How to be a Grandma Identity Thief Murderer

Lois Riess is a woman from Minnesota who police say shot her husband, went on the run, and then killed a woman in order to take on her identity.  Here are some shocking facts about her:

Riess Looked Like her Victim 

The woman Lois Riess killed, Pamela Hutchinson, looked like her. This is why Pamela lost her life. When the body was found, police said her ID, credit cards, cash, and car was gone. Police put out an arrest warrant for Riess, and then started hunting for her. Police say the women did not know each other.

Lois Riess Allegedly Killed Her Husband, Too

Pamela Hutchinson wasn’t the only one who has allegedly died at Riess’ hand. Lois’ husband, David Riess, is also dead. He was found in the couple’s Minnesota home with several gunshot wounds after two weeks of not showing up at work. David’s car was missing, as was $11,000 out of his business account. It is believed that Lois used the same gun to kill both of her victims. Though Lois originally took the couple’s Cadillac, it was found abandoned in Florida several days later.

Pamela Hutchinson and David Riess

Though she was killed in Fort Myers, Pamela Hutchinson didn’t live there; she lived in Bradenton, FL. She was in Fort Myers to spread the ashes of her husband who had recently passed away.

David, Lois’ husband, owned a commercial worm farm. He was a Navy veteran and loved boating, fishing, hunting, and spending time with his grandkids.

Lois Riess was a Gambler, and She Had an Interesting Nickname

According to reports, Lois Riess was a gambler, and had an addiction to gambling that eventually destroyed her family. It is said that she stole more than $100,000 from her sister, and had the nickname, “Losing Streak Lois.”

Lois Took a Road Trip After the Killings

After killing Pamela, detective believe that Lois left Florida and traveled through Alabama, Mississippi, Louisiana, and Texas. She was driving Pamela’s car, which she took after shooting the woman.

Before Lois was even captured, she was charged with the murder of both her husband, David, and Hutchinson. She is facing a first degree murder charge in Florida along with grand theft auto, grand theft, and criminal use of personal identification. She faces the death penalty if found guilty. As for the alleged murder of her husband, David, in Minnesota, murder charges are pending, so it’s likely that she will face two counts of first degree murder when all is said and done in this case.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.

2017 Was the Worst Year for Identity Theft EVER!

Javelin Strategy & Research recently released its Identity Fraud Study, and it revealed that the number of identity theft victims rose by 8% in 2017 when compared to 2016. That’s almost 17 million people, which is a record high. Despite more information and industry efforts to make people aware of these practices, $16.8 billion was stolen due to ID theft in 2016.

The study also showed a shift in how ID theft fraud was being done. Credit card accounts were the most common targets for new account fraud, we also see that there is a big uptick in other accounts being targeted, including PayPal accounts and e-commerce merchant accounts. We can also see that more than 30% of consumers in the US were notified that their information was part of a data breach, which is 12% higher than the year before. Social Security numbers also seem to be a favorite of ID thieves, as are credit card numbers. We also see that due to these breaches, consumers are becoming less trusting when it comes to companies and financial institutions that are storing personal data.

The Trends

There were four noteworthy trends that were also found in this study:

  • There was a Record High Rate of Identity Fraud – The study shows that almost 7% of all consumers were victims of ID fraud. This was almost a million people from 2016. This was mostly due to more account takeovers and more instances of fraud.
  • Account Takeover Has Grown – One of the most shocking things found in this study is that account takeover has tripled when compared to 2016 and has reached a four-year high. This is a 120% increase. It was also noted that the average victim had to pay an average of $290 out of pocket to solve these issues, and consumers spent more than 62 million hours trying to work these issues out.
  • Scammers Target Online Shoppers – The study also shows that people who shop online are most at risk of becoming a victim of fraud.
  • Scammers are More Sophisticated – Finally, the study showed that fraudsters are more sophisticated than ever before, and they use more complex methods than ever before.

