ScamSafe

EU May Propose 24-Hour Breach Notification, Data Privacy Rules

Companies operating in the European Union may be required to disclose data breaches within 24 hours if proposed new rules are approved.

The European Commission will propose several changes to the data protection and privacy rules to protect individual rights and ensure a high level of data protection on Jan. 25. The proposed changes will simultaneously simplify and toughen the current mishmash of rules and policies currently used by the European Union's 27 member countries.

Along with the data breach notification rule, the commission's proposal includes stricter sanctions and would provide national data-protection officials with authority to levy administrative sanctions and fines, such as fining companies a percentage of their global revenue for violating the rules. The proposed changes would overhaul the EU's 17-year-old data protection policies addressing online advertising and social networking sites.

"Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay," EU Justice Commissioner Viviane Reding said at a conference in Munich on Jan. 22, according to Bloomberg.

eweek

Category: Identity Theft News
Posted on January 27, 2012 at 09:32 AM | Permalink

Symantec Warns pcAnywhere Users Due to Source Code Theft

Symantec has confirmed that pcAnywhere users are at "increased risk" because attackers have stolen source code to the remote control tool.

The saga over Symantec's stolen code took another twist as the company acknowledged that pcAnywhere customers are at risk for man-in-the-middle attacks and new exploits.

Category: Identity Theft News
Posted on January 27, 2012 at 09:29 AM | Permalink

McAllen insurance agent indicted on charges of mail fraud and ID theft

 

 

Category: Identity Theft News
Posted on January 27, 2012 at 09:25 AM | Permalink

Malware Poses as Google+ Plug-In

Spammers are cashing in on the popularity of Google+ by sending out fake emails inviting users to try out Google+ Hangouts by downloading a malicious file posing as a Google+ Hangout plug-in.

The fraudulent email advertises Google+ Hangouts as “the most popular online meeting service,” which is apparently true, according to a recent article from Lifehacker.

The fake Google+ plug-in promises to make you “look and sound your best with high quality audio and video,” apparently an effort to fool G+ users into believing that the free Web conferencing feature can be juiced. Malware City reports that clicking the link won’t install a Google+ plug-in but downloads an executable file instead.

Despite concerns about privacy, there have been few threats that specifically target the Google+ network since its launch. The company has promised to prevent brand squatting and other nuisance behaviors, but G+ specific malware and attacks have been far and few between. That may change, however, as the size of the nascent social network continues to grow. 

 

Category: Identity Theft News
Posted on January 27, 2012 at 09:23 AM | Permalink

ID theft scam in NY has victims in 30 states

Two New York women are accused of scamming $75,000 from victims in 30 states by posting phony Craigslist ads for nonexistent jobs and apartments.

A Long Island prosecutor has announced identity theft charges against the woman and her niece.
Nassau County District Attorney Kathleen Rice said Thursday a grand jury filed grand larceny and other charges against the pair earlier this week. Her spokesman said the women will be arraigned at a later date. Defense attorneys did not immediately respond to calls for comment.

Prosecutors say the pair posted online ads and then asked responders to provide personal information, including Social Security numbers.

The women then allegedly used the information to file more than 250 phony tax returns, obtain bank loans and credit cards in the victims’ names.

From AP

Category: Identity Theft News
Posted on January 27, 2012 at 09:18 AM | Permalink

Six Charged in Scheme to Use Identities of Dead People to Get Tax Refunds

  The following individuals were charged with conspiracies to defraud the United States and to commit mail fraud:

Muaad Salem, age 33, of Akron, Ohio;  

Hazem Woodi, age 31, of North Olmsted, Ohio;

Najeh Widdi, age 45, of Cleveland;

Fahim Suleiman, age 46, of Lutz, Fla.;

Daxesj Patel, age 35, of Canton, Ohio; and

Hanan Widdi, age 38, of Cleveland.

The six are also charged with three counts of mail fraud and two counts of aggravated identity theft. In addition to the other charges, Patel is separately charged with two counts of making a false claim against the United States and with making a false statement to law enforcement officials investigating the crimes.

“The IRS is aggressively pursuing those who steal others’ identities in order to file false returns,” said Steven Miller, IRS Deputy Commissioner for Services and Enforcement. “Our cooperative work with the U.S. Attorney’s Office will help protect taxpayers in Northern Ohio from being victimized by identity theft. The IRS is taking additional steps this tax season to further prevent, detect and resolve identity theft cases as soon as possible.”

“This case is an example of the FBI and IRS working together to aggressively pursue and investigate those organized criminal enterprises that commit identity theft and fraudulent activities in the United States costing the taxpayers of this country millions of dollars,” said Stephen D. Anthony, Special Agent in Charge of the FBI’s Cleveland office.

“IRS Criminal Investigation has made investigating refund fraud and identity theft a top priority,” stated Darryl Williams, Special Agent in Charge, IRS-Criminal Investigation, Cincinnati Field Office. “Filing fraudulent tax returns in the names of other individuals may result in significant harm to those individuals whose identities were stolen, as well as a monetary loss against the U.S. Treasury.”

Mail fraud is punishable by a maximum sentence of 20 years in prison; conspiracy to defraud the United States is punishable by a maximum sentence of 10 years; conspiracy to commit mail fraud, making a false claim against the United States and making a false statement are each punishable by a maximum sentence of five years in prison; aggravated identity theft is punishable by a mandatory sentence of two years incarceration to follow conviction on any other offense.

Defendants also face a fine of up to $250,000 for each count of conviction.

The case was presented to the grand jury by Assistant U.S. Attorney Gary D. Arbeznik following investigation by the Cleveland Division of the FBI, the IRS – Criminal Investigation, and the U.S. Postal Service.           

