|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|May the source be with you, but remember the KISS principle ;-)|
|News||OSS Security Chronicle||See Also||Recommended Links||Usenet and lists||Tutorials||Articles||Important Government publications||FAQs|
|Malware||Spyware||Spyware defence strategy||Phishing||Cyberstalking||Humor||Etc|
Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain.
Unlike your fingerprints, which are unique to you and cannot be given to someone else for their use, your personal data like your bank account or credit card number, your telephone and address can be used, if they fall into the wrong hands, to personally profit at your expense. Identity theft occurs when a criminal uses another person's personal information to take on that person's identity.
In most case this is an attempt to exploit stolen or misappropriated credit card. In the worst cases, taken over their identities altogether, running up vast debts and committing crimes while using the victims's names. In many cases, a victim's losses may include not only out-of-pocket financial losses, but substantial additional financial costs associated with trying to restore his reputation in the community and correcting erroneous information for which the criminal is responsible.
In one notorious case of identity theft, the criminal, a convicted felon, not only incurred more than $100,000 of credit card debt, obtained a federal home loan, and bought homes, motorcycles, and handguns in the victim's name, but called his victim to taunt him -- saying that he could continue to pose as the victim for as long as he wanted because identity theft was not a federal crime at that time -- before filing for bankruptcy, also in the victim's name. While the victim and his wife spent more than four years and more than $15,000 of their own money to restore their credit and reputation, the criminal served a brief sentence for making a false statement to procure a firearm, but made no restitution to his victim for any of the harm he had caused. This case, and others like it, prompted Congress in 1998 to create a new federal offense of identity theft.
To decrease the number of unsolicited credit card applications that you receive (and the chances of these applications being stolen), call (888) 5OPT-OUT to have your name removed from marketing lists sold by credit bureaus.
Your credit card did not so much become a way of procuring all of your financial information until the early eighties when the Fair Isaacs Organization developed the FICO system of credit scoring. This system of rating a person’s credibility was often supplied in the form of a report that often also contains other sensitive and private personal and financial information. Once an identity thief gets a hold of your credit report they can often also find ways to access your bank account and credit card account.
The automation of both credit card and banking transactions has also made it easier to steal a person’s identity. A credit card is almost always used nowadays as part of a way to verify a person’s identity. If another person has it in his or her possession and can display it to pretend that he or she is you, then your identity is successfully stolen. This also enables the criminal to steal money from you by opening up new credit card accounts and running up charges on them.
The only good thing about identity theft in the present day and age is that there are more resources to cope with the crime. Also, unlike the first days of the Diner’s Club card in the 1950s, you are only liable for the $50 of the stolen amount regardless of what the credit card company does.
Avenue of protection are well summed up in the FTC's clear and concise message on identity theft: Deter, Detect, Defend.
Oct 05, 2017 | www.msn.com
Equifax has "no indication" that the attack was an inside job, Smith said in response to a question from Representative Edwin Perlmutter, a Colorado Democrat. The attackers avoided detection by moving small files at slow speed, he said.
The company said in a statement earlier this week that an independent cybersecurity firm has completed its forensic investigation. Outside counsel and the FBI are still finishing up their probes into the breach, Smith said Thursday.
Sep 16, 2017 | it.slashdot.org
Posted by EditorDavid on Sunday September 10, 2017
Equifax's data breach was colossal -- but what should happen next? The Guardian writes: The problem is that companies like Equifax are able to accumulate -- essentially, without limit -- as much sensitive, personal data as they can get their hands on. There is an urgent need for strict regulations on what types of data companies can collect and how much data a company can possess, both in aggregate and about individuals. At the very least, this will lessen the severity and size of (inevitable) data breaches... Without putting hard limits on the data capitalists who extract and exploit our personal information, they will continue to reap the benefit while we bear the risks.
