When identity theft strikes, it can be hard to know where to start.

The goal of the following information is to enhance your working relationship with law enforcement and credit investigators. It includes:

  • Why Should I Have To Do Most Of The Original Work?
  • First Steps: Prior To Talking With The Investigator
  • Making Your Report
  • Behind The Scenes
  • Evidence Issues
  • What You Can Do To Help Your Investigator

One of the most common complaints we receive from identity theft victims is that they feel that law enforcement doesn’t care. Many also complain that fraud investigators at banks and credit card companies don’t appear to have the victim’s best interest at heart. It’s possible, but more likely this feeling is related to poor communication and a lack of information.

The tips in this sheet will help you to focus on the pertinent facts.  It will also help you state your case in a way that is most useful to the police and fraud investigators

WHY SHOULD I HAVE TO DO MOST OF THE ORIGINAL WORK?

Fraud crimes involving identity theft are complicated. As one police detective said, the person who knows the facts and details of this case best is YOU. The ability to solve these crimes is usually contained in the details. When one person tells a complicated story, the person hearing the details may only get a rough idea of the situation. This is often what happens when a police officer takes a fraud report from a victim who may not understand which points are the most important to the case and which points are just not relevant at the time. By writing down the details for yourself, you will outline and organize the case in your mind so that you can tell the story clearly.

FIRST STEPS: PRIOR TO TALKING WITH THE INVESTIGATOR

  1. Prior to speaking with an investigator, start a journal so you can record details as they occur (refer to ITRC Fact Sheet 106 – Organizing Your Identity Theft Case).
  2. Rough Draft: Outline the story, in chronological order, exactly the way that you discovered it. Put down anything you think is important. Don’t censor your thoughts. You’ll edit it later. There are certain things that are important to include:
  • How you first discovered the fraud/theft – who told you and under what circumstances.
  • Any clues you may have as to the identity of the imposter – not guesses, but hard facts.
  • Locations where fraudulent applications were signed or submitted (presented in your name). Get exact addresses whenever possible.
  • Locations where the fraudulent activity occurred and/or purchases were made. Be as specific as possible.
  • Exact addresses where goods, services, utilities were delivered in your name.
  • Home addresses and telephone numbers listed on those applications.
  • Names used either as primary or secondary account holders.
  • The entire account number of any accounts that are referenced
  • The full name, address, phone number and date of birth (if you have it) of any suspect referred to in your case.
  • The names of any companies, investigators, or customer service representatives you have contacted about a potential fraud, and their phone numbers, emails, and fax numbers. Include dates and times you spoke to them and a brief summary of the conversation. You should ask each of these people for a letter to include in your file.
  • Photocopies of any letters, account statements, or correspondence you received regarding this case.

Some of the information on this list can only be obtained after you present a copy of the police report to the merchant or credit provider. Get together what you can for the initial report, then supply the additional information as you receive it.

  1. Working draft: Now write a concise narrative, removing any emotional responses (for example, “He was very rude to me on the phone.”). This draft will lengthen as you uncover more information. [click here for Example of Victim Summary or Narrative]
  2. Include your identifying information:
  • First, middle, and last name
  • Any prior names you had that may be involved in the crime
  • Home and business address
  • Home, business, and cell phone numbers

Be ready to provide, but do not record on this document, the following three items:

  • Date of birth (DOB)
  • Driver’s license number
  • Social Security number
  1. NOTE: Some states are “right to report” states, meaning they will take your report of identity theft regardless of if you have proof or not. Check our interactive map to see if your state is a “right to report” state.

