Earlier this month members of the ITRC team, in an effort to promote greater education and unity of effort in the fight against identity theft, made a visit to Vancouver, BC, where Canada’s newest non-profit organization, CITSC (Canadian Identity Theft Support Centre) is nearly ready to hard launch their victim assistance center. Much like the ITRC here in the States, CITSC is an organization whose primary objective is to provide no-cost assistance to victims of identity theft and financial fraud. The two organizations have been closely collaborating for several months in order to share intelligence and experience, to make CITSC’s transition to a fully functioning national non-profit go more smoothly. While in Vancouver, ITRC representatives engaged with CITSC to complete live training exercises with actual victims.


The ITSC received a charter from the Canadian Department of Justice to develop a program to educate and assist Canadian victims of identity theft and financial fraud. Much like the United States, Canada’s identity theft is a growing problem, quickly making its way into the public consciousness. Canadian law differs in several key areas from US law, so it is important to have an organization that is versed in Canadian law so it can provide the most effective assistance to Canadian victims and consumers. While this sounds simple, the process of getting a national non-profit organization up and running smoothly is actually a very challenging undertaking. CITSC reached out to ITRC not only to train advisors, but to assist in establishing operations and security protocols that are a necessary part of running the day-in, day-out business of an organization that still has all the same challenges a normal small business does. This allowed CITSC to not have to “reinvent the wheel,” as CITSC President Kevin Scott put it.

Providing CITSC with the opportunity to put more of their initial focus on discovering and understanding the differences in Canadian law and how that would affect the advice given to victims and consumers was of paramount importance to the ITRC. As the ITRC Director of Operations Rex Davis put it, “once they go live with a hard launch we know their jobs will get fast and furious, so we just wanted to do all that we could to give them the best leg up possible out of the gate.” The shared mutual interest from both organizations has led to close collaboration over the past year and has covered every issue or challenge that might be faced with forming this kind of organization. As their expected hard launch date is tentatively set for June, this trip’s objective was to provide sort of a final systems check, to ensure the victim advisors who would be handling calls are trained and ready to go.

According to ITRC Victim Advisor Gabby Ayala, “the objective of this visit was to give the folks who will be first responders to Canadian victims some live experience with an actual victim pool prior to the hard launch of their call center. Overall we thought the experience was incredibly beneficial for both parties. It gave us a chance to show them what they should expect and to allow them to have some actual experience with victims under their belt prior to going live. I think it was encouraging for us as well to see how far they’ve come in such a short period of time. The dedication they show to the victims and the passion they have for the subject matter is readily apparent, and I think that was really a welcome sight for us as veteran advisors. It was gratifying to know that Canadian victims will be in good hands.”

For questions or more information about the Canadian Identity Theft Support Centre, visit their website at http://idtheftsupportcentre.org/ or call them toll free at 1(866) 436-5461.

“ITRC Goes to Canada, Ey?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Every year the Internet Crime Complaint Center, known as IC3, releases their report of the complaints they have received throughout the prior year. This information in gathered through the reports made by victims of cybercrime to IC3. It is then analyzed and reported to authorities at all levels in order to help law enforcement fight cybercrime. The information is also used to make important Public Service Announcements, which help make the public aware of new cybercrime scams and other exploits against citizens. This awareness is an incredibly important step in helping prevent individuals from becoming victims.

This year saw a rise in complaints received by the IC3, with the total number reaching 314,246. The Average dollar loss (for those who reported a monetary loss) was $4,187. Believe it or not, scams which purported to be from FBI topped the list of fraud types reported. The other four types of cybercrime that showed up in these results were identity theft, advance fee fraud, merchandise not delivered, and overpayment fraud. Auto fraud scams alone cost complainants $8.2 million dollars in loss. Romance scam losses amounted to $5700 per hour or $50 million overall. In these romance scams, women aged 50-59 had triple the rate of complaints and nearly 6 times the amount of loss as men in the same age bracket. There was also a rise in something IC3 calls “double dipping” which is where a criminal goes back to the victim and attempts to rectify the situation only to scam them again.

Scams which promised individuals “work from home” jobs were one of the main characteristics of those scams reported. There were over 17, 000 of these complaints and victims are not only conned out of money and time in these scams, but often can be charged with money laundering due to the nature of the “work” they are asked to perform. The total loss for this type of scam was over $20 million and females aged 20-29 seemed to be the largest group of individuals to report becoming a victim.

The information in the 2011 IC3 report mirrors what we see on a daily basis here at the ITRC and we are glad to be able to see the trends and predictions of what we may be dealing with next. One thing is for sure, with new ways to defraud individuals via computers every day, the IC3 report will continue to grow and hopefully help consumers avoid some of these terrible fates.

