We are very excited to begin yet another venture in our mission to reach consumers and educate them about identity theft. This Thursday, December 6th ITRC will be hosting our first ever identity theft Twitter chat. It is our hope that this will help people who are concerned about and interested in identity theft connect with one another. Be it an organization working on identity theft issues, victims of the crime, or service providers these conversations have proven to produce wonderful ideas in the past. The ITRC is optimistic the weekly identity theft chat will do just that.

The first identity theft twitter chat will take place on Thursday, December 6th 2012. Those who would like to participate can RSVP via online invitation. The ITRC will be hosting the identity theft twitter chat every week on Thursday at 11:00 am PST.

twitter

Questions will change every week and December 6th 2012 questions are as follows:

Q1: What do you think is the best way to protect against ID Theft?
Q2: Who do you think is the most vulnerable to ID Theft right now?
Q3: Have you ever been a victim of ID Theft? What happened?
Q4: Would you know what to do if you become a victim of ID Theft?

Following each weekly identity theft twitter chat, users will be able to suggest questions for the next week’s event. In order to participate, users should follow the hashtag #IDTheftChat and include it in all of their responses.

The ITRC hopes that everyone with interest in the issue of identity theft is as excited as we are and that this weekly event will help centralize twitter talk regarding identity theft. This weekly event should also help produce great collaborative thought and perhaps even some unique and novel solutions. Other entities which are interested in becoming a guest host for a weekly chat can contact ITRC’s Social Media Manager at nikki@idtheftcenter.org. We hope you will join the conversation and bring your friends!

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

The Identity Theft Resource Center has been receiving hundreds of calls regarding a specific data breach notification letter from a debt collection law firm in the state of Florida. The letter was sent to people who may have had their personally identifiable information (PII) exposed, detailing the cause of the exposure, the firm’s response, and some tips for people to protect themselves.

The letter explains that a former employee may have possibly viewed people’s names, addresses, date of birth, driver’s license number, and/or Social Security number. The letter stresses that the firm does not believe that people’s personally identifiable information was used to inappropriately obtain or use their credit, but “out of an abundance of caution” wanted to inform people of the possible exposure of their data so they could take proactive measures to minimize their risk of identity theft or fraud.

The firm’s letter recommended some actions for recipients to take including continuously obtaining credit reports from the three major credit reporting agencies, reporting any inaccuracies to creditors and the credit reporting agencies, and placing security alerts on credit reports. Lastly, the firm recommended that recipients of the letter call the ITRC for additional information and support services.

The ITRC is not in any way affiliated with said firm, but is always available to help victims and potential victims of identity theft and related fraud. The steps outlined for people to protect themselves in the letter are great first steps, but we at the ITRC would like to provide some additional steps people can take to dramatically minimize their risk of identity theft and fraud.

If you are a recipient of this data breach notification letter:

  1. Call the three credit bureaus (Experian, Equifax, and Transunion) and request a 90 day alert be placed on your credit.
  2. Request your annual free credit report from each of the aforementioned credit bureaus and review them for any inaccuracies. Should you find any inaccuracies please call the Identity Theft Resource Center at our toll-free number, (888) 400-5530, so one of our experienced Identity Theft Victim Advisors can personally assist you in resolving them.
  3. If you do find any inaccuracies, call the three credit bureaus and request a security freeze be placed on your credit. This may cost a nominal fee depending on the state that you are in and does not allow new credit lines to be processed until you personally unfreeze your credit. Even if you do not find any inaccuracies, you may want to consider putting a security freeze on your credit as a precautionary measure.
  4. File your tax returns as early as possible to avoid an identity thief filing a tax return under your name in order to receive fraudulent tax refunds.
  5. Contact the Social Security Administration and request your wage report to ensure that an identity thief has not reported fraudulent wages which you may have to pay taxes on if not resolved.
  6. For more details on what to do if you have received a data breach notification letter, please read our ITRC Fact Sheet FS 129.