MAKING YOUR REPORT

  1. Listen and Participate
  • Call your local law enforcement agency on the non-emergency number. It is very important to state that you are a victim of identity theft (or a victim of criminal impersonation if it is a case of criminal identity theft). Avoid using the word “fraud” as that is a different type of crime. Ask if they have a fraud or identity theft investigation task force who can take your report. If they do, ask to be transferred. If not, ask to speak to an officer or a detective.
    • Some departments will take your report over the phone, some will direct you to an online form, and some will only file an “incident” report (depending on evidence and situation).
  • Be polite and work with the officer. Make sure you explain that you need a report of identity theft so you can clear your name. In many cases, a thief is operating out of a police officer’s jurisdiction and the officer cannot pursue the case themselves. You can, however, request the officer forward the report to the jurisdiction where the crime occurred.
    • If the officer you are speaking with will not file a report, you can request to speak with the Watch Commander on duty. This is the person in charge of that shift of police officers.
    • If you still cannot file a report, show the officer this letter by the Federal Trade Commission to show the officer the importance of the police report.
    • If you are still met with resistance, go to the next closest precinct and try again. Report all officers who refused to assist you to the Attorney General’s office for your state.
  • Obtain a business card or write down the name and phone number of the officer who took your report, and write down the police report number.
  • Request a copy of the report. Ask how much it will cost and how long it will take to be ready.  They may charge you a fee and it can take up to two weeks for an official report to be made available to you.  Follow up as necessary to ensure you have a copy of your report. You may not receive notification when it is ready.
  1. Asking Your Questions – You may have some questions for the investigator once your report is made. These might include:
  • What are the procedures from this point forward?
  • Who is the primary contact for your case?
  • What should you do if you find out more information, or if you get another collection notice? Should you call, email, or mail it to them?
  • How long will it take to get a copy of the police report (or a letter of investigation if you’re contacting a credit card company)?
  • What can I (the victim) be doing in the meantime? Is there something I can do to move things along faster?
  • Is there any action I (the victim) might take that would harm the case?
  • What chance does the law enforcement officer think they have in catching this person? (Although it’s difficult to accept, your focus should initially be on clearing your name rather than getting an arrest.)
  • Can they provide any written documentation you can use to show you are not the imposter (for instance, a letter of clearance)?

BEHIND THE SCENES – WHAT’S TAKING SO LONG?

The handling of your report and case will depend on the available resources of the agency that takes the report. If law enforcement feels that the case is unworkable, then focus on clearing your name.

  • Your case will be referred to a fraud investigator. Depending on caseload size, this might take several days.
  • You will be called and told who will be covering your case. You may be interviewed by phone or asked to come in. If this is not possible due to work or distance, tell them so and try to arrange for an alternate way to gather information.
  • The detective will triage your case by reading the initial report in order to determine the potential for moving forward with the case. Remember, the better you communicate the crime, the better the opportunity for action.
  • As time permits, the detective will start to gather evidence IF they think there is a chance that they can make a case and find the imposter.
  • Your case will be one of many, as detectives rarely work on one case at a time. Your case may stall while they wait for a credit card company to send them the official copy of a fraudulent application, or while they wait for someone from the bank to return a call. Some banks and credit card companies could take several weeks and several reminder calls before sending out requested information.
  • If the detective is required to get a court order to get information, that will take additional time.
  • Your case might also get preempted if a detective is given a new case where the criminal has just been arrested. Many states have laws regarding a “48-hour rule.” This means that the officer has just one day to put together a case to present to the prosecutor on a suspect who has been arrested so the suspect can be arraigned on the charges within the second court day of his arrest. If not, the suspect must be released and cannot be rearrested for the exact same incident at a later date. So those types of cases always have priority.
  • Detectives rarely close an open case. It may seem like nothing is happening but they do remain aware of your case. Sometimes cases may sit for months with no activity, then suddenly the imposter does something foolish and evidence is found to tie them to your case.

EVIDENCE ISSUES

What might seem to you to be clear-cut evidence might not help your case due to various evidence laws. Law enforcement must clearly prove a chain of evidence that connects the crime to the imposter. For a more detailed look at “The Evidence Trail,” please read ITRC Fact Sheet FS 114.

  • “I threw some old checks in the trash. Why won’t you arrest him?” Taking paper from your trash does not prove that this person passed the bad checks. The police must have conclusive proof. Examples include a witness or videotape of the transaction.
  • “The only place I left an application with my middle initial was at the phone company. It must be the employee who took the info.” Again, where is the proof?
  • “The thief used a credit card to get a computer. I know the address it was delivered to.” The police must prove that the person receiving the merchandise committed the crime.
  • “I know the person who took my identity. He stayed at my house a couple of days.” The police must first prove that you didn’t give the suspect permission to take the info and that this “friend” actually committed the crime.
  • A criminal uses your stolen driver’s license. The imposter could claim, “I must have picked this up from the bar instead of my own. I thought it was mine.”

WHAT YOU CAN DO TO HELP YOUR INVESTIGATOR

Once you make your report, it is now the investigator’s case. However, you can ASK how you might help and work with them. This is not their only case, so respect their time and be brief in your phone calls. Get right to the point. Remember, rudeness never works. Identity theft cases are slow and may take months to complete.