Social networking sites are a great way for families and friends to stay in contact with each other. They also provide an open forum for people to speak their mind, talk about issues that are important to them, and share photos and memories with the world. Kids and teens have especially taken to this new way of connecting with people. In 2009, 38% of 12 year olds in the United States were members of at least one social network according to the Pew Research Center’s Internet and American Life Project. Kids love chatting, sharing real time photos, and instant messaging each other.

This is a wonderful tool for kids and teens to use, but there are certain things that must be taken into consideration, the first being the mental and emotional maturity of the user. Most young people don’t understand that what you post online can be seen by everyone, and is online forever. Pictures, comments, etc. can be viewed by anybody you allow access to. The biggest concern most parents have is stalkers and pedophiles who can use the information posted by kids to pinpoint what school they go to, the rout they take to walk home, if they have after school jobs, or if they will be at a particular location unsupervised like at the mall.

The second concern is that most kids don’t understand the long term consequences of what they post. Some users have found their posts used against them years later when they are applying for college and jobs. Comments about a particular college could result in an application to attend being denied. Pictures and comments at parties and social gatherings could cost you a job. Even pictures that a minor child may think are safe to post or share online could result in criminal charges of child pornography and a permanent record as a sex offender.

The last thing kids and teens need to keep in mind is that anything they post online can be accessed and manipulated by others. Cyberbullies have been known to take pictures from legitimate social networking profiles and create a dummy profile. They may doctor the pictures to depict the original person in compromising and embarrassing situations.

When teaching your children safety online it is always important to stress that nothing they post is 100% guaranteed to be private. Parents should be proactive in monitoring what their children post and talk with them if they see anything they deem inappropriate.

The Federal Trade Commission charged social network MySpace LLC with falsely representing the protection of its millions of users’ personal information. On May 8, 2012, the FTC made public its press release noting the conditions of the agreed settlement between the FTC and MySpace LLC.

So, what did MySpace do? According to the FTC, MySpace LLC led millions of users in the wrong direction about how the social network shared and protected their personal information that was collected via their personal profiles. The FTC said that MySpace provided its advertisers with its users’ Friend IDs; the unique identifier for each profile created on MySpace. The problem was not only that advertisers were able to use the Friend ID to find a user’s profile, but they were also able obtain the personal information that was made public by the user on his or her profile (age, gender, display name, user’s full name, profile picture – if provided, hobbies, list of user’s friends, and possible interests). This information was used to link web-browsing activity to the user.

MySpace LLC provides their privacy policy statements, which have not been revised since December 7th, 2010. Per their site, MySpace’s privacy policy is divided into different sections: Privacy Policy, Collection and Submission of PII and non-PII on MySpace, Notice: MySpace will provide you with notice about its PII collection practices, Choice: MySpace will provide you with choices about the use of your PII, Use: MySpace’s use of PII, Security: MySpace protects the security of PII, and Safe Harbor. These sections, in essence, advised its users that MySpace LLC would not share information for purposes other than those noted under each section, and that prior to use a user would be notified. Furthermore, another section promised that individual users would not be personally identified to third-parties, especially when it came to sharing web-browsing activity that was not anonymous. The privacy page further explains that MySpace is in compliance with the U.S. – EU Safe Harbor Framework and the U.S. – Swiss Safe Harbor Framework – framework which is set forth by the U.S. Department of Commerce. However, the FTC noted that MySpace’s privacy statements were deceptive in addition to violating federal law. In other words, MySpace was not practicing what they preached.

In the end, the social network agreed to settle. The FTC’s proposed settlement comes with several requests:

  1. Requires that MySpace LLC establish a “comprehensive” privacy program specifically designed to protect consumer information.
  2. MySpace is to engage and be subject to continued privacy assessments for the next 20 years by independent, third-party auditors. \
  3. The agreement “bars MySpace from misrepresenting the extent to which it protects the privacy of users’ personal information or the extent to which it belongs to or complies with any privacy, security, or other compliance program, including the U.S. – EU Safe Harbor Framework.”

In a 4-0-1 decision, the Federal Trade Commission accepted the consent agreement. However, this agreement is now open for public comment – closing June 8th, 2012. Then, the FTC will come to an accord whether it will make the consent order final.

“Shame on you MySpace” was written by Gabby Beltran. Gabby is the Public Information Officer and a Bilingual Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

A year ago in May, the ITRC posted ITRC Fact Sheet FS 143, which provided an overview of what the IRS was doing to combat identity theft, and help those victims who specifically had IRS issues because of tax problems created by the identity theft. The content of Fact Sheet 143 was provided by the IRS Office of Identity Protection, and this document is definitely a necessary starting point for anyone who has encountered issues with the IRS caused by returns being filed with your SSN, or reports of a work history that do not belong to you.

