Government risks Consumers’ Identities

Guess who may be compromising the security of your Social Security Number.

1PThe Social Security Administration!

Yep, that’s right. Did you know that 66 percent of the mail the SSA sends out contains someone’s Social Security number? This is what the inspector general of the SSA, Kimberly Byrd, says, and I believe it.

How many pieces of mail is this? Over 230,000,000. This situation is problematic.

  • The SSA claims it will cost over $19 million to reduce these mailings.
  • It also won’t happen anytime soon.
  • The SSA can’t even give a time estimation for when these mailings will be cut back, and Byrd says that security should trump convenience.
  • It is not known what percentage of the mail-outs reach their intended addresses, and this includes the not-so-uncommon problem of mail carriers delivering to the wrong address. Imagine that the wrong recipient is also an identity thief, and sees that Social Security number upon opening someone else’s mail…
  • Another reason many mail-outs may end up in the wrong hands is that the addresses are no longer accurate for the recipient.
  • And then of course there is mail theft. Or someone can easily change your mailing address. It’s maddening actually.
  • Though some mailings do require the SSN, others don’t, and many other entities, such as private businesses, have found a way around this sticky problem, though this doesn’t mean they’ve eliminated 100 percent of it.
  • Another plan to help reduce the number of SSNs flying around out there is the use of the Beneficiary Notice Control Number—used on a case-by-case basis, says the Social Security Administration.

Nevertheless, it’s maddening that the Administration has failed to yield a deadline range for these changes. Let’s face it, the SSN is responsible for the judicious handling of our Social Security numbers, and 230 million mailings—without verification that the addresses match the recipients—is hardly judicious.

Think of how often, over the past five years, you’ve accidentally received someone else’s mail. This is common and a gateway for crooks to steal somebody’s identity.

The Fix

  • The SSA should make deletion of SSNs from their correspondence a top priority—and once they do that, things will start falling more together.
  • Revisit the estimated cost it would take to implement the reduction of mail containing SSNs.
  • YOU need to getting a locking mailbox.
  • YOU need to get a credit freeze and invest in identity theft prevention. These two solutions make your SSN relatively less attractive to a thief.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention.

What are Consumer Reports?

You’ve heard the term “consumer report.” Many times, I’m sure. But do you really know what one is? If you’re nodding your head, would you be able to explain it to a Martian? If not, then you probably do not have a solid understanding of what one is.

12DBut lenders, landlords, creditors, employers and insurers certainly know what a consumer report is, because every time they’re about to deal with a new client, they put themselves at risk.

  • Is he in good health?
  • Will she stop paying her mortgage?
  • Will he total his car?
  • Will she be productive on the job?
  • And more questions abound.

An article on explains that all sorts of businesses need to assess the risk of every new client. However, it would be quite unwieldy for businesses to sit every potential client down and run through a list of 100 questions, then wonder if the applicant is being truthful.

Enter the consumer report.

  • Credit report: Lenders can see the applicant’s financial status and bill payment habits.
  • Fair Credit Reporting Act: Encompasses entire financial status.
  • Miscellaneous companies are targeting consumer reports specifically for landlords, insurers and employers.

The article explains that the businesses that put together these targeted reports are called consumer reporting agencies. Consumer reports don’t just deal with finances and credit. Other types of reports come from nationwide specialty consumer reporting agencies. These other kinds of reports may detail one’s medical history, employment history, history of insurance claims and check writing history.

You are entitled to a free report every 12 months from a nationwide specialty consumer reporting agency.

  • Make your request to each specialty reporting agency; they act independently of each other.
  • Every agency has a toll-free number.
  • Some agencies allow faxed, mail-in or online requests. For online requests, the agency’s site must provide a FAQ or help page.
  • You are entitled to an update on your request’s status.
  • There is no deadline for the agency to honor your request.
  • The agencies gather information on people from a number of sources such as bankruptcy filings, driving records, credit history, public records of court cases and insurance companies.

Robert Siciliano is an identity theft expert to discussing identity theft prevention

Bank Account depleted, Company sues

Is it Bank of America’s fault that a hospital was hacked and lost over a million dollars? Chelan County Hospital No. 1 certainly thinks so, reports an article on In 2013, the payroll accounts of the Washington hospital were broken into via cyberspace.

4HBank of America got back about $400,000, but the hospital is reeling because the hospital says the bank had been alerted by someone with the Chelan County Treasurer’s staff of something fishy. The bank processed a transfer request of over $600,000—even though the bank was told that this transfer had not been authorized.

In short, some say Bank of America failed to follow contractual policies. And what does the bank have to say for this? They deny the lawsuit allegations. They deny brushing off the hospital’s alert that the wire transfer was not authorized.

This scenario has been replicated many times over the past five years, says the article. Hackers use Trojans such as ZeuS to infiltrate banks. And not surprisingly, phishing e-mails are the weapon of choice.

Though bank consumers are protected from being wiped out by hackers as long as they report the problem within 60 days, businesses like hospitals don’t have this kind of protection. The business victim will need to sue the bank to recoup all the stolen money. Legal fees will not be covered by the defendant, and they are enormous, which is why it’s not worth it to sue unless the amount stolen is considerable.

Businesses and consumers should:

  • Require that family and employees from the ground up complete security training that includes how to recognize phishing e-mails.
  • Stage phishing attacks to see how well everyone learned their security training
  • Retrain those who fell for the staged attacks
  • Make it a rule that more than one person is required to sign off on large transfers
  • Know in advance that the bank will not reimburse for most of the stolen money in a hacking incident, and that legal fees for suing can exceed the amount of money stolen.

Robert Siciliano is an identity theft expert to discussing  identity theft prevention. Disclosures.

Consumer Fraud No Longer Shocking

The depth, breadth, creativity, and depravity of scams and the scammers that perpetrate them no longer shock or offend. From grandmother scams to online dating scams, identity theft, data breaches, and any form of phishing or advanced fee scams, when you’ve seen one, you’ve seen them all. But the bad guys continue to find new ways to skin a cat.

The Better Business Bureau and the Consumer Sentinel Network received 725,000 consumer complaints of fraud in 2010. The defrauded consumers who reported fraud last year lost $1.7 billion.

Beware of the following scams.

Auction Scams: This ruse involves fake profiles advertising goods and accepting payments, with no intention of ever shipping any items. Scammers often contact potential victims within an auction website, but then bring communications to outside email or phone. Once the target engages with the scammer, social engineering commences.

Craigslist Scams: A scammer responds to a seller, claiming he wishes to purchase an item. He mails the seller a fake check for an amount in excess of the purchase price, with extra money included for shipping, and requests that the buyer deposit the check and then wire the payment to the shippers from the buyer’s own account. By the time the check bounces, the scammer has already received the seller’s money.

Dating Scams: Criminals pose as lovesick Romeos or Juliets, looking to sweep their victims off their feet while emptying their bank accounts. Marriage is often discussed within the first week of communications, and the word love is used as frequently as the victims’ names, which coincidently are two of the most important words a person can hear.

For consumers, education and awareness is key. For platforms on which the scams proliferate, one risk mitigation solution employed by auction sites, retailers, and dating sites is device reputation management. This not only keeps known bad computers or mobile devices from creating more fake accounts, but it also protects businesses against brand new devices that are behaving similarly to cyber criminals.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses Scambaiting on Fox News. (Disclosures)