Studies have consistently shown that the elderly are an especially high risk population when it comes to falling victim to scams, fraudsters, and identity thieves.  Elderly people are particularly at risk for identity theft, as well as other forms of financial abuse due to several factors.  First, older citizens tend to have more savings at their disposal and higher credit ratings, making them juicier targets than many other demographics.

Elderly people are also often less comfortable using digital information platforms like the internet.  This means they are less likely to check bank statements regularly.  It also means the elderly are often generally easier to fool in online scams that many of the rest of us are already aware of due to much higher computer and internet usage rates. Dependence on caregivers and advisors can also sometimes lead to an increased incidence of identity theft among elderly people.

So how do you protect your parents, or grandparents from being victimized by a clever online scammer or identity thief?  The answer is the same for the elderly as it is for every other demographic: education.  Concerned consumers should take the time to talk to their elderly family members to ensure they understand the risks of online interaction, and some of the common tactics scammers will likely use to try and trick them out of their hard earned cash.  For more information regarding scams and the elderly, don’t hesitate to visit the ITRC website at www.idtheftcenter.org.

Never send any banking or personally identifying information to anyone you don’t know.  There is no Nigerian prince who needs pop-pop to guard his royal life savings,  your nephew isn’t trapped in a Mexican Prison, and the Google Tech Team will never instant message gam-gam for her security credentials to confirm her service.  They should only shop online at sites they recognize and with vendors they trust.If there’s ever a doubt about an email or an online interaction, inform them to contact a family member or industry professional before they respond or take any action; it might save grandma’s life savings.

If an elderly member of your family does fall victim to a scammer or identity thief, contact the ITRC’s call center (Hours m-f, 8-4:30 PST) at 888-400-5530 and a trained victim advisor will be happy to assist you or your loved one in mitigating any damage resulting from the scam.

“Protecting the Elderly from Identity Theft” was written by Matt Davis.  Matt is Director of Business Alliances at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

As the Identity Theft Resource Center helps to recognize National Cyber Security Awareness Month, it is appropriate for us to reflect upon how much has changed in the world of privacy, cyber security and identity theft in the last 10 years.

In 2003, the cost of a gallon of gas was $1.83 compared with the approximate $3.90 we see today.  Apple had just launched iTunes and the first iPod only two years previously (January and October 2001 respectively).  It would still be another four years until the first iPhone would be launched.  Now, 10 years later, it is announced that Apple is the number ONE most value brand in the world (surpassing even Coca-Cola).

In 2003, Google had been around for 7 years and was enjoying the almost inconceivable number of 200 million searches per day, and Gmail was getting ready for launch in early 2004.  Today, Google handles more than double that traffic, has 67% share in the U.S. search market and there are now 425 million Gmail users.

The ITRC is celebrating a 10 year anniversary as well.  In 2003 we were recognized as a 501c3 non-profit.  At that time the sole mission of the ITRC was to provide the best in class victim assistance at no charge to consumers throughout the United States.  That goal has remained at the core of the ITRC’s mission. However, much has been added to our goals and activities. We now provide education and awareness initiatives in identity theft related issues such as cyber security, data breaches, scams and fraud.  It is our goal to stem the tide of identity theft by determining issues that are potential pitfalls for consumers and helping them to minimize their risk.

One constant over the past 10 years has been the steady increase in the number of victims of identity theft.  For more than the last 10 years (13 years actually) identity theft has been the number one fraud related complaint captured by the FTC Consumer Sentinel Report.  We have seen this number of reported victims grow from 31,000 in 2000 (FTC Consumer Sentinel) to 8.6 million in 2010 (Bureau of Justice Statistics).

While we recognize that low tech mechanisms certainly still exists as a means to pilfer one’s identity, we believe the tremendous growth in the crime must be attribute to the overwhelming growth of the cyber world.  This year it is estimated that the number of cell phones on the planet will outnumber people.  We are all walking around with a tiny computer in our hands and all the inherent risk that poor cybersecurity practices carry with it, are now carried in our pockets and purses.

