A report published by identity intelligence research organisation ID Analytics last month indicates that there are approximately ten thousand different identity theft rings operating in the US. The organisation examined over a billion credit card, store card and wireless service applications over a four-year period in order to arrive at this figure. Its algorithm picked up on the presence of identity thieves by searching for constantly changing addresses or discrepancies in personal information, which are red flags indicating fraud.

ID Analytics concluded that certain areas of the country have far higher concentrations of identity thieves than others. The most popular states for these crooks are thought to be North Carolina, South Carolina, Alabama, Texas, Mississippi, Georgia and Delaware. The report states that there seems to be a ‘belt of fraud’ running through the rural Southeast.

Who Are These Fraudsters?

ID Analytics stated that whilst some fraud rings consist of just a few people, others are significantly larger. The research uncovered a surprising number of rings that consist of families working together, some of them even using each other’s dates of birth and social security numbers. A family of five in Florida were thought to have filed at least one hundred and thirty fraudulent applications over a two-week period.

They were believed to have been committing frauds for at least three years using more than eleven dates of birth and eight social security numbers. This family all lived together and co-ordinated their activities so that one of them would operate for a couple of days and then stop for a few days whilst the next person operated.

However, rings made up of friends were found to be more common, as the majority of fraud ring members had different last names to one another. The three-digit ZIP codes with the highest numbers of fraud rings were observed to be areas around Tampa in Florida, Washington DC, Greenville in Mississippi, Macon in Georgia, Montgomery in Alabama and Detroit.

Impersonating both the Dead and the Living

The study highlighted a trend towards stealing dead people’s identities. ID Analytics stated that identity fraudsters gather together personal information associated with individuals that they know have passed away and use the information to open credit card accounts and purchase goods. When the bill arrives, there is no responsible party. Two and a half million dead people are thought to have their identities stolen each year.

Straightforward identity theft was also identified as one of the main forms of ID fraud. Crooks are still fond of using the traditional method of obtaining victims’ dates of birth, social security numbers, names, etc. This can enable them to get a whole host of other information and can be incredibly costly. For instance, if they are able to get hold of a credit card in somebody else’s name then they can get a credit card cash advance. One of the risks associated with getting cash advances on credit cards is that if it is done by a fraudster, it is possible to steal more money than the card owner actually possesses, making this a particularly attractive prospect for ID thieves.


Chief technology officer of ID Analytics Stephen Coggleshall claims that by taking a broad approach to ID theft and examining the way in which ‘bad people’ are connected to one another as opposed to the activities of individuals, the company has uncovered information that can improve customer protection. The research conducted by the organisation challenges the commonly held perception that identity fraudsters are ‘tech geeks’ pounding away on keyboards.

They are often simply persistent criminals who will stop at nothing to deprive people of their money. It also highlights the amount of homegrown ID fraudsters. Identity thieves are often stereotyped as being Eastern European but the research shows that large numbers of them are American, many of them living in rural communities.

This emphasizes the fact that people need to be extra careful with their personal information, as these thieves could be living next door. It highlights the scale of the threat that identity fraud poses to the country’s wallets and also indicates that significant numbers of individuals line their pockets by carrying out this type of crime.

“Ten Thousand Identity Theft Rings Operating in the United States” was written by Melissa Hathaway.  Melissa is a personal finance writer and former bank teller turned personal finance writer, offering advice and tips to publications on both sides of the pond. Source: http://www.money.co.uk/article/1001859-the-real-cost-of-cash-on-credit.htm

The problem of identity theft is slowly making progress in the sphere of awareness for the general public, but business identity theft is a less known and understood crime. Business identity theft is a crime where an identity thief will use a business’ identity to empty corporate bank accounts, take out new lines of credit, make fraudulent purchases, or even apply for tax credits or refunds.

Business identity theft, also known as corporate identity theft, will typically involve a criminal fraudulently modifying a business’ records that are filed with a Business ID Theftstate’s government organization responsible for maintaining business records, often the state’s Secretary of State. The majority of states do not have any authentication procedures requiring anyone sending in documents on behalf of a business to prove that they are the owners of the business. thief will use a business’ identity to empty corporate bank accounts, take out new lines of credit, make fraudulent purchases, or even apply for tax credits or refunds.

