Fake Caller Id Scam May Lead to Identity Theft

If you know about vishing, which is a brand of phishing that takes place by phone, you may be savvy enough to know to be wary of unsolicited phone calls from numbers you don’t recognize – especially when the caller asks for personal information. You know the kind of sensitive information that can lead to identity theft. Unfortunately, some identity thieves have caught on to this newfound consumer knowhow and are taking their scams a bit further. They are making the phone number and label that shows up on caller IDs appear legitimate.

One case of this scam, that was unfortunately successful, took place in Minnesota. Customers of at least three car dealers were called after they made purchases or brought their cars in for service and were asked to give out their credit card numbers. Many fell for the scam and faced fraudulent charges on their credit card bills, some for several thousand dollars.

A spokesman for the Minnesota Automobile Dealers Association told the local Star Tribune that he thinks many large retail business could be targeted, not just automobile dealers. Certainly auto dealers are not the only businesses that commonly call their customers to follow up – and these business are located all across the United States.

The concern about this type of crime spreading to other parts of the country – and quickly — is so high that it’s reached the attention of at least one member of Congress. Senator Bill Nelson of Florida introduced a bill known as the Truth in Caller ID Act. While there is no specific national legislation regarding caller ID spoofing as of yet, if this bill becomes law, it will make the practice a federal crime.

Federal crime or not, this will not necessarily deter thieves from spoofing business’ phone numbers for their own monetary gain. So the main solution here is one of prevention; you have to be even more careful when picking up the phone. If a person on the other end of the line asks for your personal information, don’t give it out unless you initiated the call and are positive that the person represents the businesses he says he does.

If you need to, offer to call the person back using a verified legitimate contact number; not one that the person gives to you. While the caller may find this extra step to be a bit inconvenient, it is always better to be safe than sorry. Not only do you not want to have to deal with contesting charges you did not make; you do not want to face the risk to your credit rating or an attack on your identity if you don’t find out in time.

Now an identity theft company or the right credit monitoring service can’t protect you from vishing or this fake caller id scam but it can certainly alert you when something goes wrong and help you put an end to it quickly before it blossoms into a painstaking case of identity theft.

To learn about identity theft protection just follow the link and take the time to review each company and their services so you can find the right protection for you and your family. There is a budget to fit everyone. It really is inexpensive when you consider the time and/or financial cost of dealing with any degree of identity theft.

Egyptian Phishing Scam Crackdown

Past victims of phishing scams have a little something to smile about. Last October, yes 2009, authorities charged almost 100 people involved with perpetrating such a scam: 50 in the United States and 50 in Egypt. This scam was nothing novel. The thieves simply set up a fake website that was supposedly the official site for a bank. They sent out emails to consumers saying that they needed them to log into their accounts with their banking information and left a link to the site in those emails. Then they waiting.

Soon enough, enough consumers fell for the scam that they thieves were able to raid bank accounts to the tune of over a million dollars. This is nothing new either. What is a bit novel is that the thieves got caught. With international scams like this one, it can be very hard for authorities to track down the guilty parties, and anyone who’s gotten a suspicious email from Nigeria knows that most phishing scams tend to be international.

An FBI representative told the Associated Press that this is the largest number of perpetrators it has ever charged in a single cybercrime case. This is again, good news.

The problem is that there are exponentially more identity thieves still out there, and the majority of them are likely to never get caught. Frank Abagnale of Catch Me if You Can fame wrote in his book, Stealing Your Life, that about one in every 700 identity thieves are prosecuted. If this statistic still holds true, that means 70000 identity thieves are out there running free in relation to this latest bust.