Marc Rotenberg, president of the Electronic Privacy Information Center, adds, "we need to penalize companies that collect SSNs but can't protect [them]." Wired reports: Experts across numerous privacy and security fields agree that the solution to the over-collection and over-use of SSNs isn't one particular replacement, but a diverse array of authentications like individual codes (similar to passwords), biometrics, and even physical tokens to create more variation in the ID process. Some also argue that the government likely won't be the driving force behind the shift. "We have a government that works at a glacial pace in the best of times," says Brenda Sharton, who chairs the Privacy & Cybersecurity practice at the Goodwin law firm, which has worked on data privacy breach investigations since the early 2000s. "There will reach a point where SSN [exposure] becomes untenable. And it may push us in the direction of having companies require multi-factor authentication."
Meanwhile TechCrunch argues, "This crass, callow, and lazy treatment of our digital data cannot stand...": We must create new, secure methods for cryptographically securing our data ... These old organizations -- Equifax was founded in 1899 and hasn't changed much since inception -- must die, to be replaced by solutions that (and I shudder to say this) are blockchain-based.
Sep 16, 2017 | yro.slashdot.org
Posted by msmash on Friday September 08, 2017
The breach Equifax reported Thursday is very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals.
Dan Goodin of ArsTechnica writes: By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers , it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be.
The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely. Hacks hitting Yahoo and other sites, by contrast, may have breached more accounts, but the severity of the personal data was generally more limited. And in most cases the damage could be contained by changing a password or getting a new credit card number.
What's more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population. When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come.
Besides being used to take out loans in other people's names, the data could be abused by hostile governments to, say, tease out new information about people with security clearances, especially in light of the 2015 hack on the US Office of Personnel Management, which exposed highly sensitive data on 3.2 million federal employees, both current and retired.
Meanwhile, if you accept Equifax's paltry "help" you forfeit the right to sue the company, it has said. In its policy, Equifax also states that it won't be helping its customers fix hack-related problems .
Bloomberg reported on Friday that a class action seeking to represent 143 million consumers has been filed, and it alleges the company didn't spend enough on protecting data. The class-action -- filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions -- will seek as much as $70 billion in damages nationally.
Sep 16, 2017 | news.slashdot.org
Posted by BeauHD on Monday September 11, 2017
The blame for the record-breaking cybersecurity breach that affects at least 143 million people falls on the open-source server framework, Apache Struts , according to an unsubstantiated report by equity research firm Baird . The firm's source, per one report , is believed to be Equifax.
Apache Struts is a popular open-source software programming Model-View-Controller (MVC) framework for Java. It is not, as some headlines have had it, a vendor software program. It's also not proven that Struts was the source of the hole the hackers drove through. In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source. Not only is that troubling journalistically, it's problematic from a technical point of view. In case you haven't noticed, Equifax appears to be utterly and completely clueless about their own technology.
Equifax's own data breach detector isn't just useless: it's untrustworthy. Adding insult to injury, the credit agency's advice and support site looks, at first glance, to be a bogus, phishing-type site: " equifaxsecurity2017.com ." That domain name screams fake. And what does it ask for if you go there? The last six figures of your social security number and last name. In other words, exactly the kind of information a hacker might ask for. Equifax's technical expertise, it has been shown, is less than acceptable. Could the root cause of the hack be a Struts security hole?
Two days before the Equifax breach was reported, ZDNet reported a new and significant Struts security problem . While many jumped on this as the security hole, Equifax admitted hackers had broken in between mid-May through July, long before the most recent Struts flaw was revealed. "It's possible that the hackers found the hole on their own, but zero-day exploits aren't that common," reports ZDNet.
"It's far more likely that -- if the problem was indeed with Struts -- it was with a separate but equally serious security problem in Struts , first patched in March." The question then becomes: is it the fault of Struts developers or Equifax's developers, system admins, and their management?
"The people who ran the code with a known 'total compromise of system integrity' should get the blame," reports ZDNet.
Sep 16, 2017 | yro.slashdot.org
Posted by BeauHD on Sunday September 03, 2017
According to Gizmodo, "Thousands of files containing the personal information and expertise of Americans with classified and up to Top Secret security clearances have been exposed by an unsecured Amazon server , potentially for most of the year."
From the report:
The files have been traced back to TigerSwan, a North Carolina-based private security firm. But in a statement on Saturday, TigerSwan implicated TalentPen, a third-party vendor apparently used by the firm to process new job applicants. "At no time was there ever a data breach of any TigerSwan server," the firm said. "All resume files in TigerSwan's possession are secure. We take seriously the failure of TalentPen to ensure the security of this information and regret any inconvenience or exposure our former recruiting vendor may have caused these applicants. TigerSwan is currently exploring all recourse and options available to us and those who submitted a resume."
