NEW CONTENT 04-14-2019

Page index:
6 FTC Consumer Alert Short Articles - - New 04-14-19 - -
       Online Security;
      Check your child's credit history;
      Netflix phishing scam: Don’t take the bait!;
      Keep hackers out of your home;
      Do not use Facebook to log on to other sites;
      New Medicare cards coming;

Thieves Create False Identities Using Child's S. S. Number
Keep Financial Information Safer on Your Phone
Latest Hacker Target: Cell-Phone Accounts
Fake Unemployment Claims On The Rise In Michigan
Five Things You Must Do If Your ID Is Stolen
Tax Return Identity Theft
Protecting Dead Relatives Identity.
Prevent I.D. Theft After A Loved One Dies.
Hackers Target Bank Accounts Through Your Phone.
Good Advice to Help Stop Phishing.
New Form of Identity Fraud Soars as Crooks Switch Tactics
What’s left behind: Junkyard identity theft
Don’t Always Share Everything With Facebook
Crooks Have a New Way to Break into Cars
Your Fingerprint Won’t Protect Your Accounts
Cyber Thieves May Have Your Social Security Number
Protect Your Password
Ways To Protect Yourself After A Data Breach
What To Do After A Personal Data Breach
You Have Fallen For A Scam! Now What?
Personal Information Safety Tips
Simple tips to avoid identity theft
Your Vehicle and Identity Theft - Partners in Crime
File a Complaint with the Federal Trade Commission
Credit Bureau Contact Info
Many Older Articals

Visit our Active Scam Page for more information on how thieves trick you into giving them your personal information.


The U.S. Government's Federal Trade Commission has a pretty good web site to help you with all kinds things like Privacy, Identity, & Online Security Money & Credit, Homes & Mortgages; Health & Fitness, Jobs & Making Money, and Scam Alerts. Federal Trade Commission Consumer Information


6 FTC Consumer Information Short Articles

Online Security - The internet offers access to a world of products and services, entertainment and information. At the same time, it creates opportunities for scammers, hackers, and identity thieves. Learn how to protect your computer, your information, and your online files with Tips from the FTC.

Check your child's credit history. A new federal law that went into effect in September makes it easier to do this and it can be important, because thieves are increasingly stealing children's Social Security numbers and using them to create phony identities under which they take out loans or credit cards. In 2017, the Federal Trade Commission received 14,000 complaints of identity theft targeting people age 19 and younger. The fraud can go unnoticed for years unless parents check their children's credit histories; which few parents do. For information on what to do under the new law, visit the special FTC web page, IdentityTheft.gov.
From The Wall Street Journal.

Netflix phishing scam: Don’t take the bait! Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity, or both. They also use phishing emails to get access to your computer or network. If you click on a link, they can install ransomware or other programs that can lock you out of your data. Scammers often use familiar company names or pretend to be someone you know. Here’s a real world example featuring Netflix. Police in Ohio shared a screenshot of a phishing email designed to steal personal information. The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method. Read the rest of the article at Don’t take the bait!

Keep hackers out of your home by protecting all of your connected applinces. TVs, refrigerators, baby monitors and other objects now may be connected to the Internet for remote operation—and therefore may be vulnerable. Self-defense: Use multifactor authentication for each appliance, such as a password plus a security key or onetime code sent to your phone. Pay attention to all notices of security updates and download and install all of them. Install malware protection on every device. Change default user names and passwords on each device as soon as you set it up.
From: Roundup of experts on Internet of Things

Do not use Facebook to log on to other sites. Logging on to websites through Facebook is very convenient, but it can give hackers access not only to your Facebook account but also to any account that you reach through Facebook. That means a single hacking incident at Facebook can jeopardize your security at a huge number of sites; which is exactly what happened in the recent Facebook breach affecting at least 50 million users. Facebook says it has no evidence that the hackers got into accounts at other sites through Facebook, but this is uncertain; and the risk of having it happen outweighs the small convenience of using Facebook as a sign-on service.
From: Roundup of experts on computer security.

New Medicare cards coming.
Starting in April 2018, Medicare will begin mailing new cards to everyone who gets Medicare benefits. Why? To help protect your identity, Medicare is removing Social Security numbers from Medicare cards. Instead, the new cards will have a unique Medicare Number. This will happen automatically. You don’t need to do anything or pay anyone to get your new card. Read the entire article at FTC Consumer information.

Return to top of page.

Thieves Create False Identities Using Child's Social Security Number

By Bev O'Shea, NerdWallet. Published April 27, 2018 by 13 on your side.com.

Identity theft, or identity fraud, once meant crooks were churning out fake credit cards. But as that became easier to detect, a more insidious crime has evolved: the creation of completely new identities. Known as “synthetic identity theft,” it involves fraudsters using a combination of fake information, such as a fictitious name, and real data, like a child’s Social Security number, to create fraudulent accounts. It is a growing problem, says Eva Casey-Velasquez, president and CEO of the nonprofit Identity Theft Resource Center. But the scope of the problem is difficult to determine because the crime can go undetected for years, she says. However, the rate of children’s identity theft was more than 50 times that of adults, according to a 2011 report by Carnegie Mellon University’s CyLab, which studied the identities of over 40,000 children. And that report was published before a change in the way Social Security numbers are issued made identity thieves’ work a bit easier.

How does synthetic identity theft work?
First, thieves assemble an unused Social Security number — typically that of a minor — along with a fictitious name and birthdate, and an address controlled by the thief. With those pieces in hand, identity thieves apply for a credit card. While an initial application will be turned down because the “applicant” doesn’t have a credit profile, it creates a record of a “person” who doesn’t actually exist. The next step is to add that “person” to a legitimate account, or more likely several.

One way to do that is by “piggybacking” — or becoming an authorized user — on a legitimate account, perhaps that of an accomplice or a patsy, who doesn’t understand what’s going on, Casey-Velasquez says. A second, more pernicious piggybacking involves paying a credit-boosting company for the persona to be temporarily added as an authorized user to someone else’s card — a card that has a long history and low utilization. It doesn’t include getting a physical card or a card number or having charging privileges.

In time, there will be a credit history and score for this fictitious person, making it easier to qualify for credit. Casey-Velasquez said the identity often includes an occupation and income, and as long as it seems reasonable, it can go undetected by card issuers. Over a period that can span years, identity thieves may make small charges and pay them off, thus building a good credit score and receiving higher credit limits. Then, when they decide the limits are high enough, they do what is called a “bust-out”; suddenly charging the cards up to their limits, paying nothing and discarding the identity.

How do thieves get minors’ Social Security numbers?
Taking over a child’s Social Security number was made easier after the federal agency’s switch to randomization in 2011. Before then, the digits were tied to birthdate and geography, so it was more difficult to use a child’s Social Security number without it being discovered. Now a child’s number can more easily be used to establish a credit history. Minors are especially vulnerable because they are likely to have an unblemished credit history.

Some thieves have even been able to make made-up, random numbers work. Casey-Velasquez said criminals have used Social Security numbers that haven’t even been issued yet — and when that number is eventually assigned to a newborn, parents find out that the number already has a credit history. In some cases, thieves get access to a child’s stolen Social Security number. And since address verification measures for credit applicants are often out of date, anyone with a printer can produce a fake utility bill for an abandoned property to “prove” the fictitious person lives there.

What are the uses of synthetic identity?

According to the Government Accountability Office, there are three main reasons people create these false identities:

  • Identity fraud for nefarious activities: stealing money or benefits. This is the one that costs businesses the most in terms of credit card fraud.
  • Identity fraud for residency or work: a false identity created to live or work in the U.S.
  • Identity fraud for credit repair: the perpetrator combines his or her real name with an unblemished Social Security number to create an alternate credit history.

Who is most at risk?

Randomized Social Security numbers put children born after 2011 at especially high risk for synthetic identity theft — and the theft of a child’s Social Security number can go undetected for years. Only later, when a victim tries to apply for credit using that number, is he or she likely to discover it has been misused. For example, a high school student applying for a student loan or a first job might find their Social Security number is already in use. Then, it’s their mess to clean up. Anyone with a pristine credit history can be a target. Data breaches mean a lot of Social Security numbers are out there and up for sale. It’s best to assume those digits aren’t private and to try to ensure they aren’t misused.

How can you protect your child?

  • Freeze your child’s credit: If this is an option in your state, consider it. Most states now require that a record is created for the purpose of freezing a child’s credit. But that protects your child from only one kind of identity theft — credit identity theft. Synthetic identities have also been used to file fraudulent tax returns and to qualify for benefits and medical care, and freezing credit won’t help that.
  • Minimize exposure: Don’t provide your or your child’s Social Security number when requested on a form. In many cases, there’s no issue. If someone requires it, ask why, and how the information will be protected.
  • Monitor communications carefully: Investigate anything that seems unusual or suspicious. If you or your child gets a medical insurance Explanation of Benefits that doesn’t make sense, follow up.

Return to top of page.

How to Keep Financial Information Safer on Your Phone

By Eva Velasquez IDTheftCenter.org as published in Bottom Line Personal July 1, 2017

More and more of your financial life happens right on your smartphone—and not just buying stuff on Amazon and elsewhere. Banking and brokerage apps let you check accounts…move money…pay bills…manage investments. Payment apps let you pay with your phone at stores. And then there is the financial information that could be mined from your e-mails, texts, downloaded documents and contact list. Is it all secure?

