bob baier book

Identity Theft

www.bobbaierinfo.com 1

Revised Published by Robert Baier Copyright 2008 Robert Baier All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording or by any information storage and retrieval system without written permission of the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America Baier, Robert Identity Theft – Prevention for the College Student/ by Robert Baier Library of Congress Cataloging-in-Publication Data ISBN: 978-0-615-22162-5

Warning – Disclaimer The purpose of this book is to educate and inform. The author or publisher does not guarantee that anyone following the techniques, suggestions, tips, ideas, or strategies will be totally safe from identity theft. The author and publisher shall have neither liability nor responsibility to anyone with respect to any loss or damage caused, or alleged to be caused, directly or indirectly by the information contained in this book.

Have Bob Baier Speak at Your School or Workplace

2

Introduction Congratulations on purchasing and reading this book. One of my goals was to load this book with vital information yet keep it small enough that the average college student would feel they had enough time to read it. That is precisely what you have decided. This book is geared toward the college student because they are part of the highest risk group in this country for having their identities stolen. Of course, all of the information could be used by people of all ages. However, I do not think that the average Senior Citizen for example is downloading very much music from their P to P programs. While applying my expertise daily as a Forensic Document Examiner (I testify in court regarding forgeries as an expert witness) I have helped numerous people with forgery problems. Because of that I believe I can give a totally different view to you, the reader, than any other author who writes about identity theft. Perhaps you might liken it to a fuller and richer “3-D view” of Identity Theft. The title of the book contains the word prevention which is of primary importance. You must know how the criminals are getting your information in the first place in order to prevent it. Therefore a good part of the book explains the many ways/scams thieves acquire your information. To have left this important information out would have been like telling people to stay safe from AIDS, or any disease, but not telling them how you get it.

Identity Theft


Another important goal or purpose of writing this book is to get you to take action. When finished reading the book, taking those necessary steps will in fact make you less vulnerable to having your identity stolen. Therefore I have created a 30 day step by step guide or action plan for you to accomplish something each day. The planning has been done for you. This will make it easier for you to take action immediately, starting today. One of the limitations of the book is that according to statistics a certain percentage of you have already had your identities stolen and are simply not yet aware of it. If your identity has already been stolen, all the prevention in the world will only help you in the future. For those unfortunate students I have created a step by step “Identity Theft Victim Worksheet.” I hope you never have to use the worksheet but if you become a victim you will find this most helpful. Another limitation is perhaps the depth of the writing within each chapter or area covered. During the daily writing of this book I felt like I was in a wrestling match with myself. On the one hand I constantly wanted to include more important information and on the other hand I wanted to keep the total number of pages down. Therefore you have a very lean book with absolutely no “fat”. You may very well receive knowledge from every paragraph. I have included numerous sources to make it easier for those readers who have a desire to go deeper and gain even more information in a particular area.


4

I am aware that it is not the finest literary source of its time but instead, it is my hope these writings will be viewed as the most practical, informative yet concise “Identity Theft” book on the market specifically for college students today. Please Enjoy!

Identity Theft


Acknowledgements People rarely accomplish anything without the help of others. I am very appreciative of those that helped me at any level. My sincere appreciation to: my parents Gordon and Cecile who raised me properly and worked very hard to allow me the gift of a college education; John D’Ambra for all of his thoughts and suggestions from before the book was born, during its infancy, seeing it full grown, the complete task of editing the book and watching it go off on its own; my son Michael for his wealth of technical computer knowledge and help. He explained to me all about the adware, spyware, crimeware malware etc.so that I could understand the function of each in your computer to steal your information; my daughter Briana for her office help in finding those pieces of research that I needed out of the piles in my office. She also helped greatly with computer set up knowledge and preliminary editing; Joe Zarek for the confidence he had in me and more importantly the never ending, yet softly stated, encouragement to move forward and begin; my wife Sue for her understanding of my lack of help and support in her daily life while working on this project; and to everyone who has helped with this book in any way.


6

Table of Contents Introduction 2 Acknowledgements 5 Chapter 1 Your Present ID Theft Knowledge 8 Chapter 2 Phishing 15 Chapter 3 Spear Phishing 28 Chapter 4 Passwords 31 Chapter 5 P 2 P (Peer 2 Peer) 37 Chapter 6 Botnets, Malware, Crimeware 42 Chapter 7 Dumpster Diving /Bin Raiding 46 Chapter 8 Cameras, Spyware, Adware 49 Chapter 9 Postal Engineering 58 Chapter 10 Foreign Utilities Fraud 63 Chapter 11 Government Fraud 70 Chapter 12 How Do You Know If You’re a Victim? 72 Chapter 13 Opt-Out 75 Chapter 14 If You Are a Victim 81

Identity Theft


Chapter 15 Credit Monitoring Services 86 Chapter 16 Forgeries 92 Chapter 17 Miscellaneous 96 Free Printouts 115 About the Author 119 Book Bob Baier to Speak at Your School or Workplace 121

What is your present level of knowledge regarding Id Theft?


8

Chapter 1

What is your present level of knowledge

regarding Identity Theft? Could you give a good definition of the following items? These are only some of the methods that criminals use to gain information from you. Dumpster Diving Skimming Postal Engineers Shoulder Surfing Phishing Spear Phishing – That is a newer one. Phone Fraud – Anything regarding phone fraud. Bank Fraud Employment Fraud Government Benefits Fraud Check Washing Botnets Bank Cameras Opting Out Spyware Adware Malware Crimeware

Identity Theft


Software Piracy and Identity Theft P-2-P or Peer-2-Peer - LimeWire, BearShare, SoulSeek are some examples of P-to-P’s Russian Robots Man –in-the-middle-attacks Ransomware Medical ID Theft Vishing All of these and more will be covered in the following pages.



10

Have you ever heard of Frank Abagnale? He was featured in the movie Catch Me If You Can? Frank was a con artist who turned his life around and established security systems to protect your assets. I will tell you of his suggestion later.

What Is Identity Theft? Identity theft is the theft of your name and personal information for criminal purposes. The criminal will get some information about you from one location, then they will go to another site and get additional information; then another, until they either get enough information to steal your identity or have enough information to “hack in” and steal the rest. When they get all the information they need they will destroy your credit and your reputation..

How Big a Problem is ID Theft? In 2001, the Federal Trade Commission stated 87,000 people reported a problem with identity theft. What do you think was the number in 2005? By a multiple of how many times did it increase? Five times? Ten times? Ten times as much would be 870,000 in four years. It was more than 100 times. It went from 87,000 to over 9 million reports of identity theft. It is the number one crime in the United States right now and has been for the past 8 consecutive years. It is also the fastest growing crime in the United States and has been for the past 8 years.

Identity Theft


“Every 79 seconds, a thief steals someone’s identity, opens accounts in the victim’s name and goes on a buying spree.” -CBSnews.co

Sources of ID Fraud

According to the National Education Association (NEA):

Lost or stolen wallet, checkbook, credit card: 31% Taken by corrupt employee: 15% Taken by friends, acquaintances, relatives: 15% Stolen paper mail/fraudulent change of address: 9% Other: 7.7% Misuse of data from in-store/on-site/mail/phone transaction: 7% Data breaches:6% Computer viruses, spyware, hackers: 5% Phishing: 3% Garbage: 1% Online transactions: 0.3% I was speaking with a law enforcement officer from New York City who is in charge of identity theft for the City. He had recently made a nice “coup” there. He was excited regarding a huge bust he made on an International identity theft ring. It was located in Jamaica Queens in New York. There were 38 people indicted from all over the world but mostly China and the UK. They had an efficient scam going. Just that one group had stolen over 10 million dollars. He was very excited about that.

What’s in Your Wallet? How many of you actually know what is in your wallet? Without looking, do you know if you carry any type of a medical insurance card? Does it have your social security



12

number on it? Do you know the exact number of credit cards you carry with you? Do you know the name of each card and the contact information? Do you carry a spare check? There are 19 States that use the social security number as the driver’s license number. Are you from one of those states? If so contact the Motor Vehicle Agency in your state and say you want a different driver’s license number.

Software Piracy Software Piracy is the unauthorized copying or distribution of copyrighted software. This can be done by downloading, copying, sharing, selling or installing multiple copies onto personal or work computers. People fail to realize is that the purchase of software is actually a license to use it, not the actual software. That license tells you how many times you can install that software. If you make more copies than the license permits you are pirating. There is a major link between software piracy and identity theft. Most college students think nothing of installing unauthorized software on their computer system. Numerous illegal software has malware (imbedded destructive programs) in them to steal important information from you. There are two important points you should consider. First, you may save $50 by buying/using the knock-off/free software but have all of your money stolen from your bank accounts shortly thereafter. It may also take you many years to sort out all of the fraudulent accounts that have been set up in your name. One person you will read about in this book is still having major problems for over ten years after his identity was stolen. Secondly, if you are a victim of identity theft you can usually get the financial institution to write-off their losses. However, if they discover

Identity Theft


you used illegal software that contain malicious capabilities, they will deny your fraud claim.



14

Identity Theft


Chapter 2

Phishing/Carding Phishing called “carding,” is a high-tech scam that uses spam or fraudulent web sites to deceive consumers into disclosing their information. These criminals use the information to empty victims’ bank accounts, run up credit card charges and apply for loans or credit in the victims’ names. They have even purchased cars and houses. These phishing scams are usually emails that appear to come from a legitimate source. However, they are false web sites such as false credit report sites, fraudulent dating, job-hunting and social-networking Web sites. You need to be aware that some of the identity-theft-prevention marketers are scams themselves.

A Personal Story About My PayPal Phishing

Scam A number of years ago, when I first started with PayPal, I was the victim of a “phishing” scam regarding my PayPal account. At that time I was working for a corporation and was paid through PayPal. It was my only method of payment.