Found on an insecure Amazon S3 bucket without the protection of a password, the cache of roughly 9,400 documents reveal extraordinary details about thousands of individuals who were formerly and may be currently employed by the U.S. Department of Defense and within the U.S. intelligence community.
The files, unearthed this summer by a security analyst at the California-based cybersecurity firm UpGuard, were discovered in a folder labeled "resumes" containing the curriculum vitae of thousands of U.S. citizens holding Top Secret security clearances -- a prerequisite for their jobs at the Central Intelligence Agency, the National Security Agency, and the U.S. Secret Service, among other government agencies.
Sep 16, 2017 | news.slashdot.org
Posted by BeauHD on Thursday September 07, 2017
Equifax, which supplies credit information and other information services, said Thursday that a cybersecurity incident discovered on July 29 could have potentially affected 143 million consumers in the U.S . "The leaked data includes names, birth dates, social security numbers, addresses and potentially drivers licenses," reports CNBC. "209,000 U.S. credit card numbers were also obtained, in addition to 'certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers."
Chairman and Chief Executive Officer, Richard F. Smith said in a statement: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident."
Equifax is now alerting customers whose information was included in the breach via mail, and is working with state and federal authorities.
UPDATE (9/7/17) : According to Bloomberg , "three Equifax senior executives sold shares worth almost $1.8 million" in the days after the company discovered the security breach. Regulatory filings show that three days after the breach was discovered on July 29th, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099."
Meanwhile, "Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2."
When Michelle MacGinnitie, of Atlanta, Georgia, tried to file her tax return in April 2011, she was surprised to be told she had already done so. Not only that, she had also cashed a refund for overpaid tax from the previous year. Someone had used her name and social security number to file a fake return, and then claimed a large refund based on the falsified figures. The refund had been credited to a debit card that had long since been cashed.
Michelle MacGinnitie happens to be married to Douglas MacGinnitie, the commissioner of Georgia's Department of Revenue. MacGinnitie took office just a few months before his wife was targeted, and tax refund fraud had barely crossed his radar – even though it was bleeding the state of tens of millions of dollars each year. Across the US, the scale of the crime is enormous: the Treasury Inspector General for Tax Administration estimates that $5bn in federal tax revenues ends up in the hands of identity thieves each year.
"If it can happen to the commissioner's wife, it can happen to anyone," said MacGinnitie, when we met in his office in the Department of Revenue's glass tower in downtown Atlanta. "At first I was like, 'What?' I don't think I really understood what had happened … I probably laughed because it's kind of ironic." Then MacGinnitie, a 46-year-old former lawyer and city councillor, began to wonder what could be done about the problem. "It probably did make me somewhat empathetic to people who have to go through it."
MacGinnitie quickly realised that "there was a lot of stuff going on that we wouldn't be able to stop on our own". So when a former police officer now working at data analytics company LexisNexis got in touch, out of the blue, and asked if Georgia wanted to take part in trials of a new anti-fraud system designed to detect identity theft, MacGinnitie was in the mood to listen.
The origins of the LexisNexis project lay in a chance encounter at the company's Washington offices several years earlier. One morning in May 2008, Andy Bucholz, a former policeman who was now working in sales at LexisNexis, helped a senior colleague who had forgotten his pass to gain access to the building. Haywood "Woody" Talcove – the company's government services group chief executive – was grateful, and he invited Bucholz to lunch to say thank you. As they sat down to eat, Talcove had no idea of Bucholz's background, or that he was obsessed with both big data and identity fraud and had come to work at LexisNexis after a failed attempt at a tech start-up had almost bankrupted him.
By the end of lunch, Talcove had moved Bucholz out of sales and given him the go-ahead to develop a new kind of software that could be used as a frontline defence against the nation's highly adaptive ID fraudsters. Bucholz's idea was to create 31 "fraud filters" or computer codes that could run state and federal tax returns against LexisNexis's massive databases and flag suspicious characteristics in the forms. But he needed tax returns to test the software; Talcove insisted on data for an entire state.