  • Contact the detective when you have new evidence, but no more than once a week during the active period of the case.
  • Contact your detective once every 3 – 4 weeks even if you don’t have evidence to share. Do NOT telephone them more frequently than this. Ask about the status of the case.
  • Don’t use law enforcement or investigators as a therapist or a person to dump emotional frustration on.
  • Ask what you can do to help move the case forward. Is there anything they are waiting for? Maybe a call to your fraud contact at the bank or credit card company might help.

SOME FINAL THOUGHTS

As much as we would like them to, most identity theft cases do not end in arrest. Usually, this is not the fault of law enforcement; they are overworked and understaffed. Leads may not pan out, and evidence we thought might be perfect may not legally prove a case. We hope that you’re the case will end in an arrest and conviction, but if it does not, know that you did everything humanly possible. Many detectives face unsolved cases while hoping that sometime, somehow, a new piece of evidence will finally prove to be the imposter’s undoing.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Traveling overseas offers a unique set of risks for American consumers. Travelers by necessity have to carry several pieces of sensitive information like a passport, bank cards, drivers license, and an assortment of additional documents that could put them at risk if lost or stolen.

So the next time you’re traveling abroad, be mindful of a few tips you can use to reduce your risk of becoming an identity theft victim while in another country.To protect your identity while you travel within your own country or abroad, it’s a good idea to take the following precautions:

oversea travelTravel light: and we don’t mean that you should leave behind the extra set of shoes and winter coat. Leave behind unnecessary credit cards, bank cards, social security card – anything you have in your wallet that you won’t need on your trip. The less information you bring, the less you put at risk.

Make copies of your passport, driver’s license, and any credit cards you plan to take with you: Leave one copy with a friend or family member you can call while on your trip and keep one copy with. If your stuff is stolen while traveling, you will have the information you need to lock down your credit and start the process of obtaining new documents.
Leave the checks at home: You won’t need them while traveling, and most places have significant restrictions on check-writing these days anyway. Besides, checking account fraud is one of the most difficult types of identity theft from which to recover. Use cash and credit cards while traveling and pay the bill when you get home.

If you have a hotel safe, use it: Many hotel employees have access to your room and there is tremendous risk of burglary while you’re out. If the safe in your room is not working, ask for a room with one that does.

All that being said, there are so many wonderful places to travel throughout this world of ours and these tips will help you do so more safely! So get out there and see how amazing travel can be…oh and don’t forget your sunscreen!

“Guarding your Personal Documents While Traveling Abroad” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Tax time, whether it’s in April, June, October or December, often puts important personal identifying information at risk for exposure. Your W-2’s, and other IRS reporting forms, include your Social Security Number and, in some cases, financial account information. These numbers can be a gold mine for identity thieves. Your personal information can enable thief to obtain a job, open up new lines of credit, access existing financial accounts or stock portfolios, get welfare, avoid a criminal history and generally create havoc in your life.

The question is: where are those forms kept in your home? Are they lying on a table top or somewhere anyone can see them? Or, are they in a locked box or file cabinet? Many consumers are not aware of the potential threat that these forms represent, and take little notice of the necessary steps which should be taken to secure these items. With this in mind, the ITRC wants to remind consumers and businesses to be careful when handling tax-related documents and information.

Here are some tips on how to minimize the risk of identity theft:

Paper security

Whether it’s in the home or in the office, make sure all tax documents and paperwork are secured in a safe, locked location at all times. Any financial statement or item which contains personal identifying information (PII) should not be left unsecured or visible to others.

Data on the Move

Financial documents don’t belong in a briefcase left unattended in your car. Law enforcement has reported increases in vehicle break-ins to steal items which can be used to commit identity theft. When transferring tax documents between home and the accountant, make sure they are hidden from view, i.e. locked in the trunk, at all times.

Computer Security

If your computer is linked to the internet, be sure to regularly update firewall, anti-virus, and anti-spyware software to protect you from attack. Since many taxpayers now file online, or store financial information on their computers, it is vitally important to install and update these types of security programs. Sensitive documents should be kept on a computer with a password protected log-on. This computer should never be used by children others who might install peer-to-peer software or expose the computer to unrestricted web browsing. These activities often result in security problems within days, if not hours.

E-Filing

While preparing your tax return for filing, make sure to use a strong password to protect the data file. Once your return has been e-filed, burn the file to a CD or flash drive and remove the personal information from your hard drive. Store the CD or flash drive in a lock box or safe. If working with an accountant, you should query them on what measures they take to protect your information.

