Posts

United States Customs and Border Protection (CBP) announced that it was victim of a data breach at the hands of a third-party partner. The information exposed included photos of license plates and travelers. CBP released a statement about the breach saying,

“In violation of CBP policies and without CBP’s authorization or knowledge, [a subcontractor] transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” CBP added. “The subcontractor’s network was subsequently compromised by a malicious cyberattack.”

The hack happened by accessing a database on the third-party’s server that was unauthorized by CBP to exist. Although the third-party who caused the breach was not directly named, The Washington Post reported that the subject line of the emailed statement included “Perceptics.” Perceptics is a company based in Tennessee whose website boast they have been “securing our nation’s boarders for more than 30 years.” They design technology for identifying vehicles and license plates for federal and commercial use.

CBP claims they have conducted a thorough search and have not found any of the stolen information on the dark web. This does not however mean the data is impossible to use for malicious acts. President and CEO of ITRC, Eva Velazquez, sums it up in her NBC7 interview saying, “These things, they stay in perpetuity. It is not going to disintegrate. So even in this moment, if there is not a way to monetize, that does not mean 10 years from now that (stolen information) might not be more valuable.”

While CBP noted their own databases were not affected by this attack, this is not the first data breach under the Department of Homeland Security. Early last year it was reported more than 240 thousand employee records were exposed by a former employee.

ITRC continues to monitor the trend of cybercriminals targeting large third-party versus smaller first party databases. Four million records were exposed in 2018 because of focused cybercrime efforts on vendor security. By targeting popular third-party vendors that work with multiple companies, criminals can collect even more personal identifying information in one attack.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

In one of the most ironic twists to come along in identity theft-based crime, there is a new scam attempt making the rounds, one that works so well because it tries to protect you from – you guessed it – identity theft. According to one victim’s story, criminals posed as members of government agencies and pretended that the victim’s identity had been stolen and asked him to cooperate in resolving this issue.

It started with a call from a scammer claiming to be from the Social Security Administration (SSA). “Your Social Security number has been used to rent a car,” the scammer said. That seems fairly straightforward and basic. The catch, though, is that the agent eventually transferred the call to someone pretending to be a Border Patrol agent who said the car had been recovered at the border and that there was a large amount of illegal drugs within the vehicle.

The callers threatened the victim in a very plausible way, even admitting that the victim probably had nothing to do with this, but would spend tens of thousands of dollars in attorney’s fees clearing his name. You can read the full story, but the short version is this: before the victim got through with this three-hour ordeal, he bought thousands of dollars in Google Play gift cards, and sent photos of the card numbers and PIN numbers to the scammers. After the callers received the information and money, they vanished.

Here are some of the multiple warning signs that could have prevented this crime if the victim had only known what to look for:

  1. You cannot trust your caller ID to be a verified identity. Any name or number—even your own—can be programmed to appear on that screen.
  2. The Social Security Administration does not call citizens about these or benefits matters.
  3. The government does not call individual consumers and enlist their help in an investigation.
  4. No one will ever call you with a legitimate issue and only give you an hour to comply, so be on your guard against high-pressure tactics.
  5. You will never be told by SSA or any other government agency to buy gift cards and give them the card details.
  6. A simple Google search for the phone number and the story the callers used would have told the victim that this was a scam.

The right thing for the victim to do would have been avoiding the scam with a few simple steps. First, ask for the name and agent identification number, then hang up. Contact the SSA yourself using a verified phone number, and ask the agent about this call. You can do this for any government agency the scammer claims to be from. In fact, imposter scams were the most reported complaint in 2018 to the Federal Trade Commission.

Once you call the agency for yourself, provide the agent’s name and number, and tell them what you were told. You will immediately be informed that your information has not been compromised and this was a scam.

Finally, report the phone call to your local law enforcement agency. They can post the incident on their social media pages so that others in your community are not victimized.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read more: Imposter Scams Were the Most Reported Complaint in 2018

 

For years, crimes like identity theft, scams and fraud have targeted residents in different states all across the country. Sometimes the crimes are simply based on opportunity, such as a large-scale data breach of a major company; in that case, the locations of the victims can seem to be somewhat random. Other crimes, however, have targeted residents of specific states, and the reasons for this kind of highly-specific targeting can vary.

Florida has the long-standing yet dubious honor of being one of the most targeted states over the past few years. The state has often topped the list for identity-related crimes, and 2018 was no different. The state ranked number one for fraud reports to the Federal Trade Commission (FTC), and number four for identity theft reports. These numbers are fairly typical for Florida’s ranking in those crimes.

According to different sources, there are a number of reasons why Florida might be such a hot target for criminals. These include state and local government structuring, the resort construction and tourism industries, a large retiree population and the high-density of the state’s population in numerous metro areas. Last year’s total volume of reports to the FTC was over 205,000 from Florida alone, and the average losses from that state were $400 per victim.

An article in the Sun-Sentinel explains, “Thieves and scammers apparently are attracted to Florida for a host of reasons: Its lack of state income tax means less scrutiny from state officials. Its transient population makes it easier for hit-and-run operators to blend in. Its large senior population provides a tempting target of savings and vulnerabilities. And its fast development means a lot of new money floating around.”

Of course, identity theft and fraud crimes are broad categories that encompass a lot of different forms of attack. Criminals can rely on highly-profitable but hard to trace tactics such as benefits fraud, credit card and new account fraud, account takeover and imposter scams. A report by Security.org based on the FTC’s data found that fake debt collection scams were the most commonly reported method of attack at 29 percent (approximately 71,000 reports); meanwhile, reports of identity theft and its related crimes made up another 15 percent, or 38,000 reports. There is a seemingly endless variety of ways that someone with a little bit of know-how can target someone in this way, as these findings have shown.

Fortunately, a lot of the ways that criminals target Florida residents—which truthfully, can all be a threat no matter where you live—can often be thwarted by developing an air of caution. Ignoring requests for your private sensitive information, for example, and refusing to make payments over the phone or via email can head off a lot of these attacks. Securing your accounts with strong, unique passwords can also help, along with changing those passwords frequently. Finally, helping others by spreading the word about common scams and fraud attempts can help protect those around you, which can in turn help protect you.

Of course, the Identity Theft Resource Center is always here to help. If you’re a victim of identity theft or have questions about scams and other issues, speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft