PROTECT is here to help you in any and all seasons. Each issue of thisnewsletter explains the latest crimes and scams, and how to avoidthem. PROTECT is brought to you by the people who operate I.D.SHIELD 360, a leading service that helps shield you from the criminalsdetermined to steal your most important possession – your identity.

Inside This Issue . . .

SPRING CLEANING BLUES

BAD REVIEWS

FOR NETFLIX

TINY URLS HIDE

BIG PROBLEMS

BEWARE THE

HEARTBREAK HOTELS

WORK-AT-HOME DREAM

TURNS TO NIGHTMARE

EVEN THE PASTOR’S AT RISK

MARCH 2011

THIS MONTH IN PROTECTThe weather warms, the flowers bloom, love is in the air,pitchers and catchers take the field, and spring cleaning ison the agenda. Itʼs all good. Except for the fact scammershave their own “spring cleaning” ritual, which often includesoffering you fake or substandard products and services foryour home, garden, car and self. Itʼs easy to be lulled by thebalmy breezes, but experts warn that spring is a fertile momentfor you to become one of the millions of Americans whohave been the target of scams or the victim of identity theft.

There are several indicators that you may be the targetof a scam. One ʻred flagʼ is that these con artists maydrive vehicles with out-of-state license plates or setup temporary offices from which they can disappearquickly once authorities start looking for them. A secondis high pressure tactics. Companies which operateabove-board and want your business will not pressureyou into making an immediate decision, and give youthe time to check them out. The more they pressureyou to make an immediate decision whether to hirethem, the more likely they are scammers. A third com-mon scam tactic: a salesman or workman tries to distractyou by, for example, feigning illness or asking for a drinkof water, while he or an accomplice steal valuables.And, finally, be suspicious if one bid is substantiallylower than the rest; that is often a sign that substandardservices are about to be performed.

Spring is primetime for conartists to show up at yourdoor offering an array ofproducts and services, fromtree trimming, to roof anddriveway repair, to paintingand home modeling. Theexperts warn you to be onguard against unscrupulousfly-by-night operators. Whatmay seem like a great dealcould end up cleaning you out.

SPRINGCLEANING

SHORTENED URL’S HIDELONG TERM PROBLEMSTwitter users are noticing tweets posted totheir accounts containing only a shortenedURL using Google's URL shortener. Whenusers click on the link they are taken to apage, and asked to install and pay for afake antivirus called “Security Shield.”

URL shorteners can be a handy and legitimate wayto include links without using a long string of char-acters, and are used frequently on sites such asTwitter that limit messages to 140 characters. Inaddition to Google, sites like Tiny URL and Bit Lyare also popular. An estimated one million URLs areshortened each day, which makes these services arich new target for cyber criminals in 2011. Becausesocial media sites are already rife with such criminals,these links are being used for spam, scamming andother malicious purposes.

What you should do?Preview a shortened URL before clicking on it byhovering over it with your cursor. This option is oftenprovided, with a small window usually displayedshowing the full web address for the linked page. Ifnot, you might considering avoiding the link. In ad-dition, cybercriminals have not given up on theold-fashioned e-mail strategy, so if you receive ane-mail that contains only a link, even if it appears tobe from someone you know, itʼs best to delete it andfollow up with the sender. Chances are this e-mailaccount has been compromised.

Before shelling out any money orsigning any papers, here are somerecommended safeguards:

• Get the name and address ofthe company the vendor claimsto represent.

• Ensure all details and verbal promisesare included in a contract; make surethat you understand everything inthe document.

• Verify that the individual is licensed,bonded and insured.

• Donʼt always go for the lowest bid;if estimates for the same work varywidely, ask hard questions.

• If you have checked referencesand the companyʼs reputation andintend to use its services, makechecks payable to the company,not the salesperson or any otherindividual, and never pay with cash.

• Keep doors and windows lockedwhile work is going on, and do notallow strangers inside the home.

• Visit independent third party verifica-tion or certification organizationslike the Better Business Bureau ora number of reliable websites suchas Angieʼs List or Service Magic, tocheck out a companyʼs track record.

