Click here to read the full blog
Ever wonder what could possibly happen if you click on a link within an email you receive from an unknown and untrusted source? The U.S. Chamber of Commerce found out the hard way, many years after the fact. Read details about the spearphishing attack here. It seems that an employee of this government branch was the victim of a "spearphishing" email back in 2009. "Spearphishing" is when an email is sent to a specific individual, rather than a general "phishing" email which casts a wide net to any user. The desired result of opening the email is that the user can be duped into clicking links or downloading spyware which is then used to gather personal information, such as passwords or bank account numbers. This employee either clicked a link within the email, or opened a document which did contain spyware and gave the hackers access to the servers. Over the course of the next year, Chinese hackers were able to collect passwords which granted administrative rights. This then allowed the hackers to place additional software code, known as a "backdoor", onto the U.S. Chamber of Commerce's servers. This code would then allow the hackers to steal data. The lesson here? If it's this easy to dupe a government employee into opening a document or clicking a link within an email, you, as a private citizen can be just as easily deceived into putting your own organization or your own personal information at risk. Anti-virus protection remains a must, even more so now than ever before. These types of attacks are becoming increasingly popular. ID thieves will stop at nothing to get any type of information they can use to commit fraud at any level. The next time you receive an email from an untrusted source that wants you to click a link or open a document, "just say no." You have plenty of other junk mail to read.
Talk about getting caught with your pants down! A recent article in the Sacremento Bee highlights the humbling arrest of a Bay Area woman who stole the identities of several employees from one company that she obtained while working as a benefits clerk for Service Employees International Union-United Healthcare Workers office. She went on several spending sprees and was even arrested once, but managed to get out on bail, only to rack up thousands more in stolen property. She even racked up $300,000 in one person's name. What eventually led to the arrest of this individual was the $12,000 payment for a liposuction appointment using a credit card she opened in the name of one of these employees. Authorities were able to catch up with the identity thief while she was in a surgical gown waiting to have the liposuction. That walk to the police car must have been a bit drafty! Probably not the best outfit for a mugshot either. Nevertheless, she was sentenced to 12 years and 4 months in prison. Meanwhile, other victims are just now beginning to feel the results of this individual's actions and coming forth. I hope that restitution is forthcoming for the remainder of her victims. It seems to me that some justice must be served for those victims who have yet to be identified or notified that something is wrong with their credit or unexplained bills, etc.
Identity theft is quite often an inside job. That is to say, that when a data breach or identity theft event occurs, it is often not the result of a hacker breaking into a secure data system and stealing sensitive information. Rather, the threat comes from employees (disgruntled or otherwise) within the company who have access to sensitive information and have a motive to steal that information to use for their own nefarious purposes. This type of threat is not merely limited to large corporations and does not always involve data. Inside jobs can happen at the smallest of companies and often involve the theft of money, products or company belongings. Even our public schools are not immune to inside jobs. An article in The Daily Stamford I read today illustrates just this point. A teacher's aide apparently took the same "we need to learn to share" idea our parents try and impress upon us while we are young, just a little too far. She helped herself to the purse of the teacher to whom she was providing aide and managed to take the cash and a credit card when the teacher was not looking. Share and share alike! She then decided to pay a cellphone bill and then do some online shopping. Luckily, the observant teacher noted the disappearance of her items and alerted the authorities, also noting that only herself and the aide would have had access to her purse at the school where the items seemed to have disappeared. It didn't take authorities long to trace the online purchases to the aide, the prime suspect, who was then promptly arrested, though not before she racked up $700 in online purchases at Victoria's Secret. So does this story illustrate that we should not trust our co-workers? Hardly. It merely points out that there will always be some bad apples out there, so keep your eyes open. Although you'd like to trust those you work closely with, you should still exercise caution and develop some habits of your own to secure your belongings and Personally Identifiable Information (PII) while at work. Here are just a few simple and helpful suggestions. Had this teacher applied just some of these, this inside job could have been avoided. When it comes to your purse or wallet, leave these items either locked up or in your pocket when possible and out of the site or reach of those with prying eyes, and hands. If you have a lockable drawer in your desk, use that to secure your belongings and keep it locked at all times. If you have an office and need to leave for whatever reason, lock the door when you leave for any length of time. Lock your computer with a secure password when you step away from it for any period of time. Your email and other digital files may provide that sensitive information someone can use to open up new credit accounts and steal your identity, leaving you with damaged credit and hefty bills to pay. An ounce of prevention is worth a pound of cure.