Of course, there is no merit in thinking that way. Instead, it is better to just keep yourself and your family as safe as you can with identity theft protection. Phishing scams have been going on for years. They are often easy to spot, but sometimes not as much. A good clue that an email is trying to take you to a fake banking website is of course the fact that you don’t even have an account with the bank in question. Other not so obvious signs are:

*The lack of an https or the lock icon in the browser bar
*Extra letters or numbers in the Web address that don’t look like they should be there
*Links on the site that don’t work or lead to pages with error messages
*Mentions of products or offers that do not exist or are expired

You don’t even have to click on the link and go to the site to find out if an email is a phishing email. In fact, it is better if you don’t. Who knows what nefarious software the site could have running in the background? Instead, if you get an email from “your bank” saying you need to log into your account pick up the phone and call the bank. Use a phone number from your statement or from the phone book. A representative should be able to tell you if the email is legitimate. If you find out it’s not, delete it. Simple as that.

Indiana Hospital Notified 1,200 Patients of Laptop Theft and Possible Security Breach

A laptop, which was in an employee’s home, causes St. Vincent Hospital of Indianapolis, Indiana to send out letters to some 1,200 patients who may be affected by a security and privacy breach.

The laptop was stolen from the worker’s home on July 25, 2010 and has not yet been found or obtained since then. Although there is no proof that the data stored on the laptop (which includes patients’ names, Social Security numbers, and personally identifiable information) has been used inappropriately, the letters being sent from St. Vincent Hospital encourage those who may have been affected to enroll in
identity theft protection services to ensure their information is safe from potential misuse.

Post office id theft

While we tend to think of identity theft as being a complicated crime, sometimes thieves are able to access your information in some of the easiest ways. For example, they can go through the local post office. All the thief has to do is change your address to his and your personal information will be delivered right to his mailbox.

Although the post office has put a safeguard in place to try to prevent this from happening – requiring every individual who makes a request to provide a credit card number with the old address or the new address on it – it hardly makes it impossible for the thief to commit the crime. Also, if she changes the address through a third party, such as whitefence.com, she doesn’t even have to worry about that quick confirmation.

This happened to Roland Liebenow, who only found out through a letter from the post office confirming his “new address” in Wisconsin. Thanks to his mail rerouting. Brandon Gipson was able to obtain loans and charge hundreds of dollars in Liebenow’s name. Said Liebenow, “Until or unless the government really finds some way of cracking down on [this], I think we’re in for some real problems.”

Since there’s not much you can really do to prevent this crime, other than receiving as much of your mail online as possible, which may not even help you in the long run, instead, you should sign up with an identity theft protection service. Many of these plans will let you know immediately if a change of address is made on any of your accounts, and if an account is opened in your name that you did not authorize.

Another way you can tell if something weird is going on with your mail is if you don’t get any for more than one day, especially if you usually get a decent amount. That’s when it’s time to make a stop at your local post office to take a gander at what is going on. All you have to do is talk to a clerk at the desk. He or she should be able to tell you if your mail is being held or forwarded. If it is without your consent, this same individual can put a stop to it almost immediately. You can ask the post office to confirm with you if something like this ever happens in the future.

BTW, the two identity protection services that have change of address monitoring are LifeLock and ID Watchdog. Click the respective link to read our reviews.

Corrupt Entrepreneurship Leads to Identity Theft Ring

The spirit of entrepreneurship is alive and well in the United States. Where else in the world can you rise up from nothing to start your own identity theft ring that is so successful you have to hire a staff to manage all of your, um, cases? Okay, fine. Pretty much anywhere else in the world, actually.

This time the thefts took place in Sanford, Florida, where the male, shall we say business owner, is charged with earning (stealing?) upwards of $10,000 per week off of Florida residents’ personal information. Leonard Eugene Malone’s alleged methodus operandi was to deal in bulk. He stole a whole lot of identities so that he only had to use each one once, lessening the chances that the victim would catch on.

To do so, he and his quote, unquote, employees would dig through unlocked mailboxes searching for credit card statements, checks and other mail that contained personal details. The information proved sufficiently lucrative, enough so that he was able to make fake drivers’ licenses and fake checks. With both types of items in hand it was fairly easy to cash the checks at grocery stores and other retail establishments, such as Wal-Mart. He kept the checks at $600 to avoid raising a lot of eyebrows. Besides, who needs more than that when you’re cashing dozens per week?