Sound cybersecurity practices are at the base of the pyramid when it comes to protecting our identities.  That is why the ITRC is a champion of National Cyber Security Awareness Month.  We have scheduled several projects that will demonstrate both our commitment to this effort and the importance of its success.  From a local presentation at a town hall meeting on October 1st, to a twitter chat that will attempt to engage a national audience, we are preparing to make great efforts to build awareness of this issue. Please engage in this dialogue this month.  Get your families, from you mother and father down to your children, this is everyone’s business!

“How Far We Have Come” was written by Eva Velasquez. Eva is the CEO/President of the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

Governor Brown signed a landmark bill this Monday giving minors the power to have content or information posted on the internet removed at their request. SB 568, introduced by State Senator Darrell Steinberg, has two main provisions directed at improving the protection and privacy of minors on the Internet.

Sen. Darrell Steinberg told the Los Angeles Times SB 568 is “a groundbreaking protection for our kids who often act impetuously with postings of ill-advised pictures or messages before they think through the consequences.” The first restricts operators of an Internet website, online service, online application ormobile application directed to minors from marketing or advertising products including but not limited to alcoholic beverages, tobacco products, firearms and certain dietary supplements. The second requires the same group to notify minors that they have the option of removing any content or information they post on the internet and to honor any such requests made.

The second requirement will likely have a large effect on social media websites such as Facebook, Pinterest and Tumblr, where minors communicate with their friends and social networks. Kids and teenagers often post embarrassing information or pictures on websites that they may later regret or their parents discover and want their child to remove. This law would not just provide a remedy for minors to remove embarrassing posts, but it would also provide a way for minors to remove personally identifying information they posted on the Internet, such as a new driver’s license, without knowing that it can put them at increased risk of identity theft and fraud. This is a good thing.

Unfortunately, there are many questions that the text of the law does not answer. What exactly does “directed to minors” mean? The law defines it as “reaching an audience that is predominantly comprised of minors, and is not intended for a more general audience comprised of adults.” This vague definition may confuse website operators and leave them uncertain of whether they are targeted by this law. In addition, what exactly does an operator have to delete when requested by a minor and will it have any real effect? As Gregory Ferenstein wrote on TechCrunch, the law “ignores the reality that it’s nearly impossible to delete information from the net: embarrassing photos spread virally, and Internet archives automatically create copies of nearly every piece of information on the web.” He goes on to point out that most websites already allow users to delete a post. The law requires that Internet operators have to delete only the information personally uploaded by a minor. So, a repost of something they upload would not be required to be deleted and thus may limit the practical effectiveness of the law.

While the law may have some flaws, it is a step in the right direction for attempting to improve the privacy rights of children and teenagers. It will be interesting to watch how this law is interpreted and enforced by the California court system once it becomes effective January 1, 2015.

“California Increases Privacy Rights for Minors” was written by Sam Imandoust, Esq., CIPP, CIPA. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

The World Wide Web Consortium’s (W3C) Tracking Protection Working Group (TPWG) has suffered a major blow as the Digital Advertising Alliance (DAA), a “consortium of the leading national advertising and marketing trade groups,” has declared they are withdrawing from the TPWG.

In a letter addressed to W3C CEO, Jeff Jaffe, Lou Mastria, Managing Director of the DAA writes, “Despite extension after extension of its charter year after year by the W3C, the TPWG has yet to reach agreement on the most elementary and material issues facing the group. These open items include fundamental issues and key definitions that have been discussed by this group since its inception without reaching consensus…”

The TPWG was chartered more than two years ago to standardize the technology and meaning of Do Not Track by working with privacy activists and the advertising industry in order come up with a satisfactory self-regulatory system. In this time, the TPWG has failed to come to consensus on any of the issues needed to effectively create the self-regulatory system such as defining something as essential as the term “tracking.” The DAA’s departure comes shortly after experts Peter Swire and Jonathan Mayer left the group in August. Peter Swire is a law professor and privacy expert who was the co-chairman of the TPWG before he left to work with the Obama administration’s intelligence review panel. Jonathan Mayer of Stanford University is a graduate student in law and computer science who left the group in August after saying in July that the “parties are now further apart on the negotiations than they ever had been.”