AN EXCELLENT PLACE TOFIND A RELIABILITY REPORT

http://www.computerworld.com/s/article/9177398/How_to_foil_Web_browser_tabnapping_

A BAD REVIEW FORNETFLIX

Netflix has cancelled itssecond $1 million Netflix Prizecontest — seeking a bettermovie-recommendation searchengine — after consumersfiled a lawsuit claiming thatthe first contest breachedcustomer privacy and that thesecond threatened to do worse.

By way of background, the first Netflix competitionchallenged consumers to come up with an improvedalgorithm for recommending movies to customers.Such recommendations are a key part of Netflixʼscustomer retention strategy. To get the contest going,Netflix gave the public access to a portion of thecompanyʼs database; nearly 50,000 contestantshad access to two massive datasets, including 100

million movie ratings, along with date of the rating,a unique ID number for each of half-a-million sub-scribers, and the movie titles. A team led by AT&Tresearchers won the first contest by improvingthe algorithm by roughly 10 percent.

In planning for the second contest, the companyannounced that it would release even more cus-tomer information to researchers in hopes of makingan even better system. Data privacy advocatesand lawyers jumped into the fray, arguing that theinformation in the database was too easy to decodeand that individualʼs privacy would be sacrificed.Those fears were highlighted when an in-the-closet lesbian mother sued Netflix for invasion ofprivacy arising from the first contest, alleging themovie-rental company effectively “outed” herwhen it disclosed information about customers tocontestants in the first contest.

The suit, in federal district court, claimed that Netflixviolated fair-trade laws and a federal privacy lawdesigned to protect video rentals. The basic argu-ment was that Netflix knew or should have knownthat people would be able to identify users basedon their personal data; lawyers also noted that justbefore Netflix announced the contest, AOL wasinvolved in a high-profile incident in which the re-lease of its apparently anonymous search-enginelog data was used to track down real people. As afinal nail in the coffin, the FTC jumped in as well.

Under pressure, a Netflix official wrote in thecompany blog: “We have reached an understand-ing with the FTC and have settled the lawsuit withplaintiffs,” wrote Neil Hunt, the companyʼs chiefproduct officer. “The resolution to both matters in-volves certain parameters for how we use Netflixdata in any future research programs. In light ofall this, we have decided to not pursue the NetflixPrize sequel…”

SELLING OUT HER SONA Texas woman has admitted to selling her sonʼsbirth certificate and Social Security card to a Kansaswoman. Maria de Jesus Soto, a 54-year-old BrownsvilleTX woman sold the documents for a total of $750. Itwas the fifth time she had sold various identity doc-uments; police say that most such documents ultimatelyend up in the hands of illegal aliens from Mexico.After she was caught, Soto turned statesʼ evidenceand aided in breaking up a fake document ring.

ID THEFT IS ADDICTIVEFifteen defendants have been indicted for their roles ina $1 million conspiracy to distribute methamphetamine.The indictment also alleges that the conspiracy wasfunded by a major identity theft conspiracy. Four ofthe conspirators used stolen personal and financialinformation to create false identification documents —primarily counterfeit Missouri driverʼs licenses andidentification cards — and counterfeit checks for them-selves and others. They then used the cards to cashthe fake checks, which they used to make retail pur-chases. They would then return or otherwise disposeof the purchased property in exchange for cash ordrugs. According to the indictment, one of the leaderswas in possession of laptop computers, hundreds ofblank checks from another personʼs account, a com-puter software program, a CD entitled “How to GetNew ID,” and stolen Social Security cards.

NEW LOOK. NEW DAY. NEW CARD.AJ.C. Penney clerk in the Syracuse NY store has beenarrested for opening credit card accounts in the namesof people in the Midwest. It turns out Shantique L.Settles had been opening J. C. Penney credit card ac-counts, and then purchasing gift cards from Penney

TRUE STORIES

WIRELESS CRUISING

The Santa Barbara County, CAsheriffʼs office has apprehended a26-year-old former UC SantaBarbara exchange student fromNigeria on multiple charges of identitytheft. As detailed by a sheriffʼsspokesman, Imoukhuede OhiwereiEhimika was taken into custody.It turns out that Ehimika had beencruising local neighborhoods andpicking up unsecured wireless con-nections. He then used his computerskills to obtain sensitive personalinformation and transfer more than$150,000 to his own account.Sheriffs only became suspiciousafter several complaints came froma geographically clustered groupof victims just north of the SantaBarbara city limits.

stores in many cities. When a customer com-plained in Iowa, a retail storeʼs security identifiedthe clerk who opened the account as Settles, ac-cording to police records. The store then foundthat Settles had opened accounts for severalother people from Illinois to Kansas, and had ap-plications denied on accounts ranging from NewYork to Colorado.

