Archive for May, 2013


Identity thieves may be living large—watching HBO, running the AC nonstop and taking long showers—all on your dime. Learn about utility fraud and how to protect yourself in this Q&A with Brett Montgomery, a fraud operations manager at IDentity Theft 911′s Resolution Center.


Of all the places where people want to feel secure and protected, hospitals must certainly rank at the top. But even those who aren’t afraid of being poked and prodded have something to worry about: hospitals are a growing scene for identity theft and fraud.

The fraud that’s happening in hospitals isn’t simple, either. In some cases, hospital workers have collected and sold patients’ personal information, while in other cases, people have used stolen identities to obtain medical care and benefits. In either case, patients and their families and friends who might be providing extra help need to be vigilant.

• Guard Social Security and numbers. These are the keys that criminals need for and fraud. Only give out the numbers when absolutely necessary – and feel free to ask why someone is requesting the number or ask to speak to a supervisor or manager.

• Watch out for scammers. As ever, thieves will try to prey on trusting victims with schemes that look and sound either authentic or too good to be true. Scammers often approach victims in parking lots, or contact them by phone, purporting to be conducting a medical survey. If they ask for a Medicare (or Social Security) number, either walk away or hang up. Some scammers offer free medical equipment to those who provide them with a Medicare number, but it’s not necessary to provide that information to get free equipment or products.

• Review bills, explanations of benefits and other related documents carefully. Examine all mailings related to hospital care with an eye for detail. Ensure that the dates, services and equipment all make sense in the context of the care you received. If anything looks inaccurate, contact your insurer, Medicare or the hospital immediately to clarify – it could be due to a simple error, but it’s worth checking.

No one looks forward to being in the hospital, but the experience can be much worse if a visit leads to identity theft. Taking an aggressive approach to identity monitoring is the best protection against this growing identity theft trend.

Society’s come a long way since the days of picking up hitchhikers without a second thought and leaving doors unlocked. For better or worse, today’s world requires a lot more vigilance and privacy. Just as no one would reasonably offer a stranger a 250-mile lift to the next state, no one should offer strangers the opportunity to rifle through their online lives. Yet many people do just that – not consciously, but because of weak wireless security.

Why should users protect their wireless connections? There are a multitude of reasons, but chief among those is the fact that a wireless network with weak security can leave highly sensitive information exposed to criminals and . With the right know-how and an unencrypted connection, a hacker can “see” into other users’ computer and intercept messages and attachments.

Users should also keep in mind that unsecured connections allow other users to download items – including potentially illegal material – using another person’s IP address, potentially making innocent users look guilty.

To protect themselves, users should know what kind of encryption is in place on the network they’re using. The safest choice is WPA2, which is more secure than its predecessors, . Today, all wireless routers require WPA2 encryption, but in some older devices, WPA2 might not be supported.

Tech experts also agree that one of the keys to a safe wireless connection is a strong “key” or password. Assume that thieves are just as clever as the average user – only more experienced at cracking common passwords – and design wireless keys accordingly. Combinations of letters, numbers and symbols that aren’t easily guessable are the best solution, and it doesn’t hurt to change the password every few months for added protection.

Companies concerned about the internal havoc that could be caused by a data breach now have something else to think about: an FTC that is taking a decidedly no-nonsense approach to consumer protection. In a case involving the hotel giant Wyndham Worldwide Corp., the FTC has sharpened its responses, firing back against claims that it is blaming the victim.

The case revolves around hacking attacks on Wyndham’s computer systems in 2008 and 2010. The in 2012, alleging poor cybersecurity measures left consumers’ credit card data vulnerable in those attacks. The company issued a challenge in May, stating that the government was punishing it, the victim of the hacking, instead of the hackers themselves.

The agency responded sharply in a court filing, stating, “The FTC is not suing Wyndham for the fact that it was hacked, it is suing Wyndham for mishandling consumers’ information such that hackers were able to steal it.”

That response led to a pointed back-and-forth of analogies that illustrated just how heated the proceedings were getting. When Wyndham stated that its case was akin to a furniture store being punished for being robbed and having its files raided, the FTC shot back. “A more accurate analogy would be that Wyndham was a local furniture store that left copies of its customers’ credit and debit card information lying on the counter, failed to lock the doors of the store at night, and was shocked to find in the morning that someone had stolen the information.”

For businesses, the case raises concerns about facing government scrutiny and lawsuits during the already-difficult circumstances of a . However, FTC lawyers say that their agency is protecting consumers from identity theft stemming from lax corporate data security practices, and there are laws on the books in 48 states, the District of Columbia, Guam, the U.S. Virgin Islands and Puerto Rico regarding data breaches and how companies must notify and protect consumers. The overall message seems to be that the better a company protects its customers, the better it is also protecting itself.

To hackers and , few things could be more enticing than cracking open a business. From corporations to small businesses, there’s the potential to gain access to the personal information of hundreds, thousands or even millions of customers in a single hack. Financial advisory practices are particularly alluring targets because they handle so much money, and because of appeal, “” is striking the industry hard.

Spoofing is the buzzword that’s used when a hacker or thief impersonates a financial advisor’s client and requests transfers, or the disclosure of sensitive information. One common method used by thieves is hacking into a client’s email account and then sending emails to the advisory practice, asking funds to be transferred to certain accounts. The savviest of these criminals can also find out ways to get into a client’s mobile phone account, set up call forwarding and then impersonate the client in case the advisor calls to confirm the requested transaction.

For consumers working with financial advisors, asking questions about security isn’t just important anymore – it’s essential. Here are a few things to ask:

• Does the firm have a company-wide policy when it comes to verifying clients’ identities? What are the details of the policy? Is it single- or multiple-layer?

• Are options like video chat available for requesting major transactions or other client-initiated actions?

