed to keep you updated on developments concerning that situation and to provide you with important tools and resources to help protect yourself against identity theft.

We are taking this situation very seriously and want to reassure you that we are committed to doing what we can to secure your data.

Scammers Sending Fake Credit Union E-mails: "We Detected Irregular Activity on your Account"

Wed, 05 Nov 2008 08:36:51 -0500

Recently there has been a rash of phishing emails purporting to be from various credit unions. Here's one I received yesterday...though informed consumers won't fall for this scam -unfortunately many will unless they are aware of these types of scams. Notice the email it is sent to "undisclosed-recipients" -blasting to countless email boxes.

Though scammers are aware that this particular credit union is in Tennessee, and many like myself who receive this are not, they know by the shear volume the emails they send, odds are pretty good that some will fall for it. They often switch out the names of the financial institution as well. Never click on embedded links or dial phone numbers provided in these types of emails. Remember legitimate companies will never ask you to verify or provide information in an email. Stay informed of various scams -see many more scam alerts on this blog!

Here's the email I received:

"TIC F.C.U"

To: Undisclosed-recipients:;

Subject:    We detected irregular activity on your account !

Date: Tue, Nov 04, 2008 09:32 AM


Dear TIC Federal Credit Union Customer,

We detected irregular activity on your TIC Federal Credit Union account on 11/03/2008.

For your security, your online bank profile has been locked due to inactivity or because of too many failed login attempts.

You can unlock your bank profile online :

Please Click Here to unlock your bank account profile.

Unlocking your TIC Federal Credit Union bank profile will take approximately one minute to complete.

Copyright ©2008 TIC Federal Credit Union. All rights reserved

*********************************************

For more information on this and other scams -search this blog.

Also see: Beware of "vishing" and "smishing"

Laptops are a Favorite Target of Thieves...

Tue, 04 Nov 2008 10:30:41 -0500

Over the last year, many of the reported data breaches have occurred through the theft of laptops. In fact, various manufacturers of GPS tracking software for laptops point to research gathered from the FBI and large laptop insurers that claim that one laptop is stolen every twelve seconds. And some say that number is conservative, since not all laptop thefts are reported.

Laptops are a growing target of thieves and with skyrocketing laptop usage, the number of laptop thefts will continue to rise -and so too will the number of identity thefts. When going wireless, we not only need to ensure we have properly protected our data and wireless access points, but we need to safeguard the laptop itself!

Government and corporate laptops have large amounts of data stored on them -and that data is viewed by thieves as the hottest commodity around -worth more than its weight in gold!

Today's laptop tracking software, offered by a variety of companies, once installed on your laptop, allows you to track the location of the stolen laptop, and better yet, some systems are designed to retrieve files off the laptop and simultaneously delete them from the stolen computer. Essentially, you are stealing back your own data -right before the thieves prying eyes!

Here are a few of this week's laptop thefts that reached the headlines, and computer theft stats...

Baylor Health Care says laptop with patient data stolen
Dallas News

A laptop computer containing limited health information on 100,000 patients was stolen from an employee's car in September, Baylor Health Care System Inc. said Monday.

A letter is being sent to the patients, including 7,400 patients whose Social Security numbers were stored on the computer.

Dr. David Winter, chairman of Baylor subsidiary HealthTexas Provider Network, said it could have been worse.

"Fortunately, the laptop did not contain comprehensive patient medical records, and, according to law enforcement officials, it is rare that incidents such as this result in identity theft," Dr. Winter said.

The data consisted of names of patients and medical codes relating to the treatment they received. The codes are a series of numbers requiring a medical code book to interpret, said Nikki Mitchell, a Baylor spokeswoman.

Baylor said it was in the process of upgrading its data security before the laptop theft and it had started installing a new technology that would allow it to track laptops and remotely erase data, if necessary.

Baylor is offering a $1,000 reward for the return of the laptop, which was stolen from a manager's car between 11 p.m. and 8 a.m. on Sept. 18 or 19 in Royse City.

It was within the manager's job description to visit Baylor locations collecting patient data on the laptop, but she was fired because leaving the laptop in her car broke protocol, Ms. Mitchell said.

"We take situations like this very seriously," Ms. Mitchell said.

Baylor is offering free credit-monitoring services to patients whose Social Security numbers were on the laptop.

It also set up a toll-free number, 1-800-554-5281, to respond to questions between 9 a.m. and 5 p.m. Monday through Friday. MORE

*************************************************
Man charged in theft of laptops pleads guilty

Paul Brian Steedman stole 32 laptop computers from his employer, a Marriottsville-based nonprofit health care company owned by nuns, prosecutors say.