An indictment is only a charge and is not evidence of guilt. The defendants are entitled to a fair trial in which it will be the government’s burden to prove guilt beyond a reasonable doubt

From DOJ

Category: Identity Theft News
Posted on January 26, 2012 at 02:46 PM | Permalink

Top Data Breaches in 2011

2011 was a significant year for data security, with some of the biggest data breaches in our history reported. In 2011, 535 breaches involving 30.4 million sensitive records. This brings the total reported records breached in the U.S. since 2005 to the alarming number of 543 million.

Data breaches of sensitive information, especially Social Security and credit card numbers, make consumers vulnerable to identity theft. According to a 2009 report by Javelin Research & Strategy, individuals are four times more likely to be the victim of identity theft in the year after receiving a data breach notification letter. But even breaches that contain data as seemingly innocuous as names and email address can be used by fraudsters to trick consumers into revealing information that can lead to identity theft.

The following half dozen are the most significant data breaches in 2011:

1. Sony PlayStation (April 27) – Sony discovered an external intrusion on PlayStation Network (PSN) and its Qriocity music service around April 19. Sony blocked users from playing online games or accessing services like Netflix and Hulu Plus on April 22. The blockage lasted for seven days. Sony believes criminal hacker(s) obtained names, addresses, email addresses, dates of birth, PSN/Qriocity password and login, and online IDs for multiple users. The attacker may have also stolen users' purchase history, billing address, and password security questions. Over the course of the next several months, Sony discovered that the hackers gained access to 101.6 million records, including 12 million unencrypted credit card numbers.    
   
   The Sony breach highlights the importance of password hygiene. Passwords are frequently the only thing protecting our private information from prying eyes.  Many websites that store your personal information (for example web mail, photo or document storage sites, and money management sites) require just a user name and password for protection. Password-protected web sites are becoming more vulnerable because often people use the same passwords on numerous sites.  One study by Sophos, a security firm, found that more than 30% of users recycle the same password for every site that they access. In this case, the stolen passwords were unencrypted, meaning the criminal could potentially "break in" to other sites if the victims used the same password more than once.
   
   
2. Epsilon (April 2) – Epsilon, an email service provider for companies, reported a breach that affected approximately 75 client companies. Email addresses and customer names were affected. Epsilon has not disclosed the names of the companies affected or the total number of names stolen. However, millions of customers received notices from a growing list of companies, making this the largest security breach ever. Conservative estimates place the number of customer email addresses breached at 50 to 60 million.  The number of customer emails exposed may have reached 250 million.
   
   Compromised email addresses and names may seem innocuous to some, but victims may fall prey to spear phishing. Spear phishing occurs when a criminal sends an email that sounds and looks like it’s from a company the recipient has an account with because it addresses him or her by name. A spear-phishing message might say,  "Hello Mr. Anderson, Because of the recent hacking incident affecting some Acme customers, we are asking you to visit this website [URL provided] and update your security settings.” The email tries to convince trusting readers to “bite” on the bait and go to that website, and then divulge other information like Social Security numbers and credit card numbers. The result could be as serious as identity theft. 
   
   The Epsilon breach is also significant because it highlights the risk of cloud-based computing systems and the need for greater cloud security measures.
   
   
3. Sutter Physicians Services (SPS) and Sutter Medical Foundation (SMF) (Nov. 16) - A company-issued desktop computer was stolen from SMF's administrative offices in Sacramento, California, during the weekend of October 15th. Although the data was password protected, it was not encrypted. Approximately 3.3 million patients whose health care provider is supported by SPS had their names, addresses, dates of birth, phone numbers, email addresses, medical record numbers and health insurance plan name exposed.  An additional 934,000 SMF patients had dates of services and description of medical diagnoses and/or procedures used for business operations, bringing the total to 4.2 million patients.   At least two lawsuits have been filed against Sutter Health.  One class-action suit alleges that Sutter Health was negligent in safeguarding its computers and data, and then did not notify the millions of patients whose data went missing within the time required by state law.  
   
   The security lapse occurred on two levels: both the data itself (being unencrypted) and the physical location (stored in an unsecure location). Although no Social Security numbers or financial information were apparently exposed, all the data elements needed for medical identity theft were included in the stolen records.
   
   
4. Texas Comptroller's Office (April 11) – Information from three Texas agencies was discovered to be accessible on a public server. Sometime between January and May of 2010, unencrypted data was transferred from the Teacher Retirement Center of Texas, the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas. It ended up on a state-controlled public server as early as April 2010 and was not discovered until March 31, 2011. Sensitive information such as names, Social Security numbers, addresses, dates of birth and driver's license numbers could have been exposed.
   
   A spokesperson from the Texas Comptroller's Office claims that the breach occurred because numerous procedures were not followed.  Some employees were fired for their roles in the incident. Approximately two million of the 3.5 million individuals possibly affected were unemployed insurance claimants who may have had their names, Social Security numbers and mailing addresses exposed.  The birth dates and driver's license numbers of some of these people were also exposed. Two class action lawsuits have been filed on behalf of the 3.5 million Texans affected by the breach. One such lawsuit seeks a $1,000 statutory penalty for each individual.
   
   Although all breaches of sensitive personal information are serious, the Texas Comptroller breach is particularly significant because individuals generally do not have a choice when providing personal information to a government agency. It is therefore vitally important that government agencies act as responsible stewards of personal data.
   
   
5. Health Net (March 15) - Nine data servers containing sensitive health information went missing from Health Net's data center in Rancho Cordova, California.  The servers contained the personal information of 1.9 million current and former policyholders, compromising their names, addresses, health information, Social Security numbers and financial information.
   
   Not only was Health Net the first massive medical breach of the year, but the company waited three months before notifying affected individuals. The servers were discovered missing in January, but policyholders were not notified until March. The breach highlights the importance of timely notification. 
   