If someone has both a valid looking check and a valid looking ID, there is no reason for the person cashing a check to question it. But once this check arrives at the financial institution who supposedly issued it, there is of course a cause for concern. The problem lies in that there may be days in between, which allows the identity thief plenty of time to move on – and pocket the cash.
Luckily, the Florida Department of Law Enforcement caught up with Malone and he will likely be charged with racketeering, but there are certainly more people that can take his place.

One thing that this case tells us that we should keep in the front of our minds is that Malone didn’t get the personal information by hacking into a computer network, bribing an employee at an insurance company, breaking a code or anything like that. All he did was walk up to many, many mailboxes and take it. This should put anyone that doesn’t have a locking mailbox on alert.

People that are in this situation should, first and foremost, ask their local postal service if it’s permissible to have their mailbox replaced with a locking one. If this is not allowed, due to local ordinance or another such reason, the next best step to take is to divert any mail that is sensitive in nature to another location; for example, a P.O. box or an email inbox (via canceling paper statements and getting the e-versions instead).

Also, everyone, even those with locking boxes, should send out checks and the like by dropping them in those large, blue, official mailboxes or taking them to the post office directly.

I don’t know about your mail carrier, but mine has a tendency to drop the mail on the ground on the way to the truck. We sometimes find it blowing about the neighborhood a day or two later. If I can help it find its way to the post office in any small manner, that is definitely worth the extra time it takes.

In addition, please consider identity theft protection. Insurance or a guarantee plus restoration services can go a long way if you do become a victim of identity theft and the pro-active nature of many of the services can both help protect you from identity theft and minimize the damage in the event you are attacked.

Employee Confesses to Recycling 33,000 Patient Records for Monetary Personal Gain

The Martin Luther King, Jr. Multi-Service Ambulatory Care Center is in the process of sending letters to notify some 33,000 patients of a possible patient privacy breach after investigating an incident where a number of paper files went missing back in July of 2010.

After a thorough investigation with the Los Angeles County Department of Health Services and the Los Angeles County Sheriff’s Department, the MLK-MACC campus received a confession from an employee that he took the files to a recycling station in order to obtain paper value and receive monetary gain for the paperwork.

Those who may be impacted by this security breach have been notified by letter of the incident, and the letter notification includes steps and information in obtaining identity theft protection from possible identity theft that could result from a breach of this sort.

Heartland pays American Express 3.6 Million

Recently we updated readers on the Heartland Data Breach and thought once again we would take a look back at one of the most revealing developments in this heavily publicized case, that being Heartland Payment Systems was ordered to pay $3.6 million to American Express. If you missed that blog post or are otherwise unfamiliar, it occured when a group of identity thieves facilitated one of the largest data breaches in history using SQL injection attacks. American Express sued Heartland in an attempt to recover the money it cost the company to reissue thousands of credit cards to affected consumers. Heartland was only one victim, albeit the largest, of the infamous 2008 data breach. Other victims include Hannaford Brothers and 7-Eleven.

While $3.6 million, of course, seems like a large sum of money, this is only the beginning of the road for Heartland. It still faces probable future settlements with both Visa and MasterCard. All in all, the company earmarked $12.6 million to deal with all of the fines and settlement costs it expected to incur.

As Heartland’s pocketbook continues to suffer due to a lack of security on its part, the same thing is happening to Americans all over the country. They didn’t do enough to protect themselves from identity theft and are now suffering the consequences that come with being victimized. Perhaps they are taking time off work to spend hours at the Social Security Administration proving they are who they say they are. Perhaps they are putting off buying a home because they can’t get approved for a mortgage due to a thief meddling with their credit. Perhaps they are trying to recover money drained from their bank accounts when a thief spoofed their debit cards.