It probably isn’t. Eva Velasquez, who runs the Identity Theft Resource Center, a nonprofit that helps victims of identity theft, knows the mistakes that can compromise smartphone security and make a user’s financial information vulnerable. Bottom Line Personal asked Velasquez how our readers can improve the security of their smartphones, and she shared her best ideas…

TAKE RESPONSIBILITY

With all the convenience we enjoy by having our finances on our phones, we should—and indeed, we must—accept some responsibility for improving the security. As you add apps, you add layers of vulnerability. So you should also take advantage of some added layers of protection.

I work with victims of identity theft, and I can tell you that people often don’t know how their information was compromised. It could have been a computer virus…a data breach at a company you did business with…or even someone who snooped directly on your phone transmissions. No computer—and your smartphone is a computer—will ever be impenetrable. But there are many things you can do to make yourself safer.

Steps that smartphone users should take to protect themselves…

• Create better passwords. The front-line protection for your digital life is your password or, more accurately, the collection of passwords that you use across the Internet. This is where better security must begin. Make your passwords stronger. You want a longer string of characters, with symbols, numerals and upper- and lower-case letters—not the usual passwords made from the name of a pet or your child’s birth date. And then you must vary your passwords—don’t use the same one for multiple sites. That way if a password is compromised, it’s less useful to hackers and thieves.

Of course, if you’re good about varying your passwords, you will soon face a sizable challenge in remembering all of them. Keeping a list on your laptop or your phone or a yellow sticky on your computer monitor is not OK! I use a system that’s going to sound complicated as I explain it—but isn’t hard once you get the hang of it. Start with a phrase you’ll remember but that isn’t terribly common—“The dude abides,” for example, from the movie The Big Lebowski. Capitalize each word, and substitute a symbol such as the % sign for the spaces. This is your core password phrase—in this example, The%Dude%Abides. Then you can vary your core password according to a rule that you set, such as using the first two letters of the website as a prefix and the season and year as a suffix, so you can change it multiple times a year. By this system, your password for Chase Bank could be chThe%Dude%AbidesSP2017. No one’s going to break that password, and if you keep the rules of your system consistent, it’s really not hard at all to keep track of it.

That said, a password manager—a phone app to store all your passwords safely—can be a good alternative. (See the article“You Can Escape Password Overload”) If you really can’t master my memory system or the technology of a password manager app, and you resort to pen and paper, keep your password list in a locked drawer, not in an easily accessible place such as your wallet or purse.

• Avoid public Wi-Fi. There was a time when I would have told you to be careful and limit your activities when you use public Internet access in cafés, hotels, buses, planes and so on. But at this point, such networks are just too fraught with potential for your personal data and financial information to be stolen. My advice now: Don’t use public Wi-Fi without also using your own virtual private network (explained below). You should be particularly wary when public Wi-Fi doesn’t require a password, but even networks that require a hotel room number or other credential are likely to have very weak security. Accessing the Internet through your cell-phone service is a much safer option.

• Avoid public charging stations. I’m talking about the charging stations, usually plastered with advertising, that are proliferating at airports and convention sites and that provide the USB or Apple Lightning connector to plug into your phone. That’s not just a charging cable—it also can be a two-way street for data. Security experts have demonstrated that public charging stations might be used to collect passwords and other information from users’ phones. If you plug your own charging cable into a wall-type power outlet, you’re almost certainly safe. Or buy a rechargeable external battery pack, and use that to charge your phone when you are on the go.

• Use a virtual private network (VPN). Many people will first encounter a VPN on devices issued by their employers for their work, but this is an option for individual consumers now, too. A VPN is a way of creating a safer network that still operates over a public Wi-Fi connection. With encryption and some other technical tricks, the VPN makes it much harder for a snoop to intercept data as it moves across the Internet. To get a VPN on your phone, you must sign up for a service, pay a small monthly fee and download an app. A VPN is especially important if you use your smartphone on an airplane, where cell-phone service is unavailable and public Wi-Fi is the only option. You can find VPN services on Google Play for Android phones and in the App Store for Apple devices.

• Update your software. Keep your phone’s operating system and individual apps up-to-date. One of the things that happens in software updates is that ¬security flaws get fixed!

• Choose two-factor authentication. This is a way of authenticating your identity when you log into sensitive apps, such as for banking or brokerage accounts. It adds an extra step in which, typically, a code is texted to your phone or e-mailed and must be used in addition to your password as you log in. This adds an extra layer of security because a hacker would need to access both your password and your phone to obtain the code. Not every financial institution offers two-factor ¬authentication, but when it’s available, go for it.

• Sign up for account activity notifications. A growing number of banks and other financial companies have systems to notify you by text, e-mail or a phone call about activity on your account. This helps you keep track of routine things, such as automated bill payments, and allows the bank to flag suspicious activity, such as a big online purchase or a withdrawal from an ATM in an unusual city. You have to sign up for some of these notifications. Then you also have to pay attention. The point of getting messages about routine transactions is that someday one of them might be something not routine, something unauthorized, perhaps the start of a fraud. And one more thing—make sure that you keep your contact information up-to-date at all the financial companies that might legitimately need to reach you.

• Make yourself phishing-proof. You have no doubt heard of phishing scams—e-mails or texts that pretend to be from legitimate companies but that try to get you to follow dangerous links and reveal private information. And you can try to identify and selectively ignore them. But there’s an even better way to avoid ever being the victim of phishing. Even when a communication from a company doesn’t seem suspicious, my best advice is, don’t click—go to the source. You already know how to reach your bank or brokerage or insurance company. If you get an e-mail or text that purports to be a warning about a problem with your account or any other matter, contact the purported sender the way you normally would. That is, go to the app or website you always use for that financial institution, or call the phone number on your credit card or statement.

Phishing scams are ever more sophisticated. I used to tell people they might spot one with visual clues such as a funky logo or bad spelling or grammar. But such tips aren’t that useful anymore and can provide a false sense of security. Many texts and e-mails do a good job of looking like real communications from companies you do business with.

Return to top of page.

Latest Hacker Target: Cell-Phone Accounts

John Sileo, as published in Bottom Line Personal, November 15, 2017

Hackers are hijacking cell-phone numbers as a way to take over financial and social-media accounts.

How it works: A hacker calls your mobile-phone service provider, claims to be you, says that your phone was lost or broken and asks to have the phone number and account transferred to a different cell phone—one that the hacker controls. If the customer service representative doesn’t fall for the ruse, the hacker keeps calling back until he/she reaches a rep who does.

To verify customers’ identities, many sites send a onetime security code to a phone number that the customer ¬provided—which now may be the number that the hacker controls. If accessing an account also requires a password, the hacker may claim to have forgotten this password and ask to have it reset, knowing that a new temporary code will be sent to the number he now controls. Using this method, he might be able to loot your financial accounts, take over your social-media accounts and/or send messages in your name to your contacts.

What to do: Ask your cell-phone service provider whether it’s possible to add a special verbal “call-in” password or PIN to your account that will have to be provided by anyone trying to make changes to the account over the phone. Most providers now will do this upon request. Also avoid entering your cell-phone number on forms unless it’s mandatory—prying eyes at many companies could be collecting numbers. Supply a landline phone number instead.

Ask your financial companies whether they offer “app-based” two-factor authentication, and sign up for it if they do. With this, the onetime code needed to access your account is sent to your phone not as a text message but through a password-protected app on your phone, creating an additional layer of security.

If your phone screen says “no signal” or “emergency calls only” when you are somewhere where you usually have reception, and turning the phone off and back on does not fix the problem, immediately contact your cellular provider from a different phone to ask whether any changes have recently been made to your account.

Return to top of page.

Fake Unemployment Claims On The Rise In Michigan

The city of Walker took 100 reports since November.
Author:Sarah Sell Published: January 25, 2018

Police agencies across Michigan say they are seeing a major increase in unemployment fraud complaints. It's an issue the WZZM 13 Watchdog team told you about two months ago, when a few of our employees had unemployment claims filed in their names. Since then, it's gotten worse. In Walker, there have been over 100 reports taken since November. Victoria Russman, Operations Supervisor at WZZM 13 was just hit this week. "It's a weird feeling. I'm feeling a bit violated. So, I’m thinking, now what do I have to do? I need to get on top of this."

She now must file a fraud complaint with the UIA and either freeze or put a fraud alert on her credit.

It can be a frustrating process.
"I guess waiting on hold on the phone, I called the credit agencies and it was all automated, I never got to talk to a person," Russman said. You might find it easier to do everything online. The UIA has a page on its website
to report fraud.

The agency says it has seen an increase in fake claims, which it anticipated after the recent data breaches. "You're as careful as can be, so that's the frustrating thing," Russman said.

West Michigan communities, like Walker have been hit hard. Police have taken just over 100 reports since November. Wyoming had 19, and Kent County has seen about one to six per week. Grand Rapids has taken 107 fraud complaints, but couldn't tell us how many were related to unemployment. Michigan UIA spokesperson Chris DeWitt says, “We are increasing our efforts to stop the criminals from getting any unemployment insurance benefits and then have them brought to justice for their crime.”

"There's just so many ways I guess people can get info. It's out there and it’s scary", said Russman. Investigators say the criminals are from out of state and using the UIA because the agency typically tries to get people benefits as soon as possible. However, increased security measures have been put in place, and the agency is catching most of the fraud, before money is doled out. Some of the West Michigan police agencies we talked to said that this week has been a bit slower for complaints, so they are hoping the worst, is over.