Remember Bonnie and Clyde? They weren’t family exactly but they were a couple, young and unmarried, with a scandalous reputation on many levels. Bonnie and Clyde were famous outlaws notorious for bank robberies and also killing nine policemen and several civilians. They were both killed in Lousiana by law officers at the ages of 23 and 25. Arthur Penn’s 1967 film made their reputation firm within the American pop folklore.So that was the 1930’s. Today we still have the bank robbers but within our society we have other kinds of thieves. As our society has grown and progressed so have the different ways to steal. Yes there may be a slight risk that we could be held up at gunpoint at a bank, but do you know what our real risk is as an ordinary citizen? Having our identity stolen. I remember when I first heard that term, I imagined someone dressed up and masquerading as me -- perhaps donning a wig and driving my make of car. But it’s not even as sophisticated as that. Let’s look at a current story -- not even a famous one, but more an ordinary story that can happen everyday and to anyone whether you’re in your home, bank or local grocery story. So Bonnie and Clyde were kind of like family. What about mother and son? In Long Island back in March, a mother and son stole more than 60 identities. Their scheme was pretty simple: The mother, Tonia Cheeseman, worked at a doctor’s office where she would gain patient information from files and then Tonia and her son, Michael, would get credit cards in their victims’ names. They’ve been accused of stealing the identities of at least 63 people but these victims stretch far beyond the borders of Long Island, even as far as Florida. They’re both being held on bail for about $140,000 each. The most disturbing fact of our modern-day robbers is that they look like ordinary people -- no different to your neighbor next door. The Cheeseman’s neighbors even assumed they were nice innocent people.What can we do? How can we know if we’re being duped? As sad as it is, a lot of thieves are well known to their victims. These kinds of thieves know our daily routine, they may have access to our financial information, and they even know such passwords as our mother’s maiden name. There are certain personality types you must be extra vigilant around:Addicts who are sometimes desperate for money to get their next fix whether it be drugs, gambling or a number of other vices.High living spenders whose job doesn’t match their lifestyle. They tend to rationalize and have little impulse control. They have to have the materials that go with the lifestyle, and they want it now.Intrusive friends who are always asking questions that are none of their business -- especially financial questions. Beware if they claim they need your SSN to add you as a beneficiary to a policy etc.A tarnished past of already stealing identities could be a vibrant red flag.Watch your back with strangers who have access to your home and personal information. This could be when you have a party or your housekeeper’s son comes for a visit.There are some signs to identify an identity thief, but as thieves have found different ways to rob us, we’ve found different ways to protect ourselves. We must be aware of the people in our life who have special access and then we must still be vigilant and even educate our children. Don’t ever give anyone else your credit card or PIN, always password protect your computer, and definitely lock up all important financial paperwork. If we do get duped -- and even if we don’t -- one way to protect ourselves is by subscribing to some kind of identity theft protection service. We may get tricked or fooled even when we know the signs and we’ve been extra cautious, but even after that we can protect ourselves by monitoring so we can catch these criminals before they cause years of damage to our lives and credit. Education and then putting into motion active protective measures is our way of catching the modern-day thieves.