While it’s unlikely you will lose millions of dollars a la Heartland, it’s very typical for identity theft victims to lose hundreds or thousands, especially when you consider both money and time. That’s why you have to do everything you can to not become a victim – even if your information is released due to a data breach that is completely out of your hands.

If you obtain an identity theft protection service, oftentimes you can find out when your information is up for sell or trade on the black market before a thief has the chance to use it for nefarious purposes. Once you know, you can notify creditors and law enforcement, and set up a freeze on your credit file. If you don’t have a protection plan, you risk waiting to find out until you’re denied credit or you happen to check your credit report and realize your account has been tampered with.

Don’t be a Heartland. Don’t wait to find out your accounts aren’t secure by hearing from a thief or group of thieves or by seeing their handiwork. Take responsibility for your own identity theft protection today.

Pennsylvania Medical Employee Sells Patient Information, Violates HIPAA

A former employee of the University of Pittsburgh Medical Center, Paul Pepala, 34, has recently been charged with 14 counts of disclosing patient’s personal information for personal gain. Pepala, who worked at the Shadyside Hospital, has been sentenced to 80 years in prison along with a fine for $4.7 million dollars. This was after it was found that he had disclosed personal patient data, such as Social Security numbers, birthdates, and names in order to file false tax returns for 2008.

If you or someone you know was a patient of the University of Pittsburgh Medical Center’s Shadyside Hospital, it is strongly encouraged that you sign up for credit report monitoring services in order to ensure your credit is safe from identity theft. TrustedID also examines your medical benefits to ensure you and your family are the only ones using them so they would be a good choice for identity protection.

A Recap of a Famous Identity Theft Breach – The Heartland Hackers

You may have already heard about the August 18, 2009 indictment of Albert Gonzales and accomplices, regarding the theft of over 130 million debit and credit card numbers, making it the biggest ID theft case prosecuted in the history of the crime. Gonzales, a former government informant, on the subject of credit card fraud nonetheless, used a vector attack to obtain numbers from large retailers, including 7-Eleven and Hannaford Brother; and Heartland Payment Systems, a popular payment processing company.

The process involved in these thefts was fairly complex. Gonzales and his “team” would visit various businesses to view their point of sale equipment. Once they were able to find vulnerability in a system, they would attempt to find a way to hack into it. Since retailers are less likely to frequently update their software than, for example, a large technology or medical company, they were able to find a virtual hacker’s paradise.

By using servers and systems located around the world, and assistants in Russia and Eastern Europe, as well as the U.S., Gonzales was able to hack into networks, install malware on the machines in some cases, and get credit information essentially delivered directly to him. This information included cards currently in use and those that had been stored on the system from previous use.

When Gonzales was indicted for his latest identity theft crimes, he was already under investigation for hacking the systems of several additional companies. These include such shopping mall staples as Barnes & Noble, the Sports Authority and Forever 21. Another Gonzales target, T.J. Maxx, told the Securities Exchange Commission that it has lost $200 million due to a similar data breach.

If Gonzales is convicted of the charges against him, he faces not only over $1 million in fines, but up to 35 years in prison. This will hopefully keep him out of the picture for quite some time, but there will soon be others who will learn from his experience. There are always plenty of hackers out there that would love to make a quick buck, whether in an ethical way or not.

While it is tough to switch to a cash-only payment system, doing so might seem tempting with all of the information that seems to be floating about. However, you don’t have to if you have an identity theft protection plan. It will help to keep your card numbers safe, even if they do end up picked up by a criminal.

Additionally, read your credit card and debit card statements each month. If you notice anything unusual, get your card number changed, and notify your credit card company of the charges that you don’t recognize so you can go through the process to contest them. While companies targeted in the Gonzales case may be out a good deal of money, you do not have to join them in the same boat. These retail companies often have insurance policies to help them out. You can have similar protections for your own accounts with as little as a couple of pennies per day. Learn more about LifeLock or Identity Guard and how they can protect you and your family from identity theft.