• Does the firm have a plan of action in case spoofing or other hacking occurs?

Protecting against identity theft is often an individual’s responsibility, but companies that deal with sensitive information also have an obligation to protect clients’ assets and interests.


The that tore across the Oklahoma City area, killing dozens of people, is a sobering reminder that we can never be fully prepared for a natural disaster.

With tornado and hurricane season underway and summer’s heightened risk for brush fires just around the corner, it’s a good time to take steps to protect your loved ones—and their identities—from harm.

Here are some steps to secure your identity before and after catastrophe strikes:


The thought of a child going missing is every parent’s nightmare, but it happens all too often. Each year, on May 25, is observed, bringing attention to the stories of kids like Etan Patz, whose disappearance led President Ronald Regan to establish the day in 1983. Protecting kids has become infinitely more complex today, when children are almost always online, but for parents, learning what to do to keep kids safe should be second nature.

The threats to children that lurk online might seem completely innocuous, but without the right guidance, kids can get themselves into bad situations, from to talking with predatory adults. Keep these tips in mind to help children use the Web safely.

* Monitor social media use. Many kids will object loudly to having a parent watching their every move on Facebook, Twitter or other sites, but laying down strict ground rules will ultimately be a good protective measure. Simply “friending” or “following” kids isn’t always enough – they can control who sees certain posts and might leave mom and dad out.

* Get to know the lingo. The emails, texts, posts and tweets your child sends out might not seem to be written in any recognized language, but they’re definitely putting a message across. Do some research to find out what abbreviations mean and get the gist of what kids are really writing.

* Teach the risks of oversharing. Kids naturally want to use social media and the Internet to connect with others, but they might not be aware that putting too much information out there can come back and haunt them. Show kids not only how-but why-they shouldn’t put too much of their personal information on the Web, where identity thieves, predators and bullies might find it.

Managing money online is the new normal-from banking to checking credit card balances to paying a friend back, a new generation of consumers shops, pays and receives a lot of cash via the Internet. The wise minds at Google have been working hard to get in the electronic payment game with their service, and the company is now positioned for a major jump forward. That’s thanks to the newly announced plans to let Gmail users send and receive money as an email attachment.

For naturally wary users, questions about safety immediately come to mind. After all, have been making great-and highly publicized-leaps forward in online scams and hacking. But it looks as though Google’s new innovation is starting out on the right path, according to Brian McGinley, chief executive officer of IDT911 Consulting, a subsidiary of Identity Theft 911.

“The fact that there is no exchange of bank information with the funds transmitted and received makes it a reasonably sound transaction mechanism,” McGinley says. “Plus, the user is protected against unauthorized transactions by Google as long as the transaction is identified and reported within 180 days. That’s reasonable.”

McGinley advises those eager to try out the new function to take one extra precaution, in addition to measures like maintaining strong passwords and closely monitoring accounts. “I would recommend users’ bank accounts used to fund these transactions be kept at relatively small dollar balances and not be linked to other high-balance accounts. In the event of compromise, the account can simply be closed.”

Armed Forces Day falls on May 18, reminding Americans of the sacrifices that military members make for the country every day. While these brave souls signed up to confront dangers and hazards that would make the average citizen shake in his boots, most members of the military would not have imagined that their jobs would put their identities at risk. Despite efforts from the Pentagon, military personnel still face unusually high potential for having their identities stolen.

One of the key reasons for that increased risk is the frequency with which troops have to give out their . While civilians are reminded repeatedly to keep their numbers closely guarded and to only give them out when absolutely necessary, military personnel often have to give out their numbers for a variety of reasons, some as basic as logging into computers.

The potential for deployment makes the situation even more complicated. When troops are deployed abroad, and don’t have regular access to keep a close eye on their accounts or what comes in the mail back home, they’re at yet another disadvantage. It could be months before they see evidence of identity theft, long after serious damage has already been done. Fortunately, troops can put “” on their credit reports; those reports ensure that creditors take extra steps to verify identity before granting credit.

Taking the usual steps to protect identity may not be enough for military personnel. While part of the burden is on troops, many military experts believe that changes throughout the system – such as reducing the frequency of disclosing Social Security numbers – are necessary before the trend really slows.

Most families install basic home security precautions: locks, alarms and maybe even landscaping designed to prevent predators from hiding in the bushes. But what about inside the house?

When it comes to inviting strangers into the home to provide services like plumbing, electrical work or even carpet cleaning, not taking careful steps to fully screen the company and the worker who shows up at the door can easily lead to an identity theft situation. Take action to help protect your family from :

* both online and in your community. Identity thieves have set up faux companies, mimicking legitimate companies in name, service offerings and even websites in an effort to gather identity information like addresses, credit card numbers and telephone numbers for fraudulent use. By the time the serviceman doesn’t show up for the scheduled appointment, the website has disappeared and the phone disconnected.

* Ask who will be performing the work when scheduling the appointment. When the worker arrives at the door, ask to see a form of identification. Save the name in your files, in case you want to have the worker return for additional projects or if you need to report an identity theft situation.

* Secure your belongings, especially any documents that contain personal information. A credit card statement laying out, waiting to be paid, provides a stranger coming into your house direct access to a lot of personal information. The worker can easily jot down the information, or worse, snap a photo of the statement with a smartphone, and the theft won’t be discovered until money goes missing or fraudulent charges are made.

* Empty your trashcans and recycling bins before the service workers show up. Trash cans are gold mines for identity thieves. Be sure all the recycling and garbage is securely stored in the garage, or better yet, schedule your service work to occur the day after garbage is collected in your neighborhood.

Taking steps to better secure personal information is only the first step when it comes to inviting service workers into your home. Monitoring your identity on a constant basis is also critical in catching identity theft early.