Webmaster:
Just another reason to guard your personal info. If you get anything that isn’t quite right, text, letter, phone call, something on a statement, call your provider directly from the phone number you will find on last months statement or in your personal address file. NEVER NEVER EVER use the number on the suspected communication ! !

Return to top of page.

Five Things You Must Do If Your ID Is Stolen

By David Bailey, WZZM TV 13

Today I'd like to give you the top 5 things I did immediately after I knew I was a victim of identity theft.

1. Pull everything!
Pull your credit reports, financial statements and bank account information and highlight all items that are not correct. This will help to show you the depth of the assault on your credit.

2. Contact the financial institution involved in the fraudulent transaction(s).
They need to know immediately that what's been done was a criminal act. In my experience, they handled it professionally and took me seriously. I was very clear with them I did not complete this transaction and had nothing to do with it. I told them I would like them to investigate what happened so it didn't happen again to somebody else.

3. Put a fraud alert or freeze on your credit reports.
I did this with all three credit reporting agencies (Equifax, Experian and TransUnion). Initial fraud alerts are free and will be in place for at least 90 days. I doubled down and subscribed to constant monitoring from Equifax to make sure once anything changed on my credit report, I would be alerted immediately.

Here are the links:
TransUnion Freeze
Experian Freeze
Equifax Freeze

4. File complaint with the federal government.
One of the easiest and most official things to do is to file a report with the Federal Trade Commission. I provided them all the information and that allowed me to spit out a detailed report I could use to provide the financial institutions and the police a detailed explanation of what happened.

Get started with the FTC ID Theft Report.

5. File a police report.
In my identity theft case, the investigating agency was going to be in the state of Alabama. But I live in Michigan. I called the policy agency in Alabama where the boat was purchased to alert them to the case and they wanted me to go to my local police department to file a police report. Once your local police department finishes the report, it's up to them to send it to the agency that can handle the investigation. Make sure that gets done or you can get your own copy of the police report to send it to the investigating agency.

More tips:
A. Check with the IRS or Social Security Administration to make sure somebody hasn't filed a tax return or claim in your name and social security number.
B. Make sure you are getting your U.S. Mail. Contact the Post office if you feel you are missing information.
C. Order credit monitoring for an extended time to make sure no new accounts are opened in your name.

Return to top of page.

Tax Return Identity Theft

From WZZM TV 13

Signs Your Tax Records Have Been Affected:

  1. Identity thieves often use stolen Social Security numbers to file fraudulent tax returns to obtain false refunds.
  2. Suspect the possibility of identity theft if you receive correspondence from the IRS stating any of the following:

Action Steps If Your Records Have Been Compromised:

Preventing Identity Theft:

Resources for identity theft victims:

  • Federal Trade Commission identitytheft.gov and ftccomplaintassistant.gov
  • The FTC published a comprehensive Guide for Assisting Identity Theft Victims
  • You may also file a complaint with the FTC.
  • Social Security Administration: ssa.gov.
  • Among other resources, the SSA website provides links for placing fraud alerts on each of your credit files maintained by Equifax, TransUnion and Experian.
  • Internet Crime Complaint Center (IC3): ic3.gov. IC3 is a partnership between the FBI and the National White Collar Crime Center. You may file a complaint via the IC3 website.

    Courtesy: Christopher Harper, Senior Manager | Hungerford Nichols

    Return to top of page.

    Protecting Dead Relatives Identity

    By Adam Levin, as published in Bottom Line Personal June 15, 2017

    Don’t assume that the risk of having your identity stolen lasts only as long as you are alive. More than two million dead Americans become victims of identity theft each year. To an identity thief, the recently deceased are ideal targets. Unlike the living, the dead never notice that they are being victimized and don’t take steps to stop these crimes.

    There is a system in place that is supposed to prevent this when Americans die, their Social Security numbers are added to the Social Security Administration’s “Death Master File.” Once that occurs, credit-reporting agencies note the deaths in their files and credit issuers should not issue new credit. But this process can take months, leaving plenty of time for identity thieves to strike. During these months, it falls to surviving spouses, heirs and executors to protect the identities of the deceased. It’s in their best interests to do so.

    Although these spouses, heirs and executors are not legally responsible for financial losses caused by postmortem identity theft; it’s the duped creditors who are left holding the bag. These crimes can cause them major headaches as they struggle to convince creditors and bill collectors that the debts are not the responsibility of the estate.

    And if the executor of the estate is not paying close attention, identity theft could even go unnoticed, meaning that fraudulent account withdrawals might not be corrected and/or fraudulent bills might be paid, reducing the size of the estate.

    Here’s what you should do…

    SAFEGUARD SENSITIVE INFORMATION

    If you are a surviving spouse or heir, take the following actions to reduce the odds that identity thieves will steal the deceased’s identity…

    Edit the obit. Do not mention the deceased’s home address, birthday or mother’s name in his/her obituary. Some identity thieves scour the obituaries for potential targets, and this information could be useful to them.

    Watch the wallet. There have been cases of hospital or emergency services personnel stealing credit cards from the wallets of the deceased. These thieves sometimes leave most of the contents of the wallet in place in order to decrease the odds that a loved one will realize anything is amiss. What to do: Cancel the deceased’s credit cards as soon as possible. Carefully check the final bill for charges that occurred after the deceased went to the hospital and/or passed away.

    Discard the deceased’s documents with care. Identity thieves have been known to pick through garbage cans outside the homes of the recently deceased. They’re hoping that heirs threw out sensitive paperwork while cleaning out the house. Documents that should be shredded with a paper shredder include tax returns…financial account statements…credit card statements…bank account statements…and anything with a Social Security number.

    Relocate the wake. If you hold a wake or reception in the deceased’s home, an identity thief (or burglar) could show up, claim to be an old friend of the deceased and then slip away from the crowd to steal sensitive information, credit cards and small valuables. Also, an employee working for the caterer, florist or cleaning company you hire for the event could be a crook bent on ID theft.

    Prevent over-sharing on social media. Some identity thieves search the social media accounts of the recently deceased to find the facts they need. If the deceased has Facebook and/or other such accounts, log into each of these and either delete the accounts (assuming that you can gain access or, if you prefer to leave the accounts open as a way to remember the deceased, at least confirm that the account settings restrict access to only a small circle of family members and friends.

    Also read through the posts, deleting any that mention ID-related information such as mother’s maiden name or birth date. If you do not log into the account because you don’t have the password and cannot find it near the deceased’s computer, report the death to the social-media site. This often leads to the account being shut down or “memorialized” in a way that could at least limit access, though this can vary depending on the site and the settings that the deceased selected.

    Have the deceased’s mail held at the post office or forwarded to the estate’s executor. Otherwise, mail containing account information and other sensitive data might sit in the deceased’s mailbox where an identity thief could grab it. Exceptions: This is not necessary if a spouse or some other trusted loved one still lives at the deceased’s address…and/or the deceased has a post office box or locking mailbox.

    SPREAD THE WORD

    Even if you take all the right steps to safeguard your deceased loved one’s sensitive information, he/she still could be victimized by an identity thief. There have been so many data breaches of retailers, financial institutions, government agencies and others in recent years that the information an identity thief needs might already be in circulation. What’s more, postmortem identity theft sometimes is committed not by a stranger, but by a family member who has access to the deceased’s sensitive information. Informing key agencies and institutions about the death can at least contain the damage that a postmortem identity thief can do. Obtain copies of the death certificate as soon as possible—death certificates typically are available through the funeral home or mortuary—and send them along with letters reporting the death to…

    Government agencies including the IRS, Social Security Administration, Department of Motor Vehicles and the tax authority in the deceased’s state. This should prevent identity thieves from having duplicate driver’s licenses, Social Security cards or other documents issued to them in the deceased’s name. Notifying the IRS and state tax authorities promptly should prevent an identity thief from filing a phony tax return in the deceased’s name and receiving a refund.

    The deceased’s creditors and other financial institutions. This includes investment companies and advisers, banks, credit unions, credit card issuers, lenders and insurance companies. If you are not certain which financial companies the deceased used, go through his recent mail, checking account registers, filing cabinets, recent tax returns and wallet in search of clues. Or identify these creditors and financial companies by obtaining a free copy of one of the deceased’s credit reports at AnnualCreditReport.com.

    To obtain this report, you will have to provide identifying information about the deceased, including his Social Security number. It generally is easier to obtain the credit report before the credit-¬reporting agencies are informed of the death. After they learn of it, extra steps might be required for the estate’s executor to obtain a copy.

    The three major credit-reporting agencies. Ask Equifax, Experian and TransUnion to place a “deceased alert” on your loved one’s file. This is like putting a security freeze on the file—it prevents the credit-reporting agency from releasing the file, which should, in turn, prevent new credit accounts from being opened in the deceased’s name. Send certified copies of the death certificate along with brief letters identifying the deceased by full name, Social Security number, last five years of addresses, date of birth and date of death to…

    Equifax, PO Box 740241, Atlanta, GA 30374

    Experian, PO Box 4500, Allen, TX 75013

    TransUnion, PO Box 2000, Chester, PA 19016.

    Helpful: If there are signs that identity theft is occurring despite your efforts—these signs might include money disappearing from the deceased’s accounts…or account mailings arriving from creditors that the deceased did not have—the estate’s executor should call the credit-reporting agencies and the deceased’s financial institutions as quickly as possible to confirm that they received the death certificate and placed a death alert on the file or account. The executor also should call the Social Security Administration and ask whether the deceased’s Social Security number has been added to the Death Master File. If it hasn’t, explain that identity theft is occurring and ask whether anything can be done to speed along the process.

