Identity theft

News	OSS Security C hronicle	See Also	Recommended Links	Usenet and lists	Tutorials	Articles	Important Government publications	FAQs
Malware	Spyware	Spyware defence strategy	Phishing				Humor	Etc

Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain.

Unlike your fingerprints, which are unique to you and cannot be given to someone else for their use, your personal data like your bank account or credit card number, your telephone and address can be used, if they fall into the wrong hands, to personally profit at your expense. Identity theft occurs when a criminal uses another person's personal information to take on that person's identity.

In most case this is an attempt to exploit stolen or misappropriated credit card. In the worst cases, taken over their identities altogether, running up vast debts and committing crimes while using the victims's names. In many cases, a victim's losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.

In one notorious case of identity theft, the criminal, a convicted felon, not only incurred more than $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and handguns in the victim's name, but called his victim to taunt him -- saying that he could continue to pose as the victim for as long as he wanted because identity theft was not a federal crime at that time -- before filing for bankruptcy, also in the victim's name. While the victim and his wife spent more than four years and more than $15,000 of their own money to restore their credit and reputation, the criminal served a brief sentence for making a false statement to procure a firearm, but made no restitution to his victim for any of the harm he had caused. This case, and others like it, prompted Congress in 1998 to create a new federal offense of identity theft.

To decrease the number of unsolicited credit card applications that you receive (and the chances of these applications being stolen), call (888) 5OPT-OUT to have your name removed from marketing lists sold by credit bureaus.

Your credit card did not so much become a way of procuring all of your financial information until the early eighties when the Fair Isaacs Organization developed the FICO system of credit scoring. This system of rating a person’s credibility was often supplied in the form of a report that often also contains other sensitive and private personal and financial information. Once an identity thief gets a hold of your credit report they can often also find ways to access your bank account and credit card account.

The automation of both credit card and banking transactions has also made it easier to steal a person’s identity. A credit card is almost always used nowadays as part of a way to verify a person’s identity. If another person has it in his or her possession and can display it to pretend that he or she is you, then your identity is successfully stolen. This also enables the criminal to steal money from you by opening up new credit card accounts and running up charges on them.

The only good thing about identity theft in the present day and age is that there are more resources to cope with the crime. Also, unlike the first days of the Diner’s Club card in the 1950s, you are only liable for the $50 of the stolen amount regardless of what the credit card company does.

FIGHTING BACK AGAINST IDENTITY THEFT

Avenue of protection are well summed up in the FTC's clear and concise message on identity theft: Deter, Detect, Defend.

DETER identity thieves by safeguarding your information. Never use computer that you children are using to games, install file sharering services for financial activities
DETECT suspicious activity by routinely monitoring your financial accounts and billing statements
DEFEND against ID theft as soon as you suspect a problem. As for computer Norton Ghost is one of the most powerful tools of fighting spyware: you can restore clean image of your C-drive in several minutes. Detection of installed spyware is a difficult task even for specialists, but wiping computer clean with image of C-drive that is know to be clean is much more simple task manageable by most computer users. Norton Ghost 2003 is perfect for this purpose as it boots into DOS for restoration.

Old News ;-)

Scam threatens victims with arrest - MSN Money

Calls from a real debt collector are scary enough; these calls are from abusive thugs armed with enough personal data to make them seem legit. Don't be fooled. [Related content: banking, financial privacy, payday loans, debt reduction, bills] By MSN Money staff and wire reports
Con artists armed with Social Security numbers, bank account information and other sensitive personal data are threatening consumers with arrest, the Better Business Bureau warns.

The callers claim to be lawyers with the "Financial Accountability Association" or the "Federal Legislation of Unsecured Loans," trying to collect on defaulted payday loans, the BBB says. The callers demand immediate payments of as much as $1,000, by wire or by credit or debit cards, to head off lawsuits before they go to court. In some cases, victims have received dozens of calls in an afternoon.

