Saturday, January 27, 2007

Meditations on ID theft

One of the fastest growing crimes in this part of the world is Identity Theft.

Simply put, Identity Theft is when a critter takes the personal information of a victim, and then uses the information for
personal gain, while letting the victim deal with the results.

An example would be the critter who obtains a credit card in the name of a victim, and then maxes the card purchasing goods and services. When the card hits its limit, the critter simply disposes of it, leaving the innocent victim to face the credit card company and the defrauded entities.

This crime is practically the Holy Trinity for critters -- it's: 1) High profit; 2) Low exertion; and 3) Bloody difficult to catch and
prosecute.

So ... what can you do to avoid the hell that is Identity Theft?

A critter can't steal your identity if they don't have the opportunity to do so.

I will tell you there are times when you have no control over how vulnerable your identity is to theft. There can be -- and have been -- critters employed at places, offices, and agencies that handle identity as a matter of routine.

It is difficult -- if not impossible -- for you to prevent the bank from hiring someone who may be sneaking account details out the door.

The good news is that critters who use their place of employment as a means of stealing identity are somewhat easier to catch and prosecute.

Do note that I said "somewhat". ID theft in any form is a pain-in-the-arse for investigators.

Most ID theft occurs when the victim could have prevented the critter from gaining the necessary information. These particular events are much harder to catch and prosecute and are what I would like to opine upon this day.

In the Century of the Fruitbat this modern
age, anyone who doesn't have a shredder is asking for trouble.

Buy a shredder. Once you have a shredder, anything that: 1) Is paper; 2) Has your name or any other personal information on board; 3) And is being thrown away ...


... Goes through the shredder first. Including -- especially -- junk mail.

If a critter can't read your personal data, he can't steal your personal data.

Get yourself a locking mail box. The old Mayberry sheet-metal mailbox:
Is no longer acceptable.

In 1996, I was on patrol in a village north of town at the same time as the local USPS mail-person was making the morning rounds. When I saw a man walk to a mail-box, open it up and remove the contents, I figured it was Morning In Small Town America.

When I saw the same man walk up to a mail-box three houses down, open it up and reach for the contents, I decided I ought to have a talk with him.

Unfortunately, the critter saw the brake-lights light up on my cruiser and took off like a striped-arsed ape. I never did catch the critter, but I'm certain that I stopped an ID theft at the very least.

If a critter can just reach into your mailbox and grab your personal data, you can bet one of them will do just that.

My personal preference is a P.O. box, either at the Post Office or at one of the private mail centres. Having my mail delivered to a location away from my home gives me an added layer of security. However, I realize that some people need their mail delivered at (or near) their home.

If this is the case, consider a locking mailbox or a locking insert for your current mailbox.

Do you write cheques? If so, take this opportunity -- now -- to examine one of your personal cheques. How much information do you have in that upper left-hand corner, and is it all really necessary?

I was in Target the other day, in line behind a woman paying for her purchases with a cheque that had her Social Security Number, her drivers license number, her home and cell-phone numbers and her date of birth -- all in the upper left-hand corner of that cheque.

When I asked her why, in God's name, she had all that on a cheque, she answered that all that ID made it easier for stores to ID her and accept the cheque.

"All that ID" is what some enterprising critter is going to steal, I guaran-damn-tee you. Just one of who-the-hell-knows how many of those cheques she's written drifts through the wrong paws and she's going to be hip-deep in her own special hell.

Put the bare minimum of information on your cheques, okay folks?

Speaking of Drivers Licenses and Social Security Numbers -- if you live in one of those misbegotten States which uses your SSN as your drivers license number -- change it.

Monday morning, drive down to which-ever authority maintains driver licenses in your State and have them issue you a DL number that doesn't have a damned thing to do with your Social Security Number.

Last, but not least, don't give out personal information by phone or Internet if you didn't initiate the contact.

If someone calls -- or e-mails -- you and asks for any information, feel free to ignore them.

Nobody -- NOBODY-- who is legitimate is going to contact you and ask for information they already have.

Those e-mails you get from somebody claiming to be PayPal, informing you that there's been a problem and they need you to give them account details to "verify" or "fix" something?

Bushwa. That e-mail came from a critter who wants to take you for all that he can.

Someone claiming to be from your credit-card company or bank calls you and asks for your card or account number to verify your identity?

Bushwa. That's a critter who's trying to steal you blind.

I say again my last: if they called you -- don't give them any information.

The risk of you becoming a victim of Identity Theft can be minimized if you take some common-sense precautions, including the ones I have already mentioned. Please click on the links scattered throughout this post for further information and tips.

LawDog

20 comments:

DW said...