The IRS established internal procedures in 2009 to give IRS employees guidance on identity theft issues, and provided the IRS business units methods for handling the unique aspects of identity theft cases. Since 2008, the IRS has also provided a specialized identity theft unit as a service to taxpayers who have been victims of identity theft, and wanted to notify the IRS. This unit has a toll free number (1-800-908-4490) and will work with victims to review their taxpayer accounts and history, and provide guidance on what steps to take to mitigate their identity theft case. This unit has handles hundreds of thousands of consumer calls in English and Spanish. Using these methods, the IRS has been able to mark taxpayer accounts when identity theft has been indicated, establish communications with the affected taxpayer, and proactively investigate returns tied to marked accounts to prevent additional fraud on these accounts. In addition, those identified as identity theft victims may now receive an Identity Protection PIN to ensure that only their verified return is processed, and without delay.

So, what’s new?

In a hearing of the Congressional House Committee on Ways and Means on 5/8/2012, the IRS gave testimony that directly answers the question posed by this blog:

“Over the past few years, the IRS has seen a significant increase in refund fraud schemes in general and schemes involving identity theft in particular. Identity theft and the harm that it inflicts on innocent taxpayers is a problem that we take very seriously. The IRS has a comprehensive identity theft strategy comprised of a two-pronged effort, focusing both on fraud prevention and victim assistance.”

In the area of fraud prevention, the IRS noted that in 2011 identity theft screening filters were put in place to detect fraudulent returns before processing. This is a huge task given 100 million returns to process, and the fact that 10 million taxpayers move and 46 million change jobs each year. IRS has now instituted a correspondence with the sender of a flagged return before that return is processed, and is issuing Identity Protection PIN’s to those who are known to be identity theft victims. For the 2012 tax filing season, over 250,000 “IP PINs” were issued.

Prevention of tax fraud using the identity of deceased taxpayers is also being addressed. The IRS is coding deceased accounts that have been used fraudulently to prevent further future misuse, and marking the accounts of recently deceased taxpayers so that future attempt to use the account will be prevented. The IRS is also working with the SSA to shorten the time required to update Death Master File information into IRS records. They are also working with SSA on a potential legislative change which could help reduce the use of the Death Master File as a source for identity theft SSN’s. And, the IRS has developed methods to us information from law enforcement agencies to flag high risk accounts and help block returns that are filed by identity thieves. Altogether, it is apparent that the IRS is putting serious effort into identity theft prevention methods.

The IRS also testified about their efforts to ease the plight of identity theft victims. By the end of this fiscal year, they will have almost 2500 employees dedicated to identity theft work. In addition to the IP PIN program, IRS has dedicated significant training to employees and call center assistors in order to improve their response to identity theft victims. Coupled with a healthy taxpayer outreach and education effort, it appears to ITRC that the IRS is engaging in a serious campaign to reduce identity theft related fraud and provide needed support to victims.

The full testimony can be found here: http://waysandmeans.house.gov/Calendar/EventSingle.aspx?EventID=293593

‘What the IRS is Doing About Tax Fraud’ was written by Rex Davis. Rex is the Director of Operations at the Identity Theft Resource Center.

Last August, Facebook released their Facebook Messenger app for smart phones. This app is great for communicating with large groups of people (like party planning) so that everybody is involved, and also for allowing a friend to locate you in case you are lost or are meeting up at an unfamiliar location. In many ways, this app is a great convenience to many people and does make communication easier, but like with all social networking, users need to know about the privacy concerns and what they need to keep in mind to protect themselves.

The number one thing that consumers have shown concern for is the GPS tracking. When messaging somebody you can have it show everybody in the conversation your location via GPS. They all can see where you are messaging from and use GPS to get directions to you. Though is very useful in some situations, it is important to only use this function when necessary. You might not know everybody who is participating on messenger, nor do the people viewing your conversation have to be on your friends list to see your texts. Be sure you know who you are giving your location to and turn the function off if you aren’t sure.

This situation dovetails into another concern many consumers have. This new app does show everybody invited to the conversation. However, until they make their first post, it only shows their first name. This means, if you know 3 people named “Dave” you don’t know which one could be invited to chat until they say something. This can cause some awkward and embarrassing moments to those who aren’t careful. It also means that people you don’t know could be invited to the conversation and you might think it was actually a friend. Be careful with what you post. Make sure you know everybody before stating things or giving away your location.