Facebook users: Become a fan of MSN Money

"Because the scammers have so much information about potential victims, BBB is concerned that this may be the result of a data breach," says Steve Cox, a BBB spokesman. "Thousands of people may have had their personal information compromised, and, given the scammers' tactics, it appears that those who have previously used payday loan services could be particularly at risk."

Many of the intended victims had visited online payday loan sites. The scammers often have a victim's Social Security number, old bank account numbers or driver's license numbers, as well as home addresses, employer information and even the names of friends and professional references, the BBB says.

22 ways to protect your identity

Who clicks on spam? We do

Has the Social Security code been cracked?

When a parent steals your identity

When debt collectors come knocking

A poster on 800notes.com describes the experience:

"Got a message on my cell phone asking to speak to my husband stating not to disregard this message and (may) God help us if he did not call back for whatever may unfold upon you. A few months back I visited a payday online site and filled it out, but decided against it because of the fees. I answer the phone the next time I see the number and tell them my husband is not home so they speak to me and tell me my husband will be charged with loan fraud, they will call his job and he will probably lose the job, etc.

"So I ask them, has a letter been sent to our address about this matter? No they say it has been e-mailed. I tell them that I will go to my bank tomorrow to research this issue and to see if any money has ever been deposited without my knowledge because I feel like this is a scam, and he tells me if you do that I will download your case right now. I said good bye. This is such a scam but what scared me is that had the last four digits of my husband's Social Security number and the name of my mother and sister-in-law due to the filling out of the application."
Defending against debt collectors
It's against the law for a debt collector to harass you. Know what your rights are and how to exercise them.
What to do if you're called
The Fair Debt Collection Practices Act, among other things, prohibits collectors from making threats, harassment or misleading statements, or contacting third parties such as family members.
The BBB offers the following advice to consumers if they receive suspicious telephone calls about outstanding debts:

Ask debt collectors to provide documentation that substantiates the debts. Every collector must send a written validation notice within five days of contacting someone, including the name of the creditor and how to proceed.

Do not provide or confirm any bank account, credit card or other personal information over the phone until you have confirmed the legitimacy of the call.

File a complaint with the Federal Trade Commission online if a caller is abusive, uses threats or otherwise violates federal telemarketing laws.

File a complaint with the BBB online if you believe a debt collector is trying to scam you.

According to complaints online, phone numbers that the scammers are calling from include 949-468-5107, 415-200-0274, 213-784-5745, 408-715-1614 and many others.

A Message From Rob Chesnut – Combating Online Fraud

Proactive Fraud Reduction. Today I want to let buyers and sellers know about another security measure we're taking. For safety reasons, items reportedly most favored by fraudsters may not be viewable for several hours before the listings are indexed into Search results. These new listings are still viewable on the site through My eBay or if you search for the specific item number; however, they are not immediately visible through a keyword search or Browse.

Combating Fraud (eBay)

We're increasing our efforts to combat fraud on the site with a variety of programs. For example, we've made some changes that allow us to address "Ask a Question" and "My Messages" spam and other malicious activities using our message systems. And we're making sure our disclosures about cooperating with law enforcement allow us to respond to increasingly sophisticated fraudsters and criminals.

Verification of new account with eBay - Credit Card On File letter

If you are still unable to explain the use of your card, please report the 
potential unauthorized account activity to us by taking the following steps:

1. Click on the "Help" tab at the top of the eBay Home page.
2. Click on the "Contact Us" link, located on the left side of the Help Center page.
3. Select the relevant topic on the Contact Us page to report the concern to our 
Trust & Safety team.

Avoiding Credit and Charge Card Fraud

Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of fraud, it can occur in other ways. For example, someone may use your card number without your knowledge.

It's not always possible to prevent credit or charge card fraud from happening. But there are a few steps you can take to make it more difficult for a crook to capture your card or card numbers and minimize the possibility.

Here are some tips to help protect yourself from credit and charge card fraud.

Do:

Sign your cards as soon as they arrive.

Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch.

Keep a record of your account numbers, their expiration dates, and the phone number and address of each company in a secure place.

