| A Message from the ITRC |
|
Welcome to the first issue of the ITRC's itr@c News e-newsletter, designed to keep you educated and updated on anything and everything identity theft. In other words, all the things you wish
you didn't need to know to minimize your chances of becoming
the next victim of the country's fastest growing crime.
In addition, the ITRC website features Fact Sheets, Solutions
and resources to educate consumers, corporations, government agencies and other organizations on best practices for identity theft and fraud detection, reduction and mitigation. For more information, go to www.idtheftcenter.org
|
| Is Anyone Safe from Identity Theft? |
Part I – Your PII is Everywhere
In reality, the answer is no. In a series of articles, the ITRC is taking an in-depth look at the many facets and various ramifications identity theft has on the individual as well as the systemic impact on society. Part I discusses the prolific availability of our personal information and our ensuing vulnerability.
 There is a trail of personal identifying information (PII) which we leave out there - from birth to death. We continually provide that information through all the various legitimate requests we receive, ranging from our first school and job records to credit cards, home mortgage applications, and medical records.
What is PII? According to federal law (Identity Theft & Assumption Deterrence Act), ‘means of identification' is defined as: "any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any -
a) name, social security number, date of birth, official State or government issued driver's license or identification number, alien registration number, government passport number, employer or taxpayer identification number;
b) unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation;
c) unique electronic identification number, address, or routing code, or
d) telecommunication identifying information or access device.
The most readily recognized forms of PII are name, Social Security Number, date of birth, driver's license number, and birth certificate. However, it is clear that other types of identifiers, particularly when used in combination, may also qualify as PII. The many forms of PII, along with our prolific use of PII in our daily activities, make clear why we do not control our personal information.
The question now is: who is the identity thief and how do they access your information?
Unfortunately, there is no clear profile of an identity thief. They
may be a member of organized crime, a drug user, an employee, someone in a desperate situation, or even a friend or relative. They can be young or old. They are both opportunists, as well as career criminals who carefully plan the crime. Either will take a given opportunity to use your information for personal gain. Whether it's financial, criminal, government benefit, or medical fraud, the identity thief is using available personal information to commit identity theft. Although there is no clear profile of an identity thief, the damage to his victims is very clear, and sometimes extensive.
The many low tech methods by which thieves gain access to our information include dumpsters outside a doctor's office, the wallet pick-pocketed in a crowded mall, the tax documents stolen from an unlocked mail box or by a shoulder surfer at the bank. A telephone solicitation, while also a low tech method, is an area where consumers do have control over information provided. These areas of vulnerability leave our PII easily exposed to the identity thief.
Much is made of the availability of PII on the internet. High tech methods include "phishing" and other scams designed to lure you into providing your personal information. Lack of the necessary security measures on computers often puts PII at high risk of being breached by hackers. In addition, company data, including personal PII, may be accessed internally or externally by thieves determined to retrieve this information for fraudulent purposes.
The sources of information for use by these thieves are innumerable. The point is we are all vulnerable to identity theft and need to be aware that our personal information is not completely under our control. The risk of our personal identifying information being exposed, and possibly used for fraud or identity theft, will continue to be a systemic problem if left unaddressed. Identity theft is an ever-expanding crime and brazen criminals find a multitude of ways to use fraudulent information.
In the second part of this series, ITRC will take a look at proactive steps for the consumer. These will include government mandated programs (free), and other products and services currently available that enable consumers to regain some control over use
of their personal identifying information.
|
| Tax Time Tips for 2009 |
|
Tax time, whether it’s in April, June, October or December, often puts important personal identifying information at risk for exposure. Your W-2’s, and other IRS reporting forms, include your Social Security Number and, in some cases, financial account information. These numbers can be a gold mine for identity thieves. Your personal information can enable thief to obtain a job, open up new lines of credit, access existing financial accounts or stock portfolios, get welfare, avoid a criminal history and generally create havoc in your life.
Ask yourself: where are those forms kept in your home? Are they lying on a table top or somewhere anyone can see them? Are they in a locked box or file cabinet? Many consumers are not aware of the potential threat that these forms represent, and take little notice of the necessary steps which should be taken to secure these items.
With this in mind, the ITRC wants to remind consumers and businesses to be careful when handling tax-related documents and information.
Paper Security
Whether it’s in the home or in the office, make sure all tax documents and paperwork are secured in a safe, locked location at all times . Any financial statement or item which contains personal identifying information (PII) should not be left unsecured or visible to others.
Data on the Move
Financial documents don’t belong in a briefcase left unattended in your car. When transferring tax documents between home and the accountant, make sure they are hidden from view.