Criminals will use this lax business records system to change the business’ address, the business’ registered agent, and its corporate officers. Dormant businesses are particularly vulnerable to identity theft as they are still valid business organizations, but the owners have stopped operating the business and assume that it will stay inactive.

This allows the identity thieves to fraudulently use the business’ identity for a longer period of time before anyone becomes aware of the crime. Criminals will target these dormant businesses and effectively bring them back to life by filing the appropriate documents with the state, then use the business’ identity to pile up debt and steal as much money as possible before packing up and moving on to the next unsuspecting business.

While there is no surefire way to prevent corporate identity theft, following the recommendations listed below provided by the National Association of Secretaries of State (NASS) will help minimize the risk of your business’ identity being stolen:

  1. File all business reports and renewals with your state filing offices on time and be aware of who has access to this information within your company
  2. Sign up for email notification of any business record changes if available in your state
  3. Periodically check your business records, even if your business is dissolved or inactive
  4. Sign up for email notifications from banks and other creditors, if available
  5. Monitor business accounts, bills, credit card statements, etcetera, and reconcile your statements on a regular basis
  6. Monitor credit reports and sign up for a credit monitoring service
  7. Safeguard your company’s sensitive information, including account numbers and passwords, being sure to shred any trash that contains this information
  8. Ensure that your computers are secure, and train employees to avoid phishing scams and emails that may contain malicious viruses

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Medical identity theft occurs when somebody uses your information to obtain medical treatment without your knowledge or consent. Unlike traditional identity theft that requires a social security number, this can be  as simple as using your name, date of birth, and address. The dangerous thing about medical identity theft is that a hospital has to take in any emergency patients and often little attention is paid to whether the information they receive about that patient is accurate when it goes to the billing department.

Medical identity theft comes in two stages. The first is the billing stage. The billing department for any hospital, doctors office, pharmacy, or emergency room will use the information they have on the patient to try to bill them or their insurance provider. Once a victim is notified that their information has been used for medical treatment, they must work with the billing department of the hospital as well as any other groups such as Medicare or their insurance provider to prove that they were not the ones who received treatment. This is made easy by sending a copy of a driver’s license for photo comparison to the patient. The one thing about this process is that it can take many months for the different departments and companies to recognize that identity theft has occurred.

The second stage is the medical history stage. Whatever treatment the identity thief acquired under the victim’s information will now be placed on the victim’s medical record. Most hospitals are now electronically networked and a patient’s information can be accessed and updated from any part of the country. A thief can get prescription drugs, treatment for diseases, surgeries, etc. and it would all show up on the victim’s medical record. This can make it hard for a victim to get the prescription drugs they needs, proper diagnosis of illness, or proper treatment in an emergency situation.

If you discover that you may be the victim of medical identity theft, file a police report with your local police department using the information you have gathered on the fraud. Talk to the billing department of the medical facility as well as any insurance or government agencies that may be involved. Write to the hospital/doctor about viewing your medical history using the form LF 130A. And ask any physicians involved to amend your medical records to reflect that you were not the one who was treated.

For more information please see our Fact Sheet FS 130 on Medical Identity Theft.

“Medical Identity Theft: The Basics” was written by Kat Rocha. Kat is a Victim Advisor at the ITRC. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original post.

Violence at the hands of a domestic partner is often rooted in that partner’s desire to control. This need to control another human being can take the form of physical violence, verbal abuse and in many situations financial control. This is when identity theft comes into the picture in domestic situations.

Often times at the ITRC, we will get phone calls from an individual who has finally made that amazingly brave first step of trying to remove themselves from the situation. Whether they have physically left the shared domicile or are planning their escape, they realize they will need separate financial resources. It is at this time that they realize they have been a victim of identity theft at the hands of the person they once thought loved them.