Phishing/Carding


16

I received this notice alledgedly from PayPal. It stated “You have authorized this payment from PayPal. If that is not correct please go here complete this information.” And, I did. “Are you kidding me? I didn’t authorize that. Those people at PayPal are so stupid.” “How could someone have gotten into my account?” I was the only one who knew my password. I clicked on the PayPal button and filled everything out that they requested. A couple of weeks later someone actually did take money from my account and I was so angry at PayPal. I was very fortunate because I opened my PayPal site on the same day that the fraudulent transaction took place. PayPal does not notify you whenever a transaction takes place. I went to the site just to look at something. I called PayPal. They could not stop the payment. Once that payment is initiated or authorized they have to let it go through. I was able to call my bank and they were able to stop the payment in time. I couldn’t do it through PayPal. I still did not know that I was the cause. I was blaming PayPal. It was not until over 1 month later that I received another phishing scam notice similar to the first, whom I thought, was PayPal again. I filled it out but did not send it this time. Instead I called PayPal directly from my PayPal account site and asked them to verify the notice they sent to me. They said they had not sent me a notice and asked me a couple of questions about the site. There are only two differences between phishing PayPal web page and the authentic PayPal site. Do you know what they are? First the fake web site will say, “Dear PayPal User.” A real PayPal account will say “Dear (identify you by name)”. The

Identity Theft


second difference is located on the bottom right hand side of the page. The authentic site will have a picture of a little yellow lock. If you don’t see the lock the site is a phishing scam. Scams like the one are happening all the time. It happens in every area of business. I will use just one example, banking. It could be any bank but let’s use “Citibank.” The notice will say something like, “you need to update your information asap.” Folks, your bank already have your information. They don’t need an update, ever. Phishing occurs on almost every well- known site. EBay is a major area for phishing attempts. You must verify any attempt requesting your information. Do not verify it on the site requesting the information. Go directly to the account that you have set up and call from that site. Here are some actual examples of phishing emails most of

which I have received. Some are more difficult to read than others since they have been scanned into the computer. I have attempted to give you a variety of the different types of phishing scams.

Phishing/Carding


18

Identity Theft


Phishing/Carding


20

Identity Theft


Phishing/Carding


22

Identity Theft


Phishing/Carding


24

Identity Theft


Phishing/Carding


26

The anti-Phishing Working Group’s count of unique variations of phishing scams reported in August 2006 was 26,150. To avoid becoming a victim, do not respond to emails sent by someone you do not know that request personal or financial information on the internet. Nigerians make up about 2% of our population in the United States. They account for over 25% of all identity theft nationwide. They have what is known as café’s in Nigeria where they have huge tents set up with nothing but computers and they run scams on a massive level.

Identity Theft


Spear Phishing


28

Chapter 3

Spear Phishing A new scam is called spear phishing. It is about two years old. What is spear phishing? Criminals hack into a business or a company. Then they get someone from that company who is in personnel or any position of authority and they steal all of their information. Now they set up their own account. They have a list of all of the people in the company. The criminal sends a message from one person’s email to someone else in the company. If I’m working for a company and I get a message from the personnel director and he needs a list that I have in my computer of all of the people in the bank, I am not going to think that is a problem. If someone from outside the company were to ask me for the same information I would say, “Wait let me check on that.” If it is someone from inside my own business, my own company and they ask me for information I wouldn’t hesitate to send it to them. That is called spear phishing. It is more precise phishing. It is phishing from within the same organization or company. Businesses are going to have to find some way to stop this. Another twist for the attackers who send the spam, is to appear

Identity Theft


to be from the user’s employer, or government agency, such as theirs. If a criminal steals your wallet or pocketbook, it is worth $250,000 to them because of what they can do in the future with your identity. I think this is quite high, but the $250,000 was explained to me step by step. I think on average it is around fifty thousand when they are “milking” everything they can from you. I think $250,000 is high unless they buy a house or car using your name. Thieves can buy a lot of merchandise by setting up many new accounts as well as reselling your information to other criminals. Guard your personal information from identity theft. Do not carry your social security number in your wallet. Do not give out personal information without verifying the authenticity of the inquirer. Preventing identity theft is a lot easier than re-establishing your good name.

Spear Phishing


30

Identity Theft


Chapter 4

Passwords Your college or university may have the finest computer system in the world with the best firewall and security systems in place. However, if you have a simple password or one that is easy to figure out and hack into, all of their programs are useless. It would be similar to having the best alarm system in the world on your house but always leaving the front door wide open whether you are home or not. The house alarm system becomes useless. If you create simple and easy usernames, passwords and pin numbers you are leaving the door open. I would encourage you to change all of your passwords today. That stated, you must do it right now; it is very important. In a recent article The Daily Collegian Online argued that: “College students may be especially vulnerable to identity theft according to a recent U.S. Department of Education survey because of the availability of their personal information and how they handle this data”. In April the Washington Post claimed that: “Enterprises and universities comprised the top sectors for data vulnerability”. The paper was referring to the 8.3 million personal and financial consumer records that had been exposed in the first quarter of 2008.

Passwords


32

Recently within a two month period there were reports that colleges and universities in Florida, Louisiana, Massachusetts, New York, North Carolina, Oklahoma, Pennsylvania and Virginia were hit hard with over 210,000 breaches of students and applicants information. This number is close to a quarter of a million people in only two months. Where do the criminals originally get the names of the people going to colleges and universities? MySpace, Facebook and You Tube are excellent sources. The purpose of these sites is to share information about each other. You are basically giving all of this information to criminals. You should remove most of the information from those sites. Do not put your address or any other identifying information on any of those three sites. If you want to have your name, fine. The criminals gather a great deal of information about you from those sites. For example, an identity thief can use your home address and phone number to get a change of address form from the Post Office and have all of your mail diverted to them. For example thieves compiled a list of students who went to Ithaca College in NY. Then the predators, who are quite sophisticated, went via Israel ( not their own country) and went into the web server for Ithaca College. They used a different country to cover their tracks. The thieves went into Ithaca College’s web mail and started hacking. Everyone wants to make his passwords easy to remember. Some people put their actual name as the user name and in this case, for their passwords they simply used Ithaca, Ithaca College or “Bombers.” The “Bombers” is their athletic symbol. Or, they will actually use the word password. We all want to simplify to remember.

Identity Theft


In the schools mentioned earlier, the criminals were able to hack into student’s accounts. The students did not know that someone had total access to everything in their email account at that point. These thieves totally took over their accounts. They changed the settings so that every email that came into your account now went to them. Let us say you have a book ordered from Amazon. The thieves will get your Amazon account information. They might have your credit card information depending on how you did the transaction. They will be working to acquire more information from your email account. However, what they are really doing is “ramping it up”. They are sending, literally, between ten and twenty thousand emails a day from lists and it is all being sent out from your account. If they get tracked, guess whose email address is identified. You guessed it-the poor victim from Ithaca College, the student with the easy user name and easy password. Thieves continue this phishing to try to get loads of information from other people. By the way, Ithaca College has made many changes to try to prevent this from happening again. Although such efforts will help greatly it is ultimately the responsibility of the individual student to protect himself/herself. One of the best articles I have seen to protect yourself on Facebook and similar sites is “Facebook Identity Theft Protection Guide: 6 tips to protect your identity on Facebook” found at http://www.nextadvisor.com/blog/2008/03/04/6-tips-to-protect-your-identity-on-facebook/ What is a good password? How are you going to choose a good password? You need capital letters, small letters and numbers. Some sites will even allow you to use strange symbols like exclamation marks (!),

Passwords


34

quote marks (“). If the site has no restrictions, use a symbol and not necessarily at the end. No one else will ever be able to figure out your password and you will have “closed the front door” so to speak. You may have trouble remembering your passwords. You can keep track of them with a list. Place the list at home or in a lock box if you are in college. Don’t ever leave any passwords anywhere in your emails or on your computer’s hard drive. If a company sends you a notice about a password or username for them, remove it from the computer by putting it on a “memory stick”, “thumb drive” “USB Drive” or CD. This way you will still have it if you forget in the future but anyone who gains access to your computer will not be able to access that information. If you’re going to travel make a photocopy of the fronts and backs of every credit/charge card you carry in your wallet and your passport in case it is stolen. Obviously, do not keep the photocopy in your wallet. Leave it with someone back home whom you know you can easily contact. You can immediately call and have them give you all of the numbers for all of the credit cards, license, insurance card etc. You should be taking only one credit card with you when traveling anyway. You should never take your social security card with you. If you’re paying by credit card you should never put your credit card number on your check because too many people at the banks have access to the information. Only put the last four digits of your social security card on your checks. Another note about checks, only have the first letter of your first name and your full last name printed on your checks. (Address is ok) The criminal will not be able to sign your entire name since he will not know your first name. The thief will not even know if you are male or female. Never have your social security number

Identity Theft


printed on your checks. One method of identity theft is by employees at banks or department stores. This person is making ten bucks an hour at a window at a bank and someone out front just offered them five grand to compile a list for them. The temptation sometimes will not be ignored.

Passwords


36

Identity Theft


Chapter 5

P 2 P

(Peer 2 Peer) I do not know many college students who have not downloaded games and are not presently downloading music from the internet. The downloading takes place from sites such as LimeWire, BearShare, Soulseek and more. These programs are installed onto their laptops, home computers and even parents’ computers. This is dangerous and you must remove them immediately. At the very least save the programs onto a CD, “memory stick”, “USB Drive” or “Thumb Drive” and remove them from the computer permanently. Please read the following very carefully. Saving the P 2 P program on the computer is one of the worst things you could possibly do. You are giving criminals anywhere in the world, access to the total contents of your computer. This access is available to the thieves whenever you are on the internet. You do not have to be using the P 2 P program at the time. Remove your P 2 P program now. If any parents are reading this book I have a suggestion for you. At the top of the computer screen there is a utility bar. In the utility bar you need to know what each icon means. If you see one you don’t recognize ask the other people

Peer to Peer


38

who use that computer to tell you what that program is. If it is a P 2 P program get rid of it, and be watching your credit. Then you must “wipe your computer clean.” We already covered passwords however; I would like to tell you what not to do. I used to save all of my passwords on my computer. If I received an email confirmation from a site stating I should keep this username and password for future reference I did. Although convenient this is a bad idea. Each password you have anywhere on your computer is easy access to the thieves. Remove them all immediately and put them onto a disc, memory stick, USB drive, thumb drive etc. This issue goes much deeper than mere passwords. Do you have your college application forms saved on your computer? What about your Financial Aid Application? Do you have tax returns that come to you in the form of emails telling you how much you “got back”? Did you install a P 2 P onto your parents’ computer? Do they have tax information on their computers? Do they use “quick books?” How much vital information is being exposed on their computers? Most people have no idea the extent of valuable information that exists on their computers that the criminals can use. You need to check which online subscriptions, registrations and accounts you still use and cancel those that you do not still use. In a recent study by “Capital One” in the UK alone there are over 296 million unused and uncancelled registrations, accounts and subscriptions on the web. That is over nine accounts for each adult internet user in the UK. This information came from an article “Web Users Warned Over Dangers of Identity Theft” by Lisa Smyth. The article went on to say that “Many online registrations and accounts require personal information such as names, addresses, dates of birth and telephone numbers, which could be used by fraudsters to steal identities.” “On average, the services that have been set up, but forgotten – by internet

Identity Theft


users in the UK – include accounts on social networking sites, online subscriptions to magazines and newsletters, registrations to shopping or auction sites, registrations to online services such as estate agents or wedding sites, email accounts, subscriptions to listings and venue newsletters, accounts on photo sharing sites and online dating site accounts.” The article went on to say “In total, over 4.7 million internet users have no idea how many online services they have signed up for. Two thirds admitted to not actively closing down registrations that they no longer use, and a third claim that they found the process difficult. However, the main reason given for not closing accounts was that the user had become bored and was no longer interested in that particular activity. Over a quarter of respondents had simply forgotten about the account and 25% had moved on to other sites without canceling original registrations.” I was surprised to find out that 18% of these online registrations and accounts have remained unused and unchecked for up to two years. In addition this study showed that there are around 450,000 internet users with at least one online account that has remained open but unused for 10 years or over. The head of Capital One in the UK, said: “The internet offers so many useful services, enabling us to stay in touch, go shopping and share information that it’s easy to get carried away. Users can lose track of the information given out online and that’s when they run the risk of their personal information falling into the hands of identity fraudsters.” “The safest way to interact online is to reduce the amount of unnecessary personal data held and this means deleting registrations that you no longer use.”