That's where MacGinnitie came in. Georgia was the first state to agree to allow LexisNexis access to all of one year's tax returns – four million of them. LexisNexis then ran residents' names, addresses and social security numbers against its own databases of property records, court records, bankruptcy liens and criminal convictions to look for anomalies. Tens of thousands of suspicious returns were picked up, including the one filed in Michelle MacGinnitie's name.
"We get pitched all the time by consultants peddling stuff," said MacGinnitie. "Telling me I have a problem is one thing. Telling me how to solve it is another. They were pretty close to telling us how to solve the problem."
MacGinnitie persuaded the state legislature to allocate $2.5m to run the LexisNexis system alongside its existing fraud detection system for a year. In 2012, Georgia's system identified fraudulent attempts to claim more than $70m in tax refunds. The LexisNexis system picked up a further $23m in illegal claims.
"If this were a business, every day, all day long, you would invest $2m to return $23m," MacGinnitie told me. "That's real money."
. . .
In the old days fraudsters needed drugs. In the new world what they need are identities," Bucholz said as he showed me around the tightly guarded network operations centre at one of LexisNexis' data facilities. "I thought, this is an identity problem and one a lot of government agencies are having. We could solve this."
Five thousand servers at the data centre in Alpharetta, a leafy suburb north of Atlanta, process LexisNexis's 30 petabytes of data. A stack of laptop computers as high as the Empire State Building would be required to store an equivalent amount of information.
This is where Georgia's tax returns are checked. Fewer than 100 employees have access: their palms are scanned for entry. The air is refrigerated and filtered to keep out pollutants, pollen and humidity. A strange scent – the unfamiliar smell of pure air – fills the corridors. There are no toilets in the hub of the data centre, to prevent the spread of bacteria. Nothing must endanger the health of those giant servers.
Technological growth is "convenient for citizens and for the government, but it opened up a backdoor to fraud," said Bucholz. It's a door he and MacGinnitie are determined to slam shut. After the LexisNexis search flags a suspicious return, Georgia takes over, asking the taxpayer to answer an online multiple-choice questionnaire, or to call the state's revenue agents' office to complete it over the phone. The tests might include identifying which of four addresses is the one that the interviewee has not lived at, or which of four telephone numbers they have never had.
If someone fails the questionnaire twice, they are referred to a special investigative group within the revenue service. But cases are rarely straightforward. Fraudsters evolve their schemes as quickly as the investigators can catch up with them. Last year, for example, it was common to have a phoney form filled out by a single head of household. This year, Georgia officials are seeing more false joint returns, sometimes lumping together two strangers, with no connection to one another, as couples.
One thing fraudsters are consistent about, though, is that they almost always ask for refunds to be placed on preloaded debit cards, which are not linked to any bank account. "You can go to Walmart and buy 25 debit cards and … have deposits made on to them," said Staci Guest, the head of Georgia's special investigations division. Otherwise, sophisticated fraud gangs have been known to bribe postal workers to intercept mail if refunds are being sent as cheques.
The addition of the LexisNexis program to detect extra cases, said Guest, is "kind of a no-brainer". But, according to MacGinnitie, the commissioner, that's by no means the end of the story. "We are right now better at blocking than prosecuting," he said.
Across the US, though, the rising cost of tax refund fraud has forced a change in how the Department of Justice investigates cases. In March this year, Russell B Simmons Jr, a used-car dealer and convicted drug trafficker from Tampa Bay, Florida, was sentenced to 15 years in prison for tax frauds totalling $1.7m. Authorities also seized a green 2005 Bentley GT, an 18-carat gold Rolex watch, a bracelet with 2,420 diamonds, and other jewellery.
The Simmons case was brought as part of Operation Rainmaker – so named by Secret Service agents and local law enforcers after finding that criminal gangs were hosting what they called "rain parties". Fraudsters get together in hotel rooms and, in a cloud of marijuana smoke, file hundreds of fake returns from their laptops. The IRS estimates that 78 per cent of all tax returns receive refunds, for an average amount of $2,650: the criminals just sit back and wait for the money to "rain down".