Computer Security
If your computer is linked to the internet, be sure to regularly update firewall, anti-virus, and anti-spyware software to protect you from attack. It is vitally important to install and update these types of security programs.
Sensitive documents should be kept on a computer with a password protected log-on. This computer should never be used by children or others who might install peer-to-peer software.
E-Filing
While preparing your tax return for filing, make sure to use a strong password to protect the data file. Once your return has been e-filed, burn the file to a CD or flash drive and remove the personal records from your hard drive. If working with an accountant, you should query them on what measures they take to protect your information.
Mail Theft Awareness
Be sure to retrieve your mail every day. When mailing your tax documents, take them directly to the Post Office. Drop them in a box inside the Post Office. If you must use an outside Post Office pickup box, it’s best to drop your mail before the last pick-up of the day. Don’t leave tax documents in an outgoing mail box at work.
Tax Preparers and Personal Privacy
Be selective about who works on your taxes. Investigate tax preparation companies with the Better Business Bureau, especially new or seasonal offices. Ask the preparer how your information will be stored? Will it be encrypted? What computer security software is used? Who has access to this information? Has the person working on your taxes undergone a thorough background screening? How many years have they worked for the company? Do you see personal papers displayed on desks? Trust your impressions. If you feel uncomfortable, or doubt the firm’s commitment to protecting your privacy, take your business elsewhere.
The phrase “buyer beware” especially applies to “on-line tax preparers.” Who are these people? What do you know about them? Are they really a company or legitimate accountant or is it a scam to gather Social Security and account information from you.
Avoid doing financial business in supermarkets, or other public concession booths, where others may hear or see your transaction.
Tax Time Scams
If you receive an email asking for your Social Security Number or financial information, delete it or send it to the FTC at spam@uce.gov for investigation. The IRS does not send emails stating you are being electronically audited or that you are getting a refund. If you have any questions about an email you received from the IRS, or a letter that sounds suspicious, immediately call the IRS Taxpayers Advocates at 877-777-4778.
Document Disposal
Put papers you no longer need through a cross-cut shredder. Do not store these documents intending to shred them at some future time. As soon as you determine the document is no longer needed, shred it!
Document Storage
When storing your tax returns and other sensitive financial documents, use a locking file cabinet or even better, a safe. Make sure you know who else has access to this storage.
Employment Identity Theft
Identity thieves sometimes use your identity to get a job, obtain welfare, or medical services. They may be employed and using your Social Security Number – or even your child’s Social Security Number. In these situations, the IRS may send a notice indicating that more than one person is using a Social Security Number, or
that you owe taxes. If this happens, immediately contact the IRS Taxpayer Advocates or the Identity Theft Resource Center at
858-693-7935 for assistance.
Please see ITRC Solution 24 for complete Tax Time Tips
Where to Go For More Information or Help:
Identity Theft Resource Center
858-693-7935 or www.idtheftcenter.org
IRS Taxpayer Advocates
1-877-777-4778
Federal Trade Commission
www.ftc.gov/idtheft
|
|
The Romance of Identity Theft
|
|
Throughout the ages, many forms of identity theft have taken place – such as false impersonation or assumption of another identity. These crimes, by any other name, are still identity theft.
In earlier times, the lack of technology allowed this crime to flourish undetected. In the modern era, technology has become the conduit used to perpetrate this crime.
Throughout time, identity theft has been romanticized in our folklore. Think of Billy the Kid, Butch Cassidy, the Sundance Kid or Jesse James. These are prime examples of evading the law by taking on a new identity.
Even today, stories and movie plots play a role in our cultural
(mis)perception of identity theft by maximizing the glamour of the crime while minimizing the victimization. Think about it – how many stories can you think of where some type of identity theft has occurred?
Catch Me if You Can
The Net
Eraser
Man in the Iron Mask
Dave
Young Guns II
Princess Bride
Oceans 11, 12, 13
|
|
To Subscribe
|
|
|
In This Issue:
Is Anyone Safe from Identity Theft?
What is Identity Theft?
Sand Box - Guest Author
Scam Alert
Tax Time Tips
The Romance of Identity Theft
Legislative Updates
|
| |
|
|
|
|
| What is Identity Theft? |
Identity Theft is a crime in which
an impostor obtains key pieces of personal identifying information (PII), such as Social Security numbers and driver's license numbers, and uses them for their own personal gain.