Regardless of whether you have reason to believe your personally identifiable information has been exposed or not, it is always a good idea to be proactive about protecting your identity. Monitor your credit reports and properly dispose of or protect your personal information. Visit us at www.IDTheftCenter.org for more information about identity theft, fraud and what you can do to protect yourself.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

One of the first steps a victim or likely victim of identity theft should look to complete in order to protect their financial well-being is issue either a fraud alert or initiate a credit freeze. At the ITRC call center our advisers regularly receive calls from consumers confused as to what exactly each of these protections do and how they work. In an effort to reduce confusion, what follows is an explanation of what each protection does and doesn’t do, and which one will best fit what type of consumer or victim. For more detailed information, review fact sheet 100 in the document catalogue of the ITRC website at www.idtheftcenter.org.

Fraud Alert – A fraud alert heightens credit issuer’s awareness that they need to authenticate and verify the applicant before issuing credit. Most security conscious banking and financial institutions as well as major credit issuers will take notice of a fraud alert. However, it is not 100% reliable and not always heeded. They don’t affect your credit score but may slightly slow down the application process. When you initially place a fraud alert as a potential victim of identity theft, you will be offered a free credit report as part of your federal rights. This is not the same as the free federal annualcreditreport.com

Security or Credit Freeze – With a freeze; a company may not look at your credit report for the purposes of establishing new lines of credit. Companies you already have an existing relationship with (example: a credit card, loan or utility service) may view your reports but only to review your credit-worthiness. Placing a freeze is a strong step to take and will affect your ability to get instant credit since it can take up to 3 days to thaw a report. However, it also locks out thieves. In those states with freeze laws, most state that victims with a police report get this service for free. Most states also allow the consumer to buy a freeze. You may thaw your freeze anytime you wish to apply for credit but you will need to plan ahead. At the time a freeze is established, the victim or consumer is given a pin number as a way of confirming their identity. Anyone considering a security freeze needs to be very careful not to lose this pin number as it can be extremely difficult to thaw (unfreeze) your credit report without the issued pin number.

The difference between these two options is the level of security. A freeze will place a higher degree of assurance to a victim that new accounts will not be opened, but leaves much less flexibility than a fraud alert. Whichever tool a victim of identity theft chooses, they should continue to be conscientious of what is going on with their credit file and know that the Identity Theft Resource Center is always here to answer questions and assist victims.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Recently here at ITRC, we’ve received several queries about the effectiveness and use of mobile VPNs. What are they? How do they work? Do I need one for my phone if I send and receive a lot of data? Well, we aim to please…

VPN stands for “virtual private network.” A mobile VPN provides mobile devices with access to network resources and software applications on their home network when they connect via other wireless or wired networks. A VPN maintains an authenticated, encrypted tunnel for securely passing data traffic over public networks. This is important because public wireless internet connections (public wi-fi) are one of the easiest and most common ways for identity thieves and hackers to harvest personal information from their victims.

The increased use of mobile devices and a related rise in employee desire to use their own personal devices for work purposes means it is more important than ever that organizations take appropriate steps to protect corporate information and provide access in a safe and effective way. A mobile VPN makes it possible for users to access the internet via public wireless access in a McDonalds or Starbucks, while still staying safe behind a firewall to keep prying eyes from accessing privileged information. When considering whether or not a mobile VPN is a worthwhile tool to have, there are several issues to consider.

1. The need for privacy

It’s always a good idea in personal practice to exercise sound judgment when accessing the internet in public areas. For work purposes, the need for privacy becomes even more paramount. Not only could you compromise your personal information, you could expose company secrets as well. If your job is the type that requires continuous access to shared information, a mobile VPN should be viewed as a near necessity.

2. Connectivity and Convenience

A mobile VPN functions essentially like a portal to your home or office server. The cost of this convenience and safety should be considered necessary only if one is regularly accessing secure or sensitive information (either for personal or professional use) while on the go. If you don’t have access to your office server and/or don’t use your personal phone to send or receive sensitive information, a mobile VPN may be an unnecessary expenditure. A VPN is likely to come attached to a monthly subscription fee, and will also very likely make the speed of data exchange on your phone somewhat slower than it would be otherwise.

3. Frequenting Foreign Websites?

The secure nature of a mobile VPN allows you to usually access foreign hosted sites faster than otherwise possible.

4. Flexibility

VPN’s function on virtually any type of internet connection (wi-fi, 4g/LTE, broadband, etc.)

5. Voice vs. Data Security

It’s important to note that smartphones have both data and voice channels. Mobile VPN ONLY encrypts the data channel i.e., your phone access to a browser, email, and internet resources are encrypted. However, your voice calls are not encrypted through use of a mobile VPN. If you use internet based phone service (Skype for example) that uses the data channel to make phone calls, your voice calls may be encrypted when using your mobile VPN.

 

Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.

Privacy is becoming an ever more important issue garnering increased public discussion. Increased fear of misuse of personal information is slowly showing up in a multitude of consumer surveys. Facebook along with many other global powerhouses have at times been criticized for their perceived failure to adequately address the various infringements on individual privacy that can sometimes result from their services. In an effort to address these concerns, Facebook recently put a privacy tutorial in place for all new users.

facebook-logo

Facebook created customizable privacy settings several years ago, but many users expressed unfamiliarity with how to effectively make use of these settings. Other users simply were unaware of or else never took the time to understand privacy implications. In an effort to generate greater awareness of privacy risks, as well as greater understanding of how to best make use of Facebook’s privacy settings, a tutorial for all new users has now become a part of the set-up process for any new Facebook account. In the tutorial, users are made to understand how their information is shared with others, what information is shared, and what options Facebook makes available in order that the individual may control what they share, how they share, and with whom.

For current users who wish to learn more about privacy settings, simply go to your account settings and find the tab labeled “privacy” and do a little perusing. If the Facebook tutorial specifically is something you want to help walk through the process of understanding the privacy settings, simply generate a new account (using a new email) and go through the start-up process. The tutorial will be one step in getting your new Facebook account fully set up and completed. Any questions about privacy issues can be directed to Facebook staff via message through the sites “contact us” listing.

“Facebook’s New Privacy Tutorial” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original article.

Major security breaches often occur over the Internet. As hackers learn to break into corporate – and even government – networks, it can seem like the Internet is the only source of identity theft. However, old-fashioned burglaries are still common, and these thieves are now after more than your wallet or jewelry. They want your identity.

Professional burglars can make money by selling passwords, credit cards, billing statements and identification cards. These burglars often have connections with organized criminal enterprises who know how to milk the information for all its worth. A home security system is the best way to deter criminals from breaking into your home, but if they do get inside, your personal information will need to be secure.

  1. A Safe: A common misconception home owners have is that if they own a safe, they are protected. Some safes offer protection against fire or water and are not designed to protect your valuables from theft. Also, some safes are light enough to be carried away. To protect your valuables and sensitive documents and data from burglars, you will need to choose a safe that is very difficult to break into. You also need to opt for the safe that can be bolted to the floor. A thief can violate a safe in two ways: by carrying it out the door or by breaking into it. Make sure you choose a safe that resists both.
  2. A Shredder: A thief doesn’t even have to break into your home to steal your identity. If you leave sensitive information in the trash, a clever burglar will find it. A simple way to protect yourself against identity theft is to shred all financial statements, paystubs and sensitive documents that you no longer use for tax purposes.
  3. The Trio of Computer Protection: Many of us store information in our laptops and computers, and theft or hacking of these items can have drastic consequences. To protect information from being accessed during a burglary, you can equip your computer with a BIOS password. BIOS stands for Basic Input Output System. This password will prohibit a burglar from booting your computer. However, a computer savvy burglar can remove your hard drive and read the information using another device. To protect against this type of information theft, you can encrypt your files. If a burglar wants to physically remove your laptop, you can deter him with an anti-theft PCMCIA card that sounds an alarm and shuts down the computer when removed from a certain perimeter.

A Few More Tips

Never leave sensitive information in plain view, filing cabinets, dresser drawers or obvious places like a purse or coat pocket. Always remember to set your alarm system and lock doors and windows. It is important to remain daily vigilant as burglars are always on the prowl, and be sure to ask a neighbor to check in on your house if you are gone for a long period of time.

