Stealing Identities of the Dead

Robert Siciliano Identity Theft Expert

Stealing the identity of the living is so 2009. Stealing the identity of the dead is so wrong, and so easy. It is made even easier by public records. A provision in federal law that reformed welfare in the 1990’s also created a loophole that could allow swindlers to obtain the Social Security numbers of the recently deceased.

In some state’s, Registry of Vital Records and Statistics include Social Security numbers on all certified death certificates. And anyone can obtain a death certificate from the registry for $18.

Wired reports Identity thieves filed for $4 Million in tax refunds using names of living and dead. A group of sophisticated identity thieves managed to steal millions of dollars by filing bogus tax returns using the names and Social Security numbers of other people, many of them deceased.

The thieves operated their scheme for at least three years from January 2005 to April 2008, allegedly filing more than 1,900 fraudulent tax returns involving about $4 million in refunds directed to more than 170 bank accounts. The conspirators used numerous fake IDs to open internet and phone accounts, and also used more than 175 different IP addresses around the United States to file the fake returns, which were often filed in bulk as if through an automated process.

The scam took advantage of the IRS’ quick turnaround in processing refunds for electronically filed returns. The IRS typically processes a refund request without verifying the taxpayer’s information — such as whether the taxpayer is alive — or confirming that the taxpayer is legitimately owed money.

Generally, a death is reported to the Social Security administration in a relative and timely fashion, but not always. As far as I can tell there is no form for merely “reporting a death” to the IRS. However, the IRS demands a final accounting, and it’s up to the executor or survivors to file the paperwork. When a taxpayer dies, a new taxpaying entity – the taxpayer’s estate – is born to make sure no taxable income falls through the cracks.

The 3 credit bureaus maintain a list of deceased based on the Social Security Administration’s data. However it can take a months for the bureaus to update their databases with information from the SSA. By contacting the credit agencies directly, you can report a death and have more confidence that the information will be used immediately.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Social Security numbers on Fox News.

Caller ID Spoofing Becoming Illegal

Robert Siciliano Identity Theft Expert

AP reports using false caller ID with the intent of tricking people into revealing personal information or otherwise causing harm would become illegal under legislation that passed the House Wednesday. The legislation would only outlaw the use of spoofing technology when the intent is to deceive and harm the recipient of the call. Legitimate uses of the technology, such as a domestic abuse shelter changing its number to protect an occupant of the shelter, would still be permitted.

Caller ID spoofing is the practice of causing the telephone network to display a number on the recipient’s caller ID display which is not that of the actual originating caller. Similar to e-mail spoofing which can make it appear that a message came from any e-mail address the sender chooses. Caller ID spoofing can make a call appear to have come from any phone number. Most people trust caller ID and are unaware of caller ID spoofing. This is obviously a flawed system ripe for fraud.

Legitimate uses of caller ID spoofing have included:

A domestic abuse shelter changing its number to protect an occupant of the shelter.

Law enforcement to disguising themselves when trying to nab suspects.

Someone is trying to evade child support and caller ID spoofing may be a legitimate tool to find them.

Someone who suspects a cheating spouse may use it to do their own investigations.

Doctors on call wanting to block their number may need to change a caller ID if the client requires a phone number to show when calling.

Nefarious uses of caller ID Spoofing have included:

A crazy woman used the caller ID of a pharmacist to trick a romantic rival into taking a drug used to cause abortions.

Spoofing during political campaigns to mislead voters or get voters angry at a candidate they mistakenly think is calling them, perhaps in the middle of the night.

Criminals are also using caller ID of a bank, credit card company, retailer or other phone number to scam someone into revealing Social Security, bank account or credit card numbers. In New York City police busted an identity theft ring that used caller ID spoofing to steal more than $15 million from 6,000 victims.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Scammers and Scambaiters on Fox Boston.

Scammers Bait 40,000 Facebook Victims with Ikea Gift Card

Robert Siciliano Identity Theft Expert

It’s just a matter of setting up a fake Facebook page and marketing it to a few people who then send it to their friends and it goes somewhat viral. The Ikea scam hooked 40,000 unsuspecting victims with the promise of a $1,000 gift card.