   
6. Tricare Management Activity, Science Applications International Corporation (SAIC) (Sept. 30) - The car theft of backup tapes resulted in the exposure of protected health information from patients of military hospitals and clinics.  Uniformed Service members, retirees and their families were affected.  Patient data from the military health system dating from 1992 to September 2011 could have been compromised.  It included Social Security numbers, addresses, phone numbers, clinical notes, laboratory tests, prescriptions, and other medical information.  Four people have filed a $4.9 billion lawsuit over the improper disclosure of active and retired military personnel and family data.  The lawsuit would give $1000 to each of the affected individuals. SAIC reported that 5,117,799 people were affected by the breach.
   
   The Tricare/SAIC breach is significant because not only are the victims at risk of medical identity theft, but financial identity theft as well. The breach begs several questions: Why were the backup tapes being transported in an employee’s personal vehicle? And why were those records not encrypted? This breach also illustrates the triple impact of medical breaches. Victims not only suffer the exposure of their sensitive health information; they also are vulnerable to financial identity theft as well as medical identity theft.

   It is also significant that two out of six of our top breaches are medical breaches. Data breaches in the healthcare industry are up 32 percent over last year, according to one report. Medical breaches are particularly significant and harmful because of the sensitivity of personal information exposed, in addition to, often, Social Security numbers and dates of birth. 

Via PRC

Category: Identity Theft News
Posted on January 25, 2012 at 10:11 AM | Permalink

Hacking group releases 75,000 names of Stratfor subscribers

Hackers released another batch of data on Thursday pilfered from Stratfor Global Intelligence, a widely used research and analysis company whose website was attacked last weekend. The data purports to be the names and credit-card numbers of people who have purchased research from Stratfor plus hundreds of thousands of user names and e-mail addresses used to register with the website.

The hackers, believed to be part of the Anonymous movement, described the data on Pastebin, then provided several links to websites hosting the information. They noted that some 50,000 of the e-mail addresses released end in ".mil" or ".gov." The data comprises 75,000 names, credit card numbers and MD5 hashes, or cryptographic representations, of passwords for people who have paid Stratfor for research.

The group also said the data contains 860,000 user names, e-mail addresses and MD5 hashes for passwords for anyone who has registered on Stratfor's website.

From IDG News Service

Category: ID Theft News, Identity Theft News
Posted on January 3, 2012 at 05:42 PM | Permalink

Privacy Rights Clearinghouse Launches Online Complaint Center

The Privacy Rights Clearinghouse (PRC) is proud to announce the launch of an interactive online complaint center designed to serve as a clearinghouse for consumer privacy complaints.  This builds upon our 19-year history of troubleshooting consumers’ complaints and questions regarding a wide variety of information privacy issues, including background checks, debt collection, data breaches, financial information, and online data brokers. The PRC's staff will review and respond to every complaint, providing individuals with information and strategies to address their problem.

The impetus for the development of the online complaint center was the 2009 KnowPrivacy study, conducted by graduate students in the Masters program at the UC-Berkeley School of Information as well as the Law School at UC-Berkeley. The study found that consumers are concerned about data collection and want greater control over their personal information, but don't know whom to complain to. This presents a significant challenge given the important role that consumer complaints can play regarding the shaping of public policy.

The new online complaint center acts as a clearinghouse for privacy-related complaints by offering consumers a central point of contact. Complaints submitted to the PRC will be forwarded upon the consumer’s request to the appropriate governing body. Further, by acting as a magnet for privacy complaints, our goals are to:

1. Empower Consumers. There are many avenues for consumers to voice complaints, but few that actually respond with personalized information. The PRC's staff will review and respond to every complaint, providing individuals with information and strategies to address their problem. We also offer individuals the opportunity to escalate the complaint to the media, public authorities, and, if appropriate, attorneys.
   
   
2. Educate the Public Policy Process. As an education and advocacy organization, the PRC understands the important role consumer complaints play in fostering regulatory and legislative change. The online complaint center will enable us to identify trends and publish reports on key privacy-related issues that are of concern to individuals. By sharing this information with the Federal Trade Commission and other regulators at the state and federal level, public authorities can gain a richer understanding of the consumer privacy landscape. 

The online complaint center, available at www.privacyrights.org/complaint, simplifies the complaint process into four main sections:

1. Who are you? Consumers can choose to remain anonymous or provide their name and contact information. The only information we require is the consumer's email address and state so that we can properly respond to the complaint. Contact information will not be shared unless the individual chooses to share the complaint with government agencies, lawyers or the media.
   
   
2. Whom/what are you complaining about? We ask the consumer to identify whom/what the complaint is about: a company or organization, a government agency or a person. If the complaint is about a company or organization, the site has an interactive “smart” feature that can auto-fill company information.
   
   
3. What is your complaint? Consumers have the ability to describe their complaint in detail, attach supporting documents and add "tags" to categorize the complaint.
   
   
4. Review and submit your complaint. Before submitting the complaint, consumers have an opportunity to review the entire complaint and make any necessary changes. There is also an option to print or email a copy of the complaint.

The PRC staff review all complaints and email a personalized response to the consumer within one to two business days. If the individual chooses to share the complaint with government agencies, we forward the complaint to the appropriate governing body.

The online complaint center also offers a registration feature. Those users who wish to register can login at anytime to update contact information, access previously submitted complaints, see staff responses to each complaint, and add new information to a complaint. Registration is completely optional and can be pseudonymous.

We invite you to celebrate a new year for privacy by exploring the online complaint center and sharing the site with your friends and family.  Any feedback can be emailed to general@privacyrights.org.