    Return to top of page.

    Prevent I.D. Theft After A Loved One Dies.

    Send copies of the death certificate by certified mail to the three credit-reporting bureaus (Experian, TransUnion and Equifax), and request that a “deceased alert” be placed on the credit report. Mail copies to banks, insurers and other financial firms, along with a request to close the account or change it to joint ownership. Report the death to the Social Security Administration at 800-772-1213; the IRS at 800-829-1040; and your state’s Department of Motor Vehicles. In the obituary, don’t include the deceased birth date, last address, or most recent job. Check the deceased’s credit report at annualCreditReport.com for suspicious activity starting one month after the death and continue to do so for about one year.
    AARP Bulletin.

    Return to top of page.

    Hackers Target Bank Accounts Through Your Phone

    As published in October 15. 2016 BottomLine PERSONAL

    Cyber thieves might use your smart-phone to steal money from your bank account. In this scam, the thieves sneakily get you to download malware onto your phone, possibly by sending you a link to a free app for a card game or risqué content. The malware, known by names such as Acecard and GM Bot, has been around for years but has been adapted to specifically target banking apps on smart-phones. Using the malware, thieves record credentials, such as your user name and password, when you log into your bank account. With that information, they can initiate electronic transfers from your account to accounts they control.

    You can’t necessarily rely on typical bank security measures, such as the use of a verification code that the banks send you by text, because some forms of the malware can capture that code, too. And most smartphone owners don’t use anti-malware software on their phones. Federal law says you can get all of your money back if you notify your bank within 60 days after the fraudulent transaction appears on your bank statement. However, you also typically are required to show that you weren’t lax about safeguarding your information.

    Self-defense: Don’t click on a link in a text message if you don’t recognize the sender. Download apps only from reliable sources such as financial apps on your bank’s website or other apps at Play.Google.com or iTunes.Apple.com. Also, install security software, and make sure it automatically updates. Recomended: For smartphones and tablets with Android operating systems, Malwarebytes Anti-Malware (Malwarebytes. org)...for iPhones and iPads, Avast SecureLine (Avast.com). Both are free.

    Bottom Line Personal interviewed Steven J. Weisman, Esq., an attorney based in Waltham, Massachusetts, founder of the scam-information website Scamicide.com and author of The TruthAbourAvoidingScams.

    Return to top of page.

    Good Advice to Help Stop Phishing

    The following very well done info is from a company I do business with. I substituted ‘your provider’ for their name.

    What is phishing?
    Phishing is an attempt to obtain sensitive account information such as a username or password by posing as a legitimate company, mainly through email or unsolicited phone calls.

    How to spot a phishing email
    Here are some common giveaways:

    • Subject line is "Urgent" or "Immediate Action"
    • Sender name looks odd or unfamiliar
    • Dear Customer… The greeting is not personalized with your name
    • Please confirm your identity... Legitimate sites won't ask to verify identity
    • Misspellings and grammatical errors, including UK spellings
    • Attachments: Unless you requested a document from your provider to be sent via email
    • Links that look modified or unusual (yourprov1der.com or the link [hover your cursor over the link to see the address] may not contain your provider’s name)
    • Vague information

    We will never ask you for your SSN, PIN, card number or any personal information via email, text, phone/recorded audio, or through social media, though we may ask for your SSN and other personal information to verify your identity when you call us.

    Protect your information
    Here are a few things that you can do to help reject "phish" bait:

    Log into your account: As soon as your account is open, log in and create a new unique and secure password. Do not use the same password for multiple sites. See The Word on Passwords article for info on creating strong passwords.
    Change your password frequently: We recommend changing passwords every 90 days.
    Don't click on email links: Manually type in the website that you know is correct or use the one you have in your address book.
    Learn to identify suspicious details: Understand what to look for to uncover an email scam.
    Look for secure site indicators: Authentic login sites have certificates of security indicated by a locked keypad icon by most browsers or an "s" added to the URL.
    Review transaction history frequently for fraudulent charges.
    Enable email notifications to alert you when information has changed on your account
    • When in doubt, CALL your provider using the phone number in your address book.

    Return to top of page.

    New Form of Identity Fraud Soars as Crooks Switch Tactics

    MoneyTalkNews By Jim Gold on February 3, 2016

    Now that new chip-and-pin credit cards are keeping our transactions safe, criminals are turning to another way to commit fraud in your name. Just as new chip-and-pin credit cards help shield us from one kind of identity fraud, crooks are turning to another way to commit crimes — and it’s harder to spot.

    Criminals increasingly are opening credit card and other accounts in victims’ names, says a new identity fraud report by Javelin Strategy & Research, a firm that advises the financial industry. Rather than seeing suspicious charges show up on monthly statements - as would happen if criminals used your existing credit card number fraudulently - you might not spot new-account fraud unless you were checking your credit report, Javelin says. New-account fraud jumped 113 percent in 2015 and now represents 20 percent of all fraud losses.

    Al Pascual, Javelin’s research director and head of fraud and security, says in a press release: “This just shows that when the industry cracks down on one type of fraud, criminals quickly shift their attack.”

    Javelin and others offered tips to combat identity fraud:

      • Monitor your credit report: Cobble together regular free access and monitoring from sites like CreditKarma.com, WalletHub.com or CreditSesame.com. Learn more about how major credit reporting bureaus offer consumers the ability to upload documents to support their case when challenging inaccuracies.
      • Secure your mobile device: Smartphones and tablets have become high-profile targets for both cybercrooks and thieves. Apply software updates when they become available.
      • Exercise good password habits: Strong, unique, regularly updated passwords reduce their value to fraudsters if they’re stolen in a data breach or through malware.
      • Place a security freeze: If you do not plan on opening new accounts soon, a credit report freeze can prevent anyone else from opening an account in your name.
      • Sign up for account alerts: Banks, credit card issuers and brokerages can send emails or text messages about suspicious activity.
      • Take data breach notifications seriously: 1 in 5 data-breach victims suffered fraud in 2015.
      • Seek help fast: The sooner banks, credit card issuers, wireless carriers or other service providers are notified that fraud has occurred on an account, the sooner they can limit the damage.
      • Be alert for international transactions: Let your financial institution know when you are planning to cross borders.
      Return to top of page.

      What’s left behind: Junkyard identity theft

      Susan Shaw Published: November 2, 2015, by WOOD TV8

      Identity thieves could have a field day at a place most people would never considered a threat: a junkyard. Salvage yards have acres and acres of vehicles that aren’t fit for the road. Cars are either crushed or sold off piece-by-piece after a serious crash. But what’s left behind in those cars could be a treasure trove for identity thieves.

      “People use their car as a filing cabinet, and it looks like it when it comes in. It’s shocking what’s left in vehicles,” Stuart Rapaport of Grand Rapids Auto Salvage Yard said. “There’s papers all over the place quite often, but there’s all kinds of things that shouldn’t be in the car.”

      In some vehicles at the salvage yard, Target 8 found stacks of personal information, including what appeared to be house keys and a driver’s address. The story was the same across town at Grand Valley Auto Parts, where Target 8 found more stacks of personal information just lying on the front seat of a junked car. There was a statement from Chase Bank and a credit union statement that listed the account holder’s name, address, account numbers and phone number. Also in the car was a tax annuity statement with an account number, phone number and address.

      That particular vehicle was in a wreck in New York and found its way to Grand Rapids via an auction. Target 8 contacted the previous owner of the car to inform them papers with identifying information had been found lying unprotected in their old car. “I’m shocked,” the owner said. “I feel violated knowing that somebody else has that information on me, very much so.”

      Salvage yard workers say it isn’t at all unusual to find personal information in a junked car. If your vehicle has been in an accident, don’t let out of sight be out of mind. Salvage yards will usually empty a vehicle, but not always. You should get back to your car yourself and check that nothing identifying has been left behind. In some salvage yards, customers are supervised on the grounds. But at other pick-and-pull yards, anyone is free to rummage through everything on their own, which could be the biggest risk for identity theft.

      Webmaster’s note: This also goes for when you take your car into a service facility. Never ever never leave any documents in your car that has your Social Security Number, account numbers of any kind, medical bills, utility bills, charge card bills, and all other personal identification information in your car. Your car is not as secure as you think. It is surprisingly easy to break into. Keep all your personal info at home, preferably in a lock box.

      Return to top of page.

      Don’t Always Share Everything With Facebook

      By Kim Komando as published in the G.R. Press 9-6-15. Visit komando.com

      The point of Facebook is to share your life with other people. You probably have more than a few friends who fall into the over-sharing category. Before you snicker, you may be one too and not even know it. Here are personal tidbits Facebook asks you to share that you’re much better off keeping to yourself.

      Your Phone Number
      It’s a really bad idea to add your home or cell phone number to your Facebook page. Prank callers, stalkers, scammers and identity thieves would love to use this information against you. Not only that, but there’s a Facebook trick that works most of the time. Anyone can use your number to search and find your Facebook page.

      If you do give your phone number to Facebook, hide it in your profile. Go to Facebook and click on your name at the top of the page. When your profile page loads, click the “Update Info” button in the lower-right corner of your cover image. Go to “Contact and Basic Info” in the left column and next to your phone number click the “Edit” link. Click the “audience selector” icon, which will either be a globe or a silhouette of two people, and change it to “Only me.”

      Your Home Address
      Post a picture of your recent vacation or major new purchase and this puts you at risk. Think of all the things that might happen if some nefarious person knew your home address. Remove it from your Facebook profile. Follow the previous directions with your phone number to get into the “Contact and Basic Info” section of your profile information. Look for “Neighborhood,” and if there’s an address there, click the “Edit” link and wipe out the information. Then click “Save Changes.” One other place you might not think about your address being is under events. If you create an event, it often has your address so people know where to go. If that gets set to Public, anyone can see it. Either delete the event after it happens, or tell people attending to message you for the address. Be sure to check your history to get rid of any old events or posts that have your address in them.

      Anything Work-Related
      Try not to leave any information on your Facebook that reveals where you work. If someone from your workplace tries to search for employees on Facebook, they might find a post or photo that they don’t like. Similarly, if a hacker wanted to figure out whom to target if they wanted to break into your workplace’s computers, social media would be their first stop. Of course, they’re more likely to hit LinkedIn first.

      You can use Facebook’s timeline tools to do a scan of your past posts. Remove any information about your current job, especially if it’s of a complaining nature.

      Relationship Status
      Including your relationship status on your Facebook page just invites awkwardness. The number of “likes” that you might get from people after you change your status from “married” to “it’s complicated” will creep you out. Certain relationship statuses are also a draw for cyber stalkers. At one point, there was even a Facebook app that would notify you if friends you flagged changed their relationship status to “single.”

      Don’t forget the scammers out there who specialize in sweetheart scams. They use social media, email and dating sites to create a romantic connection with you and then swindle you out of money. You don’t want them to see that you’re single on Facebook and get ideas. It’s easier to just remove your relationship status entirely.

      Payment Information
      Facebook is free, but it still wants your credit card number. Adding your financial information lets you buy gift cards and other products through the website. Of course, one of the best ways to accidentally get your credit card charged for something could be to leave your Facebook profile open on your home computer. A family member or “joking” friend at your home could use it to spend money on something straight through Facebook.

      Open Facebook, click the upside-down triangle in the top right corner and choose “Settings.” In the left column, select “Payments,” and then on the right go the “Account Settings” tab. You can see if you have any saved payment information and remove it.

      Return to top of page.

      Crooks Have a New Way to Break into Cars

      By Michael Calkins; Bottom Line Personal July 1, 2015

      Thieves have discovered a new high-tech way to break into certain types of cars. The vehicles that are vulnerable constantly emit a low-power signal that automatically allows entry when the car’s remote key fob is within a few feet of the lock, even if the fob is in a person’s pocket or purse. The person who has the fob does not need to touch the fob—he/she just pulls the door handle open to gain entry. The thieves don’t steal the key fob—instead they use a portable radio-signal booster to trick the car into thinking that the fob, which might be, say, somewhere inside the owner’s house and as far as 100 feet away, is close enough to the car to release the lock. If the fob also allows the car to be started with the push of a button on the dash, as some do, the thief even can drive the car away without having a key.

      What to do: If your vehicle has this type of entry system, park in a locked garage when possible. If you park outside, do not leave valuables in view—even when the car is parked in your own driveway. (And remember – Thieves can also steal your identity from your driver’s license, car registration, and insurance certificate. If you have to leave your purse, wallet, etc., in the car; lock them in the trunk! – Brian See Your Vehicle and Identity Theft - Partners in Crime)

      If you want to be especially cautious, store your key fobs inside a metal container when they are not in use to block any incoming radio waves. Encasing the fobs in aluminum foil or storing them in a small decorative tin also works. Don’t leave them in a wooden drawer. Do not store your key fobs inside a freezer, refrigerator or microwave oven, as some people have recommended. While these appliances can block radio waves, key fobs can be ruined by condensation when repeatedly cooled and warmed…and they definitely will be ruined if someone accidentally turns on the microwave with the fobs inside.

      Source: Michael Calkins, manager of technical services at AAA, Heathrow, Florida. He has more than 35 years of experience in the automotive industry…is a certified Master Automobile Technician…and has an Associated Applied Science degree in auto mechanics. AAA.com

      Return to top of page.

      Your Fingerprint Won’t Protect Your Accounts

      Gary Miliefsky as published in Bottom Line Personal May 1, 2015

      Biometric security confirms your identity by scanning some characteristic of your body—such as your fingerprints, irises or the shape of your face—or by listening to your vocal patterns. Recent iPhones and iPads and some other devices already include fingerprint scanners, and a few investment companies have launched biometric-security programs, Vanguard offers voice verification, for example. Facial or iris scanners would use the cameras built into computers. There are problems; however...

      The bad guys can beat biometrics. Biometric technology is improving, but for now, the face, iris and fingerprint scanners sometimes can be fooled with photos. Voice scanners can be fooled with voice recordings.
      Biometric systems can be frustrating to use. A finicky biometric system might deny you access to your own account if, for instance, you have a cold that distorts your voice.
      Some biometrics require additional hardware. Most of today’s computers and Smartphones do not include fingerprint readers, for example.
      You can’t change your biometric data if it’s stolen. If an investment company uses biometric security, it must store your biometric data in its computers. If that computer is hacked, the crooks might get their hands on details about your fingerprints, face, eyes or voice that they could use to invade accounts.

      Return to top of page.

      Cyber Thieves May Have Your S. S. Number

      By John Sileo as Published in Bottom Line Personal April 1, 2015

      Social Security Numbers Are Key
      Unlike the hacking incidents at such companies as Target and The Home Depot, the Anthem breach could lead to long-lasting and even life-altering identity theft for many of the up to 80 million current and former customers potentially affected. That’s because the hackers who invaded Anthem’s computers stole data including names, employment and contact information, health insurance IDs, addresses, birth dates and Social Security numbers. Social Security number breaches are especially dangerous because they don’t just help crooks gain access to your accounts, the way a credit card breach does. Social Security breaches allow the crooks to pose as you in a myriad ways that could wreck your life. Victims might spend the rest of their lives fending off bill collectors about purchases they never made…fighting to remove inaccurate and potentially lethal information from their medical files…explaining to police that it was really someone else who was arrested and skipped bail…and praying that no one steals their tax refunds. That’s far worse than having your credit card information stolen—credit cards can be quickly canceled, passwords can be changed and any losses usually are covered by the issuer.

      If you become a victim of a corporate data breach, don’t be fooled into thinking that you’re safe just because…
      Months have passed and your credit reports remain fine. A 2012 survey by consulting company Javelin Strategy & Research found that 22.5% of people who receive a notice informing them that they were the victim of a data breach later become victims of identity theft, but it doesn’t always happen fast. Data thieves sometimes wait years to use stolen data. You have never been an Anthem customer. There have been other comparable data breaches, and more are sure to follow. Examples: Community Health Systems, a network of more than 200 hospitals across 29 states, had approximately 4.5 million patient records breached. Experian, which maintains confidential credit files, was breached, exposing an unknown number of files. Possible consequences for victims of the Anthem breach—and other similar breaches—and what to do about each…

      Phony Debts In Your Name
      An identity thief who has your Social Security number might open new credit accounts in your name or even borrow against the value of your home. You would not be held legally responsible for these debts ultimately, but it could take decades to clear up the mess. In the meantime, your damaged credit score could mean higher interest rates on loans…higher auto insurance rates…and even rejections from potential employers.

      What to do: Place a security freeze on your credit files. The usual advice is to put a fraud alert on your files, but that does not provide sufficient protection. Alerts generally expire in 90 days, and while lenders are supposed to take added precautions when an alert is in place, these precautions can fail. A freeze completely blocks your credit report from being accessed and credit from being issued until the freeze is lifted.

      Contact all three credit bureaus by phone or online to establish this freeze (Experian.com, Equifax.com and TransUnion.com). You will have to contact the bureaus again and provide a password whenever you wish to temporarily lift the freeze to apply for credit. Costs vary by state, but expect to pay $3 to $10 to each reporting agency each time the freeze is lifted. In some states, there also is a fee to establish or reestablish a freeze.

      Helpful: Ask lenders and credit card issuers which credit-reporting agency or agencies they use, and then lift the freeze only with those—generally only mortgage lenders check all three. In some states, you will be exempt from the fees cited above if you are 65 or older (62 or older in Louisiana and North Carolina) and/or can provide a police report showing that you are a victim of ID theft.

      If you are unwilling to place a security freeze on your credit—perhaps because you are in the process of applying for loans or jobs—at least sign up for an ID-theft-monitoring service. These services do not prevent ID theft, but they can notify you quickly of certain signs of trouble and help you navigate the often frustrating recovery process. Warning: The ID-theft-monitoring services provided to the victims of large-scale data breaches for free usually are badly lacking, possibly monitoring ¬credit reports with only one of the three major credit bureaus, for example. Instead, consider spending around $250 per person a year for a high-¬quality ID-theft-monitoring service. Choose one that monitors credit reports from all three credit-reporting agencies plus address-change requests, court records, driver’s license activity, payday loan applications and websites where stolen identities are bought and sold. Services that use the underlying monitoring technology of a company called CSID tend to be among the most robust. These include IDT911 and LifeLock.

      Phony Debts in Kids’ Names
      If your children are covered through your health insurance, they also could be at risk for identity theft if your insurer or one of your medical providers is breached. This wasn’t a risk with retailers such as Target and The Home Depot that do not normally have minors’ confidential information on file. ID theft can be especially troublesome for minors because it often isn’t noticed for years. One frustrating twist for parents—you generally cannot place a fraud alert or a security freeze on a young child’s credit file. If the child doesn’t yet have credit, he/she probably doesn’t yet have a credit file. If you try to set up a fraud alert or credit freeze for such a child, it could trigger the creation of a credit file, which in some ways makes it easier to steal the child’s identity.