Peer to Peer


40

Please remember that everything on your computer is made available to the criminal with one of those P 2 P programs installed on your computer. Simply deleting the P 2 P program on your computer is not enough. You must “wipe your computer clean”. There are three levels of depth associated with this. Please refer to the back of this book to purchase a DVD with a step-by-step process of how to wipe your computer clean.

Identity Theft


Botnets, Malware, Crimeware


42

Chapter 6 Botnets, Malware, Crimeware

Botnets Botnets, or networks made up of thousands of compromised computers used for criminal purposes, send out 91 percent of all e-mails most of which are spam. They are responsible for millions of dollars in theft from consumers, according to the email management firm Couldmark. It is estimated that approximately 7.3 million phishing emails are sent out daily. Criminals compile lists of people who have fallen victims to the phishing scams and filled in information. Now they take all of the compiled information/data and actually sell that list to other criminals. They make a fortune doing this. The new criminals then use the information to steal more of your money, open new credit card accounts in your name and purchase car and houses. The list is endless.

Malware Malware is unwanted software running on your computer that performs malicious actions. It also includes adware and spyware and illegal software without a commercial purpose,

Identity Theft


such as destructive viruses. It has been estimated that one in four personal computers in the United States, or 59 million PCs, are already infected with malware, as reported by scientists Colin Barras, and Tom Simonite.

Crimeware Crimeware is a form of malware. According to Wikipedia, Peter Cassidy of the Anti-Phising Working Group coined the term “Crimeware” which means a “type of computer program or suite of computer programs that are designed specifically to automate financial crime.” According to an article entitled The

State of Crimeware on the Internet in the Blogger News Network in June 2008 crimeware is software that performs illegal actions intended to yield financial benefits to the distributor, and not the user, of the software. It is distributed to the masses in a few different ways: Social engineering attacks convincing users to open a malicious email attachment containing crimeware; Injection of crimeware into legitimate web sites via content injection attacks such as cross-site scripting; Exploiting security vulnerabilities through worms and other attacks on security flaws in operating systems, browsers, and other commonly installed software; Insertion of crimeware into downloadable software that otherwise performs a desirable function. The Consumer Reports estimates 8 billion dollars lost by victims.

Botnets, Malware, Crimeware


44

In October of 2006 The Crimeware Landscape stated “there were at least 215 different keyloggers found.” Keyloggers are a type of crimeware that install themselves either into a web browser or as a device driver and monitor data.

Identity Theft


Dumpster Diving/Bin Raiding


46

Chapter 7

Dumpster Diving/Bin Raiding What is dumpster diving or bin raiding? According to Wikipedia “Dumpster diving is the practice of sifting through commercial or residential trash to find items that have been discarded by their owners, that may be useful to the dumpster diver. The practice of dumpster diving is also known variously as urban foraging, binning, alley surfing, curbin, d-mart, dumpstering, garbaging, garbage picking, garbage gleaning, skip-raiding, skip diving, skipping, skip-weaseling, tating, skally-wagging or trashing.” “The term originates from the best-known manufacturer of commercial trash bins, “Dumpster.” There is much information about this practice. There are special stools to raise you high enough to reach over, special tools to grasp the materials and bring them to you, special times of the day to perform your search and time limits at each dumpster. There is an actual etiquette for those people in the practice. Some people make a legitimate living by reusing resources destined for the landfill and view themselves as “green people.” What we are most concerned about here is really diving for information. Also from Wikipedia “All too often, dumpsters can be an inadvertent source of information. Unwanted files, letters, memos, photographs, identities, and other paperwork have been found in dumpsters. This oversight is a result of failure to realize that sensitive items like passwords, credit card numbers, and personal information thrown in the trash could be recovered anywhere from the dumpster to the landfill. This recovered information is used by criminals for fraudulent purposes, such as identity theft and the

Identity Theft


breaking of physical information security. The criminals remove bags from the dumpster, put them in a truck or van, and sift through them to find information they can use. The thieves go through trash at your home, school, place of business, department store, bank or literally anywhere. They are looking for account numbers, names, addresses, phone numbers, pin numbers or anything else they can get that will enable them to gather information about someone or open new accounts under an unsuspecting person’s name. I was speaking with a law enforcement officer who is working in the area of identity theft for New York City. He said dumpster diving ranks up there with the highest of criminal activity. It is still going on, especially behind banks. To thwart dumpster divers buy a shredder folks. It is approximately forty bucks at your local office supply store. You don’t need a huge piece of equipment or a company to come with this massive truck every month. Just purchase a simple shredder and use it. The best type of shredder is one that cuts the paper lengthwise and at the same time separates/cuts it widthwise into small pieces. The most important items to shred include any credit card offer you receive, any monthly banking or credit card statements, any tax information or literally any paper that has information on it regarding you or your accounts.

Dumpster Diving/Bin Raiding


48

Identity Theft


Chapter 8 Cameras, Spyware, Adware

Cameras Criminals are using their own cameras. When you go to the ATM machine and insert your card look around. Criminals are putting up wireless cameras up after hours. They are sitting in a van filming every single transaction that is coming through the ATM machine, especially if the ATM is in a remote area. Everyone’s password that went to the ATM machine the entire night is on video. People are taking pictures on their cell phones of your log-in information and using it to gain access to everything on your computer. This is also known as shoulder surfing. Before you log into your computer increase your awareness of what is happening around you. Shoulder surfing occurs in all types of public places such as airports, train stations and banks.

Here is an actual story of someone other than myself who had information stolen. It is a fairly common story these days. “I just want to add something. This happened to me. I travel for my job and we use the American Express card and I usually just pay my monthly bill by phone. I don’t even look at the bill, but something told me to look at my

Cameras, Spyware, Adware


50

bill and I did. I had all of these charges from all of the Marriott hotels from different states that I had never been in”.

I called American Express and said, “These are not my charges.” They said, “We will investigate.” Then they called me back and said, “These are valid charges.” Each one of them, involved different people signing their name, not my name. Other people signed their names and they were saying this was legitimate. I was in one of those hotels in Atlanta in November so it has to be someone in that hotel that is taking the numbers and giving them out. That is an example of a business/hotel known as skimming that is occurring everywhere. Depending on which source you read there are between 8.7 and 10 million people every year that have their identities stolen. That is a lot of people and 50% of them don’t even know how the criminals got the information. The cost to consumers is 47 billion dollars a year right now and it is escalating. “Who cares you say? That’s the problem of the big companies. They are making millions, let them absorb the losses.” No! They pass those charges down to you folks. Now instead of paying 12.5% interest you’re now going to pay 15.2% to cover their losses. They are not going to absorb those losses. You're going to pay for their losses.

Identity Theft


The number one identifying document is your social security number. Protect it at all costs. If thieves get that they can do anything they want: open up many credit card accounts, buy a house, finance a car, a boat, electronic equipment-literally anything they want. A lot of college students usually say, “I only have twenty bucks in my account. They are not coming after me.” You are mistaken; the thieves are quite interested in you. Once they have your identity they will apply for and receive credit cards. The evil doers may open up 20 different credit card accounts in your name. They will “max” them out within two weeks. You will never know this is happening because the thieves have all of the bills and statements sent to their location. While you’re sitting in class someone is having a good time at a fancy hotel at your expense. The criminals may be having champagne on you with room service. Who is kidding whom? This is happening every day in this country and that is why you need to be concerned. The bill collectors are eventually going to track everything back to you and you’re the one who has to sift through the huge mess. It will be your responsibility to prove you did not make these charges. Sometimes it takes two full years of daily work to go through the horrible process of clearing your name. It is not just an inconvenience folks. It is a nightmare and it is happening to 10 million people every year. Every 2 seconds in this country someone’s identity is stolen. That is why more and more people are becoming aware of this problem. However, even when the people become aware of the



52

growing problem in the US they are still not doing anything to protect themselves. Only 4 years ago if you walked into a police station to file a complaint, the police would automatically think you were the criminal. Now they realize the enormity of the problem and usually have procedures in place to help you. Your driver’s license is a principal form of picture identification. It is the second most important document to protect. Criminals can use that to impersonate you. That would be like leaving the back door open. Perpetrators of course, want the account numbers, credit card numbers, bank account information, pin numbers, passwords and everything else as well. From businesses they steal records. They bribe the employees, conning information from employees, and hacking into company computers. Spyware Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent. Wikipedia states that the term spyware suggests software that secretly monitors the user’s behavior; the functions of spyware extend well beyond simple monitoring. Sypware programs can collect various types of personal information such as Internet surfing habits, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third

Identity Theft


party. Sypware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs. Adware The term adware frequently refers to any software which displays advertisements, whether or not the user has consented. Most adware is spyware in a different sense than “advertising-supported software,” for a different reason: it displays advertisements related to what it finds from spying on you. Other spyware behavior, such as reporting on websites the user visits, occurs in the background. The data is used for “targeted” advertisement impressions. Unlike viruses and worms, spyware does not usually self-replicate. Like many recent viruses, however, spyware-by design-exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information); monitoring of web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. This Wikipedia article also states that spyware gets onto a system through deception of the user or through exploitation of software vulnerabilities. Most spyware is installed without the users’ knowledge. Spyware deceives users, either by piggybacking on a piece of desirable software such as Kazaa, or by tricking them into installing it (the Trojan horse method). Some “rogue” anti-spyware programs masquerade as security software, while being spyware themselves. The recent proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill



54

themselves as anti-spyware, antivirus, or registry cleaners, and sometimes feature pop-ups prompting users to install them. This software is called rogue software. It is recommended that users not install any freeware claiming to be anti-spyware unless it is verified to be legitimate. The following should never be installed onto your computer. They are all rogue or fake software: AntiVirus Gold ContraVirus Errorsafe (AKA system doctor) MacSweeper PAL Spyware Remover Pest Trap PSGuard SpywareStrike Spydawn Spylocked SpyShredder Spy Wiper UltimateCleaner WinAntiVirus Pro 2006 WinFixer The distributor of spyware usually presents the program as a useful utility-for instance as a “Web accelerator” or as a helpful software agent. Users download and install the software without immediately suspecting that it could cause harm. For example, Bonzi Buddy, a program bundled with spyware and targeted at children, claims that: “He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you’ve ever had! He even has the ability to compare

Identity Theft


prices on the products you love and help you save money! Best of all, he’s FREE!” Here are more examples of “bundled” spyware to guard against. CoolWebSearch, is a group of programs, that takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwesearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer’s hosts file to direct DNS lookups to these sites. Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites. Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies . HuntBar, aka WinTools or Adware.Websearch (http://securityresponse.symantec.com/avcenter/venc/data/ adware.websearch.html), was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track



56

aggregate browsing behavior, redirect affiliate references, and display advertisements. Movieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General’s Office, the Better Business Bureau, and similar agencies. Consumers complained they were held hostage by a cycle of oversized pop-up windows demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay. The FTC filed a complaint, since settled; against Movieland end eleven other defendants charging them with having “engaged in a nationwide scheme to use deception and coercion to extract payments from consumers.” Zlob Trojan, or just Zlob, downloads itself to your computer via an ActiveX codec and reports information back to Control Server. Some information captured is your search history, the Websites you visited, and even Key Strokes. More recently, Zlob has been known to hijack Routers set to defaults. Be aware that there are many others. Simply stated do not ever install any freeware claiming to be anti-spyware.