The last item that has consumers concerned is that you can tell if a message you have sent has been read or not. For general purposes this is useful, but somebody could use this information to spy on you. It is also a way for spammers to know if your Facebook profile is active and if you have connected your phone to it. By knowing if you have read a message, they could then send you more messages in an attempt to trick you and steal your identity. You cannot turn this function off. The best thing you can do is delete anything that looks suspicious.

“Is Facebook’s New Messenger App a Privacy Risk?” was written by Kat Rocha. Kat is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Victims of Identity theft are confronted with a problem that is unique among victims of crime in the US. Unlike more traditional crimes, a victim of identity theft is forced to prove his or her innocence; not to one group or entity but to many. With identity theft, it will be assumed the victim is really the perpetrator until proven otherwise. As one tries to sort through the damage and clear their name, it is imperative that a victim knows the rights they have under the law, and where to go for legal resources and assistance in their efforts to get past this problem.


In the US, most consumer protection for financially related identity theft and fraud will fall under one of three major pieces of federal legislation. These are the FCRA (Fair Credit Reporting Act), FACTA (Fair and Accurate Credit Transactions Act), and FDCPA (Fair Debt Collection Practices Act). It is imperative that a victim of financial identity theft familiarize themselves with all three of these laws, in order to have a better understanding of just what their rights and protections as consumers and as potential victims are.

For financial or criminal identity theft it is also important to review the state laws and statutes directly related to identity theft, both in the state of the victim’s residence and the state where any portion of the theft or fraudulent use of the information occurred. A good place to start for any victim at the state level is to contact the state’s attorney general’s office, or review the state AG’s website. This will give the victim a far more thorough understanding of what their legal rights are, and the means of mitigation provided to victims in that particular state. In addition, for victims who may need to seek an attorney for any necessary litigation that may result from the theft, but who lack the necessary means to hire their own attorney; contacting the state’s associated Legal Aid Society will often provide insight into where pro-bono or discounted legal services may be found.
In many cases simple knowledge and understanding of the laws already in place will be sufficient for a victim of identity theft or financial fraud to successfully mitigate their case without the assistance of an attorney.

However if the determination is made that the only way to mitigate the fraud is to go to court, having an attorney is a really good idea. In that eventuality, the victim should ensure that whoever they enlist to be their legal counsel, has a clear understanding of identity theft related crimes, and understands that the victim’s legal defense rests solely on the fact that they are a victim of financial crime. Traditional legal education often doesn’t specifically address this niche area of the law, and any attorney who lacks at least a basic understanding of identity theft issues can often make things worse for their clients, despite the best intentions. A victim who has taken the time and effort to educate themselves will be able to determine who will be a good fit in any pre-hire legal consultation.

Above all, a victim needs to become their own legal advocate. Do a little research and come to an understanding of what protections are provided them under the law. A thoroughly educated victim is a hard one to take advantage of.

“What Are My Rights?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog

Last spring, it was revealed that iPhones and Android mobile phones send individual’s “user location data” back to their respective companies, Apple and Google. Initially the news was met by an angry uproar from citizens concerned that their right to privacy was being collectively violated. It didn’t slow down sales of either iPhones or Androids however, both of which posted significant gains last year. While Google is quick to point out that the information is stored anonymously, consumer concern has prompted Reps. Ed Markey (D-Mass) and Joe Barton (T-Texas) to call on the Federal Trade Commission to investigate whether Google’s privacy policies violate a previous settlement reached with the FTC last year.

This is in addition to the ongoing FTC antitrust probe into Google and Google+. Last June Google was answering questions about apparent manipulation of search results to accommodate its own products. The more recent probe includes Google +, and questions whether Google + has been given preferential treatment in Google’s vast network of online products and services. “The FTC is examining whether the company unfairly increases advertising rates for competitors and ranks search results to favor its own business, such as its networking site Google. According to the latest report, the FTC wants to find out “whether the company is using its control of the Android mobile operating system to harm competition.”

Google’s opponents have called for an investigation into Google’s search protocols for some time. Responding to reports of an imminent investigation, which originally surfaced in June of last year, FairSearch.org applauded the news. FairSearch.org represents companies such as Expedia, Travelocity, Kayak and Microsoft; all entities that have objected to Google’s actions.

“Google engages in anticompetitive behavior across many vertical categories of search that harms consumers,” the organization said in a statement. “The result of Google’s anticompetitive practices is to curb innovation and investment in new technologies by other companies.”