The future of W3C’s TPWG is uncertain and the Federal Trade Commission (FTC) and privacy advocates in Congress have been waiting two years for progress. Avoiding government regulation of the Do Not Track system was one of the reasons for the creation of the TPWG; however, with this lack of progress, more attention and effort may be given to passing Do Not Track legislation.

Currently, Sens. Rockefeller (D-WV) and Blumenthal (D-CT) have a bill pending in the Senate called the Do Not Track Online Act of 2013. This bill would require the Federal Trade Commission to establish standardized mechanisms for people to alert websites that they do not want to be tracked and to create rules prohibiting online services from collecting information when a consumer selects a Do Not Track option on their Internet browser. The FTC has up to this point declined to recommend legislative action, but Agency Chairwoman Edith Ramirez told The Hill in late August that, “There may be a solution that can be achieved. That doesn’t mean to say that I’m willing to be waiting endlessly.” With the DAA’s departure from the TPWG, the FTC’s position may become more amenable to Do Not Track legislation.

This ambiguity surrounding the progress of the Do Not Track standards may have prompted California Assembly Member Al Muratsuchi to introduce AB 370, a bill amending the California Online Privacy Protection Act to require commercial websites and online services that collect personal data to disclose how they will respond to Do Not Track signals from a user’s Internet browser. AB 370 was passed by the California Senate and Assembly and now awaits Governor Brown’s signature. Continued lack of progress in developing and implementing Do Not Track standards may give reason for other states to enact similar legislation to California’s AB 370.

The DAA still believes that there is a non-regulatory solution to the Do Not Track problem and intends to create its own DAA-led group with a new process to evaluate Do Not Track signals and how they can enhance consumer privacy.

“Digital Advertising Alliance Withdraws from W3C Tracking Protection Working Group” was written by Sam Imandoust, Esq., CIPP, CIPA. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

The open enrollment period for the new health insurance exchanges created by the Affordable Care Act begins October 1, 2013. Americans will have until January 1, 2014 to come into compliance with the new law by purchasing health insurance coverage resulting in a surge of people looking to purchase health insurance from these health insurance exchanges in the coming months.

Most people will have several questions and need help navigating the maze of different option and requirements for each insurance plan. Millions of Americans will be need assistance in weighing their options and in order to do so, they will need to disclose personally identifying information and personal health information. The health insurance exchanges will have people assigned to the role of helping consumers determine what their options are, called navigators. These navigators will ask the individual for their Social Security number, medical history information, name, address and more in order to adequately assess their options under the Affordable Care Act.

We posted an article a few weeks ago regarding a coalition of State Attorneys General who expressed their concerns regarding the Affordable Care Act’s navigator program. Their primary concern was the lack of safeguards in the hiring process of navigators who will have extensive access to consumers’ personally identifying information and protected health information. The lack of criminal background checks make it possible for people with a criminal history, possibly including identity theft, to be employed as navigators.

This is a very legitimate concern as medical identity theft is one of the most devastating forms of identity theft. A victim’s medical records can be mixed with the identity thief resulting in misdiagnosis of illness or a doctor prescribing incorrect medicine. In addition, medical identity theft is incredibly difficult to resolve as the thief could potentially use the same medical identity multiple times, accumulating hundreds of thousands of dollars in medical bills.

This concern has led California State Assembly Minority Leader Connie Conway to introduce AB 1428. This bill would require “prospective employees, contractors, subcontractors, volunteers, or vendors, whose duties include or would include access to confidential information, personal identifying information, personal health information, federal tax information, or financial information” of Covered California to submit to the Department of Justice fingerprint images for the purpose of detecting any past state or federal convictions.