 

 

Category: ID Theft News, Identity Theft News
Posted on January 3, 2012 at 11:58 AM | Permalink | Comments (0)

ID Theft Is More Prevalent Offline with Paper than Online

In Half of the Cases Where the Perpetrator is Known, Identity Fraud is committed by Someone Close to the Victim

SAN FRANCISCO, January 26, 2005 - The 2005 Javelin Identity Fraud Survey Report - released by the Better Business Bureau and Javelin Strategy & Research as an update of the Federal Trade Commission's 2003 Identity Theft Survey Report and Javelin's 2003 Identity Theft Report - shows that despite growing fears about identity theft and online fraud, of the victims that know the identity and method used by the criminal, these crimes are more frequently committed offline than online. Internet-related fraud problems are actually less severe, less costly and not as widespread as previously thought.

Category: Identity Theft News
Posted on February 3, 2006 at 09:12 PM | Permalink | Comments (1) | TrackBack

Three More States Add Laws on Data Breaches

Companies struggling to keep up with a patchwork of state laws related to data privacy and information security have three more to contend with, as a result of new security-breach notification laws that went into effect in Illinois, Louisiana and New Jersey on Jan 1.

Computerworld

Category: Identity Theft News
Posted on January 10, 2006 at 04:51 PM | Permalink | Comments (0) | TrackBack

Missing data recovered by ABN AMRO Mortgage

Some Bay Area ABN AMRO Mortgage customers this week are receiving the digital age's dreaded midnight knock on the door: A letter stating a data tape containing their Social Security numbers and other personal information had been lost by a courier.

from Merc News

Category: Identity Theft News
Posted on January 10, 2006 at 04:38 PM | Permalink | Comments (0) | TrackBack

Update on Credit Freeze & Data Breach Laws

With the New Year almost upon us, a variety of new laws that impact identity theft and personal privacy will begin to go into effect. A variety of states are gearing up to implement new laws that allow consumers to freeze their credit files. Connecticut, New Jersey and Illinois will all implement this type of law on January 1, but these states have very different visions of who should be given the ability to freeze their credit report. See GuardMyCreditFile

Category: Identity Theft News
Posted on December 17, 2005 at 01:30 PM | Permalink | Comments (1) | TrackBack

Worldwide Unisys ID Fraud Study Shows New U.S. Consumer Security Concerns

Half of Americans would switch banks for greater protection, and 40 percent willing to pay for more security compared to 27 percent last year; Banks need visibility into full impact of fraud to secure both brand and revenue.

BLUE BELL, Pa., November 11, 2005 – Americans are more willing to pay additional fees for greater protection of their bank accounts to assuage increasing fears, according to new research from Unisys Corporation (NYSE: UIS) that polled 1,000 Americans as part of a broader worldwide analysis of identity fraud and bank security issues.

www.unisys.com

Category: Identity Theft News
Posted on November 23, 2005 at 09:07 AM | Permalink | Comments (0) | TrackBack

Portrait of an identity thief

Tina Kathreen Armstrong of Longview first made headlines in 1988 as Tina Lee, the HIV-positive teenage mother of a newborn daughter -- the first such birth in Cowlitz County and one of the first in Washington state.

from The Daily News

Category: Identity Theft News
Posted on November 15, 2005 at 06:29 PM | Permalink | Comments (0) | TrackBack

Despite Increase In ID Theft, 70% of Canadians Think It's Unlikely They Will be Victimized

TORONTO - TransUnion, a leading authority on consumer credit, today released a survey conducted by Roper Public Affairs on how likely Canadians think they are to become victims of identity theft. Despite manifold evidence of increased identity theft, a full 70 percent think it is "somewhat" or "very" unlikely that they will be victimized.

"Identity thieves are no longer common criminals sifting through your garbage. The techniques used by today's identity thieves evolve so rapidly that even technologically sophisticated people and organizations are at risk of having their information stolen," said Mark Merritt, Vice President, Customer Solutions of TransUnion in Canada. "Canadians are becoming more cognizant of this threat, but as the survey reveals, much more vigilance will be required."

from Monitor Today

Category: Identity Theft News
Posted on November 8, 2005 at 08:55 AM | Permalink | Comments (0) | TrackBack

Hacking fears bog down online banking growth

from News.com

Category: Identity Theft News
Posted on September 7, 2005 at 10:40 PM | Permalink | Comments (0) | TrackBack

Attention victims of work-at-home scams

If you are a victim of a work-at-home check cashing scam which was posted on a job board web site like Careerbuilder or Monster, AND you are a resident of the NY Metro area, please read on.

I was contacted by someone writing an article for a major US newspaper. She wants to speak with people who live in the NY area that have been victimized by one of these work-at-home scams. She is happy to keep it anonymous if you don't want your name revealed in the article.

To contact her, send an email to tellmemoreplease@sbcglobal.net.

(She will only be taking inquries for a short time. This was posted on June 13 2005. )

Category: Identity Theft News
Posted on June 13, 2005 at 05:24 PM | Permalink | Comments (48)

Update on recent data security breaches

Since the ChoicePoint announcement, news about data breaches and information heists have become almost a daily occurrence. Here's an update courtesy of the US PIRG:

-- Bank of America came clean that back-up data tapes containing personal information and account numbers of 1.2 million Americans including federal employees (and members of Congress) went missing.

-- NY Senator Schumer blasted WestLaw for selling Social Security numbers to those who purchase access to its extensive databases of personal information.

-- LexisNexis, another data aggregator similar to ChoicePoint and WestLaw, announced that thieves accessed personal information of 32,000 consumers of its Seisint division by misusing existing passwords of a legitimate account holder.

-- Discount Shoe Warehouse disclosed that 103 of its 175 stores had customers’ credit and debit card information hacked.

