Archive for August, 2010
Not much is said or written about business identity theft, because businesses can’t technically be the victim of such a theft. But there are a myriad of ways identity theft can impact a business.
Becoming a victim of identity theft is probably the biggest fear of many business owners, since your business credit is often tied to personal credit. It could spell doom for the business if the owner has to be away for countless hours sorting out the attached issues.
Some of the issues a business would face include:
• Loan acceleration. Most small businesses need some sort of loan to get going, buy inventory, rent office space, attend trade shows, provide training, payroll, renting office space or any number of other things. For most businesses, those loans are linked to the owner’s credit. Because of this, before extending any new loans, lenders will check the owner’s credit. If there are any issues, the lender may choose to accelerate the loan, which would mean they want the entire amount back within 30 days.
• Universal default. If a business owner defaults on or is late paying on an account, the lender could require the balance to be paid in full or raise the interest rate to the highest allowed by law. If his personal information has been stolen and a credit card obtained with it, the business owner may not even be aware the stolen card payment is late.
• If a business owner’s Social Security number has been stolen, the IRS may think he makes more money that he’s reporting. That could take a lot of time to clear up.
Dealing with a personal identity theft makes it impossible to focus on your business. And when you add the threat of losing your business on top of losing your good name, it can almost be unbearable.
“Given a choice between dancing pigs and security, users will pick dancing pigs every time.” –Edward Felten
Dancing pigs and identity theft…it would seem the two have nothing in common. But they are related when it comes to Internet use. Surfers will choose fun over keeping their computer and personal information safe time and time again. Users are often tricked into choosing unsafe sites by animation and fancy Flash pop-ups.
In a recent study by computer security specialists, 22 participants viewed 20 websites and were asked to choose the spoof sites. Forty percent of the time, the users chose the spoof or dangerous sites. Some of those sites contained animation like dancing bears, along with a warning, but users chose them anyway. The study proved that visual distraction can fool even the most sophisticated Internet user.
The study shows that even though a person may consider himself computer savvy, he may not be. It also teaches us that we need to pay attention to browser-based clues to determine if a site is legitimate – not the dancing pigs in the pop-up window.
Avoiding identity theft doesn’t have to be that difficult. To determine if a site is legitimate, check your address bar. The link and the site address should match. For example, if you receive an e-mail from PayPal that includes a hyperlink, when you run your cursor over the link, the correct PayPal address should show up in your status bar at the top of the page. If not, the e-mail and site are very likely not legitimate.
Identity thieves often use scams like these to “phish” for your personal information. When you click on the link, you will be taken to an “official” looking site where you are required to enter personal information or update your information. Once you’ve entered the information, the thief makes off with your most sensitive data.
Don’t fall victim to a scam because of clever design or animation
Small business owners suffered identity fraud at one-and-a-half times the rate of other adults in 2009, according to a study released in February by Javelin Strategy & Research. It seems that, due to the nature of small business – most of the work is done by a small number of people – often just one, the owner. It appears from the research that the susceptibility of small business to identity fraud may be attributed to the fact that small business owners often use personal accounts when making business transactions (and vice-versa) and make a larger number of transactions than typical adults. Since small businesses rarely employ a compliance department or on-site legal counsel to monitor its operations on a regular basis, incidents of identity fraud can sometimes go undiscovered for a longer period of time than for individuals or more complex, larger organizations.
The 2010 Identity Fraud Survey Report identified the information most likely to be accessed by identity thieves as:
• Full Name
• Physical Address
• Credit and Debit Card Information
• Health Insurance Information
• Social Security numbers
identity fraud are increasingly using stolen information to open new credit card accounts, on-line and e-mail payment accounts and cell-phone accounts.
Now for the good news.
Increased vigilance by consumers, businesses and government agencies appear to be having an impact on the problem. Many organizations, especially banks and financial institutions have started offering fraud monitoring services, which can sometimes detect account access and payment anomalies, as well as dispute resolution and identity fraud education programs, in most cases offering these services free to customers. Mobile banking solutions allow account monitoring, alerting customers in near-real-time of account activity and possible fraud. These partnerships and increased activism on the behalf of consumers resulted in consumer out of pocket costs dropping to an all-time low of $373 in 2009.