NO ʻIʼ IN TEAMTwo former University of Washington footballstars – the team won the Rose Bowl in 1978 –were involved in an identity theft confrontation.Greg Grimes tells Seattle police that he andRobert Lance Theoudele disliked each other whenthey played football together at the University.Now, decades later, Theoudele is charged withidentity theft of telling police his name was Grimeswhen he was arrested on multiple occasions. Infact, Theoudele has been arrested more than 40times and has used numerous alias names,dates of birth, and Social Security numbers; hehas claimed to be Grimes several times, firststarting in 1985. Grimes managed to clear hisname only by taking a fingerprint test.

STATEWIDE SCAMA man has been arrestedfor leading a group that hasengaged in identify theft by creat-ing fraudulent credit cards through-out Florida. Juan Tato Echemendia ofMiami has been accused of numerousidentity crimes throughout the Tampa Bayarea. Arrested on 73 criminal counts, he had 109fraudulent credit cards at the time of his arrest.He is accused of forging the cards and card-making equipment was found in his apartment.At least four other men are accused of being in-volved in the crimes.

JURY DUTYIndividuals in at least three states reported lastmonth that they were scammed by callers claim-ing to be from the Courts Administration. Thecallers claimed that they had failed to report tojury duty and demanded needing information –Social Security numbers, birth date, bankinginformation and the like – to confirm. Officialsfrom Pennsylvania to Alabama have stated thatthey do not handle these matters by phone orask for confidential information over the phone,and that such calls should be reported.

EVEN THE PASTOR

Victims of an ambitious identity theft scheme included localbusinessmen and women, elected officials, local police, andeven the pastor of Bennettsville NC. A 21 year old man,Vontrell Canty, is accused of nearly 40 counts of identity theft.Financial documents, electronics and packing slips werefound at Cantyʼs home. Apparently, Canty opened accountsin the names of numerous community members, purchaseditems under their names, and shipped the items to a differentaddress. The case remains under investigation, and morearrests or suspects may be announced.

HEARTBREAK HOTELSHotels are an increasingly popular target of identitythieves. A new study by Trustwave, a security companythat specializes in protecting hotel systems, found thathotels have surpassed restaurants for the top spotwhere your credit card data is most likely to be stolen.

Just as robbers target banks because that’s where the money is,hackers target hotels because that’s where the data is. Bookingand reservation centers generally have thousands of credit cardnumbers on file and one successful break-in can net the hackerbig numbers and big money.

In addition, hotels are popular targets because credit card infor-mation is not only used to check-in, but throughout the hotel inplaces like the golf course, the restaurants, the spa, the gift shop,the pool bar, and are all processed through one central computersystem. These central systems, says Trustwave, are designed inthe same way across hotels, so once the hackers figure it outthey can take a “cookie cutter” approach to breaking into hotels.In addition, hotels tend to give many employees access to thecomputer systems, making the installation of malware easy andskimming credit cards even easier.

Finally, there is the low-tech angle. Hotels are huge public meetingspaces where people mix, and personal information and propertyare vulnerable to thieves lurking in the background.

How can guests protect themselves?

• Get a copy of your room bill, and hold on to it for 30 days tomake sure you don’t get charged for anything extra.• Check your credit card statements carefully to ensure nofraudulent charges were placed, and make sure to frequentlycheck them online.• Do not leave receipts, airline tickets, printouts, and other doc-uments in wastebaskets in public spaces.• Do not leave personal effects lying around when you take a breakfrom meetings. In your room, place key documents in the safe.• Try to avoid using business centers for internet access unlessyou can be assured that cached data is purged.• Urban legend has it that identities can be stolen off hotel keycards; this, thankfully, is not true. Most hotels only encode theguest name and room number on the magnetic strip.