Mail Theft Awareness

Be sure to retrieve your mail every day. An unlocked mailbox is an open invitation to an identity thief to steal your tax refund or other important documents. When mailing your tax documents, take them directly to the Post Office. Drop them in a box inside the Post Office. If you must use an outside Post Office pickup box, it’s best to drop your mail before the last pick-up of the day. Don’t leave tax documents in an outgoing mail box at work.

Tax Preparers and Personal Privacy

Be selective about who works on your taxes. Investigate tax preparation companies with the Better Business Bureau, especially new or seasonal offices. Ask the preparer how your information will be stored? Will it be encrypted? What computer security software is used? Who has access to this information? Has the person working on your taxes undergone a thorough background screening? How many years have they worked for the company? Do you see personal papers displayed on desks? Trust your impressions. If you feel uncomfortable, or doubt the firm’s commitment to protecting your privacy, take your business elsewhere. The phrase “buyer beware” especially applies to “on-line tax preparers.” Who are these people? What do you know about them? Are they really a company or legitimate accountant or is it a scam to gather Social Security and account information from you? Avoid doing financial business in supermarkets, or other public concession booths, where others may hear or see your transaction. Those mini offices are not soundproof – and criminals have been observed using binoculars or shoulder surfing to gather information. Go some place where you have privacy.

Tax Time Scams

If you receive an email asking for your Social Security Number or financial information, delete it or send it to the FTC at spam@uce.gov for investigation. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. If you have any questions about an email you received from the IRS, or a letter that sounds suspicious, immediately call the IRS Taxpayers Advocates at 877-777-4778.

Document Disposal

Put papers you no longer need through a cross-cut shredder. These include credit card receipts, other papers with Social Security Numbers (i.e. income reporting forms), financial statements, health benefit statements and loan documents. Do not store these documents intending to shred them at some future time. As soon as you determine the document is no longer needed, shred it!

Document Storage

When storing your tax returns and other sensitive financial documents, use a locking file cabinet or even better, a safe. Make sure you know who else has access to this storage.

Employment Identity Theft

Identity theft goes beyond the well-known forms of financial identity theft. Sometimes identity thieves use your identity to get a job, obtain welfare, or medical services. They may be employed and using your Social Security Number – or even your child’s Social Security Number. In these situations, the IRS may send a notice indicating that more than one person is using a Social Security Number, or that you owe taxes. If this happens, immediately contact the IRS Taxpayer Advocates or the Identity Theft Resource Center at 858-693-7935 for assistance.

A recently published consumer report is advocating the general idea that identity theft is a diminishing crime and that most services offered to protect consumers hold little, if any, value. The trouble is, their research in many places is superficial and/or incomplete, and in some places completely irrelevant. It seems as though for a piece regarding the existence of identity theft, the experts who provided opinions on the topics, were not experts in identity theft at all.

All major federal agencies that have anything to do with identity theft have universally said that incidence of identity theft are getting worse, not better. That includes organizations like the FBI, FTC, and DOJ. According to the same Department of Justice study that is cited in questionable pieces includes the statement, “in 2010 about 7% of households in the US (about 8.6 million) had at least one member age 12 or older who had experienced one or more types of identity theft victimization.” While that is a slight decrease from the 2009 number of 7.3%, it should not be overlooked that the overall trend is still very much an upward one.

According to the aforementioned study only 5.5% (about 6.4 million households) experienced this same type of victimization in 2005. It should be noted that 2010 is the first year that any decrease can be seen anywhere in the numbers over the last five years.

Further, the Federal Trade Commission (FTC), the federal agency most responsible for monitoring identity theft activity in the United States, found that identity theft has been the top complaint from consumers in their annual survey for the past eleven years running. These are not merely concerns being expressed mind you. These numbers have nothing to do with subjective fears which can be influenced by paranoia and outside influences, but are actual complaints, i.e. incidents of identity theft being reported.

As the Victim Advisors at the ITRC have dealt with victims of criminal identity theft almost every day for the last ten plus years, we feel somewhat more qualified to talk about this issue from a truly “expert” perspective. Anecdotally, I can tell you that I speak with a victim of criminal identity theft nearly every single day. For something that “doesn’t happen a lot,” it sure happens a lot, and to those who have to go through it, it means a lot to have someone on their side helping them through it.