Silvia Brooks is a former real estate agent who works with homeowners to find the best security system for their needs. You can read more of Silvia’s advice at homesecurity.org.

FBI’s Law Enforcement Executive Development Association (FBI-LEEDA) has partnered with LifeLock, an industry leader in identity theft protection services, in order to provide cutting edge seminars on identity theft to law enforcement around the nation. These seminars cover current identity theft laws, the various technologies used in identity theft crimes, and proper identity theft awareness and protection strategies. In addition, this program provides access to databases to assist law enforcement in identity theft investigations.

In the last three and a half years, the FBI-LEEDA/LifeLock Identity Theft Summits have reached more than 7,000 law enforcement officials representing more than 2,500 agencies around the United States. The Summits have been hosted by police chiefs, sheriff’s offices, universities and state attorneys general across 32 states. More than 100 Identity Theft Summits have been held so far, with more than 30 taking place in 2012 alone. LifeLock has been recognized for its Corporate Social Responsibility by both the American Business Awards and Communitas Awards for its work with the FBI-LEEDA program.

Based on a recent Javelin study, the FBI-LEEDA program picked a strong company to partner with to educate and assist law enforcement in the field of identity theft. The study, titled 2012 Identity Protection Services Scorecard: How to Deliver Customer and Market Value in a Regulated $4B Market provides insight into the different companies and services available to consumers who want to protect themselves against identity theft. The Javelin report ranked LifeLock number one, tied with the company Intersections, in overall identity theft protection service when compared with 15 other top companies in the industry.

Based on Javelin’s criteria, LifeLock was the only company to receive a 100% score in the category of detecting breaches to your identity due to their multi-faceted approach of triple-bureau credit monitoring, internet scanning, public records scanning, Social Security Number tracing, and offering a child and family option for the consumer. LifeLock was ranked number two in the category of resolving identity breaches for providing consumers with a certified fraud specialist, 24/7 access to LifeLock’s multilingual 24/7 resolution team and a large identity fraud insurance and service guarantee provided by a third-party insurance provider.

FBI-LEEDA/LifeLock Identity Theft Summits for the rest of 2012 will be held in Prescott Valley, Arizona and Baltimore, Maryland.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Bring Your Own Device (BYOD), is a growing trend in the business world where employees use their own personal mobile devices for work. This means that sensitive company information including customers’ personal identifying information (PII) and company trade secrets may be accessible from, or might be stored on the employee’s personal phone or other digital device. While there are many benefits from implementing BYOD for businesses, it also creates a new set of security challenges as employees’ personal phones are more difficult to monitor and protect than a company computer that never leaves the office. Below is a comprehensive but not exhaustive list of security measures that companies implementing BYOD should consider:

security tipsPassword Protection: A strong password should be at least 8 characters in length and include case sensitive letters, numbers, and special characters. This password should be required to access any company data on an employee’s mobile device. It is also a good idea for the employee to have a 4 digit pin passcode to be able to turn on the phone at all. Encryption of Company Data: Any company data, or even all data on the phone, should be encrypted using industry standards. Encryption will help protect any company data from being accessed even if a thief has stolen an employee’s mobile device and attempts to hack into it.

Limit use of Apps: Apps pose a security vulnerability, as they are programs that are downloaded by the user, and installed onto the phone. Use of apps on user devices is a hotly argued topic at the moment. These apps can contain malicious software in them, or may simply request and get permissions to access a wide variety of data on the device, in order to complete the install. The possibility that BYOD users might install an app that breaches company data is raising serious concerns in the IT community. This makes it a priority that employees be informed as to what apps are safe and acceptable, and which ones are not. Even with those types of guidelines, it is important for employees to read the reviews of apps to help determine whether it is malicious or not. It is also a smart guideline not to install any app that does not have a significant number of positive reviews. Even with that, it is important that when installing the app that the user be very aware of the permissions the app is requesting, and that they fit the purpose appropriate for the function of the app.

Remote Data Wipe Ability: Employers that allow company data to be stored on a BYOD platform must be able to remotely wipe the device in case the employee either loses the phone or has it stolen from them. Additionally, the employer must also be able to wipe the device upon the employee leaving the company.