"This was such easy money that criminals converted [their modus operandi] to using the electronic route to steal from the government," said John Joyce, special agent in charge of the Secret Service's Tampa field office.
. . .
The Simmons case exposed bureaucratic hurdles that were allowing many fraudsters to operate with impunity. One Tampa detective testified before Congress that the hold-ups had delayed the Simmons investigation by months.
"We're making a big effort in this office for real-time prosecutions … even if that means not having the bigger picture," said Steven Grimberg, deputy chief of the economic crimes section of the US attorney's office in Atlanta (which was not involved in the Simmons case). "We go ahead and charge them to stop the bleeding." In Atlanta, prosecutors are also charging defendants with aggravated identity theft, which has a two-year mandatory minimum sentence, in addition to any sentence imposed for other charges.
In September 2012, the DoJ expanded a pilot programme it started in Florida – in response to delays in the Simmons case – to all 50 states, allowing prosecutors to move more swiftly. The Justice Department also eased a rule requiring tax supervisors in Washington to sign off on every case before a grand jury investigation could be launched or funds seized. And in March this year the IRS also struck a deal with all 50 states to allow investigators to view taxpayer records if they have consent from the victims. Filing criminal charges will still require approval first from federal tax attorneys in Washington.
The IRS has doubled the number of employees working on identity theft to 3,000, and is adding more filters to its review systems, including ones that flag multiple refunds to a single bank account or address. So far this year, the IRS says it has rejected or suspended 4.6 million suspicious returns seeking more than $7.4bn, and has opened 1,100 new investigations since October. It now believes that an earlier five-year projection of $21bn lost to fraud is "significantly overstated".
Even so, "the volume of identity theft returns continues to grow at an alarming rate," Nina Olson, the IRS's national taxpayer advocate told Congress in April. In the first four months of the 2013 fiscal year, the IRS said it opened 542 new investigations – adding them to the 1.25 million cases it has ongoing.
One of those "cases" is Darlene, a full-time mother who lives in the Atlanta area and who does not want to give her surname. She filed her federal income tax return with her husband earlier this year. A few months later it was rejected because a return had already been made in her name.
"We don't know how much they sought," said Darlene, 58. "How could this happen? How is it that there is nothing to alert the government to false [returns] being filed or [using] different addresses?"
The theft of her identity was linked to a burglary at her tax preparer, Costen Tax Group, on December 1 2012. Thieves slid through a window at the back of the building and stole a desktop computer and monitor. Priscilla Costen, owner of the tax firm, estimates 80 of her clients were affected, with the thieves obtaining over $1m in fraudulent tax refunds using their identities. "It has been a headache," said Costen. "I'm a little upset with the IRS and the way it's been handled. It should be a red flag if someone [reported] $150,000 in wages and then all of a sudden they're on $30,000 a year. The filters aren't working. By the time it becomes apparent what happened they have already absconded with the money."
"As far as we know, nobody has used our social security numbers for anything else but tax fraud. But we are holding our breath," said Darlene. Her main worry is that the thieves, who now have her home address, will realise her family is well-off and burgle them. "That is probably my biggest fear," she said. "The rest of this is really frustration, but that's my biggest fear."
Last month, a state judge issued a warrant for the arrest of two suspects in the identity theft scam against Mrs MacGinnitie – and she is just one of four people against whom the pair are believed to have committed 46 counts of identity and card fraud. No warrants are out in Darlene's case. She has to hope that the current focus on refund fraud will deter organised groups from preying on taxpayers like her. But Special Agent Joyce warned that, nationwide, the campaign was up against determined fraudsters who viewed tax fraud as a victimless crime.
"They didn't have to look somebody in the face when they stole from them," he said. "One criminal said to me, 'It's like if somebody left the keys in their car. If I didn't steal it, somebody else would.'"
Calls from a real debt collector are scary enough; these calls are from abusive thugs armed with enough personal data to make them seem legit. Don't be fooled. [Related content: banking, financial privacy, payday loans, debt reduction, bills] By MSN Money staff and wire reports
Con artists armed with Social Security numbers, bank account information and other sensitive personal data are threatening consumers with arrest, the Better Business Bureau warns.