The Westminster man then sold the computers on eBay, prosecutors say, listing photos of box labels with serial numbers that matched those of the stolen computers - along with a picture of himself as the seller and a user name that included his birth year.

Steedman, 28, pleaded guilty Tuesday in Howard County Circuit Court to a felony theft scheme and could now face 15 years in prison, according to prosecutors.

The state is recommending a sentence of 18 months in prison, five years of probation and about $53,000 in restitution.

In April, police responded to a theft complaint at Bon Secours Health System Inc., a nonprofit Catholic health system involved in managing hospitals, assisted-living facilities, nursing homes and home care and hospice groups in seven states.

Bon Secours representatives reported that Steedman, a former employee, had used his employee ID to gain access to a secure room on several occasions after business hours and stole about 32 laptop computers, according to charging documents. MORE

************************************************

GAO contractor indicted in laptop theft scheme

A former GAO contractor has been indicted in a scheme to steal and resell government laptops and other equipment.

Thirty-seven-year-old Darryl Lyles of Capitol Heights pleaded not guilty Thursday in U.S. District Court for the District of Columbia to charges of wire fraud, theft of government property, interstate transportation of stolen property, possession of stolen goods and first-degree theft.

Prosecutors say while Lyles worked at the Government Accountability Office in 2006 and 2007, he stole or caused to be stolen 30 laptops and a projector. They say he then posted advertisements for the items on craigslist MORE

***********************************

Bank of Ireland customer data on missing device

The Data Protection Commissioner is investigating the loss of a USB computer memory device containing personal details of almost 900 Bank of Ireland customers.

The full name, account numbers, first line of address and contact numbers for 894 customers from different parts of the country are held on the memory key.

The information was not encrypted despite this being required by the bank's policies and procedures.

A spokeswoman for the bank said the device had been reported missing last Wednesday and the Data Protection Commissioner notified yesterday. The bank began contacting these customers yesterday. MORE

National Mortgage Complaint Center wants to hear from Mortgage Servicing Insiders...

Mon, 03 Nov 2008 15:01:35 -0500

Americas Watchdogs and its National Mortgage Complaint Center wants to hear from mortgage servicing employees about homeowner payment abuse. According to Americas Watchdogs and the National Mortgage Complaint Center, "it's not a question of if U.S. banks and mortgage servicing firms are gouging US homeowners, the question is by how much, and will a current or former employee have the courage to step forward with the details, about home loan servicing abuses?

We know that phony late fees, phony legal fees, phony administration fee abuses in loan servicing are wide spread, and we know all banks and mortgage servicing firms are deeply involved in widespread consumer fraud, and overcharging. We need a hero to step forward to give us the mechanics of loan serving abuse".

Current or former employees of US banks or loan servicing firms that have proof of home loan servicing and borrower abuse can call the National Mortgage Complaint Center anytime at 866-714-6466 or visit their web site at NationalMortgageComplaintCenter.Com.

The National Mortgage Complaint Center says;

"three years ago we met with the general counsel of one of the largest US mortgage lenders and he said, you would not believe how screwed up our mortgage servicing unit is. He then proceeded to tell us, that everyday thousands of US homeowners fax us proof their loans are current. Rather than get these documents to the correct customer service representative, we shred the faxes.

People are losing their houses, or they are being charged for late payments when they never were late, inspection fees for inspections that never occurred, or they are being charged huge legal fees when little or no actual legal work was done. Its wrong and we need to hear from insiders to put a stop to this. We are especially interested in hearing from employees working for the largest US banks and mortgage servicing firms. They can call us any time at 866-714-6466".

Common Loan Serving Scams Include:

* Telling a borrower they are late when they are not, in order to add unwarranted late charges or legal fees.

*Charging borrowers based on estimated rather than actual fees and expenses.

*Putting a borrower into forced placed insurance when the homeowner has a current homeowner's insurance policy.

*Misapplying a borrower's mortgage payment to reserves, rather than principal and interest, and by doing so showing the borrower as late.

*Failing to pay a borrowers property taxes or insurance on time putting the borrower in a bind with their county tax assessor, or forcing a cancellation of a borrower's homeowners' insurance policy.

Current or former employees who have specific information about US banks or home mortgage loan servicers cheating US homeowners either intentionally, or through negligence should contact the National Mortgage Complaint Center at 866-714-6466.

According to Americas Watchdog, "we need honest people in the mortgage servicing industry to step up to the plate to help desperate Americans who have been cheated." Americas Watchdog and its National Mortgage Complaint Center is all about consumer protection and corporate responsibility

**************************************************
Additionally, read the many comments by borrowers on the Petition for Monthly Mortgage Statements on this site. I believe that many borrowers could have detected the above described abusive and/or fraudulent practices, had they received, or had access to, a monthly statement that allowed borrowers to track and verify whether or not their payments were received and applied both accurately & timely! If you agree that borrowers should have right to receive a monthly statement, please sign the Petition and then share with others.