Antivirus Software: At a minimum, employees’ devices should have updated antivirus programs installed to help mitigate malicious attacks. In addition to antivirus software, providing VPN connections for employee devices, where appropriate, would greatly reduce risk of breach into the phone’s data.

“Bring Your Own Device Security Tips” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original posting.

Recently, Barnes and Noble discovered that criminals stole customers’ credit card information who shopped at over 60 stores located across the United States. States affected by the breach include California, New Jersey, New York, Pennsylvania, Rhode Island, Illinois, Massachusetts, Connecticut and Florida. It is not clear exactly how the hackers infiltrated the Barnes and Noble payment systems, but it was determined that the PIN pad devices that customers will swipe and enter their pin number into were the culprits.

They have determined that only one PIN pad device per each of the 63 stores were compromised. Despite this fact, Barnes and Noble opted to disconnect all PIN pads at all their 700 stores for inspection to be extra cautious.

Barnes

While the hacking discovery was made around September 14, Barnes and Noble waited until October 24 to begin notifying customers. The reason for this delay is that the Justice Department requested Barnes and Noble to delay notification so as not to jeopardize an FBI investigation into who was behind the attacks. Barnes and Noble has received two letters from the United States Attorney’s Office for the Southern District of New York informing them that they were not required to report the attacks during law enforcement investigation. Most states have data breach notification laws that allow companies that are breached to delay notification to customers if a law enforcement agency determines that notification may impede their investigation.

It is important that anyone who has done any shopping at Barnes and Noble stores in the affected states quickly change their PIN number for their debit card as the hackers can make fraudulent purchases with the information they stole. In addition, anyone who used a debit or credit card at Barnes and Noble recently should immediately review their account statements for unauthorized charges and notify their banks as soon as possible if any have occurred.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

Prescription fraud occurs when an identity thief, using your personal information, has a prescription issued and possibly filled under your name. Prescription fraud is just one consequence of medical identity theft, where a thief obtains enough of your personally identifying information to be able to assume your medical identity. Prescription fraud affects the victim in many ways, including their finances, ability to get necessary health care and possibly their ability to check their own health records.

An identity thief using your identity to be prescribed restricted medications, may also use your health insurance to purchase the medication. This means that you, the victim, will often get left with the bill for any unpaid expenses the identity thief incurs while using your identity and medical insurance.

Prescription

It is important to be alert for any explanation of benefits (EOB) you receive from your health insurance provider or bills for medical services you did not seek or receive. This may be your best warning that an identity thief is abusing your medical identity and insurance.

Unfortunately, there are worse consequences to being a victim of prescription fraud than bearing the brunt of fraudulent medical bills. When an identity thief uses your medical identity to be prescribed medication, this information will be incorporated into your health record. Any subsequent medical personnel looking at your record will see the new prescriptions and make medical decisions based on this fraudulent record. Prescription fraud victims have discovered they were victims of identity theft and prescription fraud after their pharmacy refused to fill their current, valid prescription because it conflicted with another medication prescribed to the identity thief.

Lastly, it can be exceedingly difficult to set your health records straight after an identity thief has received services or prescriptions under your name. Under the Health Insurance Portability and Accountability Act, or HIPAA, strict rules prevent access to patients’ medical records by unauthorized entities or individuals. Sadly, this very same rule prohibits victims of prescription fraud from accessing their personal health records in order to correct it because health care providers fear it may be a violation of the identity thief’s rights to confidentiality of their medical records.

The best defense to prescription fraud or any identity theft is to be keenly aware of your personal information. Any documents that contain personal information such as your birth date, Social Security number, driver’s license number, or insurance plan information, should be stored somewhere safe and secure or shredded when no longer needed. Do not carry your Social Security card, military identification, or Medicare card on your person as they have your Social Security number on them and are extremely helpful in the hands of an identity theft. New military identification cards no longer have Social Security numbers on them, so if you have an old military ID you can always renew your card to reduce your risk of identity theft.

“Prescription Fraud and Identity Theft” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original post.