A recent study done by a cyber security firm known as F-Secure, found that 58 new threats to the Mac operating system were discovered between April and December of 2011. It is a commonly perpetuated falsehood amongst consumers that viruses and malware are only issues for PC platforms, not Macs. Unfortunately, this is a fallacy. Viruses are like any program; they have to be written with platform specific languages, with instructions written for that machine, operating system, type of processor, etc. What this means in simple layman’s terms is that in order to infect a Mac, you must develop software designed for a Mac.

Mac malwareSo while it is technically true that Macs have historically been far less likely to become infected with a virus or malware, the reasons for this discrepancy should be examined. Is it really that Macs are so much more secure? The reality is that Macs are only less likely to be infected…so far, because there are less of them in operation as opposed to PC platforms. As such, they represent a lower possible return on any investment in time and money a cyber criminal or criminals may choose to invest in developing and spreading malware. At this point, because the Mac operating system still owns a minority of the market share, it is comparatively safer than PC operating systems…for now. One scenario that could happen to make attacks on Macintosh computers more common: an increase of Market share of MacOS X computers. Macs must control enough of the market to entice profit-driven malware and viruses to be more commonly developed.

As Internet usage and personal computer ownership continues to become more common the world over, it is entirely plausible that niche-market viruses could develop to focus on Mac operating systems. Remember that while the Mac system is – at this point – more secure, it is more a result of being a less common target of cyber-criminals, and not because the system is inherently more secure. Be wary of links from people you don’t know, or spam emails, as one wrong click can expose your Mac to malware in the same fashion it would a PC. As Macs become ever-more popular, expect the number of threats to increase in a linear fashion.

“Think Your Mac is Immune to Malware? Think Again” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

M86 Security, a global expert in real-time threat protection recently published a security review on the most recent trends they are seeing in cyber-threats during the second half of 2011. After probing e-mail threat tendencies and the Web in general the report makes some interesting assertions. Most notably, taking note of spam trends, the study found that while spam emails on average diminished significantly from September to December of last year, the total amount of e-mail junk having malevolent attachments increased to over 5 percent from not even 1.

The study found that incoming amounts of spam declined to 70% of all incoming e-mail traffic during December 2011. While that seems a large number, when compared to the numbers in September, which were over 90%, it is clear that there was a significant down-trend in spam frequency Additionally, the study made note of the largest host countries for spam and malevolent email activity.

It was somewhat surprising to see that the USA at 51.4% was far and away the leader, with Russia in a distant second place at only 6%. The study showed the most prominent botnets were behind the maximum amount of e-mail junk. M86 reports that during 2011, personalized assaults have become increasingly sophisticated.

Direct assaults on national infrastructure and government sites rose through the use of key-logging. The overall gist of the study points to traditional email spam becoming less common. The threat of malevolent effect through email seems to have increased overall however, as targeted breaches and dangerous attachments to email have become more common. The study seems to indicate that email predators are switching tactics rather than reforming their practice. Be wary of emails from people you don’t know, and never under any circumstances download email attachments unless you are familiar with and trust the source of the email. Keep your anti-virus software up to date and contact the authorities if you feel you have been the victim of an email related scam.

“M86 Cyber Threat Security Review” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

A majority of identity theft cases never make it to court. If they do, you’ll want to arrive armed with the knowledge of what your rights are and what tools the law allows you to use to rectify your identity theft issue. Keep in mind, as you read this information, that each case is unique. What one victim experiences may not be your experience, even within the same jurisdiction and court. This general information is not meant to take the place of legal advice from an attorney, or advice from a DA victim assistance counselor. However, it might help you understand the complexities of the judicial process.

Throughout the process of clearing your name, you have most likely filled out a number of affidavits. On these forms is some information you might not want publicly known. This could be your new driver’s license number, mother’s maiden name, former addresses or names used, new address, birth date and account numbers.

Many victims do not know that you may request that identifying information be redacted (blackened out) from documents being put into court records or given to the defense attorney during discovery. Unfortunately, we have heard of cases where the perpetrator has gotten these documents and now has even more information than he/she originally had. Talk with the detective and DA on your case about your options. These will vary from jurisdiction to jurisdiction. Throughout the court process, take detailed notes. Note names of people who testify, the name of the judge, DA, court reporter and even the probation officer. Write down who said what, judicial rulings, anything the defendant says. Jot down questions about things you don’t understand or items you feel were ignored. You can ask the DA or victim assistance counselor about those later.