James Van Dyke, president and founder of Javelin Strategy & Research commented that, “… consumers are getting more aggressive in monitoring, detecting and preventing fraud with the help of technology and partnerships with financial institutions, government agencies and resolution services.”
In November 2009, Javelin Strategy and Research conducted telephone interviews with more than 5,000 U.S. consumers to identify and track the methods used by criminals and the impact of identity fraud on American consumers and businesses. Almost 4,800 U.S. adults, including 487 victims of identity fraud, were surveyed via a 50-question phone interview to gain insight into this crime, its effects on its victims, and how the survey findings can help consumers most effectively avoid becoming victims of identity fraud. The survey has been conducted each year since 2003.
A survey of consumers and businesses conducted in November, 2009 showed that while many consumers are monitoring their accounts more frequently using technologies such as on-line banking and mobile alerts, consumer education on protection and prevention measures such as keeping anti-virus software up to date will continue to be important.
Increased vigilance by consumers, businesses and government agencies appear to be having an impact on the problem of ID theft protection. Many organizations, especially banks and financial institutions have started offering fraud monitoring services, which can sometimes detect account access and payment anomalies, as well as dispute resolution and identity theft education programs. The survey determined that efforts to safeguard information by individuals and businesses have helped in resolving cases more quickly and have reduced the overall costs of identity theft for the consumer.
More consumers than ever before are actively monitoring their credit and financial accounts for suspicious activity and fraud and are acting faster when identity theft is detected.
With the exception of consumers aged 18 – 24, many consumers are found to be more likely to monitor their accounts regularly, to take advantage of ID theft protection programs offered by financial institutions and to install protective computer software on their home computers.
Many banks have offered customers more ID theft protection tools to safeguard electronic and traditional banking.
Financial institutions are investing in identity fraud monitoring, software to detect account access and payment anomalies, as well as complaint resolution and education services.
Consumers have become increasingly aware of e-mail scams such as “phishing.”, and less likely to respond to e-mail requests for personal information.
The use of mobile devices allows consumers to review and report cases of identity theft in close to “real-time,” which may result in lower victim costs and faster incident detection times.
The 2010 Identity Fraud Survey Report was conducted using telephone interviews with more than 5,000 U.S. consumers to identify and track the methods used by criminals and the impact of identity theft on American consumers and businesses. Almost 4,800 U.S. adults, including 487 victims of identity theft, were surveyed.
Computer users are mostly careful about safeguarding their information and using strong passwords, even more so when preventing identity theft is a consideration.
But few people realize that there is another threat to identity theft – copy machines.
Copiers that were made in the past few years contain hard drives that record the information that has been copied. These files are stored unencrypted until the hard drive becomes full, and the old files are then overwritten. Some experts say many files are never overwritten and, in an office setting, those files would be easily accessible. All an identity thief would have to do is hack into the copier’s hard drive and harvest the information stored there.
If you use the copier at a library, public copy center or in shared office space, your risk factor goes up.
While this risk may never be done away with, there are things you can do to minimize your risk. Make sure the data modem and fax modem are different. Doing this prevents someone from being able to take the information stored on the copier and easily transmitting it to another location through the open phone line.
Look into purchasing an overwriting or encryption component for your copier. If your office uses a copier that is more than a year old, you should check online and see if a component kit has been created by the maker of your copier to prevent information from being stored either at all or in unencrypted form. Xerox and Sharp have add-on components that can be purchased.
Don’t use public copy machines for sensitive information. Use only machines you are familiar with and where you have some element of control when it comes to monitoring the security risk.
Consider buying your own printer or fax machine with photocopying capabilities if you routinely copy sensitive information for either personal or business purposes. Be sure to purchase one with sufficient security features that either eliminate or encrypt stored information.
Use passwords to protect the information you copy. Create a password for the office copier the same way you would create an ATM pin code. Don’t share it with anyone.
Copy machines are relatively easy to operate and can prove to be an easy payday for identity thieves. So safeguard your information and think twice before you hit that green button.
Your employment records may not be as safe as you think.
Job applications, personnel records and other employment data that should be filed safely away is being taken by identity thieves and used to open credit accounts, apply for jobs and, in some cases, commit crimes.