The callers claim to be lawyers with the "Financial Accountability Association" or the "Federal Legislation of Unsecured Loans," trying to collect on defaulted payday loans, the BBB says. The callers demand immediate payments of as much as $1,000, by wire or by credit or debit cards, to head off lawsuits before they go to court. In some cases, victims have received dozens of calls in an afternoon.
- Facebook users: Become a fan of MSN Money
"Because the scammers have so much information about potential victims, BBB is concerned that this may be the result of a data breach," says Steve Cox, a BBB spokesman. "Thousands of people may have had their personal information compromised, and, given the scammers' tactics, it appears that those who have previously used payday loan services could be particularly at risk."
Many of the intended victims had visited online payday loan sites. The scammers often have a victim's Social Security number, old bank account numbers or driver's license numbers, as well as home addresses, employer information and even the names of friends and professional references, the BBB says.
- 22 ways to protect your identity
- Who clicks on spam? We do
- Has the Social Security code been cracked?
- When a parent steals your identity
- When debt collectors come knocking
A poster on 800notes.com describes the experience:
"Got a message on my cell phone asking to speak to my husband stating not to disregard this message and (may) God help us if he did not call back for whatever may unfold upon you. A few months back I visited a payday online site and filled it out, but decided against it because of the fees. I answer the phone the next time I see the number and tell them my husband is not home so they speak to me and tell me my husband will be charged with loan fraud, they will call his job and he will probably lose the job, etc.
"So I ask them, has a letter been sent to our address about this matter? No they say it has been e-mailed. I tell them that I will go to my bank tomorrow to research this issue and to see if any money has ever been deposited without my knowledge because I feel like this is a scam, and he tells me if you do that I will download your case right now. I said good bye. This is such a scam but what scared me is that had the last four digits of my husband's Social Security number and the name of my mother and sister-in-law due to the filling out of the application."Defending against debt collectors
It's against the law for a debt collector to harass you. Know what your rights are and how to exercise them.
What to do if you're calledThe Fair Debt Collection Practices Act, among other things, prohibits collectors from making threats, harassment or misleading statements, or contacting third parties such as family members.
The BBB offers the following advice to consumers if they receive suspicious telephone calls about outstanding debts:
- Ask debt collectors to provide documentation that substantiates the debts. Every collector must send a written validation notice within five days of contacting someone, including the name of the creditor and how to proceed.
- Do not provide or confirm any bank account, credit card or other personal information over the phone until you have confirmed the legitimacy of the call.
- File a complaint with the Federal Trade Commission online if a caller is abusive, uses threats or otherwise violates federal telemarketing laws.
- File a complaint with the BBB online if you believe a debt collector is trying to scam you.
According to complaints online, phone numbers that the scammers are calling from include 949-468-5107, 415-200-0274, 213-784-5745, 408-715-1614 and many others.
Proactive Fraud Reduction. Today I want to let buyers and sellers know about another security measure we're taking. For safety reasons, items reportedly most favored by fraudsters may not be viewable for several hours before the listings are indexed into Search results. These new listings are still viewable on the site through My eBay or if you search for the specific item number; however, they are not immediately visible through a keyword search or Browse.
We're increasing our efforts to combat fraud on the site with a variety of programs. For example, we've made some changes that allow us to address "Ask a Question" and "My Messages" spam and other malicious activities using our message systems. And we're making sure our disclosures about cooperating with law enforcement allow us to respond to increasingly sophisticated fraudsters and criminals.
If you are still unable to explain the use of your card, please report the potential unauthorized account activity to us by taking the following steps: 1. Click on the "Help" tab at the top of the eBay Home page. 2. Click on the "Contact Us" link, located on the left side of the Help Center page. 3. Select the relevant topic on the Contact Us page to report the concern to our Trust & Safety team.
Credit and charge card fraud costs cardholders and issuers hundreds of millions of dollars each year. While theft is the most obvious form of fraud, it can occur in other ways. For example, someone may use your card number without your knowledge.
It's not always possible to prevent credit or charge card fraud from happening. But there are a few steps you can take to make it more difficult for a crook to capture your card or card numbers and minimize the possibility.