-- Paymaxx, an online payroll management company, may have exposed financial data including W-2 forms of as many as 100,000 workers.

Category: Identity Theft News
Posted on March 14, 2005 at 11:36 PM | Permalink | Comments (0) | TrackBack

Michigan Gets Tough on ID Theft

The laws, which take effect in March, bar retailers from displaying more than the last four digits of a credit card account number on a sales receipt or mailing. Also, employers cannot print Social Security numbers on an ID badge or card, and victims of identity theft have the right to obtain a police report.
Other measures make it a felony to use people's ID information without their consent, and limit companies from using Social Security numbers as primary account numbers -- with several exceptions.
The identity theft bills are Senate Bills 220, 657, 792, 793, 795, 798 and 1384; and House Bills 6169, 6172, 6174 and 6177.

Several bills help prevent identity theft by strengthening privacy protections on the use of personal information like social security numbers.

SB 657 limits a company’s right to require customers to disclose their social security number (SSN) in order to do business;SB 795 prohibits the public display of SSNs, encourages the creation of privacy policies regarding use and disposal of SSNs, and prohibits the printing of SSNs on health care cards, student IDs and other cards, badges or licenses;SB 220 bans the printing of full credit card numbers on receipts.

Several other bills take steps to assist law enforcement officials to better track and prosecute identity thieves. 
·         SB 792 strengthens the definition of identity theft under the law;
·         SB 793 breaks down jurisdictional barriers that have blocked many identity theft cases from prosecution, allowing prosecution in the victim’s home city or county;
·         HB 6172 extends the statute of limitations for identity theft crimes;
·         HB 6169  redefines identity theft in the criminal code. 

The final bills in the package assist victims of identity theft to recover:
·         SB 1384 gives victims the right to have a police report taken and to get a copy of that report;
·         SB 798 protects victims from being denied credit or utility service because they’ve been an identity theft victim.

The full text of the bills can be found at www.MichiganLegislature.org

Thanks to Linda Foley of the ID Theft Resource Center.

Category: Identity Theft News
Posted on December 28, 2004 at 10:27 PM | Permalink | Comments (1) | TrackBack

Michigan House approves bills to crack down on identity theft

A large package of bills aimed at preventing and cracking down on those who use others' identity to rack up bad debt won approval Wednesday from the state House.

from Detroit Free Press

Category: Identity Theft News
Posted on November 6, 2004 at 10:15 PM | Permalink | Comments (0) | TrackBack

Phishing Tab To Reach $500 Million

A new study weighs in with estimates as to how much online fraud, or phishing, is costing consumers.
Seventy-six percent of consumers are experiencing an increase in spoofing and phishing incidents, researchers found, and 35 percent said they receive fake e-mails at least once a week.

The total bill thus far? US$500 million.

from NewsFactor Network

Category: Identity Theft News
Posted on November 6, 2004 at 10:02 PM | Permalink | Comments (0) | TrackBack

Identity theft up by 45% in Britain

The problem of identity theft is becoming a growing concern for Britons, with 90% of people who have heard of the crime worrying about falling victim to it.

Incidents of identity theft, when a fraudsters uses someone else's personal details to apply for credit or benefits, soared by 45% last year.

from ic Wales

Category: Identity Theft News
Posted on November 1, 2004 at 05:30 PM | Permalink | Comments (0) | TrackBack

The Net's Biggest Scam (Phishing)

Cybercon

The scams are incredibly effective. In the 12 months through April 2004, 57 million Americans said they received what they believed was a phished e-mail, reports the consultancy Gartner. Of those, 1.8 million people took the bait, and 980,000 claimed they were scammed as a result.

from Forbes.com

Category: Identity Theft News
Posted on September 24, 2004 at 06:41 AM | Permalink | Comments (0) | TrackBack

Postings...and welcome to our new web developer

If you're a regular visitor to ScamSafe.com or a subscriber to our mailing list, you may have noticed a slow down in the number of postings. We apologize for that. The good news is that we're planning a number of improvements to our web site that will make it easier to navigate and, eventually, we'll be adding significantly more content. More on that later.

I also want to extend a warm welcome to our new web developer, Ingrid. She has several years of experience in building web sites and is currently a Computer Science major at the University of California, Santa Barbara. Great to have you on board, Ingrid!

--Tom, ScamSafe Editor

Category: Identity Theft News
Posted on September 5, 2004 at 11:32 PM | Permalink | Comments (2) | TrackBack

New law offers help for ID theft victims

Free credit reports, more useful fraud alerts and less frustration for victims are all great. But Congress could have done much, much more to protect the public as it revised the law.

Congress’ recent update of the Fair Credit Reporting Act wasn’t the hideous train wreck it could have been. The new rules actually provide some significant protections to identity-theft victims in most areas of the country.

Unfortunately, the reforms may turn out to be a step backward for residents of California, Texas and some other states that have much tougher laws in place. And lawmakers could have done a lot more to attack the real reason behind identity theft’s huge rise: lax practices by lenders.

from MSN

Category: Consumer Tips, Identity Theft News
Posted on August 25, 2004 at 02:49 PM | Permalink | Comments (1) | TrackBack

Phishing Attacks Become More Acute and Globally Diverse

VeriSign, Inc., a provider of intelligent infrastructure services for the Internet and telecommunications networks, recently released the third edition of the VeriSign Internet Security Intelligence Briefing. It included some interesting statistics related to phishing scams:

-- In a sample of 490 phishing e-mails, targeting customers of
16 companies, VeriSign found that 93 percent were sent from forged
or spoofed e-mail addresses; 5 percent came from sites making no
attempt to disguise their destination, and 2 percent came from
"cousin" sites, which closely mimic the company site they are
seeking to imitate.