Hey Dawg,
Did you know there are books out on this sort of theft. I don't mean prevention, I mean "How to" books. A friend, who was incredibly lucky to be in bed with an injury, got a call from a dealership in Florida about his new car.

What car?

The 50K car that he knew nothing about. There ensued a some quick calls and a police raid that nabbed the book, the crook and computer files that showed a two year history of stealing id's from demographics that fit the perp. He still caught hell from the world and the guy was just getting started when caught.

kateykakes said...

GREAT post, LD. These are things that people SHOULD know about, but I'm sure some don't.

Although I'm out on Worker's Comp right now, I've been a Medical Cost Analyst for 6 years (ironically doing Worker's Comp claims) and the amount of information I've seen on a daily basis always gave me great concern. I never worried about myself, as I'd do what I was supposed to and that was that. After seeing so many numbers a day, you dn't even think about it - at least I didn't. But what I always wondered about was if there was anyone I worked with that would sell someone's info because it was that easy to get. Yes, when you're hired you have to sign saying all info is kept confidential, but what if someone is desperate for cash? I always think about the what ifs...

I never give my social unless it's absolutely mandatory.

Mike D said...

DW, not only are there books out there to steal ID's, there is actually a "hackers" web site that teaches people how to hack into computers. For less than $500 you can even get their archieves all the way back to 1985 when the site was founded. One of the biggest crimes going is the hacking of college computers and databases.

Gay_Cynic said...

Anarchangel over on his blog (can't link in comments, darn it) around 1/22 or so has some salient comments on very similar topics, from a more tech point of view. Would shrink wrap it onto clients monitors if I thought I could get away from it - gist of it is that electronic information counts, too.

Anonymous said...

Don't forget that credit card companies mail out those offers. Any critter that gets ahold of those can really mess things up, even if only your name and address is on it.

I don't have a shredder, but I do chop up everything into dust if it has any personal information at all on it. And this is from someone who, to make a point, used a classmate's VIN to find out damn-near-everything about them.

And if they ask for your SSN on a job application? Put down "Please Ask In Person" or something similar. Employers worth working for understand that you're trying to keep someone from taking out a second mortgage in your name.

Anonymous said...

And be very careful what you put on a fax - and that you're using the correct fax number. For awhile a government agency kept faxing us info - highly personal info - on disability cases. Had the area code and last 4 digits correct, but the middle 3 digits were for my town, not Denver. I'd make a call or two, then shred the info. But they kept coming. Until I said that I might send the next fax to the party in question and suggest he/she contact an attorney. Received a very polite "please don't do that" call. No more faxes. OldeForce

Anonymous said...

Do ya'll ever find it strange about those "paypal" emails, among others, being sent to folks who don't use Paypal or respective other services?

mustanger98 on THR

Kimberly said...

My personal favorites are the banks I don't do business with asking for information on my accounts with them.

Desertrat said...

Military serial numbers are the Social Security numbers--and they're on all mail to and from folks in the service.

In Texas you have to show your SS card to renew a driver's license or get a hunting/fishing license. All those employees who see the card are honest? Have sieve-like memories?

Government aids and abets crimes just like criminals do...

Art

wolfwalker said...

Amen squared, LawDog. Excellent post on a really nasty problem.

Note that most of this scams have specific names. For example, the one where an email purporting to be from PayPal (or Ebay, or your bank, or some other financial institution) warns you of a security breach and asks you to log on and reenter your account info. This scam is known as phishing. It can be instantly detected in any of at least four ways:

1) if you don't actually have an account at that institution, it must be bogus
2) NO bank or other financial institution will EVER notify you of a security breach by email.
3) Move your mouse over the link the email gives, but don't click. If you have a decent email program, the actual URL will display on a status line below the message window. If the actual URL doesn't match the link-text, or if the actual URL starts with a simple DNS address (that's four groups of numbers separated by periods), it's phony.

If your email program doesn't display the actual URL this way, then for pete's sake get one that does!

4) if you do click the link and go to a webpage, look at the URL in the URL-window above the main browser window. Again, if it doesn't match the source name, or it starts with a DNS numeric address, it's phony.

One other thing that's related to these ID-theft scams: Many of them emanate from organized crime rings overseas. For legal reasons they can't simply transfer funds from the phished accounts to their own overseas accounts. So they look for US citizens to act as middlemen. If you ever see a job ad or job-offer email that talks about acting as a "financial agent" or something like, getting money transfers and sending them on to another destination, it's another scam. If you answer, you become a "money mule" in these e-theft schemes. Stolen money comes to your account, and you send it on via an untraceable transaction like a Western Union transfer. By the time the bank traces the money transfers, the money is gone, and the hapless mule is responsible for paying back the stolen funds, because he received them. Jail sentences for money laundering and receiving stolen property may also follow.

Rabbit said...