Identity Theft


Notes

Postal Engineering


58

Chapter 9 Postal Engineering

Redirecting or Forwarding Address

Fraud What is Postal engineering? A simple definition is stealing mail from your mailbox and/or redirecting your mail to the thief’s mail drop. When you put a letter in your mailbox and put the flag up, someone comes along, removes the contents and leaves. They want to grab the outgoing mail with all of the bills you paid by check. The criminals now have your check numbers and will order more and have them sent to their mail drop. The checks from the mailbox may have your credit card number on them which would be a nice bonus. Never put your entire credit card number on your checks. Place only the last 4 numbers of the card on the check. Notice the last 4 digits are always in “bold” on your credit card bill. The criminals see what they can use and return the other items. They know when the mail is delivered and they steal it. Postal engineers make sure to follow the equal rights motto as they also want your incoming mail. They will follow through on every credit card offer and have the bills sent to their own mail drop so you do not know they opened an account in your name.

Identity Theft


Do not take this lightly. According to Experian, forwarding address fraud was the most common method of identity theft last year accounting for 36 per cent of all identity fraud reported to them. Once thieves get your information, they open another account in your name but all the mail gets diverted to them. One thing you can do to help yourself in this identity theft war is to check the date the statement arrives in the mail for every credit card you have. It is always within two or three days of its usual arrival time. You must maintain a list every credit card you have e.g. Sterns, Macy’s, Visa, MasterCard etc. Start tracking what day each arrives. By monitoring each card monthly you can determine if a card is late. Obviously, something is wrong and you must call the credit card company. You must also view your statement every single month. Be certain you go through every single item on each credit card and make sure you purchased each item. If there is an item you do not recognize, first question anyone else at home that uses the card. If you can not recall purchasing an item call the credit card company or the number listed on the credit card and get details about that charge. Every month I check my credit cards and sometimes say, “I don’t recognize this charge.” The purchase may be legitimate but the product I ordered had nothing to do with the name for the mailing or the billing, but I actually did it. You have to follow up on the charge if you don’t recognize it. The sooner you detect that your identity has been stolen, the better it is for you. The sooner you catch it, the less work there

Postal Engineering


60

will be straightening out the mess. If you get this within the first two to three weeks it will only be 40 hours of work. I say only 40 hours, one hour at a time, waiting on hold, trying to contact a particular person, having to prove you did not make the trasaction, calling the FTC and going to the police. It is still a nightmare, but the sooner you can find out your identity has been stolen, the faster you can repair your financial reputation. In addition to monitoring each item on your monthly credit card statements you must continually examine your credit rating. Get your yearly credit report and rating from all three credit agencies each year. You are allowed 1 free report every year from each of the three companies. Try to stagger the three reports. Get a different report every four months all year. January 1st get one of the three reports. May 1st get a different company report and on September 1 get the final free report from the last credit reporting agency. People who rent, including college students, usually during their junior or senior years are particularly vulnerable to identity fraud. When you move you must let every business/organization you deal with know of your new address. The USPS has a simple package you can buy with post cards to make it easy. Also have the post office continue redirecting your mail to your new address for at least one year after you move. Here are the three major credit bureaus you need to know and the contact information. Experian with website www.Experian.com. To report fraud call 1-888-397-3742 or write P.O. Box 9532, Allen, TX 75013. Equifax at www.Equifax.com. To report fraud call 1-800-525-6285 or write P.O. Box 740241, Atlanta, GA 30374-0241.

Identity Theft


TransUnion at www.TUC.com. To report fraud call 1-800-680-7289 or write Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

Postal Engineering


62

Identity Theft


Chapter 10 Foreign Utilities Fraud

(Telephone Scams) This area of fraud is extremely frightening to me and I will show you why. It will cost you between $100 and $1,000 and the United States can not protect you in any way. If someone locally calls you and says they are servicing your telephone line and needs to run a check-please punch in 90#-don’t do it. You just gave them total access to your line and they can call anywhere in the world for as long as they like and you will receive the bill for it. You should not return any telephone call from a stranger with any unfamiliar area code but especially 809, 284 or 876. The following sentence was taken from an article entitled “Are you a sucker for a scam?” by Bankrate.com. “Con artists use these pay-per-call area codes to skirt 900 blocking—and U.S. authorities- scamming people for long distance charges, often in excess of $100 per minute”. The scams may vary but go something like this... You will get a message on your answering machine. “Your mother was just in a massive car accident. This is an emergency. Please call the hospital immediately at 809 with the rest of the phone number.

Foreign Utilities Fraud


64

Who knows area codes? The area codes are changing all of the time now. You are now emotionally upset and call the number. When they answer you get someone on the other end that says “hospital, please hold.” Guess how much this call is costing you? Sometimes the costs can be as much as $100 per minute. The con artists have this scam down to a science. The con artists put you on hold “I can't believe I am on hold.” “May I help you?” “Yes I just got a call that my mother was in a car accident.” “What’s your mothers name please?” What are they doing? They are just getting information left and right and you’re just giving it to them. “Well I need to know about my mother?” “Please calm down Ma’am. We need to get this information so that we can find her in our computer data base system.” Okay you give them all of the information about your mother, where they live, address, and phone number, all of her insurance information, the “whole nine yards”. “Do you have her social security number?” “I don’t know my mothers social security number.” “Hold on I have to check a different database.” “Please hold” at $100 a minute. They keep you on the phone an average of 10 minutes. Sometimes it is only $.25 a minute and sometimes it is $100 a minute. So maybe you only lost $25, $1000. When you get your telephone bill at the end of the month you say that is ridiculous I didn’t make that call. You call your local

Identity Theft


phone company and they say, “Oh, I’m sorry it was a long distance call and that has nothing to do with us.” They wash their hands of the whole thing. Now you call your long distance carrier. They say, “Did you dial that number?” Then you remember about your mother and the car accident “Yes.” “Sorry” “We can’t help you. You dialed that phone number.” We are just a “middle man” and we are required to pass that call on to its destination. That is serviced at $100 a minute so you call the FBI. Guess where that call originated? Nowhere on American soil. “I’m sorry that is not our jurisdiction. That is out of this country. We can't help you.” Please pass the area codes 809, 284 and 876 around to everybody that you know. Those are the latest ones. Are there going to be more? Yes. Bottom line is never dial an unfamiliar area code. A complete listing of all area codes for the United States, Canada and the Caribbean can be found on line at http//www.prodial.com/areacodes-Num.html. You can print them in numerical order or alphabetical order or both. Look them up and print them out.

Another Phone Scam Here is another scam that I have heard about. During my research I could not find anything to verify it in writing but let me tell you about it anyway in case you come in contact with it. A person goes into a business wearing a recognizable uniform to represent one of the overnight carriers, and has a legitimate



66

envelope. And he walks up to the receptionist in a decent size company in New York and says “This overnight is for Mr. John B. Smith on floor 13. I have to watch him sign it. You can have me go up or you can have him come down. I don’t care what you want to do, but I have to see him sign it.” “Alright just a minute,” after the receptionist looks him up, “We don’t have a Mr. John B. Smith.” “Is this 1625 West 57th Street?” “Yes” “Well there has to be a John B. Smith here.” “No.” “Can I use your phone for a second? Let me just call my home office. The company cell phone’s not working today. I just picked it up from the truck. The guy yesterday who used the truck forgot to put it in the charger so it is dead.” “Alright, it is a local call?” “Yes, absolutely.” The guy goes on the phone and calls right to his buddy back home “blah, dah, dah” and he says “wait no, no.” “They just put me on hold. I am one of the “freaking” workers and they put me on hold.” This ends up being 10 minutes and then it turns out that it is 1625 East 57th Street, not West 57th. “The people who work in the office are incompetent fools.” The person who filled this out wrote the wrong address. Thank you very much. You’ve been awesome.”

Identity Theft


Ten minutes go by and what happens? The company loses $1000 on that phone call. How long can it take them to make ten grand? They walk out of the building and go next door and do the same thing and make another ten grand. They already have another envelope for the guy next door. They can make so much money on these scams in a matter of hours it is incredible and there is very little chance of getting caught. The phone bill does not show up for 30 days.



68

Identity Theft


Government Documents


70

Chapter 11 Government Documents

During tax season, scams involving seeming government documents are out of control. You receive a notice/email that reads something like this. “After the last annual calculations of your physical activity,” this is from the IRS by the way, “we have determined that you are eligible to receive a tax refund of $238.59.” “Alright, nice!” you say to yourself, “My accountant must have screwed up”. I’m getting more money. It must be one of those new tax information programs. Let me jump right on there and give them the information they need.” At the bottom of the email it reads “Copyrighted 2008 Internal Revenue Service USA all rights reserved.” You would think it has to be legitimate.” Phishing, it is just constant. You can't indiscriminately answer anyone or any notice safely anymore. You can't do anything. I repeat, anytime you have an email or regular mail asking you for information go to the “real” site for that company and call

Identity Theft


them directly to see if in fact they do need information from you. Do not call the number on the “phishing site.” Hackers are now buying cars in your name. They are actually taking out loans, $100,000 loans, especially if you have good credit as an adult. As a student they are not going to be able to do that to you. You would have to have a co-signer for that, but actual people in the workforce need no cosigner. Hackers can get a car loan; they can get a loan on a house and mortgage. Where are the bills from the car loan, mortgage or any other loan going to be sent? They will be sent to their location, not yours. Further down the road the criminals are getting late notices. They will not respond for months. Creditors start calling the people who have the loan. They file bankruptcy. Now this usually goes into litigation and this is going to get extended for about a year. In the meantime the criminals are driving their new car all over the place and possibly living in their new home. And, they are still traveling and going to nice hotels on either your or someone else’s credit card. This is going on quite a bit. They are doing it all of the time. Everything goes to them. They establish phone and wireless service in your name too. Counterfeit checks and debit cards drain your accounts if you have money in them. The person with the twenty bucks doesn’t have to worry about that? The thieves open more bank accounts. When you open a new account you receive 10 checks that can be used until your “real” checks come in. The criminals spend way beyond the amount they deposited and the account is overdrawn.