Finally, the Identity Fraud Study did something new this year, too. It looked at the way news of data breaches has affected consumers. About 63% of people who responded say that they were “very” or “extremely” concerned about becoming a victim of a data breach.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video

Tips for Preventing Embezzlement and Employee Theft

If you are a business owner, you might be concerned about employee theft. If you aren’t concerned, perhaps you should be.

There are a number of ways that an employee can steal:

  • Embezzlement money, inventory or materials
  • Skimming – Diverting funds
  • Stealing business opportunities, data or trade secrets
  • Fraudulent disbursements like check tampering or billing schemes
  • Larceny – absolute theft

It might surprise you to find out that employees who steal are not usually new employees. Instead, they are those who have worked for a business for a number of years. (Three years is the average.) So, what can you do to protect your company from employee theft? Here are some ideas:

Watch Your Staff

You should be aware of the signs of theft. These include:

  • A sudden devotion to their work and/or the company
  • Working late
  • Living above their salary
  • Drug or alcohol abuse
  • Evidence of gambling, bad check writing, or persistently asking to borrow money
  • A second job with materials available at your business
  • Strong objections to changes in inventory, financial, or supply procedures

Small businesses should always do background checks on any potential hire. Checking references is one thing, but to really understand who you are hiring, a full background check is best.

Supervise Employee Behavior

Research shows that employees are more likely to commit acts of fraud and theft when they don’t have a lot of supervision. You don’t have to supervise them constantly, but you should check on them often. It also is a good idea to have more than one person in charge of company finances.

Control All Business Receipts

Use pre-numbered sales slips and audit them frequently. This is especially the case with cash. You should not rely on a sales clerk to count and audit these receipts. Have another person do it.

Use Random Auditing

Start doing unannounced audits internally, and hire an outside company to do a yearly audit.

Use Purchase Orders

You should also use purchase orders and make sure that these are not handled by the same people over and over. It’s best to use pre-numbered purchase orders, and then always verify any orders coming in.

Keep Track of Business Checks

Use checks that are pre-numbered and make sure the amounts and recipient name is typed or in permanent ink. It’s best to produce checks from software, such as QuickBooks. If you have bank checks, make sure they are locked up.

Install Security Software on Computers

Start using security software on your computers that monitors employee activity, and restrict access to company records. You should also frequently change passwords and ensure that all of your security features are working.

Be Responsible with Accounts Receivable

Ensure that you are recording all of your incoming payments. Make sure incoming checks are marked as “deposit only.” Hire a forensics accountant at least bi-annually. Having a professional come in looking for discrepancies, or “cooked books” is worth every penny.

Use Security Systems with Inventory Management

Keep shipping and receiving as separate functions. Consider using security devices to monitor all inventory and merchandise that is coming in.

Install Security Cameras

Frankly, “trust” is overrated. It’s natural and normal to trust by default. As an “interdependent” species, humans can’t function without inherently trusting one another. But while most people can be trusted, the few that can’t need security cameras pointed at them all day.

Help Employees Report Theft by Their Co-Workers

You should make it as easy as possible for your staff to report theft or fraud by their co-workers. You want to make sure that you are doing this discretely, and you want to make sure that you don’t make it look like you don’t trust your staff.

What to Do if You Suspect Theft

If you have an employee who you think is stealing form you, here’s what you should do:

  • Use extreme caution when conducting your investigations and when making an accusation. If this turns out to be false, it could mean a lawsuit for you.
  • If you have a suspicion, investigate. If you can correctly identify the employee who is responsible, you should terminate their position immediately, revoke all network and building access and then consider contacting the authorities.
  • If theft is a complex or a large issue involving more than one employee, you should talk to a legal professional. They can help find experts who can help.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Understanding and Stopping Criminal Identity Theft

The definition of criminal identity theft is a crime where the criminal impersonates the victim in order to protect their innocence. This can lead to victims getting fines or even getting arrested and charged for crimes they did not commit.

How Does This Happen?