There are some very basic expectations you should understand for each step in the trial. At the arraignment, you probably will not be asked to speak, and may not be involved. Sometime after the arraignment, someone from the DA’s office may contact you to let you know about the date of the trial. Depending on your city or county, you should expect that this DA will not be the DA who later will try the case. Frequently, victim contact is just an administrative function, and the DA’s rotate this duty. If you become aware that your perpetrator has been arrested, and you have not been contacted by the DA, you should call the DA’s office and ask for the calendar coordinator. You may need to be persistent.

If you are involved in the arraignment, you will be a spectator. Typically, the defendant will go up to the front of the room along with his/her attorney. The court will read the charges and ask how they plead. Expect to hear the words, “Not guilty.” Do not react to this; this is just a legal process. The judge will quickly review the DA’s charges. Then the judge will set a preliminary trial date, a readiness hearing date and decide bail.

Following the arraignment, the formal trial will begin next. Keep in mind; this is the people’s case, represented by the prosecutor, not yours. The DA may not present the information you wish. He/she may not focus on points you think are important and may even settle for a plea bargain without consulting you.
Many factors figure into the way a prosecutor presents a case. The prosecutor must consider the type of penalty asked for, and how many counts (acts of criminal behavior) charged in the case. For example, sometimes your case is just one of several cases that are being charged against an alleged imposter. The DA will focus on the crimes that have the best chance of successful prosecution, or that hold the highest resulting penalty. Those crimes may not be yours. Sometimes a DA has a wealth of criminal activities to prosecute, but going after each incidence won’t help improve his/her case. The judge might see such actions as persecution, or a waste of time. Be aware that the penalty might not change between 31 counts and 15 counts in a specific case.

Again, take notes. Keep your cool and act in a professional manner. You may not even need to say anything until the imposter is found guilty and the court moves into the sentencing phase. If you are called to testify, follow the directions given to you by the DA’s office prior to trial.

If the defendant is found guilty, the judge will set a date for sentencing. If, however, a plea bargain has been struck, the case will move directly to sentencing. You will be notified of the date of this phase and you should talk with the DA prior to this date. You should also talk with the Probation Officer assigned to the case.

You have the right to submit a written Victim Impact Statement. If you want, you can also make a statement in court. The judge must read anything you submit to the court, prior to sentencing. Please do yourself a favor: Prepare a statement, keep it concise, accurate, clear, and complete. This is the best way to have your message heard clearly by the court. You may attach a financial statement detailing your costs and expected costs; include copies of any receipts that verify expenses.

If the imposter is found guilty, the judge will pass sentence. That sentence may include probation with review hearings. The Probation Department will give a report to the judge regarding probation progress (or lack thereof), and law enforcement is also permitted to search the convicted felon’s residence, car, person and belongings for any probation violations. Before a Review Hearing, victims who suspect that the felon is breaking probation or the law should notify either the police detective that was on the case or the assigned probation officer. Review Hearings give victims another chance to address the court, especially if probation violations affect them.

“The Court Experience for Identity Theft Victims” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

In today’s world of commerce and travel, we’re all used to many public places offering free wifi to consumers. Open wifi connections are convenient. They allow us to leave the office and do work outdoors, do homework at a coffee shop rather than at home, or access important information almost anywhere. But though open wifi connections are great in public, they can lead to serious problems at home. Even today, thousands of homes do not have a firewall or security password on their wifi connection. These homes are broadcasting internet access, sometimes as far as a block away. Not only does this allow their neighbors to acquire free internet access, it can allow anybody within range to view the files that are on your computer, and download sensitive information such as your banking formation, tax documents, social security number, stored pictures, and anything else on your computer.

http theftIn rare instances, the thief used the victim’s computer to store illegal material such as child pornography so that the authorities wouldn’t find it on the thief’s computer. But luckily, there are several easy things that you can do to protect yourself from this intrusion.

  1. Install a Firewall – A firewall determines who has access to your family’s network and who doesn’t. Whoever has access can go online and share files between computers. It is always important to make sure your firewall is constantly ENABLED and that it recognizes which computers can have access as well as have a password to enter.
  2. You Need a Virus Scanner – regardless of if you have a Mac, PC, or Lenox based computer, you need to have a virus scanner. There is no such thing as a computer that is “virus-proof”. Hackers and criminals are clever and there is a code for every type of computer and program. A while ago, there was a virus code that could be imbedded in .jpg files. These viruses can open backdoors in your firewall, record everything you type, or allow thieves to insert other malicious programs or files onto your computer.
  3. Be careful about what you download. Some files on the internet may look harmless but actually contain malware such as Trojans. Pay attention to your virus scanner while downloading new products. If it doesn’t like a program, don’t download or install it.