If you, or someone you know, is in an abusive situation and believes they may also be victim of identity theft we recommend the following steps:

  • Check your (and your children’s) credit reports: You can do this for free online at www.annualcreditreport.com. Look for accounts or inquiries that you did not make. It may be a credit card or something as large as a mortgage or a vehicle. Once you check the report you will know if you are a victim or not and can take action accordingly. You will also want to check your children’s credit reports if you have children. You can easily check your child’s credit report for free at https://www.allclearid.com/child.
  • Place a 90 day fraud alert: You can place a 90 day fraud alert by phone. Even if an abuser has not used identity theft as a tactic in the past, they may use it as a retaliatory effort once the victim begins the process of separating from the abuser. A 90 day fraud alert will keep them from opening any new accounts.
  • File for separation: When an individual is married, the law looks at the two married people as a single legal entity. If you have not filed for separation, the police will look at the situation as a domestic dispute rather than identity theft. In most states you can file for separation on your own.
  • Obtain a restraining order: While we understand this is a terrifying step, for many victims of domestic violence it is necessary. The first step is to obtain a temporary restraining order, or TRO, which you can do yourself at your local courthouse. It is free to do this in California, but you may want to check with your state to see whether there is a filing fee or not. Though the restraining order is just a piece of paper, if your abuser violates the order and tries to contact you, they will be at risk of going to jail. This is often a satisfactory deterrent to an abuser.
  • Call your bank and creditors: Inform these companies that you are in the process of separation. Place a verbal password that your abuser would not know or be able to guess. Request that no changes be made to your accounts without the verbal password. Also request that no information about the account or the account holder be released.

We know that this is an incredibly difficult situation entangled with emotions and fear. If you have any questions or need further guidance, please call the Identity Theft Resource Center at 888.444.5530 and one of our Victim Advisors will be there to help.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

We are very excited to begin yet another venture in our mission to reach consumers and educate them about identity theft. This Thursday, December 6th ITRC will be hosting our first ever identity theft Twitter chat. It is our hope that this will help people who are concerned about and interested in identity theft connect with one another. Be it an organization working on identity theft issues, victims of the crime, or service providers these conversations have proven to produce wonderful ideas in the past. The ITRC is optimistic the weekly identity theft chat will do just that.

The first identity theft twitter chat will take place on Thursday, December 6th 2012. Those who would like to participate can RSVP via online invitation. The ITRC will be hosting the identity theft twitter chat every week on Thursday at 11:00 am PST.


Questions will change every week and December 6th 2012 questions are as follows:

Q1: What do you think is the best way to protect against ID Theft?
Q2: Who do you think is the most vulnerable to ID Theft right now?
Q3: Have you ever been a victim of ID Theft? What happened?
Q4: Would you know what to do if you become a victim of ID Theft?

Following each weekly identity theft twitter chat, users will be able to suggest questions for the next week’s event. In order to participate, users should follow the hashtag #IDTheftChat and include it in all of their responses.

The ITRC hopes that everyone with interest in the issue of identity theft is as excited as we are and that this weekly event will help centralize twitter talk regarding identity theft. This weekly event should also help produce great collaborative thought and perhaps even some unique and novel solutions. Other entities which are interested in becoming a guest host for a weekly chat can contact ITRC’s Social Media Manager at nikki@idtheftcenter.org. We hope you will join the conversation and bring your friends!

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

One of the first steps a victim or likely victim of identity theft should look to complete in order to protect their financial well-being is issue either a fraud alert or initiate a credit freeze. At the ITRC call center our advisers regularly receive calls from consumers confused as to what exactly each of these protections do and how they work. In an effort to reduce confusion, what follows is an explanation of what each protection does and doesn’t do, and which one will best fit what type of consumer or victim. For more detailed information, review fact sheet 100 in the document catalogue of the ITRC website at www.idtheftcenter.org.

Fraud Alert – A fraud alert heightens credit issuer’s awareness that they need to authenticate and verify the applicant before issuing credit. Most security conscious banking and financial institutions as well as major credit issuers will take notice of a fraud alert. However, it is not 100% reliable and not always heeded. They don’t affect your credit score but may slightly slow down the application process. When you initially place a fraud alert as a potential victim of identity theft, you will be offered a free credit report as part of your federal rights. This is not the same as the free federal annualcreditreport.com

Security or Credit Freeze – With a freeze; a company may not look at your credit report for the purposes of establishing new lines of credit. Companies you already have an existing relationship with (example: a credit card, loan or utility service) may view your reports but only to review your credit-worthiness. Placing a freeze is a strong step to take and will affect your ability to get instant credit since it can take up to 3 days to thaw a report. However, it also locks out thieves. In those states with freeze laws, most state that victims with a police report get this service for free. Most states also allow the consumer to buy a freeze. You may thaw your freeze anytime you wish to apply for credit but you will need to plan ahead. At the time a freeze is established, the victim or consumer is given a pin number as a way of confirming their identity. Anyone considering a security freeze needs to be very careful not to lose this pin number as it can be extremely difficult to thaw (unfreeze) your credit report without the issued pin number.