PC World reports In the past months, fan pages have popped up all over the social networking site, offering too-good-to-be-true gift cards. There’s the $500 Whole Foods card, the $10 Walmart offer, and the $1,000 Ikea gift card. The Ikea page put these gift card scams on the map last month, when it quickly racked up more than 70,000 fans before being snuffed. Facebook has also taken down Target and iTunes gift card scam pages in the past few months.

To get the gift card the users must enter names, address and email address. They are then pointed to other pages where real products and services are offered. From there they enter credit card details if the offer appeals to them.

The root of this scam is believed to be perpetrated by affiliate marketers who make money on click throughs and create a ruse to gather data on potential customers also known as a “sucker list.”

In general, there shouldn’t be any traditional identity theft as it relates to new account fraud as long as requests aren’t being made for Social Security numbers, and the “victim” isn’t giving one out. Otherwise I don’t see this scam as harmful, but is certainly deceptive.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN.

1.5 Million Americans Have Been Victims of Medical Identity

Robert Siciliano Identity Theft Expert

The Smartcard Alliance has released an in-depth report called “Medical Identity Theft in Healthcare.

While identity theft is a global issue that garners much media attention, most do not realize that medical identity theft is a serious and growing threat. Many authorities consider medical identity theft one of the fastest growing crimes in America. With the digital age of healthcare upon us, the risks are expected to increase as electronic medical records become more prevalent and the exchange of this data over expanding networks becomes more pervasive. Heightened concern over personal data security and privacy highlight the importance of having secure electronic medical identities.

According to a recent Ponemon Institute study, nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion–or approximately $20,000 per victim. [1] Further evidence of the significance of the medical fraud problem is the allocation of $1.7 billion for fraud detection in the 2011 U.S. Health and Human Services Department budget. [2] In 2009, 68 reported healthcare data breaches in the U.S. put over 11.3 million patient records at risk of exposure.

Patients whose medical identities are stolen face serious lingering effects. Fraudulent healthcare events can leave erroneous data in medical records. This erroneous information–like information about tests, diagnoses and procedures–can greatly affect future healthcare and insurance coverage and costs. Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.

Identity theft prevention services generally will not protect you from medical identity theft. However, if your information is out there on the Net and being scanned constantly by the identity theft protection service, then your risk is lowered. Furthermore, I’m all about layers of protection. If your identity is protected from new account fraud via credit monitoring or credit freezes then the thief may use another identity that has less restrictions.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Medical Identity Theft on the CBS Early Show

Do You Spy on Your Spouse?

Robert Siciliano Identity Theft Expert

Generally in a trusting relationship spying isn’t necessary. I’m sure Sandra Bullock, Kate Gosselin or Tiger Woods wife didn’t think they needed to spy on their husbands, until they did. Reckless behavior like that can bring home a very itchy or very deadly disease.  One that victimizes the innocent.

The fact is humans have a tendency to lie.  Lying is generally done to protect people from the consequences of their actions or to protect others from the emotional hurt because of what they did.

Spying generally occurs when trust is broken or intuition kicks in and someone senses something is askew. Spying is easier today than it’s ever been. According to a recent survey polling 1,000 men and women of various ages, incomes, and locations in the United States, there’s a 38 percent chance you would spy if you’re 25 or younger.

Among respondents, 38 percent of those 25 years old or younger admitted to snooping on their boyfriend’s or girlfriend’s messages, and 36 percent of those who are married admitted to checking their spouse’s e-mail or call history.

Spying can be accomplished by simply picking up a person’s phone and looking at the incoming and out going calls and text messages. Mobile phone spyware is readily available and can monitor almost every aspect of a phones use remotely.

Small wireless cameras installed in lighters, pens, clocks, smoke detectors and just about anything else are readily available. Commercially available spyware can easily be installed on a person’s computer. Undetectable hardware called “key catchers” can be installed in the PS2 or USB ports and the person’s keyboard is piggybacked and logs all their keystrokes.

Identity thieves are using the exact same technologies.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

Parents Navigating the Social Media Mess

Robert Siciliano Identity Theft Expert

Children say and do things that make them vulnerable to dangers in the outside world. A parent can parent all day long and do everything possible to protect their kids from themselves, but a child’s persistence to have their way can wear a parent down. It’s a constant fight that makes a parent adopt a philosophy where they “pick their battles.