-- 37 percent of phishing e-mails directed users to capture sites
located outside the United States, with a concentration in Korea,
China, Poland, Brazil, Taiwan, Singapore, Australia and Indonesia.

-- VeriSign found the majority of phishing attacks were launched
between 9:00 p.m. -- 4:00 a.m., when IT staffers are often on call
or fewer in numbers.

Category: Identity Theft News
Posted on July 31, 2004 at 08:03 PM | Permalink | Comments (0) | TrackBack

Louisiana Adopts Identity Theft Law [Lake Charles,LA]

Consumers have a new tool in the fight against identity theft, thanks to a recently adopted law. It allows for something called a "security freeze," which will ensure that no one has access to your credit information without your permission. State Attorney General Charles Foti says Louisiana is just the third state in the nation to approve such legislation.

from KPLC-TV

Category: Identity Theft News
Posted on July 31, 2004 at 07:53 PM | Permalink | Comments (0) | TrackBack

Phishing scams

We are currently planning to discontinue posting the long lists of phishing scams. If you haven't seen these yet, we take the Subject lines from alerts posted at FraudWatch International and put them here on ScamSafe.

If any regular readers of ScamSafe want to see us continue to post these, we will reconsider. Let us know by emailing us. Thank you.

Category: Identity Theft News
Posted on July 31, 2004 at 07:40 PM | Permalink | Comments (0) | TrackBack

New UK gov't site tackles identity theft [London,UK]

A new website has been launched by the Home Office, which offers advice on how to protect against identity theft, and steps to take for victims of this crime: www.identity-theft.org.uk.

Home Office Minister Des Browne unveiled the new site. Identity theft is said to affect more than 100,000 people in the UK every year, according to the Home Office.

Category: Identity Theft News
Posted on July 24, 2004 at 04:05 PM | Permalink | Comments (0) | TrackBack

Is Your Bank Helping Phishers?

Leading financial institutions have adopted a more aggressive attitude toward online identity theft cons known as "phishing scams" in recent months. But companies, including MasterCard International, may be unwittingly helping phishers trick online shoppers, says a new report from a U.K. Web developer.

A test of leading financial services Web sites, including sites run by MasterCard, NatWest, and Reuters Group revealed that many sites have loosely protected features that scam artists can use to mask their own malicious Web sites, hijacking the name and Web address of established institutions, says Sam Greenhalgh, who is 19 and operates the Web site Zapthedingbat.com.

from Yahoo!

Category: Identity Theft News
Posted on July 24, 2004 at 03:16 PM | Permalink | Comments (1) | TrackBack

Anatomy of a 419 scam

Exclusive Regular readers will be familiar with our ongoing coverage of variations on the 419 advance fee fraud scam. Occasionally, we report on people who have been suckered by the promise of riches beyond the wildest dreams of avarice - and duly fleeced for their trouble.

Two oft-posed question from readers are "how could they be so stupid?", and "surely everyone is aware of these scams by now?" Indeed, we have been accused in the past of carrying too much 419 coverage.

Sadly, though, it's clear that the 419ers continue to operate with considerable success. The following is an account of how one US citizen (we have called him DG) recently lost $1,000 to a UK-based 419 outfit who used a combination of plausible correspondence, phone calls and a fake bank website to reel in their victim. We have appended the full email correspondence between DG and the 419 gang to the end of this article.

from The Register (UK)

Category: Identity Theft News
Posted on July 19, 2004 at 11:34 AM | Permalink | Comments (0) | TrackBack

Identity Theft Security Legislation Signed By Governor [SPRINGFIELD, IL]

Illinois Governor Rod Blagojevich has signed into law (Senate Bill 2545), a measure prohibiting insurers from printing customers' Social Security numbers on their insurance cards and thereby making it more difficult for identity thieves to steal someone's identity. This measure, which was initiated by the Illinois Bankers Association (IBA) and sponsored by State Senator Iris Martinez (D-Chicago) and State Representative John Fritchey (D-Chicago), was unanimously approved by both houses in May. The bill signing took place at the State Capitol on Wednesday morning.

from U.S. Newswire

Category: Identity Theft News
Posted on July 17, 2004 at 10:46 PM | Permalink | Comments (0) | TrackBack

Firms hit hard by identity theft [Boston,MA]

Government agencies and private corporations are also vulnerable to identity theft, and they often suffer greater losses than the client whose personal information was stolen, authorities said yesterday.

"The institutions are being duped just like you would be if your information was stolen," said Ken Jones, inspector in charge for the regional Postal Inspection Service, which investigates instances of mail fraud leading to identity theft.

When credit card or bank account numbers are stolen from corporations such as credit agencies, it is often the institutions, and not private citizens, who are hit the hardest, Jones said.

from Boston Globe

Category: Identity Theft News
Posted on July 17, 2004 at 10:42 PM | Permalink | Comments (0) | TrackBack

President signs Identity Theft Penalty Enhancement Act

This new law, the Identity Theft Penalty Enhancement Act, is a good thing for everyone. But, as Linda Foley of the ID Theft Resource Center tells us, the stiffer penalties are only for those prosecuted under federal law. The individual states now need to enact stiffer penalties as well. And this will hopefully also give state and local police and prosecuters more incentive to treat identity theft more seriously and prosecute criminals more aggressively. --Scamsafe Editor

President Bush signed a measure yesterday that stiffens penalties for identity theft and makes it a felony to help terrorists obtain false identification.
The Identity Theft Penalty Enhancement Act provides up to two years in prison for anyone stealing or distributing someone else's personal information, and up to five years for anyone committing identity theft in conjunction with a terrorist act.
Signing of the bill, sponsored by Rep. John Carter, Texas Republican, comes after a five-year period in which 27 million Americans had some form of personal information stolen from them, according to the Federal Trade Commission.
"The crime of identity theft undermines the basic trust on which our economy depends," Mr. Bush said. "Identity theft harms not only its direct victims, but also many businesses and customers whose confidence is shaken."

from Washington Times

Category: ID Theft News, Identity Theft News
Posted on July 16, 2004 at 11:44 AM | Permalink | Comments (0) | TrackBack

More Details on Identity Theft Penalty Enhancement Act

Identity Theft Penalty Enhancement Act - Amends the Federal criminal code to establish penalties for aggravated identity theft.