How Do You Know If You’re A Victim?


72

Chapter 12 How Do You Know If You’re

A Victim? How do you know if you have become a victim? First, you can't get credit. You needed to know sooner but you become aware of your credit problems when you went to buy a car or get a loan. You could have learned of this by keeping a record of your bills arrive and keep an actual list. You can put them on an Excel spreadsheet. In three minutes you could have an Excel spreadsheet with arrival dates for each card and just make a check mark when that bill came in and the date. That is all! Make sure it is the right date. You receive unsolicited credit card offers. The criminals mail in all of the offers for free credit cards that they stole out of your mailbox. When the bill comes due they may make a payment then call the credit card companies and ask to bump up your credit amount. “You can move me to $15,000 instead of $10,000.” Credit reports – You have to get your credit reports regularly so that you can spot unauthorized activity.

Identity Theft


Criminals obtain personal information as a result of an accident. Now the criminals have all of your information. It is easy for them to make out a new drivers license with their picture on it and your name. They simply give your name and contact information. Later, after you fail to show up for court, the Police simply receive a report with your information but no photograph to make the arrest. The police officer doesn’t have any way to identify you. He comes to your house and arrests you. I know of someone else who was paying the mortgage on his house for 16 years. Someone knocked on the door. “We want to look at your house.” “What are you talking about?” “It’s For Sale.” “What are you talking about? You have the wrong address buddy. This house is not for sale.” “Is this such and such address?” “Yes this is my house. It is not for sale.” “Well this here says it is for sale. I want to look at your house.” The next day you go down to the county clerks’ office and discover someone wrote a quitclaim deed on your house. They forged your name and it has now been filed as public record. Once it is filed as public record it is up to you to prove it’s not your signature. You now have to hire a forensic document examiner (handwriting expert) to get a written letter stating it is not your signature. This person had been paying the mortgage on his house for 16 years. Why in the world would he ever sign a piece of paper giving the house to someone else he doesn’t

How Do You Know If You’re A Victim?


74

even know. This is happening a lot and it is happening to good people.

Identity Theft


Chapter 13 “Opt-Out” From All

Businesses To “Opt-out” simply means you do not want a particular company or service to sell or pass on your information to anyone else for any reason. There are numerous companies in the country that do this for profit. This is a monumental task. Here is the information you need to be removed from all lists in this country. Every “information providing” company is a little different but you have to fill out forms, send them in and some even require you to put your social security number on them. I thought that is what we were supposed to protect with our lives? I have to send it through the mail? I have provided the following list of all companies in the country and how to “opt-out” from them. If you would like to see a listing of all of the companies that allow you to opt-out go to www.privacyrights.org. Click on “Online Data Broker” in the middle text area. Click on “Data Vendors that offer an opt-out policy”. You will be taken to a section that lists about 20 pages of companies. The listing for

“Opt-Out” From All Business


76

each company will include; company name, website, and corporate address – privacy policy – opt-out information – Opt-out mailing address, phone number or weblink – instructions and information needed to opt-out – and notes. This could be time consuming but for each company with whom you opt-out, you reduce your chances of criminals getting additional information about you or your company. Know your rights regarding privacy. Every single time you sign up for a service there is a privacy policy listed that gives you information regarding your rights. Opt-out if possible. You have the right to “opt out” from such services. Most people just ignore this opportunity. “I don’t have the time.” Click, “I accept this” and “I accept that”. They usually have the privacy policies in there. Start reading them. When they say you can opt-out, do it. It is very important you do that. Folks: How do you get the credit card companies to stop sending you credit card offers? I get so many. What about the thousands of other pieces of junk mail you receive each year. How do you stop the junk mail? How can you get removed from these mailing lists? To Stop Unsolicited Offers of Credit and Insurance The fastest and easiest way to reduce the number of unsolicited credit and insurance offers is to go to the Federal Trade Commission web site www.ftc.gov and click on the button that says “Facts for Consumers” and then follow the directions for opting out. Another way, perhaps easier is to go directly to www.optoutprescreen.com or call 1-888-5-OPTOUT (1-888-567-8688) to stop all unsolicited offers of credit and insurance. According to the FTC website “By filling out the necessary information you will stop the prescreened (prequalified) solicitations that are based on lists from the major consumer reporting companies.” You may continue to get solicitations for

Identity Theft


credit and insurance based on lists from other sources. For example, opting out won’t end solicitations from local merchants, religious and charitable associations, professional and alumni associations and companies with which you already conduct business. To stop mail from groups like these – as well as mail addressed to “occupant” or resident” – you must contact each source directly.” If you have joint credit relationships, like a mortgage or a car loan with a spouse, partner, or other adult, you may continue to receive some prescreened solicitations until both of you exercise your opt-out right. The federal government has created the National Do Not Call Registry – a free, easy way to reduce the telemarketing calls you get at home. To register your phone number or to get information about the registry, visit www.donotcall.gov, or call 1-888-382-1222 from the phone number you want to register. You will get fewer telemarketing calls within 31 days of registering your number. Your number will stay on the registry for five years, until it is disconnected, or until you take it off the registry. After five years, you will be able to renew your registration. When I opted out of the do not call registry I was so surprised and pleased at how fast and simple it was. I was off of the phone in less than one minute completely finished. The Direct Marketing Association (DMA), a trade association for businesses in direct, database, and interactive global marketing, maintains a Mail Preference Service that lets you opt-out of receiving direct mail marketing from many national companies for five years. When you register with this service, your name will be put on a “delete” file and made available to direct-mail marketers. However, your registration will not stop mailings from any organizations that are not registered with the DMA’s Mail Preference Service. To register with DMA, send a letter to:

“Opt-Out” From All Business


78

Direct Marketing Association Mail Preference Service PO Box 643 Carmel, NY 10512 Or register online at www.the-dma.org/consumers/offmailinglist.html. The DMA also has an Email Preference Service to help you reduce unsolicited commercial emails. To “opt-out” of receiving unsolicited commercial email from DMA members, visit www.dmaconsumers.org/offemaillist.html. Your online request will be effective for one year. All of the above information was taken directly from the Federal Trade commission to make it easier for you. Once again guard your social security number and release it only when necessary. Don’t print it on your checks. Use the last 4 digits. The same is true when asked to put your credit card number on a check. Only use the last 4 digits. Only the last four digits are in bold. And don’t ever carry your social security card with you. Minimize what you carry in your wallet. Start taking items out and put them in a lock box. You don’t need everything you carry with you all of the time. If you are injured your local hospital has your records or you can get it to them the next day. That is not going to be a problem if you need medical attention, especially if your file has your social security number on it. Remember talking about the guy outside the bank that offered employees five grand? Well now people you know are told to steal just one item from a fellow employees/roommates wallet or purse. They are not taking the entire contents of the wallet or purse. That is a new one. They are taking just one credit card.

Identity Theft


You really have no clue until the next time you go to Macy’s and that maybe four weeks down the road. By that time they have so many other accounts set up. You cancel the one account but they have already set up 15 other accounts. There is no notice to you immediately

If You Are A Victim


80

Identity Theft


Chapter 14 If You Are A Victim

Whom to Contact Step 1 If you are a victim you need to place a fraud alert on your credit report. They say that if you call just one of the three credit report companies they automatically send a notice to the other two. As far as I am concerned if I am going to have a problem I am sending it to all three. I am filling out the extra paperwork. By doing all three each one will have three notices supposedly about my problem. To me that is going to be better than somebody telling me they are going to send it to the other guy and if they don’t “We must have lost that.” That would never happen. Step 2 Close all accounts that you know or believe have been tampered with or opened fraudulently. Some people believe you have to assume that they have access to every account which

If You Are A Victim


82

includes credit card, cellular phone service, and auto loans. They believe you must close out all of your accounts if you’re a victim. Step 3 Contact the Federal Trade Commission and fill out a complaint and an ID Theft affidavit. Print a copy of your complaint to provide important standardized information for your police report. Now there are a lot of forms on there. If you do go onto the FTC site they have excellent instructions for you on how to fill out the forms. There is paperwork involved which is yet another reason to protect yourself from ever having your identity stolen. There are additional forms from the FTC depending on your specific situation. Step 4 File a report with your local police or police in the community where the identity theft took place. Give the police a copy of your FTC ID Theft complaint form. Get a copy of the police report or at least the police report number. Try to do that within 24 hours. You need a police report because every creditor will require a police report. Process the report and make a bunch of copies. You must tell the police the type of ID theft, what the complaint was, knowledge of the thief if you have any, and organizations notified. You need to create a spreadsheet if you become a victim. You can make your own spreadsheet, but you need to really keep track and have accurate records. Look in the back of the book. I made one for you that you can have for free. Get it from my web site. If you are creating your own spreadsheet it should list the three credit reporting companies Equifax, Experian, and TransUnion. The spreadsheet should also list all of your bank and credit card accounts. Headings on the top of your spreadsheet should include – the issuer, name, date, address, date contacted and the

Identity Theft


person you spoke to. You have to keep accurate records. Your spreadsheet should also have a comment section. This should include what you spoke about in your conversation with this person. You need to keep a record of every step you have taken to clear your name. If you do not keep a record you will increase the total hours needed to repair your credit. After working diligently for many hours after your identity was stolen you believe your problems with a particular company have been resolved. Then you get another bill. When you call, the people at the company say “We don’t have any record of your calling before.” With your spreadsheet you can tell them exactly what day you called, with whom you spoke and what the conversation entailed. It is so frustrating to the people who are going through the nightmare. Make it easier for yourself with the spreadsheet. Your spreadsheet should also list law enforcement authorities, the agency, phone number, day contacted, person you talked to, report number, and the comments. You can make one out yourself, but you need all of that information on it. If you have a theft involving a specific problem like an ATM machine here is the number you call. It is called TeleCheck, the company. 800-710-9898. The next specific problem involves checks and you need to call the International Check Service at 800-631-9656. If you have a problem with your phone service notify your carrier, cancel your calling cards. You have to call the Public Utilities Commission at 888-CALL-FCC.