Growing up, it wasn’t all that uncommon for a parent to spank their kids to teach them a lesson. I experienced the occasional “windmill” from my father that set me straight more than once. And I’m thankful for it. By all accounts, if you add up all the number of risks I took and how many times the speedometer redlined and all the stupid things I did, I really shouldn’t be writing this. If a cat has nine lives I have 999,999,999,999. I think that’s trillion.

At one point political correctness crept into our culture and the fear of a child calling the Department of Social Services (DSS) on their parents because of a deserved fanny smack sent a cold chill down every parent’s spine. I’m certainly not saying it’s OK to beat your kids, or cage them for that matter. And when a child has zero fear of a parent, they tend to walk all over them. It’s in their nature to manipulate until they get their way. I’m just sayin.

A 16 year old ungrateful, self righteous teen has filed charges against his mother for making entries on his Facebook page. The kid further filed a no contact order against his mother. The mother apparently took over his Facebook account after she noticed some reckless behavior.

She was quoted saying “I read things on his Facebook about how he had gone to Hot Springs one night and was driving 95 m.p.h. home because he was upset with a girl and it was his friend that called me and told me about all this that prompted me to even actually start really going through his Facebook to see what was going on.”

What mother wouldn’t be concerned?  Hey kid, the day you deliver anything in excess of 10 pounds out of an orifice on your body, then you can have a say. I hope you have kids just like you.

I think my head is going to explode.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America

ID Theft Ring Gleaned Socials From Medical Records

Robert Siciliano Identity Theft Expert

Medical identity theft occurs when the perpetrator uses your name and in some cases other aspects of your identity, such as insurance information, to obtain medical treatment or medication or to make false claims for treatment or medication. As a result, erroneous or fraudulent entries wind up on your medical records, or sometimes entirely fictional medical records are created in your name. Financial identity theft as it relates to new account fraud is when an identity thief gets the victim’s Social Security number and opens new financial accounts under the victim’s name. There’s very little protection from this due to a flawed system of open credit and lack of authenticating the actual “owner” of the SSN.

In Chicago, ABC News reports “Seven people have been arrested in an identity theft ring that allegedly used information stolen from victims’ medical records to obtain credit cards. The identities of more than 200 patients of a Chicago hospital were stolen. The information was stolen from the offices of the Northwestern Medical Faculty Foundation. That information led to $300,000 worth of goods and services being racked up on fraudulently.The suspects are even accused of using Facebook to post photos of themselves posing with stolen clothing and jewelry.”

One of the rings leaders alleged to have been a part of the group, is being held on $100,000 bond. Apparently her third run-in with the law.

Her mom said “That’s really not her. She is a good person. She do have a heart.” She “do”, huh? She do like to steal identities too. And she do like to buy her nice stuff with those stolen identities. The victims have to spend many hours cleaning up their good names. They may be denied loans in the process or jobs or insurance due to bad credit.

You do need to protect yourself from new account fraud and identity theft protection and a credit freeze is the best way. I did a spot on Good Morning America on this story below.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing ID Theft Ring on Good Morning America

Social Media Security: Using Facebook to Steal Company Data

Robert Siciliano Identity Theft Expert

There is a reason why computer users are called “users.” Like crack addicts who are drug users, more is never enough. And when under the influence, people do stupid things. I find myself scanning the Dell catalog like it’s the latest (or any) Victoria Secrets catalog. I’m amazed at how many people I know are online all day long and digitally stoned. The bad guy knows you are obsessed and uses this against you. He sees that you are comfortably numb here. He understands that in the virtual world you’re delirious and more apt to respond to his message then log your credentials.

Meanwhile Facebook’s security and privacy issues are being challenged from all sides. And during the brouhaha one of the Facebooks investors fell for a Facebook phishing scam.

Steve Stasiukonis is vice president and founder of Secure Network Technologies Inc. and publishes to Dark Reading tested his clients network using a bogus identity, and joined the companies Facebook site and started mining the names and email addresses of individuals who identified themselves as employees.

As he collected a database of names for a penetration test in the phish, he secured a domain name similar to that of his client. This domain name took on the appearance of a human resources or benefits portal. When he emailed the employees as “human resources,” they were redirected to a Web page, such as https://www.xyzcompany-benefits.com.

He has been able to accumulate significant numbers of emails for phishing targets from Facebook and other social networking sites. When he launched his companie’s Facebook spear-phishing attack, he usually got an average response rate of 45 to 50 percent. So nearly half of the employees responded to an email with the logins and passwords they use on their employers’ network.