Please check out these videos & links contained in a few earlier blogs..

Why We Need Monthly Mortgage Statements

Former EMC Employee Publicly Discloses the Ugly Truth About the Mortgage Servicing Industry

Are you Facing an Unfair Foreclosure? Ask Your Lender to Produce the Note?

"Operation Clean Sweep" Launched by FTC & 24 State Agencies to Stop Bogus Credit Repair Companies

Mon, 03 Nov 2008 10:13:46 -0500

We've all seen the TV and radio ads that promise for a price, they will work to clean up your credit reports for you. Many ads falsely claim they can work magic and accomplish what you can not...remove accurate negative information. These ads and bogus claims continue to trick and bamboozle unsuspecting consumers out of their had earned money by promising them things they know they can't deliver on. The FTC, along with 24 State Agencies, are stepping in to stop these companies from their aggressive and deceptive practices by launching Operation Clean Sweep.

According to the Federal Trade Commission "Operation Clean Sweep" was launched to effectively stop these illegal credit/debt repair organizations from continuing to "deceptively claim they can remove negative information from consumers credit reports, even if that information is accurate and timely...and prohibit further violations, and make them pay consumer redress and return their ill-gotten gains."

"Companies that promise they are able to scrub your credit reports of accurate, negative information for a fee are lying - plain and simple,' said Lydia Parnes, Director of the FTC's Bureau of Consumer Protection. 'Under federal law, accurate, negative information can be reported for up to seven years, and some bankruptcies can be reported for up to 10 years."

Here's a partial list of companies on Operation Clean Sweep's radar...

Nationwide Credit Services, Inc. and James R. Dooley

Clean Credit Report Services, Inc., Ricardo A. Miranda, Daniel R. Miranda, and Ruthy Villabona

Successful Credit Service Corporation, also doing business as Success Credit Services, and Tracy Ballard, also known as Tracy Ballard-Straughn

Advantage Credit Repair LLC and Mark D. Solomon

RCA Credit Services, LLC, Rick Lee Crosby, Jr., and Brady Wellington

Latrese & Kevin Enterprises, Inc., also d/b/a Hargrave & Associates Financial Solutions

ACE Group, Inc., also d/b/a as American Credit Experts, Inc., The Ace Group, Inc., The Ace Group, and ACE; Legal Credit Repair Center, Inc., also d/b/a LCRC, Michael Singer, Melvin Kessler, and Gerald Roth.

See the FTC's full Press Release: Operation Clean Sweep': FTC and State Agencies Target 36 'Credit Repair' Operations...& for additional info on these companies see Clean Sweep List (PDF version)

How can you avoid being scammed by credit repair companies?

Here are a few suggestions from the FTC:

•Avoid any company that wants you to pay for credit repair services before they provide any services. It is against the law.

•Avoid any credit repair company that will not tell you your legal rights and what you can do, yourself, for free.

•Avoid any credit repair company that tells you not to contact a credit reporting company directly.

•Avoid any credit repair company that advises you to dispute all of the information in your credit report.

•Avoid any company that suggests creating a 'new' credit identity - and then, a new credit report - by applying for an Employer Identification Number to use instead of your Social Security number. That is against the law. If you follow illegal advice and commit fraud, you also may be subject to prosecution.

If you think you have been the victim of a credit repair scam, contact the FTC. You can file a complaint at www.ftc.gov or by calling 1-877-FTC-HELP. You can also ask for free information about recognizing credit repair scams and building a better credit record.

A few tips to help repair your own credit reports;

1. Order your free annual credit reports from the official place. Either call the automated toll-free line at 877-322-8228 or order them at annualcreditreport.com.

2. Carefully review your credit reports and note any any errors, including erroneous middle initials, accounts more than 7 years old, inaccurately noted places of employement and home addresses, accounts that are not yours.

3. Send your dispute to the CRA's via certified mail so you have proof that you disputed inaccurate and/or fraudulent information if they don't comply with the FCRA and you need to find an experienced consumer attorney.

Also see earlier blog: Court Ruling; Credit Reporting Bureaus Must Revamp their Systems -and Remove Old Debts...:

What can you do about abusive debt collectors?

If you are being harassed by a debt collector for a debt you may or may not owe, it's important to know your rights under the Fair Debt Collection Practices Act.

See a couple earlier blogs:

Florida AG cracking down on Debt Repair:

Debt Collectors being held accountable...