Reporting Theft

If You Are A Victim


84

If you can report the theft of credit cards within 2 business days your liability is limited by the credit card company to $50. That is not bad. Within 3 to 60 days your responsibility increases to 500 bucks. By the way, banks are attempting to pass laws that will leave you totally responsible for bad checks. They are trying to absolve themselves completely and they are making headway on it. They already have rules that require the culpable party responsible. If you are careless with your checks, you will be liable for loss due to theft and forgery. After 60 days you may be completely liable so you have to report theft immediately. That means reconciling your checking account properly For theft involving your social security number, call this number. It is the Social Security Administrations Fraud Hotline. 800-269-0271. If someone else is also using your social security number there may be a discrepancy in your total earnings. Therefore you need to verify your earnings. To do this you must request a copy of your social security statement by calling the social security office 800 772-1213. Here is a web site that will give you a great deal of information regarding identity theft. www.ftc.gov/idtheft. Usually your state will also have information for you

Identity Theft


Credit Monitoring Services


86

Chapter 15 Credit Monitoring Services

You should try to get a credit monitoring service. There are so many of them out there. Lifelock, Identity Guard, Identity Truth, Family Secure, Trusted ID, Loudsiren, different Identity Guard, IDWatchdog, Identity Theft Shield and Good Start to name a few. They are all helpful in one way or another. They usually range in price from $9.99/mo to $19.99/mo. According to NextAdvisor.com who is “the trusted, independent source for comparing the most valuable new services” states that “Lifelock is the best value for identity theft protection.” With my own comparison I also thought Lifelock was the best. It is one of the least expensive and in my opinion they do the most for you. It is $9.99/mo. I am a member of LifeLock. I registered with that particular company because they do many of the things we have been discussing in the book. Most of the others only notify you of a credit alert, a fraud alert. They will call you and say, “A new account was just set up, was this done by you?” But, they do nothing else for you. LifeLock® actually does some of the work for you. When you have a problem they go in and fix it for you. They also do a lot of the things you will probably not do for yourself.

Identity Theft


LifeLock® has the advertisement of the guy who drives around with his social security number written very large on the side of the truck. I actually saw him in Vegas when I was there speaking. The truck drives around with the sign saying something to the effect that we’re so good that I can show my social security number and not ever have to worry. I thought it was an impressive way to advertise but that is not why I signed up with them. Here is a bonus tip for you. If you choose to sign up with LifeLock and use the code “Protec” I was told you will save 10% each year on the total cost of the service. LifeLock is not perfect. They have a couple of lawsuits from the credit services because they are forcing the credit services to do a lot more work for no additional pay. That is my interpretation. Whichever service you choose for will protect your credit. I just think LifeLock gives you more for your money. Other Useful Things You Must Do For Yourself Make sure you install a firewall on your computer. Keep McAfee/Norton anti-virus protection. There are a whole bunch of anti virus programs out there. They stop some of this phishing from coming in although the people who do the phishing are brilliant “computer wise” and millions of dollars at their disposal. They are up on the “cutting edge” of all of the computer scamming. Examine your social security personal earning and benefits estimate statement annually. If you do not have a regular job or you are a student you may not be receiving this, but if you are in the workforce you’re getting this statement every year.



88

Shop online with companies providing secure transactions. There aren’t too many of them. The “http” that you always see for a web site stands for Hyper Text Transfer Protocol. If you see an “s” after the http (https) it means it is a secure site. You can also tell because there is usually a picture of a small yellow lock at the bottom right of the page. Wipe your computer clean and if my son saw me writing this he would be laughing hysterically. “You’re going to tell people what to do with their computer? You’re going to help them out with their computer? All I can tell you is what was told to me. I can't tell you how to do that. I know that there are 3 different levels of “wiping your computer clean” and each one goes deeper than the one before it. The deepest level is the best but any level will help you. Go online and search the internet to find out how to wipe your computer clean. Or find a computer “tech person” to help you. You may also refer to the DVD offer in the back of this book with a step by step program on how to wipe your computer clean. I know that if you have sensitive information on your computer it must be removed. Any time you set up a new account on the internet it has new log-in information including username and password. I used to keep mine right on my computer. I used to say to myself “I may need that information some day so I do not want to delete it.” I might forget my password, I have to write it down.. You have to take all of those passwords and usernames and put them on a disk or a thumb drive. When you need to remember a password you put the disc into the computer and look it up. When you have finished with the disc you remove it and store

Identity Theft


it. In this way the information is never available all of the time on your computer should someone gain access to it. If you leave this data on your computer the criminals can jump in and hack everything. The thieves have total access to your computer. They will steal all of your information and you don’t even know it has happened because it is still in a folder in a file on your computer.

You need a shredder to shred all material with any account information or any other personal information. Shred all credit card offers that come in the mail that you are going to ignore. The same goes for the extra credit “checks” you are not going to use. Shred and dump them all! If you have a safe deposit box, lock all of your papers there. You’re allowed one free credit report from each of the three credit reporting companies per year. Make sure you get them and go through them. Sometimes it is a little hard to understand. Once you figure out how to read the credit report from one company the other companies are about the same. When you



90

figure out how to read the credit report from one company the other companies are similar.

Identity Theft


Forgeries


92

Chapter 16 Forgeries

Being a Forensic Document Examiner (I testify in court regarding the authenticity of signatures/forgeries) I do not feel the book would be complete without some helpful advice regarding protecting yourself against forgers. If someone forges your name for their benefit they are in essence stealing your identity.

Check Washing Jot this down. You want to purchase a Uni-Ball Signo 207-gel pen. This is recommended by Frank Abagnale as well as the American Banking Association (ABA). Frank’s story was covered in the movie Catch Me If You Can is all about. This is the only pen on the market today that will not “wash out” on a check. It contains specially formulated ink that resists check-washing. Frank Abagnale states in his article “Identity theft, check fraud bigger than ever” “This ink will not dissolve in chemicals, because the ink’s pigment becomes “trapped” in the paper’s fibers. I remind people wherever I go that using a secure pen is one of the easiest and cost-effective steps they can take to protect themselves.” Another suggestion Mr. Abagnale makes “Do not sign your checks using your exact name as it is pre-printed on the check, and keep this signature on file at the bank. For example, if the name on the check is Paul M. Smith,

Identity Theft


sign the check P.M. Smith or Paul Smith as an extra precaution. A thief will most likely sign his name the way it is printed in the upper left hand corner.” Remember do not use a regular ballpoint pens because they contain washable ink. To my knowledge the Uni-Ball Signo 207 is the only one with the proper gel on the market today and should be used to fill out all checks whether personal or business. These pens are available at any office supply store. Check washing is a process where a check is placed into chemicals and the handwritten ink is completely removed without touching the printing on the check itself. Therefore you should always write out any and all checks with the recommended pen. You may ask “Is check fraud really that big of a deal or that prevalent?” Check fraud grows by 25 percent each year, according to the American Bankers Association. The Federal Trade commission reports the cost of identity theft to banks and businesses at $56 billion a year. In the same article Mr. Frank Abagnale says that “Check fraud is the most dominant method of fraudulent payment, producing the greatest losses, is the least-prosecuted financial crime and everyone is at risk of becoming a victim.” Check washing used to be performed by using bleach many years ago but the check manufacturer made that impossible by using safety paper. However, now there are 21 additional household chemical that are used making this crime huge today.

Complex Writing One of the first things we check as document examiners when receiving a new case, is if the signatures/writings are complex enough to form an opinion. If someone over simplifies his signature by signing their name with a circle and a line it is so easily copied that FDE’s cannot opine about the

Forgeries


94

authenticity. To protect yourself from forgery you need to have clearly formed letters and changes in direction. It is even suggested that you have a different signature for checks than for formal documents and a different one still for credit cards. Jot down the date you started this new practice should you choose to follow my advice. This “date” will serve as proof of when you started that. Even though I believe in the importance of varying signatures, I do not religiously practice it. I simply throw it out there as an admittedly good idea. According to Ms. Katherine Koppenhaver a forensic document examiner from Maryland “handwriting is a learned skill. We learn through repetition until it becomes a habit. Every adult has unique handwriting habits. These are subconscious habits.” Document examiners look at more than 50 characteristics of the writing in our examination under magnification. Given enough samples we can often reach a definite opinion as to the authenticity of the signature. Some of the characteristics that are evaluated include line quality, pressure patterns, rhythm, slant, size and proportions, utilization of spatial alignment, initial and terminal strokes, writing speed, skill level, letter forms, types of connectors, method of construction and pattern formation.

Forging Your Name Someone has forged your name. What should you do? Hire a forensic document examiner to issue a notarized letter of opinion stating the documents in question are a forgery. Attach the letter to all outgoing communications to financial institutions and investigators. The document examiner will want 25 original genuine signatures to compare to the questioned signature or good clear copies of 25 writings to examine. It is not a perfect world and we can not always get 25. Cancelled checks (or the small copies the bank now supplies) are excellent sources as they have already been accepted by the bank as authentic and are always allowed in court. (Should that

Identity Theft


become necessary) Most cases never go to court and in the instance of ID theft, once you have established, through an expert that it is not your signature, the pursuing company will probably leave you alone.

Miscellaneous


96

Chapter 17

Miscellaneous I feel it is most important that I touch upon some other scams that you should know about that are going on right now. New scams are created weekly.

Chatroom Scams

“Russian cyber-crooks have developed a software robot that poses as a human in chatrooms. These bots can chat with up to 10 students simultaneously and easily persuade them to hand over phone numbers, photographs, birthday, address, and other personal information. Not a single girl has yet realized that she was communicating with a program. Information harvested by these bots can be used by fraudsters to carry out various forms of fraud. Unsuspecting victims may also be tricked into visiting a ‘personal site’ that could load malware onto their computers.” This information from Gina Hughes in her article “Five Scams you May Not Know About” I found remarkable. I will repeat again, never give sensitive information to anyone over the phone or email.

Identity Theft


ID Theft Targeting Senior Citizens

I know you are in college. Why am I telling you about this? I want you to tell your grandparents. The callers claim to work for the food stamp office and need social security numbers, birth dates, addresses and income information to determine if the person is eligible for the program. Food prices are going up and the elderly people tend to be on a fixed income and may be interested in seeing if they qualify. The thieves then empty the senior’s bank accounts. A different senior citizen scam involves a phone call from the thief stating they failed to show up for Jury Duty and it is a crime. The senior citizen of course denies ever being contacted. The thief within a minute or two has the senior citizen giving them their social security number so he can check the computer to see if maybe there was a mistake. This is especially devastating because the elderly usually have excellent credit and a good sized “next egg” they are planning to live the rest of their life on. Within a short period of time it is completely gone.