There are a number of ways that a criminal can pull this off, and it generally occurs when the thief steals someone’s identity. This is true and pure identity theft, often involving a drivers license with the thieves picture and the victims information. Once they have that, they are pretty much free to commit crimes in their victim’s name.

Stopping Criminal Identity Thieves

If you think that you are a victim of this crime, you should first get in touch with the police department where the charges are coming from. You should offer proof of your identity, and then fill out an impersonation report. The police will often take a photo, get your fingerprints, and run your ID info through their database. When they prove your innocence, warrants will be released. If you feel like this is a complicated situation, however, it is in your best interest to get a lawyer.

Did Someone Use Your Driver’s License?

If someone has stolen or used your driver’s license, take the following steps:

  1. Get your driver’s license record. You can get this from the DMV.
  2. Identify any inaccurate information from the report.
  3. Report any discrepancies.
  4. Discuss facial recognition with the DMV and if others photos are tied with your information.
  5. Clear all of the discrepancies. The DMV will do this for you after an investigation.

Signs That You Might be a Victim of Criminal Identity Theft

Sometimes you might not realize that you are a victim of criminal identity theft, but here are some signs:

  • Your Social Security Statement may have errors.
  • There will most likely be errors on background checks.
  • You might get fired and told your criminal record is the reason.
  • You might not get a job or apartment due to your false criminal record.

Preventing Criminal Identity Theft

There are some things you can do to make the chances lower that you will become a victim of criminal identity theft:

  • Keep your Social Security number and driver’s license safe and hidden when possible.
  • If you have to get a new credit card and/or driver’s license, make sure the numbers are different. You don’t just want the same number as the thief can still use it.
  • Get a credit freeze and consider identity theft protection.
  • Frankly, be as digitally secure as possible and manage paper records the best you can. But this is a hard crime to stop on your own.
  • Criminal identity theft happens when the victim has done nothing at all to secure their identity

Should You Be Worried About Criminal Identity Theft?

All of this sounds pretty scary, but there is only a very small chance that you would be held liable for any of these crimes. The bigger issue is that someone could victimize you for years, and you would never realize it. It could become a big headache, and it could also create a domino effect that could ultimately tarnish your good name. Preventing identity theft of all kinds is a start, and as long as you know how to fix it if it happens, you should be okay in the end. Don’t worry about it, but do something about it.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protecting Your Parents from Identity Theft

According to statistics, those who are 50-years old and older, like 65-85, are often targets of identity thieves. The bad guys have no issue taking advantage of your parents. They violate their trust, and understand that they are often naïve about the internet and scammy phone callls. Cyber criminals also know that older people have retirement money and more savings, and this money is ready for them to take. Here are some of the common scams that the bad guys use:

Common Scams Against Older People

  • The bad guys might send them an email saying that they are from the IRS, CIA, FBI, or even a bank. The email says that there is a problem that needs the recipient’s attention. The scammers then ask for information like their Social Security numbers, bank account information, and more.
  • Another scam is to pull on their heart strings. In this case, the scammer calls the person and claims to be someone they know, like a grandchild, who needs money wired because it’s an emergency.
  • Scammers also try to take advantage of people by using their home’s information. If they can access the deed of a person’s home, they can use other information, like their bank account number and Social Security number and can refinance the home. Then, of course, they get all of that money and the person living there is none the wiser.
  • Crooks also focus on people in retirement homes. They get a job at these homes, and then manipulate the residents to give them personal information.
  • They seek out the lonely. If your parent is single because of divorce or death they are a target. Loneliness often trumps common sense. There’s a level of desperation that predators seek out.