      What to do: An ID-theft-monitoring service that includes family protection can monitor databases for signs that the child’s Social Security number is being used by identity thieves. Even the free monitoring product being offered by Anthem likely can do this, though a higher-quality service offered by a pay service probably could do it better.

      Phony Health Insurance Bills
      Someone could use your health insurance ID number to obtain health services in your name, leaving you to battle health-care providers and bill collectors about co-pays and other fees that you don’t owe. What’s more, your medical records could become corrupted with someone else’s information, leading to a potentially lethal misdiagnosis.

      What to do: Read every “Explanation of Benefits” statement you get from your insurer. If any don’t correspond to a medical visit you made or treatment you had, contact the provider and the insurer immediately to alert them to potential medical identity theft. If you have access to your medical records through a health-care provider’s online patient portal, check this every month or so.

      Stolen Tax Refunds
      An identity thief who has your Social Security number and date of birth could file a phony tax return in your name to claim a tax refund. Not only could this greatly complicate your own tax filing, it might mean that you can’t receive the refund you are due until the situation is cleared up, which could take years. If you filed taxes last year in Florida, Georgia or Washington, DC—the places with the highest rates of tax-refund identity theft—you can apply for an identity-protection personal identification number, or IP PIN, through the IRS website. On IRS.gov, enter “IP PIN” into the search box, then select “The Identity Protection PIN (IP PIN).” Once you receive your six-digit IP PIN, enter it on your tax return to confirm that the return actually is from you. IP PINs also are available to the approximately 1.7 million taxpayers who received a letter offering them this safeguard because the IRS identified what it considered suspicious activity in their accounts. IP PINs cannot be used on state tax returns, however. For more information on eligibility and rules, go to IRS.gov
      - Get An Identity Protection PIN

      Source: John Sileo, president and CEO of The Sileo Group, a Denver-based data-security think tank that has worked with the Department of Defense and Federal Reserve Bank of New York, among other clients. He is author of Privacy Means Profit: Prevent Identity Theft and Secure You and Your Bottom Line (Wiley). Sileo.com

      Return to top of page.

      Protect Your Password

      When signing up for a website or online account, don’t answer security questions honestly, such as your mother’s maiden name or your birthplace. You will actually better protect your password, account, and personal identity if you use the wrong answers to the security questions. You will be amazed by the amount of your personal information that is available on the web to anyone. With a little research about you, a bad guy can answer most security questions. Be sure to use something that you can easily remember, or write it down on paper and keep it in a drawer. For instance; answer the question “What make was your first car?” with the nickname you named your car or the color. “What was your mother’s maiden name” you might answer with her middle name instead.

      Return to top of page.


      Ways To Protect Yourself After A Data Breach

      By Koco McAboy Published on WoodTV.com February 7, 2015

      The nation’s second largest health insurer, Anthem, is now scrambling to notify millions of customers who may be the victims of a massive data breach. Hackers broke into the health insurance database storing information for about 80 million people. The hackers did gain access to names, birthdates, email address, employment details, Social Security numbers, incomes and street addresses of people who are currently covered or have had coverage in the past.

      “Every one of us is vulnerable and every one of us has to be vigilant in protecting our identity from theft and protecting our credit ratings,” said Phil Catlett, the President and CEO of the Western Michigan Better Business Bureau. Catlett said there are a few things customers can do now to help avoid more issues in the future.

      “Probably the one thing you ought to do is put a fraud alert out there in a number of places, and if you put a freeze on your credit alert, anytime anybody is trying to get information by pretending to be you with your social security information, they won’t be able to get it,” said Catlett.

      Catlett said to put out a fraud alert or place a security freeze, you have to contact one of the three credit reporting bureaus, which are Equifax, Experian or TransUnion online (See credit bureau contact info.) or by certified mail. A customer would then tell the bureau that you would like to put out a fraud alert and place a security freeze. The customer must provide identifying information including a social security number. The freeze will remain on your credit report until you request to remove it. According to the Michigan.gov website, a security freeze is free to identity theft victims, but if you are not an identity theft victim, it will cost you $10 to place a freeze with the bureau.

      A security freeze will impact a customer who is trying to take out a loan or buy items like furniture or a car. “But if you are an Anthem customer, it might be worth that bit of difficulty to protect you from the other things that could be happening. There are already people attempting to commit fraud right now. They’re putting out huge emails saying they’re from Anthem and they’re giving you this free service to protect your credit and then they’re trying to loop you in. Don’t click on those links. If you want to find out what they are offering, go directly to Anthem’s website,” said Catlett.

      Anthem said they will send notices through mail to impacted customers and will be providing a free credit monitoring service. The specifics of the program have not yet been released.

      Return to top of page.


      What To Do After A Personal Data Breach

      If you suspect or are sure your personal information has been stolen here are some steps to take to minimize the damage :

    1. Change all of your passwords and user names. Yes it is a pain in the rear, but necessary. See our Active Scam Page for ‘The Word on Passwords’.
    2. Beware of phishing emails and regular mail. See our Active Scam Page for more info on ‘email scams’.
    3. Carefully scrutinize all of your financial statements and bills for errors and unauthorized transactions.
    4. Put a fraud alert on your credit report and get a copy of your credit report every year to check for unauthorized transactions. See credit bureau contact info.
    5. Put a security freeze on your credit report. A security freeze is free to identity theft victims, but if you are not an identity theft victim, it will cost you $10 to place a freeze with the bureau.
    6. If you can, get a police report. This will come in handy working with credit bureaus and financial institutions.

      Return to top of page.

      You Have Fallen For A Scam! Now What?

      By Lincoln Spector published in P.C.World Aug. 2014

      Cybercriminals tricked you into giving away some sensitive information. Now you need to know how to mitigate this situation. Don’t feel bad. We all make mistakes. But with these sorts of mistakes you have to act fast to avoid disaster.

      What you need to do depends on how you were tricked. Did you give them your email password? Your bank and/or credit card numbers? Your passwords for social media accounts? Did they remotely access your PC or phone; or trick you into installing software?

      If you have reason to believe that criminals can access your financial accounts, call your banks and credit card companies immediately! Explain the situation and follow their instructions.

      Next, change any passwords that may have fallen into criminal hands. This includes email, social media, and all other passwords. While you are at it change the passwords you are using for more than one account. Never ever never use the same password for multiple accounts! NEVER!

      If you can’t change the password – or even log into a site – That means the criminal got there first. Check the FAQs for information on how to recover a hi-jacked account. Conduct a web search for “Hijacked Account – (name of your hijacked account - Google, Facebook, etc.) and follow the instructions. By the way; If you set up your account with two step verification, chances are slim that that criminals will be able to access and hijack your accounts.

      Next call the police and ask to make a report. No the cops will not find the criminal and return what was stolen; but the banks, credit card companies, and other institutions may want to see a police report. It makes your claim of being victimized official. DO NOT call 911 unless the criminal is inside your home! Use the non-emergency number.

      Were you tricked into allowing someone to remotely control your computer? Or into downloading software? If so there is no telling what information they got or are getting. In that case, change your windows login password immediately! And scan your computer for malware using multiple antimalware tools. Go to www.pcworld.com for more info.

      Return to top of page.


      Personal Information Safety Tips

      Identity thieves LOVE the holidays! Everyone is so busy that they rarely remember to guard their personal information. Here are a few basic safe holiday shopping tips:

      CREDIT / DEBIT CARDS – Try not to have your card number saved by vendors. I know it is a pain, but if the bad guys hack your account they are still missing one piece of information. Use a low limit Credit Card or a Debit Card linked to a low balance separate bank account dedicated to online shopping so the bad guys can’t bankrupt you. Now set your accounts up to send you a text alert for all purchases. Be sure to check your Credit / Debit Card and bank accounts once a week or more often to look for unauthorized purchases. Save all your receipts and balance your accounts every month. The bad guys are at it 24 hours a day; every day, they never stop, they never sleep.

      BEWARE OF SHOULDER SURFERS – when using ATMs, gas pump card readers, and store checkouts; be sure to guard your information. Always assume that the bad guys are watching and trying to steal your info. Check the card reader for anything that could be wrong. Look for non matching colors, textures, or loose wires and panels that might indicate a card reader skimmer attached to the card reader. Also look around for people and cameras trying to see your pin #. Shield the pin pad with your body and free hand.

      MAKE SURE YOUR ELECTRONIC ITEMS ARE SECURE – see “Travel Safety Tips For Electronic Devices” on this page.

      WIRELESS INTERNET - be careful of wireless Internet use and make sure that the wireless network you are using is password protected. Be aware of the fact that hackers can hack into wireless Internet networks and can view what you are viewing, such as bank account information. When you join a store or mall’s WI-FI EVERYONE on the network can see you. All your information is at risk. This is how the celebrity nude picture scandal happened! The bad guys joined the network and hacked celebrity’s phones.
      Now that they have your account information, password, and credit card number; they can log in, buy something, change the ‘Ship to address’; and rob you blind. And you will not know about it till it is far far too late.

      SOCIAL MEDIA - review, update and confirm the personal and professional information that you have on any social network. Set ALL of the privacy settings to maximum security; i.e. ‘only friends’. Do not communicate to the world where you are and when, as criminals want to know when you are not home so they can rob you in peace. Post those pictures after you get back.

      ONLINE SHOPPING - do business with companies you know and trust. If you are unfamiliar with a website, research the company, its website and privacy policies. Use a credit (only) card instead of a debit/credit card or checking account, as your credit card is protected under the Fair Credit Billing Act. Using a credit (only) card also prevents thieves from draining your bank account as they have no access to it.

      HOLIDAY PACKAGES - many thieves are stealing packages delivered to your doorstep. The thief simply follows United Parcel Service, US Postal Service, or FedEx trucks, waits for a delivery and then grabs the package(s) before you can get home and bring them in. It is a good idea to have packages delivered to your work or a neighbor who is home during your work hours.

      AND ALL THE REST – be sure to scan down this page for many more basic tips on personal information safety.

      Return to top of page.


      Simple tips to avoid identity theft:

    7. Get your mail everyday as soon as possible.

    8. If you are going on vacation request the post office to hold your mail until the day after you return, or elect to pick it up in person.

    9. DO NOT advertise you are on vacation! Do not Tweat, facebook, etc. that you are gone. Wait until you are home to post all those pictures. Thieves love to know you are not home. You just make yourself a juice target for them.

    10. Pay attention to your billing cycles. If bills or financial statements are late, contact the sender. The bill may have been stolen from your mail box. The thieves can use the info in an average bill to get your personal financial info to steal you blind.

    11. Keep your receipts to reconcile your statements. Ask for carbons and incorrect charge slips as well. Promptly compare receipts with account statements looking for unauthorized transactions and overcharges. You would be surprised how easy it is for an unscrupulous clerk to rip you off. They really like out-of-towners because it will be awhile till you get home and figure it out.

    12. Don’t carry your Social Security card in your wallet or write it on your checks. Only give out your SSN when absolutely necessary. Use an alternative form of ID as often as possible.

    13. Protect your PIN. Never write a PIN on a credit/debit card or on a slip of paper kept in your wallet.

    14. Watch out for “shoulder surfers”. Use your free hand to shield the keypad when using pay phones and ATMs. Take a good look at the ATM for anything odd. Loose wires or tape near the keyboard or extra cameras for instance may mean scammers have compromised the ATM.

    15. Shred unwanted receipts, credit offers, account statements, expired cards, etc., to prevent dumpster divers getting your personal information. Ideally, these items should be shred in a cross-cut or micro-cut shredder. Shred anything with a barcode, any personal, or financial info. Shred, shred, shred for safety.

    16. Store personal information in a safe place at home and at work. Don’t leave it lying around.

    17. Don’t respond to unsolicited requests for personal information in the mail, over the phone or online. If you did not initiate the request it is a scam. If you think it might be legitimate request from your provider, use your personal list of provider information to contact them. Never trust unsolicited requests contact information unless you can verify it.

    18. Install firewalls, virus detection, and malware detection software on your home computer and phone/tablet. I use 2 different antivirus programs and 1 anti-malware program to keep my computer problem free every week. The programs are set to auto-update, but I always update them before I run them every week.

    19. Check your credit report once a year. Check it more frequently if you suspect someone has gotten access to your account information.

    20. Return to top of page.


      Your Vehicle and Identity Theft; Partners in Crime

      From – AZCentral.com – Mark Pribish

      It is estimated that one-third of all motor-vehicle thefts could potentially translate into identity theft because the contents of the vehicle reveal personal information about the owner. According to the FBI’s Uniform Crime Reports, there were 721,053 motor-vehicle thefts in the U.S. in 2012, equating to 1,975 vehicles per day. Your car, truck or SUV will almost always be an opportunity for ID theft. In order to finance a vehicle, register it, acquire license plates and insurance, you are required to share your personally identifiable information. State law requires that you possess your vehicle registration and proof of insurance when driving. Most of us simply keep this information in our cars.

      So what can happen when financing a vehicle? Specific to auto dealerships, there have been multiple news reports on how auto dealers lose vehicles to identity thieves acting as a new-car buyer while fraudulently using someone else’s personally identifiable information to create fake identification and credentials. Once the vehicles are purchased, the actual individuals whose information was stolen are stuck with the problem of resolving these fraudulent purchases. At the same time, there have been a number of news reports on how individual consumers have been victimized by auto-dealership employees who have stolen the personal information of customers. This has resulted in the opening of fraudulent credit cards and personal loans of individual car-buying customers.

      “The fact is your car is your identity,” said Joe Annoreno, CEO of Scottsdale based Vero, LLC, an automotive finance and insurance products company. Annoreno said “the contents of your car, such as a laptop, smartphone, tax information, driver’s license, insurance card, registration, garage door opener and personal mail/bills increase your risk of identity theft if your information is not locked up and secure.” Unbelievably, 31 percent of drivers fail to lock their vehicle doors, and 14 percent leave the keys in the ignition, according to the National Insurance Crime Bureau. But even if we do lock our vehicles, it doesn’t stop various third parties and burglars from accessing your personal info. When using car-wash services, valet services, auto-repair services, or any other automotive-related service where you give an unfamiliar person access to your vehicle, you should either take the contents from your vehicle or secure the contents to prevent any individual from stealing your personal information.

      Mark’s Most Important: Protect your vehicle documents as if they were cash and regularly check for unusual activities after purchasing a vehicle or after it’s been in the possession of others.

      Mark Pribish is vice president and ID-theft practice leader at Merchants Information Solutions Inc., a national ID-theft and background-screening provider based in Phoenix.

      Return to top of page.


      Heartbleed Security Bug
      Wireless Router Data Safety Basics
      Damage Control Plan After Password Theft
      Travel Safety Tips For Electronic Devices
      New Car Robbery Tactic
      Beware of RFID technology!
      Phishing
      DIY Identity-Theft Protection

      Return to top of page.


      Heartbleed Security Bug

      How do you know if you have been a victim of the Heartbleed Security Bug? If you use a password manager like LastPass, Dashlane, or KeePass they have a program to check for you. If you don’t use a password manager you can try to find out on each individual web site you did business in the last 2 or 3 years. Here is a partial list of sites:
      • Amazon Web Services • Dropbox • Facebook • GitHub • GoDaddy • Google • LastPass • OKCupid • Soundcloud • Tumblr • Turbo Tax • Yahoo

      Your best bet is to change your password and username AFTER the site has closed the critical programming flaw in OpenSSL—an open source implementation of the SSL/TLS encryption protocol. Most proprietary SSL/TLS sites did not have this flaw, only open source OpenSSL had it. You may have also had other personal info stolen such as email, IM, and possibly credit info.

      By now most web sites should have fixed the flaw. As a precaution you should monitor all of your credit / debit cards and bank statements for unusual activity.

      Return to top of page.


      Wireless Router Data Safety Basics

      Change the Default Password – This is extremely important! Default passwords are easy to guess or obtain. Consult your owner’s manual or go online for the correct directions. You do not want just anybody to lurk on your Wi-Fi network. Don’t forget to choose a strong 12 or more character password. See The Word on Passwords.

      Use Only WPA2 Encryption – This is the latest, greatest, and strongest encryption available today. All modern day electronic devises can use it.

      Avoid Common SSID Names – Hackers can easily use a common name to back hack your router.

      Disable you WPS – This is designed to make it easy to add new devises and hackers love it.

      Set Up A Separate Guest Network – It is a good idea to set up a separate guest network with its own SSID name. This way you can have a medium secure password that can be changed often to foil hackers without having the hassle of changing all of your strongly protected equipment.

      Forget MAC Address Filtering – It can be very difficult to do unless you are a true pro.

      Disable Administrator Access From Wi-Fi – That means you can only access the router from a LAN cable attached to a computer. This is just another layer of security to make the hacker jump thru. Hopefully they will just give up because there are easier victims to hack.

      Return to top of page.


      Damage Control Plan After Password Theft

      After any of your passwords are stolen you need a plan to regain control of all of your accounts. It doesn’t matter which password was stolen, or how important that account was, that one password could be the key to losing control of all your accounts in a dominos style cascading breach.

      First change the passwords to all of your email accounts! Why start here? Because changing most on-line account passwords start with email confirmation. I know it is a pain, but you MUST use a unique 10 or 12 character password for each account. For help in creating a very strong password see “The Word on Passwords” at our Active Scam Page

      Now you can safely change all of your financial, medical, utility, social, and other account passwords. You can use a ‘Password Manager’ program, memorize them, or write them down on paper which you keep in a safe place. I have so many accounts I couldn’t remember them all. I memorize the ones I use often and write the others down. Do not forget to change the challenge / security questions too. And mix it up. DO NOT use the same questions for multiple accounts. Try to use less obvious questions that can’t be looked up on Facebook or Google. Have fun with it. Use a goofy question or answer.

      REMEMBER : The best offence is a strong defense. Beef up your passwords and challenge / security questions. Thieves like easily guessed passwords and answered questions. If it looks too hard they most likely will go away.

      Return to top of page.


      Travel Safety Tips For Electronic Devices

      When traveling beware of ALL public Wi-Fi! If it is free the bag guys will be on it too!

      1st – UPDATE all of your security & antivirus programs and operating systems on ALL of your devices INCLUDING your Smartphone. You do have security & antivirus programs on your Smartphone, right?

      2nd – NEVER use public computers for financial transactions. They probably contain spy wear and key loggers to steal your info.