As the incidents of this particular type of identity theft increase, federal agencies are trying to increase awareness among consumers and employers. Many companies provide little protection of this information, and victims rights groups are lobbying state legislatures to pass laws protecting employee records.
“You can’t really protect yourself,” said Martha Steimel, president of Victim’s Assistance of America. “Anybody who has access to employee files can turn you into a victim. You can be totally mutilated financially by an identity theft perpetrator. It’s scary.”
In a recently released report, the Federal Trade Commission said the top cause of identity fraud is now theft of records from employers or other businesses that have records on many people. About 90 percent of business record thefts involve payroll or employment records, while about 10 percent are customer lists.
There’s not much employees can do to keep their records safe. Social Security numbers, addresses and other data are often kept in paper files or on computers. Anyone who has access to those files, online or otherwise, can steal them. Thieves sometimes take temporary jobs to get into a company so that they can steal information. Others work for third-party vendors who handle corporate credit accounts or provide janitorial staff.
Companies who have become more aware of this type of crime are taking steps to protect themselves and their employee information. They are locking up files and keeping audit trails to document who has reviewed sensitive data, and are removing Social Security numbers from identity badges, as well as bringing in third parties to carry out privacy investigations to make sure their records are not vulnerable.
The lack of attention to identity theft risk in the workplace is changing. Some states, like Georgia and Wisconsin, have passed laws requiring employers to destroy documents containing personal employee data. California has passed legislation barring private firms from using Social Security numbers as identification numbers.
In recent months, the Federal Trade Commission held a workshop for businesses on safe record keeping, and the agency is working with the industry to develop best practices.
Companies are also starting to revamp policies as workers who’ve been victimized sue employers for negligence. A case in San Diego, Calif., in which employees brought a suit against a pharmaceuticals company after they became victims of identity theft, has become a warning for companies all over the country.
In this case, workers sued for negligence, claiming the company had not taken enough precautions to protect their information. The case was settled outside court.
A former marketing executive, out of work for nearly a year, finds a job posting that seems perfect for him. It’s a job with a leading international insurance broker, and after sending his resume in, he receives an e-mail from the human resources manager, saying the company is interested in him, and that he just needs to submit some information for a background check. So he submits his age, height, weight, Social Security number, bank account number and mother’s maiden name.
But it was all just an elaborate scam designed to steal his identity.
When looking for a job, most people are more than willing to jump through the hoops presented by employers in order to obtain a much-needed job. There are no numbers on how many people fall victim to this type of scam each year, but with the economy being what it is, there are sure to be thousands of victims. There are some things you should be aware of when conducting an online job search.
First, do not give your Social Security number to any prospective employer, regardless of the reasons they give for asking for it. You should not surrender your bank or credit card numbers either.
Carefully review the ad, looking for bad spelling, grammatical errors and awkward sentence structure. This could be a clue that the ad is fraudulent. If you respond to an ad, and receive a response from an individual, that person’s e-mail address should not be a private one. A real human resources employee or manager would use a company-issued address.
Check with the company that supposedly listed the job posting, and make sure it is a legitimate posting, and that the person who is corresponding with you actually is employed by the company.
Last, if a person claiming to be a company representative asks for you to remit a payment of any kind, discontinue the correspondence immediately. No employer would ever have any reason to ask for payment from you during an employment screening process.
You can also check with the Better Business Bureau in order to find out if the company is legitimate, and if there are any grievances filed against it.
While identity thieves are using technology to steal personal and financial information and to use that information for fraud, many consumers, financial institutions and businesses are fighting back by minimizing the use of Social Security numbers in account information and by monitoring and notifying customers of possible fraudulent activity more quickly. While consumers are monitoring their accounts more frequently using technologies such as on-line banking and mobile alerts, consumer education on protection and prevention measures such as keeping anti-virus software up to date will continue to be important as businesses and consumers continue to learn how to prevent identity theft.
Although the latest survey by Javelin Strategy and Research showed that the average cost to consumers of identity fraud cases fell in 2009, what consumers really want to know is how to prevent identity theft in the first place.