Preventing Scams Against Your Parents

You probably want to do all that you can to prevent this from happening. Here are some methods you can use:

  • Become the main guardian over the personal information and financial accounts of your parent’s. This way, when your parent is contacted by a suspicious person, they must go through you to get any information. Even information like your mother’s maiden name might be used to commit identity theft down the road. Make sure your parents know that they shouldn’t ever share personal information and any and all requests for any money must go through you. No matter how persistent the person on the phone or via email is.
  • Don’t ever share personal or identifying info on a social media site. Criminals will target your parents in “Grandparents Scams” posing as their grand children in distress using social profiles as research.
  • Make sure your parents know to check their credit card and bank accounts quite often. You should also set up text or email alerts about their accounts.
  • Get your parents a shredder. All bank statements and any other sensitive information should be put through the shredder. Crooks love to go through trash to find old statements and other information that they can use.
  • If your parents use Wi-Fi, show them how to use a VPN. Hotspots are not protected and scammers use them often.
  • When writing an obituary, don’t use any details that a crook could use to steal an identify. Sadly, the bad guys use this information in terrible ways.
  • Explain the importance of email safety. Phishing is very common, and even if an email looks safe and legitimate, no one, including you or your parents, should click a link in an email.
  • Help your parents understand that there is a difference between http and https. Tell them that if a website has http, it is not secure, so they shouldn’t share personal information.
  • You can also help your parents opt out of any unnecessary offers. Go to the website com and sign up.
  • Work with your parents to freeze their credit.

Stay Aware of Scammers

Do not allow your parents to be a scammer’s next victims. You can easily prevent this, and most importantly, your parents won’t have to go through the stress of rebuilding their credit and recovering their identity. One of the most important things that you can do is to be aware of these scams.

Protect the Identity of Your Parents

All of us are vulnerable to identity theft, and we can’t protect ourselves 100% of the time. However, by doing things like signing up for identity theft protection or doing a credit freeze can help to keep us all safe.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Do You Really Need Identity Theft Protection or is it a Waste of Money?

I see a ton of articles that say identity theft protection is not something you really need. These articles have titles like “ID Theft Protection Does Not Work,” or “The Poor Man’s Guide to ID Theft Protection.” Though some of these articles have a bit of merit, they totally miss the point.

Here’s the deal – You can’t protect yourself from every type of ID theft out there, and the types you can protect yourself against require a ton of focus. One way or the other, it will cost you money, time, and probably a bit of anxiety too.

Those who have elected not to invest in ID theft protection say they don’t need to pay for a service that they can take care of on their own. Why? Because they do the following:

Dispose of Their Mail, Securely – One thing that people do to protect their identity is to shred all of their mail. This is especially the case when it contains account information. However, this isn’t enough. Though you might do your part, there is no guarantee that your bank, mortgage company, or even electrical provider won’t toss paperwork with your information into a dumpster. At that point, it’s free for the taking.

Opt Out of Preapproved Credit Card Offers and Junk Mail – Yes, this is good advice. You can do it online at OptOutPrescreen.com. However, keep in mind that even if you do this, you will still get some offers.

Get a P.O. Box – I’m not sure why people think that getting and using a P.O. box will help to protect them from identity theft, but they do. Yes, this is a more secure way of getting your mail and in some cases will protect sensitive data. Unfortunately, this doesn’t help much.

Check Their Credit Report – Yes, you should always check your credit report. But, people who believe that checking their credit report can stop ID theft are mistaken. You can get a free credit report each year at AnnualCreditReport.com, but you really need to check more often than once every 12 months. Checking a credit report does not proactively protect your identity.

Set Up Fraud Alerts – People also set up fraud alerts and think they are fully protected from ID theft. Again, fraud alerts are great, but they expire after 90 days, and most people forget to renew the service. Additionally, these are only a guideline for your creditors, and they are not required to contact you if they issue credit.

Freeze Their Credit – These people also freeze their credit. This is a good thing to do, and I think it is fundamental to protecting your identity, but again, it doesn’t help to protect your ID from tax-related identity theft, criminal identity theft, account takeover or medical identity theft.

All of these things help, and are necessary in addition to a Protection Service, but people who stick with these and don’t get full service identity theft protection are putting themselves in a precarious position. Instead, it’s best to get a professional product, which offers better protection.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

The Equifax 2017 Exposed: What Half of America Needs to Do Right Now

Equifax has been hacked. As one of the three major credit bureaus in the United States, this is seriously bad. It is considered by many to be the worst security breach in the history of the internet. The extent (about 143 million Americans) and the sensitivity of the data is a rude awakening in a year when cyber has been in the center of the news.