      3rd – NEVER respond to update requests. You just did that and these requests on public Wi-Fi probably contain Trojan horses or send you to a thieves’ look-a-like site to steal your info. ALWAYS use the site you already have bookmarked.

      4th – DO NOT use the phone number on the flyer slipped under your hotel door to order from a restaurant. A new scam involves recreating a legitimate restaurant’s flyer with the thieves’ phone number. They steal your card number and you never get the food.

      5th – NEVER download an app from an unknown site. ALWAYS use a trusted vendor site. It is best not to download anything off public Wi-Fi. Use your own data plan.

      6th – SET a password or code on ALL of your devices. This makes it harder on thieves if the steal it. Better yet, get a tracking service so you can recover or wipe your device if stolen.

      7th – Contact your credit card issuer about security when traveling. Not all merchants are as honest as the ones you use at home/online.

      8th – DO NOT provide details about yourself on social networks that could be used to answer security questions to steal your money/credit/identity. The less personal info out there about you the better.

      9th – DO NOT click on links in social media messages on public Wi-Fi. It is probably a spoof message and the link is to the thieves’ site to load spy-wear to steal your identity.

      Return to top of page.


      ATTENTION WEST MICHIGAN:

      There have been several ATM skimmers in use in the Grand Rapids Metro area. Be VERY careful when using ATM machines. Always assume that the bad guys are watching and trying to steal your info. Check the ATM for anything that could be wrong. Look for non matching colors, textures, or loose wires and panels that might indicate a card reader skimmer attached to the ATM. Also look around for people and cameras trying to see your pin #. Shield the pin pad with your body and free hand.

      Return to top of page.


      New Car Robbery Tactic - Cloning Your Key Fob

      Information keeps pouring in on my iATN professional mechanics forum from all over North America. After reading over 40 responses and a dozen other articles, here is what I have determined.

      The Questions:

    21. 1. Is it possible to clone your Key Fob code? A qualified YES.
    22. 2. Is it possible to jam your Key Fob code so the doors will not lock? Definitely YES.
    23. 3. Is it possible to open your car door with someone else’s remote? A qualified YES.
    24. 4. If the thief wants your stuff, will they get it? Definitely YES.
    25. 5. Can you take reasonable precautions to substantially reduce the possibility of theft? Absolutely YES.

    26. The Explanations:

    27. 1. Newer cars and better after-market Remote Keyless Entry systems are much harder to clone the code due to the use of an algorithm to generate a rolling (new) code every time you press a button on your key fob. Apparently cloning was an issue when Remote Keyless Entry was first coming out 15 or 20 some years ago, and may still be with bargain aftermarket R.K.E.s. It seems to be a bigger issue in Europe. So I deem it a possible, but not likely. Just remember that any security device a man can create, a woman can defeat.
    28. 2. Jamming your Key Fob code so the doors will not lock is a lot easier to do and doesn’t attract attention. Thieves like easy and no attention. Definitely YES.
    29. 3. Again this was an issue 15 or 20 some years ago, and may still be with bargain aftermarket R.K.E.s. One response said he set off the panic mode on the car next to him with the radio remote. So I deem it a possible, but not likely.
    30. 4. Gaining access to your car is frighteningly easy. Auto part stores, hardware stores, and other retail stores sell unlocking tools. Most first responders carry spring loaded center punches to shatter window class.
    31. If a thief wants you stuff, they will get it.
    32. 5. So I stand by my original advice.
      First - Hide your stuff. You hear it every holiday season. The police plead with everyone to hide their stuff. Lock it in your trunk or cover it up on the floor YEAR ROUND. INCLUDING the mounts and power cords!
      Second – Lock your car doors with the door button or key because they are mechanical and do not use radio signals like your key fob to communicate with the car.

    33. The harder you make it to get your stuff, the more chance that the thief will pass you up for an easier target. If your car is locked and all they see is a blanket on the floor, but the car next to you is unlocked; which car are they going to mess with?? Most thieves are thieves of opportunity. Don’t be an easy opportunity.

      PS: Do NOT program your GPS with your home address! Use your work address or a major intersection near your home.

      Return to top of page.


      Beware of RFID technology!

      Recently I have been reading and seeing stories on using RFID technology to skim your credit card information from your wallet simply be waving a card reader within a few feet of your wallet. Then they can clone any magnetic card strip with your info and charge things in person or use it online. Here is the latest story I saw - The Risk Inside Your Credit Card.

      Return to top of page.


      More Identity Theft Information

      A visitor emailed me this link to a page with more good information. It has many good links to other pages with some sound advice. Credit Card & Identity Theft Protection page

      Return to top of page.


      PHISHING

      So what exactly is phishing? It is someone who is trying to get your personal financial or identity records so they can steal your identity or rob you. There have been reports of crooks trying to steal your house by getting a mortgage on your house without your permission or knowledge. Then they take the money and disappear, defaulting on the loan and leaving you to prove you didn't do it. Usually the crooks opens credit accounts with your personal information and leave you to prove you didn't open those accounts. It can cost you Thousands of dollars and months of time to straighten these things out.

      How To Avoid Phishers

      Usually it starts with an e-mail or phone call supposedly from your bank, credit card, government, or other business you do business with. They claim there is a problem and need your social security number, or credit card number, or other personal information to verify it really is you so they can fix the problem. DO NOT GIVE THEM ANY INFORMATION! ! Hang up or close the e-mail. Then using your own phone and the customer service number from your own personal phone book, contact the customer service department directly. NEVER EVER click on a link provided in a suspicious e-mail! These crooks are very good at reproducing a legitimate business' web page to steal information from you. Always use the e-mail address or web site address that you already have in your personal address book.

      If you did not initiate the contact, there is a very good chance it is a crook phishing for your information.

      Sometimes a credit card company will call you and ask if you are on vacation in France, or did you just buy a new Corvette with your credit card? That is probably a legitimate call, but they already have your information and will not ask for it.

      When in doubt, hang up! Then call customer service yourself.

      Return to top of page.

      DIY IDENTITY-THEFT PROTECTION - A 12 STEP PROGRAM

      Author - Dan Tynan

      You can read the complete article in PC World June 2008


      YOU DO NOT have to spend $100 to $200 a year to defend yourself from Identity Theft at the level of protection that a paid for service offers. You can do almost everything those services do, for free. But the following steps will require time and effort.

      1. Get a free copy of your credit report at Annual Credit Report.com Do not be fooled by look alike sites that promise free reports if you subscribe to their credit-monitoring services. Better yet, order by phone at 877-322-8228.

      2. For DIY credit monitoring, order a free report every three (3) months from a different credit-reporting bureau (see below). Scan the report for unfamiliar information such as accounts you don't remember opening.

      3. Place a fraud alert on your credit report by calling one of the credit bureaus. You can find the contact information for all three bureaus by browsing to the Fight Identity Theft web sight. (see below)

      4. Put a recurring event in your online calendar to remind you to renew your fraud alert in 90 days.

      5. Tell the bureaus to stop selling your information to credit services by calling 888-567-8688 or visiting Opt Out Prescreen.com Doing so will reduce but not eliminate the number of preapproved credit card offers you receive.

      6. Request a free public records report from ChoicePoint You'll have to print a form and mail it, along with copies of your driver's license and proof of address. Scan the report for addresses and other details not related to you.

      7. Take your name off other marketing lists by signing up for ProQuo.com's free service. In some instances, you may have to mail letters or navigate to a marketer's own site to complete your opt-out request.

      8. Buy a mailbox that locks or use a post office box. This will help prevent thieves from stealing your identity via paper mail.

      9. Buy a crosscut paper shredder and shred junk mail to frustrate dumpster diving identity thieves. *

      10. Never click a link from an e-mail message to log into your bank or to any other financial institution. Type the secure site's address into your browser, bookmark it, and use that link to access your accounts. Otherwise, you risk having your identity stolen by phishers.

      11. If you believe that you are a victim of identity theft, contact the Identity Theft Resource Center. Volunteers there can walk you through the process of restoring your identity.

      12. Get educated. Mari Frank's IdentityTheft.org, the Privacy Rights Clearing House, and the Federal Trade Commission maintain huge libraries of information on how to avoid being victimized, and what to do if it has already happened.

      *I recommend that you shred anything with any personal information on it. Theives love your trash! Shred all Bank correspondence & records, insurance correspondence & records, credit/debit card receipts, credit statements, old bills of any kind, unsolicited applications of any type. ANYTHING with your Social Security or drivers license number or your birth date!! And just for luck - anything with an account number on it and your address. Better to wear out a shredder than get your identity stolen from the trash. - Brian

      Return to top of page.

      File a Complaint with the Federal Trade Commission

      Phone 1-887-438-4338
      or click I.D. Theft

      Return to top of page.

      CREDIT BUREAU CONTACT INFO:

      Equifax
      PO Box 740241
      Atlanta GA 30374
      1-888-766-0008

      OR

      Equifax Security Freeze
      P.O. Box 105788
      Atlanta, GA 30348

      www.Equifax.com

      Experian
      PO Box 2002
      Allen TX 75013
      1888-397-3742

      OR

      Experian Security Freeze
      P. O. Box 9554
      Allen, TX 75013

      www.Experian.com

      TransUnion
      PO Box 1000
      Chester PA 19022
      1800-680-7289

      OR

      TransUnion Fraud Victim Assistance Department
      P. O. Box 6790
      Fullerton, CA 92834-6790

      www.TransUnoin.com

      Return to top of page.

      To report a DEAD LINK