Miscellaneous


98

Identity Theft


Children’s ID’s Being Stolen

The theft of children’s identities is on the rise and according to Scott Minic with Trusted ID “This is particularly dangerous because in most cases parents won’t realize that their child’s identity has been stolen and used for many years after the theft.” According to Brigitte Yuille in her article “Child Identity Theft: A Victim’s Story” “Child identity theft is a crime that plagues tens of thousands of children each year. Five percent of identity theft complaints to the Federal Trade Commission have come from people younger than age 18.” Bridgette tells the child’s story of Gabriel Jimenez who had his identity stolen at age 12. His mother Jeri Marks received a letter from the IRS telling her that her son’s income taxes had already been filed. When she called they said there were amounts that had not been reported on the victim’s taxes. The IRS was told it was not possible since her son is a minor and she the mother does his taxes. The next year when she received the same letter she went to the IRS office and soon found out her son was a victim of identity theft. Gabriel Jimenez who is now 24 is still living a nightmare. He “spends almost 1 hour a day going over paperwork, researching laws and making phone calls, all in an attempt to clear his name.” He has not been able to purchase a car in 5 years and has been trying to purchase a home for the past 3 but has always been denied. This is due to the fact that there are still thousands of dollars in collections, credit accounts and addresses where he has never lived on his credit reports. Young people first learn their identities have been stolen when they apply for their driver’s permit, when applying for college education loans or when opening a checking account for the first time. This should concern the college student today because you could already be a victim of identity theft and not be aware of it yet. You should keep this story in mind and you

Miscellaneous


100

should tell all young couples you know. Parents need to look at credit reports of their children regularly. If you as a parent ever receive any type of notice from the IRS that the tax return for your child has already been file, your child received wages from an employer unknown to you, or you believe someone may have used your child’s Social Security number fraudulently, act on it immediately. Contact the IRS and the Social Security Administration so they correct the problem. When I first read about children’s identities being stolen I was thinking “what can they do with it.” The child has no credit or bank accounts and would need a co-signer to buy a house or a car. In my research I found another article written by Brigitte Yuille “How your child’s stolen identity can be used” in which she lists 4 groups of people who can benefit from stealing and using your child’s identity. Immigrants seeking to establish a legal identity. Someone with bad credit trying to establish new credit. Someone within the family. Criminals trying to establish new identities. This same article tells of detective Brian Money of the Economic Crimes Unit of the Riverside Police Department in Riverside, California, who’s department is familiar with the child identity theft problem. Two officers in the department have children whose identities were stolen. “The most significant one is a case where one of our officer’s 1 1/2-year-old child was a victim of fraudulent social security number use. The thief was using the child’s social security number to work and obtain credit,” says Money. The police had possible addresses and the thief was using his real name. They put together a sting operation in which he was “nabbed” and plead guilty for a felony and is believed to be deported.

Identity Theft


In another realm Utah’s Assistant Attorney General Richard Hamp was prosecuting more than 30 illegal immigrants on mortgage fraud. He also found a connection with the state’s public assistance database. “Hamp says when the staff chases down the culprits, 95 percent of the time it’s illegal immigrants.” As I stated earlier parents should get one credit report every four months from one of the three credit reporting agencies for each child. If done in this manner they would always be free of charge. A recent study by the credit bureau Experian found that 55% of identity thefts perpetrated against children were committed by someone the victim knew. Even a baby’s name can be used to open accounts by using the information the mother gives at the hospital, including her maiden name according to a Farmers Insurance article in “Market Watch. They also stated “Do not leave identity papers in your clothing that you hang up in your hospital room. Make sure you empty your pockets and put any identification information in a safe place.” Brigitte Yuille offers 7 steps to protect your child from identity theft in her article. Only disclose personal information if you know how it will be used. Shred any paper with your SSN. Require a photo ID and password for all transactions. Be wary of credit card offers in the mail. Check with the credit agencies to see if credit reports exist. Check for an earnings report from the Social Security Administration. File a complaint with the Federal Trade Commission. Monitor your child’s postal mail.

Miscellaneous


102

Limit the amount of personal information that is available about your child on the Internet Contact your local authorities if you feel your child has been victimized. It has been estimated that the identities of at least one child in every classroom in the country at every age level has already been stolen. It could be 10 to 15 years before anyone finds out when they apply for a loan to purchase a car or for college.

Medical Identity Theft

The Federal Trade Commission reported 3 percent of all identity theft victims in 2005 were victims of medical identity theft. They reported 250,000 victims for that year alone and the number is rising. Although seniors are most frequently targeted, if you go into a hospital people have access your information and you become a victim. In addition you could be a victim just like the 1100 students from the University of California, Irvine simply because they had the same medical provider. A worker for UnitedHealthCare stole all of their identities. Michael Tyrone Thomas, of Fort Worth, Texas used the information to fill out fraudulent tax returns using the stolen identities.

Medical identity theft can “max out” a person’s benefits, accrue enormous bills and when you need care you can be denied access to prescription and medical services. In an example by Kristen Gerencher in her article “Medical identity theft can be costly- a thief could have a different blood type or drug allergies than you do, and a doctor, nurse or hospital may not detect the mixed patient files before administering treatment based on the impostor’s medical history instead of your own. Or victims

Identity Theft


may find they hit their insurance caps or become uninsurable or unemployable based on medical problems they never had. A lost or stolen wallet with a health insurance card or other personal information can set the stage for fraud. Threats also come from within the health-care industry workers with access to patient files sell them to identity-theft rings.”

Linda Foley, founder of the Identity Theft Resource Center in San Diego, a nonprofit that assists victims and promotes best practices in preventing identity theft said “People commit medical identity theft for a variety of reasons. Some perpetrators need health care and can’t or won’t pay for it. Others use a stranger’s information so they can procure controlled substances such as prescription painkillers more easily. Some may want to conceal a chronic condition.”

Finally, please tell your grandparents not to carry their Medicare card with them when they are away from home as it states on the back of the card.

Swipeless/Contactless Credit Cards

If you have one of the newer credit cards that has the RFID (Radio-Frequency Identification) chip to enable quick swipeless payment you need to be careful. In an article on the web-site www.del.icio.us.com entitled “Can Contactless Cards Be Hacked stated “the only difference between a contactless credit card and a regular credit card is the way your card’s information is transmitted at the point of transaction. Instead of using the magnetic strip (magstripe), the contactless credit card uses a “tag”. The tag consists of a semiconductor chip or set of chips and an antenna that relays radio frequency signals into and out of the chip.

Miscellaneous


104

The problems behind this technology as utilized in credit cards lie in three distinct areas: 1. The information contained on the chip. 2. Whether that chip is secure or insecure. 3. The radio frequencies and data transfer standard used to activate that chip. The information contained on your contactless credit card may contain the same information that can be found within the magstripe in your traditional credit card. This information varies from issuer to issuer, but in essence your contactless card’s chip will include your name, address, card number, and card security code.” It may also include or be tapped into your birth date, social security number, and other pieces of information most people feel are highly sensitive and personal. I was told that someone in a mall for example can simply walk past you with a high tech device in their pocket and it will download all of the information from the credit card that is in your wallet, purse or pocket if it contains a RFID chip. The actual distance the criminal device has to be from you to pick up your information is a matter of debate but the claims range from several inches to many feet. However, researchers have found they can extend the distance. There are people going from mailbox to mailbox picking up all of the information on your brand new credit card that just arrived in your mailbox. This same article stated that “If metal is placed between a reader and a tag, the RF will be defected. This is why thin pieces of metal are placed in biometric passports, to protect your information when the passport is closed. This response to metal is also the reason behind a new market for metal sleeves which claim to protect your biometric passport and your contactless credit cards from theft.”

Identity Theft


“But while metal currently can create noise between the card and the reader it’s also possible to bypass this problem with the right frequency and data transfer standard. The ability to bypass metals to make “conversation” between the tag and a reader continues to evolve. So, eventually, this one problem won’t be resolved simply by wrapping your credit card in aluminum foil. With that said, it’s time to offer some tips on how to protect your contactless credit card information. When Texas Instruments, an industry leader in RFID technology and the largest integrated manufacturer of RFID tags, warns that the consequences of successful compromise in the use of the tags are “large to enormous,” it’s time to take things into your own hands. “ “Five Tips for RFID Card Security Take a pro-active role with your financial tools. Take a proactive stance to protect your information. Call your credit card company and ask them if your current card is a contactless card or a traditional one. If they’ve issued you a contactless card, you have one of two choices: 1) Ask for a traditional card, because you refuse to use the RFID technology, or; 2) Ask the company about the finer points to their system.” Ask the credit card company if the card is “static” or “dynamic” which enables encryption on data transmissions. If yours is “static” destroy the card immediately and do not use it. Ask the credit card company about its encryption methods. The encryption on contactless credit cards can contain from 32 to 128 bits for security. Ask about the credit card company’s fraud detection and any other prevention measures. Unfortunately, credit card information –even that contained in traditional credit cards—is open to theft.

Miscellaneous


106

Be careful where you shop. Ask the retailer, “Do you use the card’s ID code (or other measure) to finalize transactions?” If the answer is “yes” then you transactions may be safer at these stores than ones without that extra security measure.

Identity Theft


Ransomware According to Wikipedia “A Cryptovirus, cryptotrojan or cryptoworm is a type of malware that encrypts the data belonging to an individual on a computer, demanding a ransom for its restoration. The term ransomware is commonly used to describe such software, although the field known as cryptovirology predates the term “ransomware.” This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim’s computer. A ransom note is then left behind for the victim. The victim will be unable to open the encrypted files without the correct decryption key. Once the ransom is paid, the attacker may (or may not) send the decryption key, enabling decryption of the “kidnapped” files. An article “A New Wave of Malware: Ransomware” states “The FBI reported that most extortion schemes involve much higher ransoms based on only the threat of a cyber attack. This new brand of malware, dubbed “ransom-ware” is the first to actually “kidnap” important files.” It is suggested the user should refuse to pay because there is no guarantee you will receive the encryption key. I recently read an article entitled “Ransomware: How to Deal With Advanced Encryption Algorithms” by Mike Chapple who states “ There are several things IT security professionals can do to get their systems back to normal after a ransomware attack. Perhaps the easiest way to restore the system is to use a recent backup. But since restoring the system to what it was before the attack means that the flaw that left the

Miscellaneous


108

system vulnerable to the attack will also be restored, IT professionals should be sure to patch the system, lock down the firewall, and install current antivirus software before using the system again. In the event a recent backup does not exist, IT professionals should create a bit-by-bit replica of the infected computer’s hard drive.” For those of you who do not understand what was just written you are not alone. You should have back up files for everything you have on your computer in case this were to happen to you.