What does this mean for you? It means that your Social Security number, and possibly even your driver’s license information, could be in the hands of hackers. Some are already calling this the worst breach of data in history.   

How Did This Happen?

On September 7th, Equifax announced that a security breach occurred that could impact as many as 143 million people. Though this isn’t the largest breach to occur, it could be the most devastating. The data that was accessed included Social Security numbers, address, birth dates, and driver’s license numbers. All of these can be used for identity theft.

Equifax also announced that the credit card numbers of more than 200,000 people were accessed, as were documents containing personal identifying information for more than 180,000 people. With this information, the hackers can commit credit card fraud. This isn’t as bad as identity theft, as credit card fraud is usually simple to fix, but these thieves could still open new credit card accounts in your name with your Social.

According to Equifax, the company discovered the data breach on July 29. Apparently, the hackers accessed the files from around mid-May all the way through July.

Richard F. Smith, the chairman and CEO of Equifax, admits that this is a “disappointing event” and that it “strikes at the heart” of the goals of the company. He also apologized to customers who work with Equifax and consumers. Boo hoo. I cry for you.

Why Did It Take So Long to Announce This?

You might be wondering why it took so long to announce that there was a data breach at Equifax. After all, the company discovered it on July 29, and didn’t announce it until September 7. Their Director of Social Media, has an answer. She said that as soon as the company discovered the breach, they stopped the intrusion. The company also hired a cybersecurity firm, which did a full investigation. This investigation was time consuming, and they wanted to have all of the information available before informing the public. Makes sense.

But Wait…There’s More

To add to this story, Bloomberg News announced that three executives from Equifax sold shares worth about $1.8 million. What’s shocking is that they did this AFTER the company discovered the breach. This will come back to bite them.

You can check to see if you are affected by the breach by using an online tool that Equifax has set up. FYI, I checked out my info, I’m a victim.

You should go there, enter your last name and the last six digits of your Social Security number, and the system will tell you if your information has been compromised. If it has, Equifax is offering a complimentary enrollment into the TrustedID program. However, there is language in the terms of service that may restrict your ability to have your day in court if you were to join a class action and the NY Attorney General is pissed. According to USA Today, a class action lawsuit has already been filed against Equifax. This class action suit seeks to secure all records associated with the breach and fair compensation for those who were affected.

Read the NYT.

You don’t have to have done any type of business with Equifax to be affected by this. If you have ever applied for a mortgage, loan, or credit card, the company likely has your information. The TrustedID program is going to be free for an entire year for anyone affected. It gives consumers the ability to lock and unlock their credit reports. They also get internet scans for their Social Security numbers and identity-theft insurance. You can also call Equifax at 866-447-7559.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Second Hand and Discarded Devices Lead to Identity Theft

A new study was just released by the National Association for Information Destruction. What did it find? Astonishingly, about 40% of all digital devices that are found on the second-hand market had personal information left on them. These include tablets, mobile phones, and hard drives.

The market for second hand items is large, and it’s a good way to find a decent mobile device or computer for a good price. However, many times, people don’t take the time to make sure all their personal information is gone. Some don’t even understand that the data is there. This might include passwords, usernames, company information, tax details, and even credit card data.  What’s even more frightening is that this study used simple methods to get the data off the devices. Who knows what could be found if experts, or hackers, got their hands on them. It wouldn’t be surprising to know they found a lot more.