Trust is fragile and powerful. Trust allows insecurity in life to be tolerable, changing our perspectives to view challenges as opportunities as opposed to threats. Time builds trust but yet trust can be shattered almost instantaneously. Human nature is a dichotomy of sorts, tugging us emotionally and rationally at the same time. Logically, we analyze and scrutinize the pros and cons and then decide whether someone deserves our trust. Emotionally, we feel it in our gut when we trust someone which seems to be the most common method and also the very reason why trust is so delicate.In an organizational setting, trust is the driving strength. We only tend to acknowledge such a force when this cornerstone is missing. In a trustworthy organization, there is productivity, calmness, loyalty, teamwork, delegation, empowerment, and reciprocity. Compare it to a child. There’s a point in parenthood when we give our children our trust. If it’s used wisely, they grow and more responsibility is entrusted. If not, trust is removed and the quality of relationships may deteriorate. Walking through life, we observe. People can make promises emphatically but until their behavior matches their words, trust can be breached. We learn to listen half-heartedly, watching actions while ignoring images that are portrayed and expressions. We know the ones who keep their promises; those are the people we trust.There are some professions who have gained a collective trust such as doctors or policemen. What about lawyers and politicians? Some professions have a steeper hill to climb to gain the public’s trust. Listen to me appeals aren’t enough. Trust needs to be rebuilt by professions through actions. Trust in politics, public service jobs, and business management is one of the most important issues today.Public office is a public trust. Those who manage the government and run the various departments must be candid, accountable and loyal. It’s only then when they are worthy of the public’s trust. Public servants are entrusted to provide services that are efficient, dependable and free from dishonesty and misconduct. What are some of the locales that provide such services?Those providers that are given a monopoly by the government: Bus and railway companies.Public regulatory organizations within the financial and real estate sectors.Organizations that spend and disburse public funds: Universities, hospitals.Mass media Organizations: Television and broadcasting.And any other organization that performs public service functions: Land development, charities etc.Public service and administration needs to be recognized, stemming from the desire to care for others. We can be idealistic about our public servants but still we mustn’t be naïve. When trust is breached, no one wins. We can exercise our trust in those public servants, but yet we can still use preventative measures to protect ourselves. This isn't pessimism but more hope with a safety net.Take the example of a retired clerk at the Department of Taxation. His breach of privacy earned him time in jail. He stole the identities of taxpayers, deceased family members and children where he wracked up credit card charges of over $200,000 and which ultimately gave him six months in jail and a bill of $220,000. Ultimately, he gained 90 credit cards from 20 banks using the fake ID’s he obtained using the stolen identities (Read the full story here).We can hope that those organizations or employees that require our social security numbers are trustworthy -- after all in public services we have no choice -- but our safety net here,where we are in control, would be identity theft protection. The government’s safety net could be employee screening, teaching and promoting ethical behavior, and other similar methods. The moral of the story? Let’s be as cautious and trusting as we can be and must be, but let’s trust using wisdom. Life is not foolproof so there will always be outliers among the norm.
Hacking information from computers is a broad way of gaining information illegally. Some of us may not be familiar with the term hacker. A hacker is a computer expert who’s main goal is to find ways to break into other computer systems and gain information. They can then steal information and cause problems for the system. In today’s high tech world, these hackers are becoming more of a dangerous nuisance.Recently the Wall Street Journal came out with a new article discussing the detection of a new hacking attack. A computer-security company discovered a breach of information in 2,411 companies and government agencies where large amounts of personal and corporate information were stolen, ranging from credit card transactions to databases and email account access. Apparently it had been a coordinated global hacking attack that had taken place over the past 18 months in both Europe and China. It’s still unclear how far the damage spreads. Sometimes these criminal groups have even stolen information of employees’ criminal involvement and used it for extortion. So how was this done? Spyware was used to control computers remotely. These attacks are not blocked by the standard antivirus software. Obviously, there are some weaknesses in the security of cyberspace (Read the full article here).What lesson do we need to learn from this? Almost everyone uses a computer whether it’s to write emails or purchase products or store information. We need to understand how our machine or network can be attacked and then educate ourselves on how to best protect ourselves from these hackers. Here’s a little more information on how hackers can control computers remotely. There are scanner programs that ping IP addresses of networked systems to see if the system is running. Firewall software can show these repeated pings when reviewing the log. Weaknesses can be revealed through some of these scanning programs and hackers can spy on the information passing between the machines. These hackers can then use the internet to share lists of exposed IP addresses where there are security breaches. Sometimes the owner has no idea that this is occurring.How can we protect ourselves?Firewall. When hackers are probing to see which systems are up, a firewall will mask this so it appears as if your system is not up.Antivirus Software, including anti Trojan software. A Trojan virus installs other software on your computer system. Run it every week so that you can detect any new viruses.Anti-Spyware Software. Spyware installs on your computer without your knowledge. These software programs can track your activity and even cause pop-ups on your computer. Sometimes several anti-spyware software programs will have to be used to rid the variety of spyware programs out there.Caution with Emails and use Passwords. Nowadays I routinely get emails from strangers claiming they’ve inherited a fortune and they really need my help in spending it. Don’t ever give personal information away to strangers in emails and never open email attachments with executable files unless you can trust the sender. There are always new upcoming scams when it comes to emails. But follow these two rules to protect yourself.Routinely backup Important Material. This will protect you if you ever were to lose sensitive files, documents or photos.Use Identity Theft Protection Services. This enables us to monitor our personal information -- credit scores, new accounts opened -- so in the worse-case scenario, if our information has been compromised, we will know immediately.With the advance in technology, there are so many incredible benefits. You can send photos or letters thousands of miles away with the touch of a button. Information about any subject is at our fingertips, no longer requiring you to sift through countless books at the library or pulling the dusty encyclopedias from the shelves. As with any promising progression, there’s always the darker side. And in this computer-savvy modern society, they can come in the form of criminal hackers. Just use caution and the good guys will continue to find ways to protect us from the bad guys.