California has taken the initiative to resolve any inadequacies in the navigator program with this bill and other states may soon follow. AB 1428 has passed both the State Assembly and Senate and awaits Governor Brown’s signature.

Legislative Update – California Taking Obamacare Navigator Issue Into Its Own Hands” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

No, a Nigerian Prince does not want to give you money.

This is an example of the Nigerian letter scam and it comes in many forms. The Nigerian letter or email scam is very common and typically requires the victim to send money to the scammer and, in turn, the scammer will reimburse them several times over.

A common example is an email from a representative of a Nigerian prince who needs to transfer $40 million obtained from an oil contract but cannot use an African bank account and therefore needs your assistance. They will want to use your personal bank account, but first, you need to open a Nigerian bank account with at least $100,000 in it to be a qualified foreign recipient of the funds. The prince’s representatives will provide information as to where you will send the money and promise you they will transfer your millions right after. Another example is that you are the winner of a foreign country’s lottery (somehow!) and if you send personal identification information and documents plus a small fee, you will receive your millions of dollars in lottery winnings. Of course, this never happens.

While there are many different ways these fake stories are formulated, they all follow the same basic principle. You send us money, and then we will send you much more. Any time you see this formula you should immediately suspect foul play. These Nigerian letters or email scams used to be very easy to identify because the emails looked very unofficial and there were so many spelling and grammar mistakes that it couldn’t possibly be from a legitimate organization handling millions of dollars. Nowadays they are much harder to detect because the scammers have been putting more effort into creating more realistic and convincing emails that include a business or bank logo, correct grammar and spelling, and sometimes fake websites to look more official and authentic.

The Federal Trade Commission’s (FTC) 2012 Consumer Sentinel Network Data Book compiles complaints received by the FTC, various state law enforcement organizations, the Consumer Financial Protection Bureau, the U.S. Postal Inspection Service and the FBI’s Internet Crime Complaint Center. In the 2012 report, 7,782 complaints were filed under the category of Nigerian/Other Foreign Money Offers (not including prizes) down from 16,405 in 2010. Therefore, people may have become more aware of these scams, but the scammers are working every day to make their scams more and more believable. Be on the lookout for these scams and always remember, if it sounds too good to be true, it probably is.

Should you fall victim to this scam you should immediately report it to:

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.

A skimming device is a piece of hardware that is attached to any credit/debit card processing machine and will record all the data that is contained on the magnetic strip on the back of your card. The skimming device is often supplemented with a camera discreetly positioned so that it can secretly record you enter your PIN number if using a debit card. A skimming device can be placed on ATM machines, gas station pumps and at the cashier at your local retailer.

 Check the machine you are using for any suspicious additional hardware attached to it or for a warning sticker that has been cut or torn.

Identity Theft and SkimmingA skimmer can be small and inconspicuous, but it is nonetheless an additional piece of hardware that must be physically attached to any machine that you are using. Always be sure to check for any hardware that looks like it was manually added and does not conform to the rest of the machine.  On some machines,the skimmer can be attached in a hidden compartment such as a gas station pump. The gas station pump credit/debit card swipe is often covered and you will not be able to see a skimmer that is attached to it because it is hidden behind a panel or compartment that must be opened in order to access it.

Many gas stations place a sticker over the panel opening so that it must be removed, cut or torn in order to reach the component the skimmer must be attached to. Whenever one of these stickers looks stretched, excessively worn, or severed, you should look for a different pump or gas station.

Use a credit card over a debit card whenever possible.