Web Trojans

Web Trojans are malicious programs that pop up over login screens to collect credentials. The user believes that he or she is entering information on a web site, while in fact the information is being entered locally and then transmitted to the attacker for misuse. “Trojan” can also be described as “a program that appears desirable but actually contains something harmful” (Princeton.edu). According to XSSing the Lan 3 (web Trojans… not a new idea) from “Network Security” “The same idea can be used by malicious users in order to gain trust relationship with the visiting users. For example, an attack can incorporate YouTube movie player inside a malicious container that will carry the rest of the attack while the user previews a trailer. Unnoticeably, the malicious flash container can perform a security audit of any network using JavaScript, ActionScript, Java, SML, XSLT and combination of these technologies. The longer the user interacts with the Trojan the more successfully the attack would be.” I personally have been “suckered in” here as well but fortunately the computers antivirus program found the problem and took care of it. Interestingly enough it was a program, of course for free, which would enhance your computers security.

Identity Theft


The company, Secure Computing, is studying a venomous new Trojan that contaminates a computer by seizing and converting MPS3 files. This information is from the article “Trojan Attacks Multimedia Files Stored on Hard Drives” by Higgins, Kelly Jackson. Christoph Alme, head of the company’s research team, says the malware enters a computer once a user tries to download a product’s copyright-protected serial key from a low-grade site such as Warez. After that, the virus stealthily converts all of the user’s MP2 and MP3 files into Windows Media Audio (WMA) files, and the virus infects another computer once the principal user shares a music file over a peer-to-peer network. Alme believes most infections do not originate from Warez, but from P2P sharing. Unfortunately, the virus does not rely on vulnerabilities to work, so all files that feature the Advanced Systems Format are at risk for infection. The Trojan is equally adept to seizing WMA and Windows Media Video files.

Man-in-the-Middle Attacks

A man-in-the-middle attack refers generally to an attack in which the attacker positions himself between two communicating parties and takes information to which he should not have access. Messages intended for the legitimate site are passed to the attacker instead, who saves valuable information, passes the messages to the legitimate site, and forwards the responses back to the user.

Miscellaneous


110

Skimming

Devices exist that steal credit card or debit card information off card-swipe machines. Such a tactic is known as skimming. Never allow anyone to remove your card from plain site when processing it. If they take your credit card below the counter to process it yell at them and don’t let them. Contact the manager. Overall you are at a higher risk with a debit card than a credit card because debit cards access funds directly from your bank account. With a credit card you have an opportunity to dispute a transaction before you pay the bill. Always look at every transaction on your monthly credit card statement.

Carder Forums

A carder is a man who produces illegal operations with credit cards owned by other persons with the purpose to use the withdrawn money. There are two kinds of carders: internet-carders who work only with information and real carders dealing with plastic clones of credit cards. This information is from an interview with a carder named “Script” by Dmitri Kramarenko. The carder forums are sites where personal and financial details and lists are bartered or sold over cyberspace. There are many illicit people doing this online. Iceman is probably the most well known and believed to be located in Iran. Larry Greenemeier and J. Nicholas Hoover in their article “Information Week exposes the Internet Underworld” tell how the information from the carder forums is paid for (wire transfer, PayPal, e-gold and how they avoid detection by anti-

Identity Theft


money laundering laws by what is know as “layering” (Splitting up large sums into smaller ones). In case you are interested, the article also tells us how much (roughly) this information is being sold for: The Black Market $980-$4,900 Trojan program to steal online account information $490 Credit card number with PIN $78-$294 Billing data, including account number, address, Social Security number, home address, and birth date $147 Driver’s license $147 Birth Certificate $98 Social Security Card $6-$24 Credit card number with security code and expiration date $6PayPal account logon and password

Miscellaneous


112

Vishing Identity Theft (Voice mail phishing

scams)

According to the writing of Kathryn V entitled “Vishing Identity Theft on The Rise,” taken from Broadband Reports.com VoIP phishing (also known as vishing or voice mail phishing) scams are on the rise. The scammer places a call to your VoIP phone (cell phone) with an automated recording warning that there’s a problem with your credit card and asking you to call back. When you do you’re asked to input your credit card information into the system which then gives the scammer everything that’s necessary to steal your identity. Identity theft now often takes place in a three-prong attack which includes email, text message and voice phishing. Never give out personal information to anyone.

Fake Credit Report Web Sites

The Federal Trade Commission (FTC), the nation’s consumer protection agency, urges you to take precautions when visiting sites or responding to e-mails that offer credit reports. If you get an e-mail offering a credit report, don’t reply or click on the link in the email.

Your Personal View of the ID Theft Situation

Most college students think it can’t happen to me; no one is interested in my identity because I do not have credit and there

Identity Theft


is only $12 in my account; the government, state government or local law enforcement should take care of it. I encourage you to view the ID Theft problem in this country as an out of control forest fire. Picture in your mind the entire country in massive flames. The forest fire has been raging this way for eight years and is getting worse each year. No one is able to put it out. Fake Job Seekers Web Sites Numerous people have lost their jobs do to the current economic situation. Criminals are preying upon the people trying to find employment. The job seeker goes to a promising web site that advertises great job placement, fills out an application with quite a bit of information and waits. One week later the job seeker is contacted stating they are one of the final three regarding a specific job and that company needs their social security number to do a background check. They have now become a victim of identity theft. Caller ID Spoofing I would be willing to bet you thought when a name and phone number shows up on your display it is authentic. For a small fee you can go online and get any phone number and name to show up on the display of anyone you call. e.g. A criminal wants the name and number of “CitiBank” to show up on the screen of anyone he calls. When the thief calls you who actually have an account at CitiBank you will be much more willing to give out information to the caller. The voice of the caller can even be changed from a male voice to a female voice or vice versa. Do not trust any caller ID information.

Miscellaneous


114

ATM Skimming There are a number of ways thieves steal your ATM card or the information within your card. One, a plastic piece is placed into the ATM machine and fits over the “lip” on the outside being virtually undetectable by the average person. There is a small slit cut into the device that prevents your card from coming back out of the machine. You try three or four times to remove it, get disgusted and say to your self I have to call the bank the first thing in the morning explaining the machine “ate” your card. As soon as you leave the area the thief walks over to the machine and proceeds to empty your account. Two a special device that again fits over the exterior lip of the machine for easy removal has a mini camera that reads all of the information from your ATM card when it is place into the machine. You will be able to remove your card after your transaction but the thief already has all of your information. Three a device that is placed into the ATM machine and is not detectable from the outside steals all of your banking information. If you have a problem with the ATM machine call the police and do not leave the machine. Scareware You are contacted with a message from your mobile device or email stating “terrorist activities why did it happen in your city” or a similar message. You immediately open the message to see what is happening and malware is downloaded into your computer. In another form of scareware you receive a pop up telling you your computer is loaded with viruses and Trojans. If you

Identity Theft


purchase the program being advertised (which is no good) your computer is immediately infected with malware. In 2008 their was a surge (827%) increase in URL infected or malware infected sites. Never download anything for free. Social Networks There is a large increase in identity theft from social networks. Just in March of 2009 Twitter had 750 people hacked. Limit your contacts to known trusted people. A quote from Robert Siciliano an identity theft expert states “The internet has become so unsafe that the average user can’t protect themselves”. Never give out personal information from phone, in person, internet or any other source for any reason unless you initiated it.

Miscellaneous


116

For a free 8 ½” x 11” printout “Identity Theft Prevention-30 days to a Safer Identity” go to www.bobbaierinfo.com. For a free 8 ½” x 11” printout if you are a victim “ID Theft Victims Worksheet” go to www.bobbaierinfo.com For a free 8 ½” x 11” printout entitled “FBI Fraud Alert” go to www.bobbaierinfo.com. You will see this posted in many banks. It tells of 10 scams involving checks, the lottery and many other scams. Smaller versions of these sheets are on the following pages. Do you think that all students at colleges and universities need this identity theft information? Whom are you going to tell first about the book? Do other people, perhaps your parents, need this information? What other adults need this information? After reading the entire book, you should ask yourself how much you have learned. Is it one important point, 10, 20, 50? Think about it. Even if you have learned only 10 important points, you are that much more protected against identity theft. However, even if you learned 50 new concepts or pieces of information from reading the book you must take action to protect yourself further. Begin with one thing today, another tomorrow and so on. Within one month doing one thing a day you will have instituted many protective measures.

Identity Theft



118

Identity Theft



120

About the Author Robert Baier Bob is a Certified Forensic Document Examiner. He testifies in court regarding forgeries. Bob works on cases all across the U.S. and other countries as well. Bob presently resides in New York. He has been invited to speak at national conferences in Washington, D.C., Florida, Maryland, and three times in Texas. Bob is one of only four guest speakers invited to present at an International Summit in Los Angeles, California in 2004. Also in 2004, he was featured in ESPN magazine for work he did regarding an Extreme Sport Athlete. He was on national television on the TV show Inside Edition. He has also been invited on the TV shows Larry King Live and Dr. Keith Ablow for which he had to decline. Bob holds three different degrees; Associate of Science degree from Dean College, Bachelor of Science degree from the University of Bridgeport, and a Master of Arts degree from Montclair State University. He can tell you about identity theft from many different angles.

Identity Theft


As a member of the International Association of Financial Crimes Investigators and the American Society of Industrial Securities he gets daily updates on ID theft and fraud not only in the United States but worldwide.

Bob trains law enforcement in the areas of identity theft, forgery, bogus checks, document examination, and statement analysis, the criminal mind and handwriting as well in many other areas.


122

Speaking Engagements Bob Baier is available to speak at your High School, College, Conference, Convention or Workplace. For more information call toll free 888 460-3827.

Email: [email protected]

Website: http://www.bobbaierinfo.com

Identity Theft


Identity Theft - Prevention for the College Student This book is only $14.97 Special Quantity Discounts 2-20 Books $12.00 each 21-99 Books $11.00 each 100-499 Books $ 9.00 each 500-999 Books $ 8.00 each 1,000+ Books $ 7.00 each

To place an order: go to www.bobbaierinfo.com Or call toll free 888 460-3827 You may also purchase an e-book and have it in only a few minutes. Go to the above web-site for details.


124

Write to Bob Baier Thank you for reading my book. I hope you have gained vital information, countless tips and hints as well as places to go to for help. Just as important I hope you have taken or will take action to protect yourself. I would love to hear from you. Please write or email me, explaining how this book has helped you. Send letters or emails to: Bob Baier 24 Regent Rd. Warwick, NY 10990

Email: [email protected] Website: http//www.bobbaierinfo.com

bob baier book

Documents

important information

d view of identity theft

information storage

vital information

robert baier copyright

bob baier

average college student

united states of america