Steve says:

— Officially sponsor the social networking site and assign an administrator who is responsible for permitting employees to join. This will help control somebody infiltrating the site for devious purposes.

— Establish a social networking policy. If your employees are participating in social networking sites (company sponsored or not) make sure company policies dictate what is and is not permissible. For example, divulging your corporate email account on social networking sites should not be permitted.

— Last but not least, if employees feel the need to gather and converse about their day-to-day work, personal lives, and hobbies, consider a corporate intranet. Maybe someday social networking vendors will launch a product that will provide the same features and benefits, but with the security tools needed to keep employees and company secrets safe. But in the meantime, it’s up to you.

Sober up and protect your identity.

Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Facebook Hackers on CNN

Criminal Hacker Gets 20. Books, Movies and Hollywood Starlet Next

Robert Siciliano Identity Theft Expert

Albert Gonzalez and his gang of criminal hackers were responsible for data breaches in retailers and payment processors, with some estimates saying they breached over 230 million records combined. Gonzalez, considered a proficient criminal hacker, provided “dumps,” a term which refers to stolen credit card data, to “carders.” “Carders” are the people who buy, sell, and trade stolen credit card data online.

“Gonzalez and his hacking buddies hacked into computer systems and stole credit card information from TJX, Office Max, DSW and Dave and Buster’s, among other online retail outlets, in one of the largest — if not the largest — cybercrime operations targeting that sort of data thus far. They used some of the stolen numbers to remove cash from ATM machines and sold many of the other numbers to other criminals, including those in Eastern Europe.”

Gonzalez provided “sniffer” software used to intercept the credit and debit card numbers for the Russian hackers. Sniffer software or “malware” malicious software, acts like a virus attaching itself to a network and often spreading. The software allows the criminal hacker backdoor access to all the data in the server and provides remote control functionality.

Wired reports Gonzalez earned $75,000 a year working undercover for the U.S. Secret Service, informing on bank card thieves before he was arrested in 2008 for running his own multimillion-dollar card-hacking operation.

It was reported that Gonzalez buried a million dollars in the backyard of his parents’ Miami home. At one point he cracked and drew a map for investigators to find the money. WOW!

How many people in the course of history have actually dug a hole and buried a million bucks in it? I can’t wait to see the movie. I’d be happy playing a part in it. I’ll be the shovel.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Breach of 3.3 million Social Security numbers on Good Morning America

Why Debit Cards Are a Nightmare

Robert Siciliano Identity Theft Expert

Not all plastics cards are created equal. The major differences in credit vs. debit is in the protections (or lack of protections) that come along with the fine print. A debit card is connected directly to a persons bank account and when compromised can devastate your bank balance.

I know too many people who’ve fallen victim to some type of debit card fraud whether through skimming or unauthorized purchases and never recouped their losses. Sometimes the banks just won’t budge. They tend not to believe a person who’s PIN and card number was leaked.

Creditcards.com reports The Federal Reserve’s Regulation E  (commonly dubbed Reg E), covers debit card transfers. It sets a consumer’s liability for fraudulent purchases at $50, provided they notify the bank within two days of discovering that their card or card number has been stolen. TWO DAYS. That’s it! After that, the maximum liability jumps to $500. Some banks will extend the grace period up to a year, but good luck getting your money back.

Federal laws limit cardholder liability to $50 in the case of credit card fraud, as long as the cardholder disputes the charge within 60 days. And if a victim doesn’t discover or report the fraud until after 60 days have passed, the liability could be the entire card balance, for a debit or credit card. Once your debit card is compromised, you might not find out until a check bounces or the card is declined. And once you do recover the funds, the thief can just start all over again, unless you cancel the account altogether.

Don’t use a debit card. Use credit cards and pay attention to your statements every month and refute unauthorized charges immediately. I check my charges online once every two weeks. If I’m traveling extensively, especially out of the country, I let the credit card company know ahead of time, so they won’t shut down my card while I’m on the road.

Protect your identity.

1. Get a credit freeze and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

2. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft can be prevented, but identity theft protection services can dramatically reduce your risk. (Disclosures)

Robert Siciliano Identity Theft Speaker discussing Debit Card Fraud on CNBC