The reason for this is due to the differences between how a credit card and debit card work. A credit card is simply a line of credit extended to you from a financial institution. When you pay for something with a credit card, you are creating a debt with the financial institution that you will have to pay later. A debit card is different in that it is not a line of credit, but a conduit to your bank account which contains your hard earned money. This is related to two problems that  occur when your debit card is used for fraud as opposed to your credit card. First, since your debit card is attached to your bank account, a criminal can potentially drain all the money out of your bank account leaving you with no money to pay your bills. A criminal using your credit card can run up a nasty bill, but at least you will still have the money in your bank account to be able to pay bills such as rent and car payments. Second, banks treat debit cards and credit cards differently when it comes to fraudulent transactions. Credit cards are offered much more robust liability protection in that, generally, your liability for fraudulent transactions will usually be at maximum $50.00. A debit card on the other hand will have liability limited to $50.00 so long as you report the fraudulent transaction within two days. Your liability will be limited to $500.00 if reported between 2 and 60 days, and you will be liable for the entire fraudulent transaction if you fail to report it within 60 days.

Monitor your credit and debit card accounts as often as possible.

In order to reap the benefits of limited liability and to prevent a thief from using your card information over several days or weeks, you must be vigilant in monitoring your accounts to find evidence of fraudulent transactions. The sooner you detect a fraudulent transaction, the faster you will be able to report the fraud to your financial institution, limit your liability for the purchase, and shut down the card so that it can no longer be used.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

In the digital era that we live in, almost any service we use requires a username and password regardless of whether it is a paid service or not. To avoid identity theft and fraud, it is important to ensure that your passwords are strong and not susceptible to being hacked by criminals seeking your personal information.

To help you protect all your valuable personal information, we have compiled a list of tips on creating and protecting your passwords.

Create a Strong Password: A strong password is one that is not easily guessed and not easily cracked by a hacking program.

  • Make your password as many characters as possible with a minimum of at least 8 characters. The more characters there are the harder it will be to guess or crack using a hacking program.
  • Mix special characters, lowercase letters, uppercase letters, and numbers to increase the complexity of your password.
  • Do not use correctly spelled words found in a dictionary as hacking programs will use “libraries,” or lists of common words or bits of text, to speed up how fast they can crack passwords.
  • Do not use your birthday, Social Security number, place of birth or anything other personal information in your password as this information is sometimes readily available on the internet.

Do not share your password with anyone: This is a bit of common sense, but many people think that it is ok to share a password with someone they trust. Sharing a password is never a good idea. Even if the person you are giving it to you is trustworthy, they may not protect your password as diligently as you would or the email you sent them your password in may get hacked at some point, giving account access to a thief.

Do not use the same password multiple times: While it is understandable that you do not want to create a completely unique password for every website or service you use, you should still try to differentiate your passwords. When you use the same password for everything, this gives thieves the chance to steal an easier to access password for a low security website and then use it to gain access to a high security website like your online bank account. You can use the same base password and make a unique ending related to each website, but the more unique your passwords are the better.

Beware of phishing scams: A phishing scam is where a criminal attempts to trick you into giving out your username or password information by pretending to be a site administrator or an employee of a company. Often, this will come in the form of an email which will look official because it has a logo, a heading, and an official sounding title of the sender of the email who is asking you for your information. This will always be a scam as companies will typically never ask you for your login information over the phone or email.

It is understandable if you have so many accounts that it isn’t feasible to have a completely unique and strong password for each one. A password manager may be useful for you as they will reduce the number of passwords you will have to remember and some of them will even create passwords for you. To read more about password managers on our website, click here.

“Secure Password Tips” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to the author and linking back to the original posting.

Do you know what September 5th is? Besides being International Beard Day (it’s true… Look it up), it is the first Thursday of the month and that means another Identity Theft Twitter Chat.  This month’s topic is online shopping safety.

This very specialized Identity Theft Twitter Chat is just another way that ITRC is really trying to reach mainstream consumers to make them aware of identity theft.  It is our hope that this chat will reach those who may not consider participating in a twitter chat based around identity theft or cybersecurity, but would be interested in the topic of online shopping.