Here are some ways to make sure your devices are totally clean before getting rid of them on the second-hand marketplace:

  • Back It Up – Before doing anything, back up your device.
  • Wipe It – Simply hitting the delete button or reformatting a hard drive isn’t’ enough. Instead, the device has to be fully wiped. For PCs, consider Active KillDisk. For Macs, there is a built in OS X Disk Utility. For phones and tablets, do a factory reset, and then a program called Blancco Mobile.
  • Destroy It – If you can’t wipe it for some reason, it’s probably not worth the risk. Instead, destroy the device. Who knows, it might be quite fun to take a sledge hammer to your old PC’s hard drive, right? If nothing else, it’s a good stress reliever!
  • Recycle It – You can also recycle your old devices, just make sure that the company is legitimate and trustworthy. The company should be part of the e-Stewards or R2, Responsible Recycling, programs. But destroy the hard drive first.

Record It – Finally, make sure to document any donation you make with a receipt. This can be used as a deduction on your taxes and might add a bit to your next tax return.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Inside the Business E-mail Compromise Scam

Trick e-mail = fraudulent wire transfer = hundreds of thousands to millions of dollars stolen.

emailThat’s what’s happening with business executives in select industries (e.g., chemical operations, manufacturing), says a report at threatpost.com, citing a finding from Dell SecureWorks.

The phishing e-mails are part of those Nigerian scams you’ve heard so much about, a business e-mail compromise scheme.

Security researchers have gotten a good glimpse into the inner workings of the BEC, thanks to one of the hackers, a key player, accidentally infesting his computer with the BEC malware.

The threatpost.com article explains that Joe Stewart of Dell’s Counter Threat Unit says that this hackster routinely uploads keystroke logs and screenshots to a server. This data includes many identities of the hacking group, and has been given to law enforcement for investigation. Stewart says that, thanks to the accidental infection, researchers have gained insight into the innards of their operation, such as viewing the group’s desktops.

What the hackers do is scour websites of specific industries for e-mail addresses. They construct e-mails, add malicious attachments, then send them along, hoping to get into a user’s account, which they then compromise. Their goal is monetary transactions between the target company and the hackers pose as a vendor which the company may already deal with.

The hacker/vendor replies with invoice and payment instructions, and the company is not aware that the recipient is the hacker. The hacker forwards the e-mail to the buyer who is tricked into wiring funds to the hacker. Though this group is not sophisticated, they’ve managed to come away with hundreds of thousands of dollars just from one company. Upon success the wired funds are directed to the hackers.

Overall, the scams have resulted in $3.1 billion lost, says the FBI. The article points out that the BEC scheme is not to be confused with the BES scams (business e-mail spoofing). The BEC operation doesn’t send spoofed e-mails; it uses malware or exploits to gain control of e-mail accounts.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Man raises a Family on Dead Man’s Stolen Identity

Imagine you learn your husband (or wife) of 25 years is really a different person. That’s what happened to Mary Hickman—25 years after she married a man who had identified himself all those years back as Terry Jude Symansky. The Florida couple had a son and lead an uneventful life, with Symansky working different jobs and even acquiring a pilot’s license.

11DIn actuality, Symansky was really Richard Hoagland, who’d been married twice before, who had lived in Indiana and then mysteriously disappeared and was eventually presumed dead. He had stolen the real Terry Jude Symansky’s identity and got away with this for 25 years—until he was busted by Symansky’s nephew.

The nephew learned of the identity theft, something he never even suspected, via Ancestry.com. He reported this to the police, who then alerted Hickman.

Hickman subsequently came upon documents in the attic proving that her husband was an imposter of a man who had died in 1991 in a drowning accident. Hoagland, 63, was arrested.

So why had he vanished from Indiana? There, he’d had four kids with two wives. He had wanted to get away from one of the wives, so he up and left, though he told her it was because the FBI wanted him for the theft of millions of dollars—a claim that has yet to be substantiated.

How did Hoagland steal Symansky’s identity in the first place? It certainly helped that he had once been living with the dead man’s father, where he had found a copy of Symansky’s death certificate. He had used this document to get a birth certificate, and armed with that, he was on his way to assuming the identify of a man who had never even been married nor had any kids—which had made it even easier for Hoagland to pull off his caper.

We can probably thank those Ancestry.com commercials for causing the chain of events that led up to the crook’s arrest.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.