Prescribes sentences of two years' imprisonment for knowingly transferring, possessing, or using, without lawful authority, a means of identification of another person during and in relation to specified felony violations (including felonies relating to theft from employee benefit plans and various fraud and immigration offenses), and five years' imprisonment for knowingly taking such action during and in relation to specified felony violations pertaining to terrorist acts, in addition to the punishments provided for such felonies.

Prohibits a court from: (1) placing any person convicted of such a violation on probation; (2) reducing any sentence for the related felony to take into account the sentence imposed for such a violation; or (3) providing for concurrent terms of imprisonment for a violation of this Act and any other violation, except, in the court's discretion, an additional violation of this section.

Expands the existing identify theft prohibition to: (1) cover possession of a means of identification of another with intent to commit specified unlawful activity; (2) increase penalties for violations; and (3) include acts of domestic terrorism within the scope of a prohibition against facilitating an act of international terrorism.

See >Congressional Legislation Details (Bill # H.R.1731) from Congress.org

Category: Identity Theft News
Posted on July 16, 2004 at 11:00 AM | Permalink | Comments (0) | TrackBack

Consumers May Face Increased Risk of Identity Theft

According to a new study by The Radicati Group, consumers and companies may be facing an increasing risk to Internet identify theft and fraud.

The study, "Email Anti-Phishing and Anti-Fraud Market Trends 2004-2008," projects that over the next four years there will likely be an increase in the number of worldwide unique phishing attacks--email scams that try to get customers to reveal personal information like social security numbers and passwords.

The study, which contains data compiled from interviews and surveys conducted with vendors, service providers, corporate customers, and consumers, states that the amount of unique phishing attacks is anticipated to grow from 51 per day in 2004 to 110 per day by 2005. This represents an increase of 115 percent. The report also asserts that the email antiphishing and antifraud solutions market will more than quadruple, from $202 million in 2004 to more than $880 million by 2008.

from Destination CRM

Category: Identity Theft News
Posted on July 9, 2004 at 08:53 PM | Permalink | Comments (1) | TrackBack

Passports to help identity theft victims [Jackson,MS]

A new program overseen by the Mississippi state Attorney General's office should help people like Powell. The 25-year-old Jackson resident was the first person Thursday to receive a new identity theft victim passport, which he can show to clear up confusion if he's ever in a similar situation.

The passports are part of a statewide effort to prevent identity theft and to aid its victims. A law went into effect Thursday increasing the maximum jail sentence for an identity theft conviction from five years to 15. A person convicted of identity theft must pay the victim restitution and pay double the cost of the investigation.

"Mississippi is off limits to identity thieves," Attorney General Jim Hood said.

from Jackson Clarion Ledger

Category: Identity Theft News
Posted on July 9, 2004 at 04:49 PM | Permalink | Comments (0) | TrackBack

Canadians Overwhelmingly Concerned about Identity Theft, but Most Do Not Know How to Protect Themselves

CHANTILLY, Va.--(BUSINESS WIRE)--June 30, 2004--Seventy-five percent of Canadians say they are concerned about identity theft, but only 20 percent consider themselves 'very well informed' about how to protect themselves against one of the fastest-growing crimes in North America.

These are among the findings of a telephone poll of 1001 Canadian adults released today by Intersections Inc. (Nasdaq:INTX). Conducted earlier this month by Ipsos-Reid on behalf of Intersections, the preliminary results were presented at the recent meeting of the Credit Scoring and Risk Strategy Association (CSRSA) at Blue Mountain Resort in Collingwood, Ontario.

"While identity thieves are getting more sophisticated in the ways they perpetrate their crimes, Canadians are not yet equally savvy in their responses to this growing threat," said Sheila McCracken, who directs Intersections' Canadian solutions group, commenting on the findings.

from BUSINESS WIRE

Category: Identity Theft News
Posted on July 8, 2004 at 12:29 PM | Permalink | Comments (0) | TrackBack

Senate approves identity theft bill [Wash, DC]

The U.S. Senate has passed a bill proposed by U.S. Rep. John Carter, R-Round Rock, to increase penalties for identity theft.

The Identity Theft Penalty Enhancement Act was passed unanimously Friday. The bill now awaits President Bush's signature.

from Austin Business Journal

Category: Identity Theft News
Posted on June 28, 2004 at 05:21 PM | Permalink | Comments (0) | TrackBack

How phone companies enable fraud

ScamSafe has been reporting on a work-at-home check cashing scam (operating under various names, i.e. Xian Energy, Nextdayfinance, PureXian.biz). In the past we commented on how job web sites post ads for these thieves and thus enable their crimes--even after being notified that these are illegal operations. Another culprit is the phone companies which provide the telephone and fax lines. Dick Hambrice, a victim of this crime ring, has been doggedly trying to shut them down by contacting job boards, web hosters and telephone companies.

Dick reports, "The Compton phones (for Nextdayfinance) belong to PacWest Telecom. I emailed them a couple of weeks ago letting them know about the criminal enterprise using them. Their reply was 'This information is being sent to our customer who the number is leased out to. They will investigate and take the appropriate actions. Thank you, Network Operations Security.'" Dick continues, "I called the numbers this morning and they are still working."