The difference between these two options is the level of security. A freeze will place a higher degree of assurance to a victim that new accounts will not be opened, but leaves much less flexibility than a fraud alert. Whichever tool a victim of identity theft chooses, they should continue to be conscientious of what is going on with their credit file and know that the Identity Theft Resource Center is always here to answer questions and assist victims.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Major security breaches often occur over the Internet. As hackers learn to break into corporate – and even government – networks, it can seem like the Internet is the only source of identity theft. However, old-fashioned burglaries are still common, and these thieves are now after more than your wallet or jewelry. They want your identity.

Professional burglars can make money by selling passwords, credit cards, billing statements and identification cards. These burglars often have connections with organized criminal enterprises who know how to milk the information for all its worth. A home security system is the best way to deter criminals from breaking into your home, but if they do get inside, your personal information will need to be secure.

  1. A Safe: A common misconception home owners have is that if they own a safe, they are protected. Some safes offer protection against fire or water and are not designed to protect your valuables from theft. Also, some safes are light enough to be carried away. To protect your valuables and sensitive documents and data from burglars, you will need to choose a safe that is very difficult to break into. You also need to opt for the safe that can be bolted to the floor. A thief can violate a safe in two ways: by carrying it out the door or by breaking into it. Make sure you choose a safe that resists both.
  2. A Shredder: A thief doesn’t even have to break into your home to steal your identity. If you leave sensitive information in the trash, a clever burglar will find it. A simple way to protect yourself against identity theft is to shred all financial statements, paystubs and sensitive documents that you no longer use for tax purposes.
  3. The Trio of Computer Protection: Many of us store information in our laptops and computers, and theft or hacking of these items can have drastic consequences. To protect information from being accessed during a burglary, you can equip your computer with a BIOS password. BIOS stands for Basic Input Output System. This password will prohibit a burglar from booting your computer. However, a computer savvy burglar can remove your hard drive and read the information using another device. To protect against this type of information theft, you can encrypt your files. If a burglar wants to physically remove your laptop, you can deter him with an anti-theft PCMCIA card that sounds an alarm and shuts down the computer when removed from a certain perimeter.

A Few More Tips

Never leave sensitive information in plain view, filing cabinets, dresser drawers or obvious places like a purse or coat pocket. Always remember to set your alarm system and lock doors and windows. It is important to remain daily vigilant as burglars are always on the prowl, and be sure to ask a neighbor to check in on your house if you are gone for a long period of time.

Silvia Brooks is a former real estate agent who works with homeowners to find the best security system for their needs. You can read more of Silvia’s advice at homesecurity.org.

FBI’s Law Enforcement Executive Development Association (FBI-LEEDA) has partnered with LifeLock, an industry leader in identity theft protection services, in order to provide cutting edge seminars on identity theft to law enforcement around the nation. These seminars cover current identity theft laws, the various technologies used in identity theft crimes, and proper identity theft awareness and protection strategies. In addition, this program provides access to databases to assist law enforcement in identity theft investigations.

In the last three and a half years, the FBI-LEEDA/LifeLock Identity Theft Summits have reached more than 7,000 law enforcement officials representing more than 2,500 agencies around the United States. The Summits have been hosted by police chiefs, sheriff’s offices, universities and state attorneys general across 32 states. More than 100 Identity Theft Summits have been held so far, with more than 30 taking place in 2012 alone. LifeLock has been recognized for its Corporate Social Responsibility by both the American Business Awards and Communitas Awards for its work with the FBI-LEEDA program.

Based on a recent Javelin study, the FBI-LEEDA program picked a strong company to partner with to educate and assist law enforcement in the field of identity theft. The study, titled 2012 Identity Protection Services Scorecard: How to Deliver Customer and Market Value in a Regulated $4B Market provides insight into the different companies and services available to consumers who want to protect themselves against identity theft. The Javelin report ranked LifeLock number one, tied with the company Intersections, in overall identity theft protection service when compared with 15 other top companies in the industry.