The most widely recognized form
of this crime is financial: lines of credit, account takeovers or the establishment of tenancy or utilities. In reality, identity theft crimes vary widely and can involve criminal, government and medical issues.
|
|
The Sand Box
|
|
Identity Theft:
The Plot Thickens
By Matthew D. Sarrel
Volunteer, ITRC
If you’re reading this then chances are that you, your company, or someone you know has had their identity stolen. I say this because even though identity theft is an enormous problem and growing, most people don’t care until they
are victimized or know someone
who was. Although, according to Gartner over 15 million identities are stolen per year in North America, so unfortunately the odds are that if you haven’t been victimized yet then you will be shortly.
The statistics paint a horrifying picture. ITRC reports that the incidence of data breaches increased nearly 50% in 2008 over 2007. Identity theft continues to be one of the fastest growing crimes in the United States today.
I journeyed into the dark side of
the web a few months ago and discovered hundreds of websites, mostly hosted in Eastern Europe
or China, which form a lively online trade in stolen identities.Complete identities sell for $80-$300, bulk discounts given, which includes financial account numbers, billing address, Social Security number, home address, phone number and birth date. Visa, Mastercard, Amex all go for $20-$30 for what’s called a full dump, or a reading of the magnetic strip that can be used to write a new card. Credit card numbers, security codes and PINs are cheaper – usually less than $10 each and sometimes as low as $5 each.
If those numbers don’t scare you
into protecting your identity, then here’s something I’d like to pass along that scared the heck out of me. Compared to last year, the
price of a stolen identity on the black market has been cut in half. Why is that terrifying? If it’s simply supply and demand, then this tells me that it is easier now to steal identities and sell them. Some of these guys even provide guarantees on their stolen credit card numbers. The days of having to protect yourself online from script kiddies are gone. Now we’re up against big business, international organized crime syndicates that make billions of dollars a year.
They’re serious about wanting your identity.
In case you think I’m not riding high enough on the horse, I’m telling you that Internet crime, or e-crime, is going to get worse before it gets better. I spend a lot of time working with other security experts and many of us are afraid we’re losing the battle for Internet safety. And identity theft isn’t just online. Add lost wallets and stolen mail to the list. No one, including the law enforcement community, believes that we are combating identity theft effectively.
You can throw a wrench in the cogs of the identity theft machine. Be a savvy online citizen. If you were walking down the street in Manhattan and things “felt wrong”, wouldn’t you cross the street? That same sense of self-preservation needs to take root and be cultured within every one of us so that we can protect ourselves online. It’s time to stop thinking about how cool the ‘net is and start thinking about how you can protect your identity.
Here are some tips to get you started.
- Install a firewall to protect your information
- Install reputable anti-spam and
anti-virus software
- Keep your anti-virus, firewall and operating systems updated
- Be certain of BOTH the source AND content of each file you download
- Be cautious of dealing with pop-ups
- Beware of hidden file extensions
- Don't be lulled into a false sense of security just because you run anti-virus programs
- If you are an online multi-gamer type, do not publish your I.P. address on websites or news-groups, unless you are very sure that you are fully protected
- Backup your system
- Turn off your computer when not in use
- Use common sense
Please see Fact Sheet 119 - Direct Connections to the Internet)
Matt Sarrel writes about security for eWeek, PC Magazine, and Allbusiness.com. He is executive director at Sarrel Group (link to http://www.sarrelgroup.com) a technology product testing, editorial services, and consulting firm located in NYC.
|
|
Scam Alert
|
The IRS is warning taxpayers to
be on the alert for e-mails and phone calls they may receive which claim to come from the IRS or other federal agency and which mention their tax refund or economic stimulus payment. These are almost certainly a scam whose purpose is to obtain personal and financial information — such as name, Social Security number, bank account and credit card or even PIN numbers — from taxpayers which can be used by the scammers to commit identity theft.
The e-mails and calls usually state that the IRS needs the information to process a refund or stimulus payment or deposit it into the taxpayer's bank account. The e-mails often contain links or attachments to what appears to be the IRS Web site or an IRS "refund application form." However genuine in appearance, these phonies are designed to elicit the information the scammers are looking for to commit fraud.
As a general rule, the IRS will not send you unsolicited e-mail and or use e-mail to discuss tax account information with you or request personal or financial information from you. Additionally, the IRS will never ask you for PIN numbers or security passwords for your credit card, bank or other financial accounts.For more information on consumer scams, see Suspicious e-Mails and Identity Theft.
Click here for the ITRC's Scams & Consumer Alerts
Scam Alert |
| Legislatives Updates |
|
According to the National
Conference of State Legislatures,
44 states have enacted legislation requiring notification of security breaches involving personal information (as of December 2008).
States with no security breach law: Alabama, Kentucky, Mississippi, Missouri, New Mexico and South Dakota.
For more information about your state's laws, please see our interactive State and Local Resource map.
|
|