Keep an eye on your card during the transaction, and get it back as quickly as possible.

Void incorrect receipts.

Destroy carbons.

Save receipts to compare with billing statements.

Open bills promptly and reconcile accounts monthly, just as you would your checking account.

Report any questionable charges promptly and in writing to the card issuer.

Notify card companies in advance of a change in address.

Don't:

Lend your card(s) to anyone.

Leave cards or receipts lying around.

Sign a blank receipt. When you sign a receipt, draw a line through any blank spaces above the total.

Write your account number on a postcard or the outside of an envelope.

Give out your account number over the phone unless you're making the call to a company you know is reputable. If you have questions about a company, check it out with your local consumer protection office or Better Business Bureau.

If you lose your credit or charge cards or if you realize they've been lost or stolen, immediately call the issuer(s). Many companies have toll-free numbers and 24-hour service to deal with such emergencies. By law, once you report the loss or theft, you have no further responsibility for unauthorized charges. In any event, your maximum liability under federal law is $50 per card.

If you suspect fraud, you may be asked to sign a statement under oath that you did not make the purchase(s) in question.

Identity theft - Wikipedia, the free encyclopedia

In the USA, until 2003, dealing with consumer crimes involving legally attributed personal identifiers was the jurisdictional responsibility of the local and state authorities. Identification documents are a different story, addressed in Title 18 > Part I > Chapter 47 s.1028 of the U.S. Code. The unlawful use of identification documents is historically a federal offence. In response to the consumer issue of "identity theft", the U.S. Congress passed the Identity Theft and Assumption Deterrence Act (2003) amending Title 18 > Part I > Chapter 47, s. 1028 to include the unlawful use of a "means of identification" [s,1028 (d)(7)] making it a federal crime alongside identification documents. The title of s.1028 is, "Fraud related to activity in connection with identification documents, authentication features, and information". The Act also provides the Federal Trade Commission with authority to track the number of incidents and the dollar value of losses. There figures relate mainly to consumer financial crimes and not the broader range of all identification-based crimes.^[8] Punishments for the unlawful use of a "means of identification" were strengthened in s.1028a, allowing for a consecutive sentence under specific conditions of a felony violation defined in s. 1028c.

Identity Theft and Fraud

Central District of California. A woman pleaded guilty to federal charges of using a stolen Social Security number to obtain thousands of dollars in credit and then filing for bankruptcy in the name of her victim. More recently, a man was indicted, pleaded guilty to federal charges and was sentenced to 27 months' imprisonment for obtaining private bank account information about an insurance company's policyholders and using that information to deposit $764,000 in counterfeit checks into a bank account he established.

Central District of California. Two of three defendants have pleaded guilty to identity theft, bank fraud, and related charges for their roles in a scheme to open bank accounts with both real and fake identification documents, deposit U.S. Treasury checks that were stolen from the mail, and withdraw funds from those accounts.

Middle District of Florida. A defendant has been indicted on bank fraud charges for obtaining names, addresses, and Social Security numbers from a Web site and using those data to apply for a series of car loans over the Internet.

Southern District of Florida. A woman was indicted and pleaded guilty to federal charges involving her obtaining a fraudulent driver's license in the name of the victim, using the license to withdraw more than $13,000 from the victim's bank account, and obtaining five department store credit cards in the victim's name and charging approximately $4,000 on those cards.

Evidence undercuts eBay’s tough talk on fraud - Online Auctions - MSNBC.com

EBay officials say they are aggressively fighting fraud in the massive online marketplace, but an investigation by MSNBC.com shows that the company doesn’t routinely inform customers when they have been ripped off or regularly notify law enforcement about apparently illegal activity on its site — even when presented with solid evidence of wrongdoing. The review of two-dozen cases also raises questions about how eBay measures fraud and lends credence to accusations that the company has adopted an especially laissez-faire attitude toward sins by profit-driving “power sellers,” whose fees are crucial to its bottom line.