Based on Javelin’s criteria, LifeLock was the only company to receive a 100% score in the category of detecting breaches to your identity due to their multi-faceted approach of triple-bureau credit monitoring, internet scanning, public records scanning, Social Security Number tracing, and offering a child and family option for the consumer. LifeLock was ranked number two in the category of resolving identity breaches for providing consumers with a certified fraud specialist, 24/7 access to LifeLock’s multilingual 24/7 resolution team and a large identity fraud insurance and service guarantee provided by a third-party insurance provider.

FBI-LEEDA/LifeLock Identity Theft Summits for the rest of 2012 will be held in Prescott Valley, Arizona and Baltimore, Maryland.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Prescription fraud occurs when an identity thief, using your personal information, has a prescription issued and possibly filled under your name. Prescription fraud is just one consequence of medical identity theft, where a thief obtains enough of your personally identifying information to be able to assume your medical identity. Prescription fraud affects the victim in many ways, including their finances, ability to get necessary health care and possibly their ability to check their own health records.

An identity thief using your identity to be prescribed restricted medications, may also use your health insurance to purchase the medication. This means that you, the victim, will often get left with the bill for any unpaid expenses the identity thief incurs while using your identity and medical insurance.


It is important to be alert for any explanation of benefits (EOB) you receive from your health insurance provider or bills for medical services you did not seek or receive. This may be your best warning that an identity thief is abusing your medical identity and insurance.

Unfortunately, there are worse consequences to being a victim of prescription fraud than bearing the brunt of fraudulent medical bills. When an identity thief uses your medical identity to be prescribed medication, this information will be incorporated into your health record. Any subsequent medical personnel looking at your record will see the new prescriptions and make medical decisions based on this fraudulent record. Prescription fraud victims have discovered they were victims of identity theft and prescription fraud after their pharmacy refused to fill their current, valid prescription because it conflicted with another medication prescribed to the identity thief.

Lastly, it can be exceedingly difficult to set your health records straight after an identity thief has received services or prescriptions under your name. Under the Health Insurance Portability and Accountability Act, or HIPAA, strict rules prevent access to patients’ medical records by unauthorized entities or individuals. Sadly, this very same rule prohibits victims of prescription fraud from accessing their personal health records in order to correct it because health care providers fear it may be a violation of the identity thief’s rights to confidentiality of their medical records.

The best defense to prescription fraud or any identity theft is to be keenly aware of your personal information. Any documents that contain personal information such as your birth date, Social Security number, driver’s license number, or insurance plan information, should be stored somewhere safe and secure or shredded when no longer needed. Do not carry your Social Security card, military identification, or Medicare card on your person as they have your Social Security number on them and are extremely helpful in the hands of an identity theft. New military identification cards no longer have Social Security numbers on them, so if you have an old military ID you can always renew your card to reduce your risk of identity theft.

“Prescription Fraud and Identity Theft” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original post.

SC Department of Revenue Reports Record Setting Data Breach

It was admitted publicly by state officials yesterday that the tax and banking information from millions of South Carolinians may have been compromised in a recent exploitation by hackers of the Department of Revenues servers.

What Happened: On October 10, the South Carolina Department of Revenue (DOR) was informed by the South Carolina Division of Information Technology (DSIT) of a potential cyber-attack involving the personal information of South Carolina Tax Payers. On October 12, the state hired an outside IT security firm, Mandiant, which on October 16, determined the intruders accessed state systems in early and mid-September. It wasn’t until eight days later, on October 20, that the suspected security hole was actually closed.

Who It Affects: In the aftermath of this discovery, it was determined that approximately 3.6 million Social Security numbers and 387,000 credit and debit card numbers of South Carolina Tax Payers may have been exposed (The entire population of the State of South Carolina is approximately 4.7 million), making this the largest breach of its kind in state history.

What’s Being Done: “We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected,” Governor Nikki Haley said in a statement. In an effort to mitigate the potential damage, taxpayers in South Carolina who might have potentially been impacted are being provided one year of credit monitoring. Haley said the state was negotiating to offer protection at about $8 per person, which would cost the state about $29 million if every taxpayer affected registered.

South Carolina Taxpayers that have filed returns in that state since 1998 are encouraged to call the toll-free call center established by the DOR, 866-578-5422.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.