Initial protection from outside intrusion of your wifi based network is relatively easy. If you need assistance setting up your firewall or picking a virus scanner, consult your local computer expert.

“Direct Connections to the Internet Protecting Yourself and Your Information Against Intruders” was written by Kat. Kat is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

There are several situations in which identity theft can affect the processing of a tax return. Most involve someone misusing someone’s Social Security number (SSN), which the IRS uses to make sure the filing is accurate and complete and that they get any refund they are due.

It could be a sign of identity theft if a taxpayer receives an IRS notice that:taxes

  • More than one tax return was filed for one tax year, or
  • IRS records indicate a taxpayer received wages from an employer they don’t know.

If someone uses a taxpayer’s SSN to file for a tax refund before the taxpayer does, the IRS may believe the taxpayer has already filed and received their refund. The taxpayer might not know this until they get a letter from the IRS indicating that more than one return was filed for them.

If someone has used a taxpayer’s SSN to get a job, the employer may report that person’s income to the IRS using the taxpayer’s SSN, making it appear to the IRS as if the taxpayer did not report all of their income on their tax return. In that situation, the IRS might send the taxpayer a notice that they appear to have received wages from an employer they don’t know.

If You Suspect Identity Theft – Contact the IRS

If you get a notice from the IRS, respond immediately to the name and number printed on the notice. If you think you have tax issues related to identity theft, let the IRS know as soon as possible, even if you don’t have any evidence that it’s affected your tax return. Contact the IRS Identity Protection Specialized Unit (IPSU) at 1-800-908-4490. The IPSU’s hours are 8:00 am to 8:00 pm (your local time).

Specialists will work with you to get your tax return filed, get you any refund you are due, and protect your account from identity thieves in the future. You can document the identity theft by submitting a police report or the IRS ID Theft Affidavit (Form 14039).

You’ll have to prove your identity with a copy of a valid government-issued identification, like your Social Security card, driver’s license or passport.

We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Imagine these scenarios:

You are on vacation and you open your laptop in your hotel room. You log into the public wifi network, and quickly agree to the Terms and Conditions (without reading them of course), and start to do your normal Internet activities. For just a second, you have a fleeting thought: “Is my computer at risk?” And then you begin your normal Internet activities and quickly forget all about it.

You are waiting to catch your flight in an airport and, after grabbing a cup of coffee and opening your laptop, you see that there’s a “Free Public Wifi” network available. You login to your banking account to transfer funds. You have a vague sense that you might not be doing something safe, but you figure that you’re only going to be online for fifteen minutes, so you’re probably okay, right?

How Safe Are Wifi Hotspots?

Many of us assume that using a wifi network at a hotel or airport is the same as logging into our network at home or at the office. But the risks of using wifi networks at a hotel or airport are exponentially greater than those experienced at home or in an enterprise setting.

For example, while sharing folders, printers, desktops, and other services can be useful at home or in the office, doing so is inappropriate on a public network, where competitors or hackers can access this information.

Most private networks use firewalls to defend users against Internet-based attacks. This is not necessarily true in public wireless networks, where security practices vary widely. You may assume you are safe from outside attacks, but you really have no idea whether any firewall lies between your laptop data and the Internet.

Business travelers willing to connect to any network that offers free Internet access are especially vulnerable to such attacks. It is literally impossible to tell the safe networks from the bad ones. Wireless eavesdropping is possible everywhere. Only a small percentage of public networks prevent wireless eavesdropping, and many networks leave wifi users completely responsible for their laptop security, with extensive or complete file and service exposure.

So What Should I Be Worried About?

Okay, so now you are probably aware that using a public wifi network while on the road exposes you to a lot of security risks. But what risks are we talking about exactly?

The following is a list of different types of hacks that can occur in public wifi hotspots:

Sniffers: Software sniffers allow eavesdroppers to passively intercept data sent between your web browser and web servers on the Internet. This is the easiest and most basic kind of attack. Any email, web search or file you transfer between computers or open from network locations on an unsecured network can be captured by hackers. Sniffing software is readily available for free on the web and there are 184 videos on YouTube to show budding hackers how to use them. The only way to protect yourself against wifi sniffing in most public wifi hotspots is to use a VPN, such as PRIVATE WiFiTM.