This Identity Theft Twitter Chat will take place at 11:00am PST on September 5th.  The questions that we will be basing the discussion around are:

Q1: How often do you shop online and what do you shop for?

Q2: Do you think about security when you shop online?

Q3: Do your kids shop online? Have you talked about safety with them?

Q4: Have you ever been scammed while shopping online? What happened?

Q5: Do you have any questions about online shopping safety?

Q6: Do you have any tips you can share on protecting yourself while online shopping?

This month’s event should help produce great collaborative thought and perhaps even some unique and novel solutions to shopping online safely. In order to participate, users should follow the hashtag #IDTheftChat . Those who would like to participate can RSVP via online invitation.  Anyone is welcome and we hope that we will see consumers, businesses and organizations alike!

Participants may find it helpful to participate through the #IDTheftChat Twub which can be found at http://twubs.com/IDTheftChat.  Anyone who has questions should contact ITRC’s Media Manager at nikki@idtheftcenter.org. We hope you will join the conversation and bring your friends!

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Sometimes, you want to buy something very specific and no stores in your area carry that item.  Other times, you get an email enticing you to attend a sale that is irresistibly good.  Maybe it is just that you are just too busy to get to out and purchase something you really need.  Whatever the reason, online shopping has gone from a preference to a near necessity.  This is what we were thinking about at the Identity Theft Resource Center when we decided to cover online shopping safety for our Identity Theft Twitter Chat in September.

We thought it would be good to let our readership dip their toes into the world of staying safe while online shopping by giving just a few of the many tips we will be sharing during our upcoming event. So, we put together a list of a couple of our favorite tips for you:

  1. Use Secure Sites: Secure websites use security technology to transfer information from your computer to the online merchant’s computer. This technology scrambles (encrypts) the information you send, such as your credit card number, in order to prevent computer hackers from obtaining it “en route.” This reduces the number of people who can access the transaction information. The following items shown on your web browser will indicate a connection to a secure web site.
    •  https:// The “s” that is displayed after “http” indicates that the website is secure. Often, you do not see the “s” until you actually move to the order page on the website.
    •  A closed yellow padlock displayed at the bottom of your screen. If that lock is open, you should assume it is not a secure site.
  2.  Don’t shop on unprotected WiFi: We have all done it.  You go to the coffee shop to merely browse through your latest edition of Wall Street Journal on your iPad.  Then you remember you need new shoes for a wedding next month and decide to knock that task off your to-do list. Don’t do it! The information you send while using public WiFi can usually be seen by anyone and that includes any credit card information you enter.  If you are going to do anything even remotely sensitive while using public WiFi, be sure you have a Virtual Private Network (VPN).
  3. Research the Vendor or Website: It is best to do business with companies you already know. If the company is unfamiliar, investigate their authenticity and credibility. Conduct an Internet search (i.e. Google, Yahoo) for the company name. The results should provide both positive and negative comments about the company. If there are no results, be extremely wary. Remember, anyone can create a website.
  4. Credit vs. Debit: The safest way to shop on the Internet is with a credit card. In the event something goes wrong, you are protected under the federal Fair Credit Billing Act. You have the right to dispute charges on your credit card, and you can withhold payments during a creditor investigation. When it has been determined that your credit was used without authorization, you are only responsible for the first $50 in charges. We recommend that you obtain one credit card that you use only for online payments to make it easier to detect wrongful credit charges and keep your other cards from being exposed.

These tips are not really hard to remember so we recommend that you learn them and always use them.  There is nothing like waiting in the mail for a package and getting a big fat case of identity theft instead.  For more tips about online shopping safety, to ask questions or to learn about resources to help keep you safe, join our upcoming Identity Theft Twitter Chat (#IDTheftChat) on September 5th at 11:00am PST.  You can view questions and RSVP here. In the meantime shop safely and we hope to chat with you soon!

“Identity Theft is Never on Sale” was written by Nikki Junker.  Nikki is the Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to www.idtheftcenter.org.