Here are some tips to help protect yourself from credit and charge card fraud.
- Sign your cards as soon as they arrive.
- Carry your cards separately from your wallet, in a zippered compartment, a business card holder, or another small pouch.
- Keep a record of your account numbers, their expiration dates, and the phone number and address of each company in a secure place.
- Keep an eye on your card during the transaction, and get it back as quickly as possible.
- Void incorrect receipts.
- Destroy carbons.
- Save receipts to compare with billing statements.
- Open bills promptly and reconcile accounts monthly, just as you would your checking account.
- Report any questionable charges promptly and in writing to the card issuer.
- Notify card companies in advance of a change in address.
- Lend your card(s) to anyone.
- Leave cards or receipts lying around.
- Sign a blank receipt. When you sign a receipt, draw a line through any blank spaces above the total.
- Write your account number on a postcard or the outside of an envelope.
- Give out your account number over the phone unless you're making the call to a company you know is reputable. If you have questions about a company, check it out with your local consumer protection office or Better Business Bureau.
If you lose your credit or charge cards or if you realize they've been lost or stolen, immediately call the issuer(s). Many companies have toll-free numbers and 24-hour service to deal with such emergencies. By law, once you report the loss or theft, you have no further responsibility for unauthorized charges. In any event, your maximum liability under federal law is $50 per card.
If you suspect fraud, you may be asked to sign a statement under oath that you did not make the purchase(s) in question.
In the USA, until 2003, dealing with consumer crimes involving legally attributed personal identifiers was the jurisdictional responsibility of the local and state authorities. Identification documents are a different story, addressed in Title 18 > Part I > Chapter 47 s.1028 of the U.S. Code. The unlawful use of identification documents is historically a federal offence. In response to the consumer issue of "identity theft", the U.S. Congress passed the Identity Theft and Assumption Deterrence Act (2003) amending Title 18 > Part I > Chapter 47, s. 1028 to include the unlawful use of a "means of identification" [s,1028 (d)(7)] making it a federal crime alongside identification documents. The title of s.1028 is, "Fraud related to activity in connection with identification documents, authentication features, and information". The Act also provides the Federal Trade Commission with authority to track the number of incidents and the dollar value of losses. There figures relate mainly to consumer financial crimes and not the broader range of all identification-based crimes. Punishments for the unlawful use of a "means of identification" were strengthened in s.1028a, allowing for a consecutive sentence under specific conditions of a felony violation defined in s. 1028c.
Central District of California. A woman pleaded guilty to federal charges of using a stolen Social Security number to obtain thousands of dollars in credit and then filing for bankruptcy in the name of her victim. More recently, a man was indicted, pleaded guilty to federal charges and was sentenced to 27 months' imprisonment for obtaining private bank account information about an insurance company's policyholders and using that information to deposit $764,000 in counterfeit checks into a bank account he established.
Central District of California. Two of three defendants have pleaded guilty to identity theft, bank fraud, and related charges for their roles in a scheme to open bank accounts with both real and fake identification documents, deposit U.S. Treasury checks that were stolen from the mail, and withdraw funds from those accounts.
Middle District of Florida. A defendant has been indicted on bank fraud charges for obtaining names, addresses, and Social Security numbers from a Web site and using those data to apply for a series of car loans over the Internet.
Southern District of Florida. A woman was indicted and pleaded guilty to federal charges involving her obtaining a fraudulent driver's license in the name of the victim, using the license to withdraw more than $13,000 from the victim's bank account, and obtaining five department store credit cards in the victim's name and charging approximately $4,000 on those cards.
EBay officials say they are aggressively fighting fraud in the massive online marketplace, but an investigation by MSNBC.com shows that the company doesn't routinely inform customers when they have been ripped off or regularly notify law enforcement about apparently illegal activity on its site - even when presented with solid evidence of wrongdoing. The review of two-dozen cases also raises questions about how eBay measures fraud and lends credence to accusations that the company has adopted an especially laissez-faire attitude toward sins by profit-driving "power sellers," whose fees are crucial to its bottom line.
Google matched content
Top internet portals
Top eCommerce sites
Identity Theft Resource Center A Nonprofit Organization
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: December 26, 2017