As of May 2011, Google had a 65.5 percent share of the U.S. search market, compared to 16 percent for Yahoo and 14 percent for Microsoft’s Bing. The European Commission began a similar antitrust investigation into Google’s search practices last year after numerous complaints from small businesses. That case is still pending. The gist of the FTC probe, prompted by the Senate, is that 1) since Google is a dominant gatekeeper to access competitive commercial opportunity online, and 2) if it deceptively represents that it is an equal opportunity search engine, 3) then favors the search results with Google products and services, then 4) Google is effectively using deceptive practices to steal the competitive opportunity of competitors and depriving Internet users’ of free choice to choose competing products and services.

While it is so far unclear what the long-term ramifications are for Google, the fact that this call to investigate has widespread bi-partisan support in Washington could lead to more trouble for the information conglomerate before all is said and done. Most recently Apple was subpoenaed regarding the Apple iOS use of Google products on their smartphones. Should Google be found to have violated the terms of their 2011 settlement, serious punitive action from the federal government may be in Google’s future.

“FTC and Google’s Ongoing Battle and its Implications:” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Late last week we launched a new survey here at the ITRC. This survey is intended to measure how well parents monitor their children’s social media and mobile device usage. There have been many stories in the news lately addressing serious problems with children on the internet. Issues such as bullying, sexting and identity theft have become a daily staple in the media. Questions are once again being asked as to the appropriate age for children to begin using social media and mobile devices. Another important factor being studied in this survey is what role do parents play in their child’s usage of social networks and mobile devices.

Parent surveyWe are trying to analyze these issues in order to find the best answers for parents and children. Parents are seeking knowledgeable advice on how to ensure the safety of their children. Our latest survey aims to do just that. We are hoping to better understand the practices of parents and children in the social media / mobile devices sphere, so that we may develop a set of best practices to recommend to parents and children alike. A successful completion of the survey will give us the data we need to move forward with creating those best practices based on the reality of today’s parenting.

Of course we wanted to give survey takers some incentive for taking the time out of their day to complete our survey. In conjunction with the survey we launched a contest to win one of five $100.00 gift cards. To enter the contest just visit the ITRC’s website and click on the Do You Have Children Who Use Social Media? link or click here to take the survey directly. The contest will run from May 1, 2012 through May 31, 2012. Five $100 prize winners will be announced and contacted on June 1, 2012. The survey results will be released on the ITRC website shortly thereafter.

The long awaited 2012 Child Identity Theft Report by AllClear ID was recently released, and it revealed alarming information regarding children and identity theft. AllClear ID’s conclusive investigation revealed that 10.7% of children were victims of identity theft in 2011 – a .5% increase from the 2011 Child Identity Theft Report. This report is based upon an extensive database scan of actual accounts rather than a survey, and it concluded that 2875 out of 27,000 American children were victims of identity theft.

The analysis of records revealed that 6,273 records or 59% of cases involved the credit bureaus – showing credit problems. The next category revealed 6, 273 records or 22% of cases involved utility accounts, followed by 1,459 records or 14% of cases involving either property assessments, mortgages, foreclosures, or deeds. The next two categories presented 345 records or 3% of cases involved vehicle registrations, and 214 records or 2% of cases involved Driver’s Licenses. Interestingly, one may wonder why the number of records may be higher than the actual number of confirmed child identity theft cases in the report. According to AllClear ID, many of these records involved cases that faced more than one type of identity theft, which drove the number of records up. In addition, many of these child identities were used for what appeared to be multiple different cases of identity theft.

In recent years, the ITRC has seen an increase in cases that involve more than one type of identity theft. These cases become more complex and difficult for the victims to mitigate. Child identity theft is a serious issue because a child’s identity provides the opportunity for different exploits – financial, governmental, criminal, and medical. Although the ITRC tracks child identity theft cases, we do not recognize child identity theft as a standalone type of identity theft because a case of child identity theft will involve one or more of the types of identity theft mentioned above.

In addition, the AllClear ID report states that children under the age of 5 are being heavily targeted. The percentage of victims in this age range is said to have more than doubled compared to that of last year’s study. The logic behind these findings clearly show that criminals are targeting children of this age because they recognize the value of a younger child’s identity – they are likely to get much more time using the identity before discovery. A child’s identity is recognized as a ‘blank slate’ – posing opportunity, potential and long term options. Children’s Social Security numbers are valuable to thieves because the crime can go undetected for years. A child does not begin to use his or her own identity until he or she has reached the age of 18 – the age a young adult applies for his/her first credit card, purchases his first auto, applies for student loans, applies for a job, or gets ready to do all the things adults do. Younger children pose an opportunity for a thief to enjoy the exploits for longer periods of times, all the while creating a devastating impact on the child’s identity and future.