There are some things that one can do. The fact is, increased vigilance by consumers, businesses and government agencies already appear to be having an impact on the identity theft problem. Many organizations, especially banks and financial institutions have started offering fraud monitoring services, which can sometimes detect account access and payment anomalies, as well as dispute resolution and identity theft education programs, in most cases offering these services free to customers. Mobile banking solutions allow account monitoring, alerting customers in near-real-time of account activity and possible fraud. These partnerships and increased activism on the behalf of consumers resulted in consumer out of pocket costs dropping to an all-time low of $373 in 2009.
How to prevent identity theft? The Javelin study outlines some of the areas where individuals can focus on how to prevent identity theft in the first place.
Whenever possible, protect sensitive information contained on paper documents. Eliminate as many paper statements as possible by requesting electronic statements; Use post office boxes to mail payments rather than placing mail containing checks in an unlocked mailbox; Secure all documents containing personal information such as social security numbers or account numbers in a locked storage box, and purchase and use a paper shredder.
Install anti-virus software on your computer and keep it updated. Be sure to password protect any files that contain personal and financial records using unique or hard-to-guess passwords. Don’t ever give out personal or account information on-line or over the phone, and don’t publish your personal information on social networking sites such as FaceBook.
Check your bank and credit card activity periodically for transactions you don’t recognize or remember – and sign up for alerts whenever possible. The javelin study found that 43 percent of all reported identity fraud cases were spotted by consumers self-monitoring their accounts and those who use more timely electronic methods to detect fraud experience lower average out-of-pocket costs.
Utilize an identity theft protection service to help detect the fraudulent establishment of new accounts in your name. Identity thieves are increasingly using stolen information to open new credit card accounts, on-line and e-mail payment accounts and cell-phone accounts.
In November 2009, Javelin conducted telephone interviews with more than 5,000 U.S. consumers to identify and track the methods used by criminals and the impact of identity theft on American consumers and businesses. Almost 4,800 U.S. adults, including 487 victims of identity theft, were surveyed via a 50-question phone interview to gain insight into this crime, its effects on its victims, and how the survey findings can help consumers most effectively avoid becoming victims of identity theft.
In addition to providing a detailed picture of the crime of identity theft in the U.S. for 2009, the survey reinforced the idea that consumers can learn how to prevent identity theft and play a key role in detecting and resolving identity fraud committed against them. The report found that more consumers are pursuing legal action, with nearly 50 percent of all victims filing police reports. Increased consumer awareness of how to prevent identity theft has empowered consumers to fight back, leading to more arrests, prosecutions and convictions. More consumers than ever before are actively monitoring their credit and financial accounts for suspicious activity and fraud and are acting faster when identity theft is detected.
With more than 150 million visitors each day, Facebook is one of the most popular social networking sites on the Internet today. It’s popular because it’s fun – you can go there and chat with friends, connect with old friends and search for new friends.
But with all that popularity and fun comes the opportunity for thieves to find a way to scam people out of their personal information.
But how does it work? Scammers will ask to be added to your profile as your friend, and then they watch your activity and search your information to get what they need.
If a thief believes he’s earned your trust, he will begin sending you scam e-mails, with such tactics as:
• Friend in distress: The worst has happened and I need money fast.
• Phishing: You receive an e-mail that has a virus attached that will allow a hacker to access your Facebook account and obtain your personal information.
• Viral Wall: You receive an e-mail that has a virus attached that allows your friend to not only access your personal information, but the information of your friends when you communicate with them via your wall.
Hackers have even gained access to Facebook user pages and, claiming to be the person depicted in the profile, asked friends for financial help because of a “crisis.” Once the person responds, believing his or her friend to be in need, the thief will request that money be wired to a given address.
Scammers also have recently baited Facebook users with a gift card, which duped 40,000 Facebook users. The scam worked like this: the thieves marketed a free Ikea $1,000 gift card via a fake fan page. The same idea has also been used for Whole Foods, Target, iTunes and Wal-Mart cards. To get the cards, a user must enter a name, address and e-mail address. They are then pointed to another page that offers products and services, with the option to enter credit card details if the offers appeal to them.
The solution? Simple. Don’t accept friend requests from people you don’t know. Don’t open e-mails if you aren’t sure where they came from. And last, don’t give enter your personal information on any site that isn’t secure. You can check this by checking the URL for “https” rather an “http.”