It appears that PacWest is asleep at the wheel, while thousands of consumers are being ripped off by this international crime ring. Shame on PacWest--and whichever company is leasing their lines.

Category: Consumer Tips, Identity Theft News
Posted on June 17, 2004 at 09:12 AM | Permalink | Comments (1) | TrackBack

Oklahoma Governor Signs Identity Theft Bill

Oklahoma Gov. Brad Henry has signed Senate Bill 1164, a measure designed to help protect victims of identity theft.

According to the Senate Communications Office, State Sen. Mike Johnson, R-Kingfisher, is principal author of the bill, which creates an "Identity Theft Passport" to protect innocent victims from arrest or other legal actions.

"While the digital age provides many benefits, it also has a dark side in the form of identity theft. Oklahoma is now one of the first states to address the nightmare identity theft victims go through when they're falsely accused," Johnson said.

FULL STORY from Insurance Journal [pop up]

Category: Identity Theft News
Posted on June 16, 2004 at 01:32 PM | Permalink | Comments (2) | TrackBack

Oklahoma Governor Signs Identity Theft Bill

Oklahoma Gov. Brad Henry has signed Senate Bill 1164, a measure designed to help protect victims of identity theft.

According to the Senate Communications Office, State Sen. Mike Johnson, R-Kingfisher, is principal author of the bill, which creates an "Identity Theft Passport" to protect innocent victims from arrest or other legal actions.

"While the digital age provides many benefits, it also has a dark side in the form of identity theft. Oklahoma is now one of the first states to address the nightmare identity theft victims go through when they're falsely accused," Johnson said.

from Insurance Journal

Category: Identity Theft News
Posted on June 16, 2004 at 01:32 PM | Permalink | Comments (1) | TrackBack

Vermont passes ID Theft crime bill

Colorado only remaining state without one

Identity theft is a growing problem in the United States, and soon, Vermont will have a law to protect consumers from losing money and their good credit.

Your personal information is everywhere -- in your mail, your wallet, and even on the Internet. If criminals get a hold of your private information, like your social security number or a credit card number, they can assume a your identity.

Currently identity theft is not a crime in Vermont.

FULL STORY from theChamplainChannel.com [pop up]

Category: Identity Theft News
Posted on June 16, 2004 at 01:19 PM | Permalink | Comments (0) | TrackBack

Vermont passes ID Theft crime bill

Colorado only remaining state without one

Identity theft is a growing problem in the United States, and soon, Vermont will have a law to protect consumers from losing money and their good credit.

Your personal information is everywhere -- in your mail, your wallet, and even on the Internet. If criminals get a hold of your private information, like your social security number or a credit card number, they can assume a your identity.

Currently identity theft is not a crime in Vermont.

from theChamplainChannel.com

Category: Identity Theft News
Posted on June 16, 2004 at 01:19 PM | Permalink | Comments (0) | TrackBack

Americans Believe Insurance Fraud Occurs Because People Think They Can Get Away With It

NEW YORK--(BUSINESS WIRE)--May 25, 2004--The majority of Americans say insurance fraud occurs because people believe they can get away with it, according to results of a survey released today by Accenture.

Category: Identity Theft News
Posted on June 2, 2004 at 03:59 PM | Permalink | Comments (0) | TrackBack

Americans Believe Insurance Fraud Occurs Because People Think They Can Get Away With It

NEW YORK--(BUSINESS WIRE)--May 25, 2004--The majority of Americans say insurance fraud occurs because people believe they can get away with it, according to results of a survey released today by Accenture.

FULL STORY from Yahoo! [pop up]

Category: Identity Theft News
Posted on June 2, 2004 at 03:59 PM | Permalink | Comments (0) | TrackBack

Feds Want Tougher Penalties For Insider Identity Theft [USA]

A federal proposal to combat identity theft takes a particularly hard line on people who abuse insider access to information to commit the crime.

The House Judiciary Committee earlier this month passed a bill, the Identity Theft Penalty Enhancement Act, that would establish a new crime of aggravated identity theft--the use of a stolen identity to commit certain crimes--and increase applicable penalties. The bill also includes an amendment that directs the U.S. Sentencing Commission to revise its guidelines to include stronger punishment for those who abuse a position of trust to commit insider identity theft. The bill is likely to be brought to the full House for a vote in the near future.

from Information Week

Category: Identity Theft News
Posted on June 2, 2004 at 02:49 PM | Permalink | Comments (0) | TrackBack

Feds Want Tougher Penalties For Insider Identity Theft [USA]

A federal proposal to combat identity theft takes a particularly hard line on people who abuse insider access to information to commit the crime.

The House Judiciary Committee earlier this month passed a bill, the Identity Theft Penalty Enhancement Act, that would establish a new crime of aggravated identity theft--the use of a stolen identity to commit certain crimes--and increase applicable penalties. The bill also includes an amendment that directs the U.S. Sentencing Commission to revise its guidelines to include stronger punishment for those who abuse a position of trust to commit insider identity theft. The bill is likely to be brought to the full House for a vote in the near future.

FULL STORY from Information Week [pop up]

Category: Identity Theft News
Posted on June 2, 2004 at 02:49 PM | Permalink | Comments (0) | TrackBack

Phishing Attacks Still Rising

Phishing scams climbed almost 200 percent during April, according to the newest numbers released by the Anti-Phishing Working Group this week.

In April, the group spotted nearly 1,100 unique phishing campaigns, a 178 percent increase over March, signs that the already-serious problem is accelerating. Earlier, the Anti-Phishing Working Group noted that the number of unique scams in March were up 43 percent over February's.

from Yahoo!

Category: Identity Theft News
Posted on May 31, 2004 at 11:35 AM | Permalink | Comments (0) | TrackBack