I got popped a year ago from my debit card. I used it to buy two reams of printer paper at Office Max. Office Max was retaining PIN numbers (against practice, and they to this day deny it) in their computer system instead of passing them through into /dev/null.

Office Max got hacked.

Google "Office Max", "PIN numbers", "debit card" for more info.

I noticed about 2 months' worth of pay was missing from my checking account shortly afterwards. In fact, it was into negative dollars. SWMBO called the bank, who referred her on to Visa, the issuing company. The nice Visa drone listened to SWMBO as she asked what the transactions (all numbered, not text) were for, at several hundred dollars a whack. Visadrone suggested I consider taking travellers checks next time I went to Bahrain.

Bahrain? I hadn't been any further east than Mesquite in months. Seems the hacker used my card data to buy cellphones and gold in some craphole town in Bahrain. We be 'splained it to Visa, who was really quite nice in refunding all the charges and even told us of other charges that had been attempted and declined due to ripping my balance out by the roots.

T'ain't just paper you have to worry about.

Regards,
Rabbit.

Anonymous said...

I got hit back in the early 90s before ID theft was well known. The local PD was clueless and because this was even pre-internet I had to navigate the waters via registered mail and telephone calls.

I didn't even know I was hit until I started getting bills forwarded from the other side of the nation. The thieves ran up bills of close to 30,000 dollars. The credit card companies, the police in my town and the state where it occurred didn't seem interested in pursuing the perpetrators.

I did my own investigation and from looking at my credit report it appeared that a car dealer in Florida had accessed my credit report and obtained my information that way.

That and the rest of the information I turned up (which was substantial as I was in private security and investigations) over to the CC companies and LE but they basically said they weren't interested in doing anything and wrote the loss off.

I was incensed. I was packing for a trip to get my own “justice” from those who had stolen my ID and only the wise council of several level headed friends and good friend who was a sheriff's deputy calmed me down and got me to just let it go.

Draven said...

Hey Dog-

Lets not even talk about the UPS schmuck that leaves ammo and gun parts sitting at my door without so much as tapping on the door...

(I've literally been standing on the opposite side of the door when he's done it...)

Draven said...

ok, now for my on-topic question

'dog, would you say that getting personalized checks- like, f'rinstance, the NRA-themed checks i'm looking at- because they might tip off a potential ummm 'perp'?

Cybrludite said...

Then there's my way of avoiding identity theft: Having a piss-poor credit rating to begin with. Anyone who steals my ID is getting exactly what they deserve...

Dad29 said...

LawDog--by any chance, was your mailbox-emptier working on the 3rd of the month (SocSec Day) or the day when your State mails its UnempComp chex?

All he needed was a picture of the SS check which includes the SSAN (IIRC.)

A Soldier's Girl said...

I had my purse stolen. In it were my military ID, and my dependent ID. The thieves got my SSN and Decurion's.

Talk about a horrifying feeling. I still cringe every time I open the mailbox, despite having taken all the precautions I can.

Tolewyn said...

I work at a credit union in Podunk, TX USA and even in our relatively small city you would not believe the sheer volume of this crap that goes on.

One of the best pieces of advice we give our members is to have their check orders mailed to the credit union and pick them up if they do not have a PO Box..sometimes even if they do.

There are some new technologies going on financial instituioins websites...hey maybe I'll post on it instaed of rambling on here.


All in all, great post brother.

Tole

Simeron Steelhammer said...

Here's a few additional tips you might toss up there LD...

By law (federal) you are allowed to get a free credit report from each of the three agencies. You have to go to the RIGHT site mind you, not a copy cat. Believe this is the site that points you there.

http://www.ftc.gov/bcp/conline/edcams/credit/ycr_free_reports.htm

Seeing how each site gives you one free report per year, space them out every four months and you got the year covered.

Secondly, never ever ever never carry your SSN card in your wallet or purse. Why not? Well, say some critter grabs it and managed to get loose with it. What information is on your DL? Name, Address, and DoB if in Texas. The final piece of the ID theft puzzle is, you guessed it, the SSN.

Finally, as an IT man by trade, I can tell you to get and keep three very important things on your computer if you happen to use a little thing known as the Internet.

1) A reliable Virus Scanner

And use it daily folks, having it and not using it don't help.

2) A reliable Anti Spyware/Malware program.

(read above about usage)

3) A reliable firewall that ain't swiss cheese (full of holes).

This will help keep nasty little programs out of your computer that can grab your personal information off your own hard drive while you surf your way around the Web.

Hope this helps too!

Firehand said...

I usually save such up for a couple of weeks or so, then into the forge or chimenea with it, whichever I can light up at the time.

Used to know a nurse who kept a box by the fireplace for them; once a month, bonfire time.