Identity thieves are becoming craftier. No longer do they merely steal from the living, but now they’re targeting even the dead. There’s a familiar saying don’t kick ‘em when they’re down. That’s exactly what these thieves are doing to the family of the deceased.We’ve all dealt with death and depending on our connection to the deceased, the emotional stress varies. The emotional stress is what these thieves exploit when they take advantage of the delay when family members don’t immediately do the necessary paperwork. There are also bureaucratic delays and this lag is exactly what the thief needs to accomplish his goal. And on a side note, if financial institutions aren’t notified of the death then the accounts of the dead can stay active for up to 10 years.So what do these thieves then do? They may search the obituaries in the newspapers or steal death certificates or they may even seek out the numerous websites that enable them to check the social security death index. Whatever the case, they could end up with a real social security number and a name that goes with it. Both the obituaries and the social security index will have information on the deceased. At this point they may either sell the information to other crooks or keep the information to apply for loans, access more credit and therefore make more money. There are some guidelines that we can follow as family members of the deceased to protect both ourselves and our loved one’s name.When writing an obituary, don’t share unneeded information such as the date of birth or the address of the deceased.Obtain at least 10 copies of the official birth certificate. This will provide the needed proof to the financial institutions, such as credit bureaus and banks and any other establishments, even the motor vehicle department.Now with the official birth certificate, you can begin to personally notify stock brokers, banks, loan holders, mortgage companies, financial institutions, credit card companies and any other establishment where the deceased had an account. When notifying, include name and SSN of the deceased, last 5 years of addresses, including the last known, and the dates of birth and death. Any outstanding balances will have to be transferred and then close all accounts with a note that the account holder is deceased. This is added protection so that no new accounts will be opened in the deceased’s name. Keep copies of any communication with these businesses. The death should be reported to all three credit bureaus as soon as possible. Put a deceased alert on the credit file. Request a credit report with any active joint accounts. These may potentially have to be closed. After about 2 months, request a copy of the credit report of the deceased person from all three credit bureaus. This will ensure that the death was reported on the credit file and no other transactions have occurred since then.Contact the social security management and inform them about the death. Do this as soon as possible.Contact the motor vehicles department, requesting the cancellation of the driver’s license.Shred any important documents which hold the deceased person’s name such as utility bills, credit card bills, bank statements and any other similar papers.Sadly though, these thieves aren’t only strangers but may be other family members. Take the recent case of a Utah County man, David Frank Pflegl. In 1987, David Frank Pfegl II was killed in a car crash in Canada at the age of 19. His father, the elder David Frank Pflegl, then used his son’s name to gain jobs, multiple licenses and even purchase a home. After a Utah investigation, Pflegl was arrested and booked in the Utah County Jail on suspicion of identity theft, communication fraud and forgery (Read the full story here).When we’re grieving, the last thing we want to do is take care of such seemingly meaningless items of business. As hard as it may be, following these steps may prevent further pain caused by such shameless identity thieves.
You'd think as a victim of identity theft, you'd have people bending over backwards to help you in your crisis. Just the opposite it seems, at least when it comes to creditors. The thieves can be idiots, even misspelling your name when signing as you, but you however have to be faultless, proving your innocence via your perfection. Because if not, those creditors will continue to harass, assuming you’re a lazy deadbeat and unwilling to pay your bills. Obviously the best scenario is to prevent such a situation: Take all the steps to protect your identity such as not carrying your social security card in your wallet, having a lock on your mailbox, using caution when using credit cards (ie. Stay with the card when paying at a restaurant), travel with limited credit cards -- even prepaid cards -- and be guarded when giving out personal information. Another crucial precaution is to routinely check your credit score and even better; be enrolled in an identity theft protection program. In this way, you'll be alerted when suspicious purchases are made on your credit card and if your credit score changes drastically and even if you've opened up new accounts. Being enrolled in such a program is the best prevention and also provides current information on identity theft resources. We need to be continually updated on the new scams as identity thieves are getting sneakier and more creative. There's even a recent trend of stealing children's identity, demonstrating that these crooks will stoop to any level.Just before Christmas, a story came out in Spartanburg, South Carolina where a mother learned that someone was using the social security number of her deceased son. Imagine a Christmas present that consisted of the IRS sending you a letter informing you that someone had filed a tax return under your dead child's name. Ricki Escalante's son died at ten months from SIDS. Now it's up to Ricki to send as much information about her son to the IRS(Read the full story).Social security numbers of children are valuable resources for thieves. Why? It is assumed parents don't check the credit reports of their children. Once again the best defense is to have your children's credit reports monitored and even place a freeze on their credit files. So with any newfound scam, monitoring is always the best way to secure your name and credit.