Sidejacking: Sidejacking is a method where an attacker uses packet sniffing to steal a session cookie from a website you just visited. These cookies often contain usernames and passwords, and are generally sent back to you unencrypted, even if the original log-in was protected via HTTPS. Anyone listening can steal this log-in information and then use it to break into your Facebook or gmail account. This made news in late 2010 because a programmer released a program called Firesheep that allows intruders sitting near you on a public wifi network to take over your Facebook session, gain access to all of your sensitive data and send viral messages and wall posts to all of your friends.

Evil Twin/Honeypot Attack: This is a rogue wifi access point that appears to be a legitimate one, but actually has been set up by a hacker to eavesdrop on wireless communications. An evil twin is the wireless version of the “phishing” scam: an attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. When a victim connects, the hacker can launch man-in-the-middle attacks, listening in on all Internet traffic, or just ask for credit card information in the standard pay-for-access deal. Tools for setting this up are easily available (e.g., Karma and Hotspotter). One recent study found that over 56% of laptops were broadcasting the name of their trusted wifi networks, and that 34% of them were willing to connect to highly insecure wifi networks.

ARP Spoofing: Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack a wireless network. ARP spoofing allows an attacker to sniff traffic on a LAN and modify or stop the traffic altogether. This attack can only occur on networks that make use of ARP and not another method of address resolution. ARP spoofing sends fake, or “spoofed”, ARP messages to a LAN which associates the attacker’s MAC address with the IP address of the victim. Any traffic meant for the victim’s IP address is mistakenly sent to the attacker instead. The attacker could then forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim. A successful APR attempt is invisible to the user.

“Free Public Wifi” Rogue Networks: “Free Public Wifi” networks are ad-hoc networks advertising “free” Internet connectivity. Once you connect to a viral network, all of your shared folders are accessible to every other laptop connected to the networks. A hacker can then easily access confidential data on your hard drive. These viral networks can be used as bait by an Evil Twin. “Free Public Wifi” networks turn up in many airports. Don’t connect to these networks and you won’t infect your laptop. If you find this kind of network on your laptop, delete it and reconfigure your adapter to avoid auto-connecting to any wireless network.

Man-in-the-middle Attacks: Any device that lies between you and a server can execute man-in-the-middle attacks, which intercept and modify data exchanged between two systems. To you, the man-in-the-middle appears to be a legitimate server, and to the server, the man-in-the-middle appears to be a legitimate client. In a wireless LAN, these attacks can be launched by an Evil Twin.

You Should Know What You Are Agreeing To

Remember those Terms and Conditions that you agreed to and didn’t read? Well, we’ve actually read them, and here is what some of them say:

  • Starbucks: It is the Customer’s responsibility to ensure the security of its network and the machines that connect to and use IP Service(s).
  • Boingo Wireless: There are security, privacy and confidentiality risks inherent in wireless communications and technology and Boingo does not make any assurances or warranties relating to such risks. If you have concerns you should not use the Boingo software or service. We cannot guarantee that your use of the wireless services through Boingo, including the content or communications to or from you, will not be viewed by unauthorized third parties.
  • JetBlue: Wireless internet connections such as that provided through the Service are not secure. Communications may be intercepted by others and your equipment may be subject to surveillance and/or damage. Since the wireless connection providing you with access uses radio signals, you should have no expectation of privacy whatsoever when using the service. Accordingly, in providing this service, JetBlue cannot and does not promise any privacy protection when you use the service. It is your sole responsibility to install and deploy technological tools to protect your communications and equipment that may be compromised by use of a wireless network.”

So How Can I Protect My Laptop?

Okay, so now you know how dangerous wireless networks can be, and the various kinds of attacks you may face when using them. So what specifically can you do to protect yourself and your data?

Below are some proactive steps you can take to protect yourself when using such networks, and services you can use that provide laptop security.

Disable or block file sharing

  • Enable a Windows Firewall or install a third party personal firewall
  • Use file encryption
  • Most importantly, use a VPN

The one thing that they all have in common is that it is your responsibility to protect yourself. The best way to protect your sensitive information is to use a Virtual Private Network, or VPN, which encrypts the data moving to and from your laptop. The encryption protects all your Internet communication from being intercepted by others in wifi hotspots. In addition, VPNs can prevent hackers from connecting to your laptop and stealing your data files.

The above article was posted on Friday, July 1st, 2011 by Jared Howe for Private WiFi. Private WiFi is a personal VPN software that encrypts your data in public wireless hotspots. Using our easy software prevents identity thieves from hacking into your emails, online banking, social media accounts, and other personal information. You can check them out at www.privatewifi.com.