Identity theft is a societal problem and can occur in many places and by many means, including in the workplace. At work, it can happen by stealing vital information from employer's records. These records can be payroll and employment information and even customer lists. And those employees that can obtain these records can sometimes be at the very bottom of the totem pole.Whether we're an individual working for a company or we are the company owner, we need to be aware of this growing trend and what we can do about it.On a large scale, if a big company is affected, it can result in negative publicity which would in turn affect sales, hiring and retention.What can we, as an individual, do about this growing trend? We probably already know the obvious: shed documents with personal information, don't carry our social security card in our wallets, have locked mailboxes, and even monitor our credit reports. But the problem -- which seems to be beyond our control -- lies in crooks who obtain this information from businesses that have collected personal information for legitimate reasons and then they sell this information to more crooks that use it and steal our identity. And then with this new identity, thieves can open new credit card accounts, apply for loans, write bad checks, rent apartments and the list goes on. Individuals who have been educated on identity theft or who have had this occur in their life will scrutinize those companies that have their personal information. Because of the bad seeds, companies need to raise the bar both for their employees and clients.So if we're looking at identity fraud from a business owner perspective, what can we do about it? Informed employees and clients know that their personal information is only as safe as the association protecting it. A solution would be to offer identity theft protection as a benefit, much like health insurance. This offer would be unique to the company, whether the company pays for part of it, all of it, or merely provides the information of how to obtain this protection. The key is in the offering so employees/clients are aware of their choices and can then make an educated decision whether to accept or decline. Too much cost, we may think. But actually, it can lower our costs whether the employee has coverage or not. With coverage, there will be less time spent in restoring their identity. Without coverage, our liability has changed. We've done all in our power to protect our employees by informing and offering. Well almost . . . There are still numerous ways where we must be proactive in protecting our employees and clients.Perform background checks on employees who have access to personal information on other employees/clients, even temporary workers. And limit this access where we can.Use employee identification numbers that are different to social security numbers to recognize employees on paychecks etc.Shred confidential documents and have specific guidelines for all employees to adhere to.Use passwords and encrypted codes when confidential files are stored on the computer.Be vigilant in educating staff on identity theft.The Bank of New York and its employees are a perfect example of a workplace where large scale identity fraud has occurred. Adeniyi Adeyemi, a computer technician employed by a contractor who worked for the Bank of New York, has been charged with allegedly stealing the identities of over 150 employees and then with these identities, stealing over a million dollars from non-profit groups and charities and the employees themselves. Adeyemi now faces up to 25 years in prison. He obtained his information from the Technology department, opening additional bank accounts with this information to receive the stolen money. This all occurred over a seven and a half year period. The Bank of New York spokesman says that they are fully cooperating, but I wonder what the long-term ramifications of this will be (Read the Wall Street Journal article here).It's always best to be insightful. But having insight is useless unless we take action by protecting ourselves, our employees and our company with our eyes wide open.
The enforcement of the Red Flags rule under the Fair and Accurate Credit Transactions Act (FACTA) has been delayed again for the fourth time. The next implementation date is June 1, 2010. The enforcement was due to take place yesterday November 1st, 2009.It is clear that many businesses are having difficulty getting ready for Red Flags as evidenced by the fourth delay. Many businesses falsely assume that if they are not a bank nor a credit card company, they are not subject to FACTA or Red Flags. Such is not the case. FACTA and Red Flags apply to most businesses.The delay is good for businesses as many need additional time to get systems and procedures in order, but not good for consumers (whose identities may still be exposed for fraud for another 6 months).
Back to top