LifeLock Blog

Looks like employing the classic legal strategy of delaying the case has paid off for the American Bar Association—at least for the time being. A federal judge today determined that lawyers should be exempted from the Red Flag Rules intended to curb identity theft.

The Red Flag Rules go into effect this weekend for all businesses that fall under the Federal Trade Commission’s definition of creditor. Essentially, the FTC considers any business that provides services before payment is rendered or allows customers, clients or patients to make payments on their bills to be a creditor.

Federal Judge Reggie Walton said he disagreed with that definition, and that the definition was so broad that a plumber who worked on a toilet for two days before billing the customer would be considered a creditor. (more…)

The Better Business Bureau is warning job seekers once again to be careful when applying for jobs. With 13 states showing an unemployment rate of 10% or higher it’s clear that unemployment is a problem. Scam artists are taking advantage of the situations and the public needs to be aware.

There are several ways that scammers take advantage of job seekers. Most of the scams involve background checks, upfront fees, and phishing scams.

1. Upfront Fees – There has been an increase of ads for jobs claiming several position openings and all that is required is money for a background check. The money of course does not go toward a background check and they keep your money and use your personal information to steal your identity. Don’t fall for this simple scam. Know a company is legitimate before giving out any information and insist you give it to them in person and never over the phone.

2. Job Placement Companies – Even though most job placement companies are legitimate businesses some of them are not. One needs to be cautious when a company makes promises that they can’t keep. Most firms are free to people looking for jobs they collect a fee from the companies who need people to fill positions. Be careful when companies want to you pay a fee for a guarantee you get a job. A promise they can’t keep and often times will pocket your money and never call you.

3. Phishing attacks – Phishing attacks are common on the Internet. It’s easier to know if a site is fake when you know what the real website and company looks like . This is why websites for fake business are harder to detect. Phishing websites of fake businesses who hire you and want you to send them personal information they use to steal your identity.

Always be suspicious of companies asking for private information before meeting them in person. Even then make sure you do your homework on the business to make sure they are a legitimate company. Be suspicious when companies ask for money upfront for any reason. Don’t give out information for a background check before you are sure the business is legitimate. If you are aware of these things you stand a better chance of preventing a job search related identity theft.

Hackers forced payroll processor PayChoice to shut down its online portal again Wednesday, for the second time so far this month. The data breach came to light when PayChoice customers reported fake employees being added to their payroll rosters.

PayChoice is one of the largest payroll processors in the United States. They lease their payroll management product to more than 240 other payroll processors and serve more than 125,000 organizations. There are approximately 20 branch locations in the U.S. serving small and mid-market companies.

Clients received an email alert from the firm Thursday that said an investigation determined valid credentials were used in an unauthorized manner. PayChoice believes the bogus employees were added in order to have paychecks sent to fraudulent bank accounts.

This most recent attack seems to be the follow up to last month’s data breach in which hackers stole customers’ user names and passwords from PayChoice servers. Soon after, customers received emails advising them to download a plug-in to continue their access to the PayChoice portal. Customers who followed those instructions were infected with malicious software designed to steal user names and passwords.

The hackers apparently planned this latest maneuver to coincide with a large payroll processors conference in Utah. Many PayChoice employees and those of their licensees are attending the conference so all operation are being conducted by a diminished staff, according to Steve Friedl, a security expert who works as a consultant for Evolution payroll, a PayChoice competitor.

A Philadelphia man is accused of using his romantic skills to take advantage of bank tellers at various Philadelphia Banks. Miguel Bell is being accused of having affairs with many female bank tellers in order to convince them to slip him customer information. He then uses this information to apply for drivers licenses and make fake checks.

Bell and his organization compromised dozens of accounts at eight different banks. One Citizens Bank teller gave out 37 customer’s private information allowing Bell’s organization to steal an estimated $390,000 according to the indictment.

Bell’s organization would use the information to apply for Drivers Licenses and make bogus checks. They would then hire check runners to go and cash the checks for a cut of the money. The check runners were typically drug addicts who didn’t mind making some easy money. Hiring the check runners makes it harder to catch the identity thief because they are never the ones trying to cash the fake checks.

The alleged ID theft ring is believed to have stolen $1.3 million in all. It’s a scary thing when you find out that the thieves received your information from the people who are paid to protect it. Given out freely by employees of the companies that store your information and money. The bank tellers must not of been very honest people to begin with if they would volunteer such information. Perhaps he did something that forced them to give him information! We will have to wait for the trial to see.

About a month ago Rod White was indicted on charges of fraud, forgery and identity theft. White was caught trying to use fake checks using the state Taxation and Revenue Department’s account numbers. Little did the police know that White was connected to an ID theft organization in Albuquerque.

The organization was stealing peoples personal information in order to steal their identities. The organization was involved in many purse snatchings and break-ins. The Organization also had a postmaster key and used it to steal mail from hundreds of victims. A search of only two of the accused homes exposed more than 400 victims.

The organization also broke into the car of a Motor Vehicle Division employee and stole documents containing the Names, Social Security Numbers, and Addresses of customers. They used these documents to to create fake ID’s and checks.

Police are still uncovering more evidence in this case and more arrests are coming soon. The scary thing about this case is the fact that they had a postmaster key to get into mailboxes. I guess I never thought about the possibility someone could have a master key to mailboxes. I always thought that my mail was safe since it was locked up in it’s little box. It’s unsettling to know that people can steal key and get into anyone’s mailbox.

Jason Richard Yuschak was sentenced in federal court this week after pleading guilty to ID theft and mail fraud. While in court for that sentencing, federal officials announced a new mail fraud indictment for an eBay scam.

Yuschak, 28, was convicted of stealing the identities of at least 78 people who bought or shopped for cars at the Columbus Ohio dealerships where he worked between September 2005 and September 2007. During that time he worked for Dennis Autopoint, Germain Toyota, Bob Caldwell Jeep and Dodge, and Crown Kia-Jeep.

He received a three-year prison sentence for opening credit card accounts using information from Ohio driver’s licenses, credit applications, purchase proposals, test drive agreements, purchase contracts and business records.

The grand jury indictment was issued in response to a criminal complaint filed September 8, 2009. According to the mail fraud indictment, Yuschak collected $3,000 from an Oklahoma woman in exchange for a Gibson Les Paul guitar he offered on eBay. The woman sent the payment thru PayPal with two e-checks issued on May 21, 2009.

The woman never received the guitar and finally asked that Yuschak return her money. Yuschak allegedly agreed to cancel the deal but sent her an empty envelope instead.

The victim filed dispute with PayPal and filed a report with her local police department.

If convicted on the mail fraud charges, Yuschak could be sentenced to the maximum prison sentence of 20 years. Any mail fraud sentence would have to be served subsequent to his other three-year imprisonment.

For those of you that pay attention to identity theft news know the importance of destroying documents that could have sensitive information on them. Is just shredding your documents enough? Which shredder should you buy? One that cuts documents into strips or one that cut documents into squares. Could someone if they really wanted to put your documents back together?

I know this sounds ridiculous but people have been known to put together shredded documents to get the private information off of them. I know what you might be thinking who would do that? Meth addicts thats who. Believe it or not identity theft rings have been known to employ meth addicts to dumpster dive and get document and put them back together. In return they get the drugs they are addicted to. Meth addicts can stay up for days at a time and can stay focused for long periods of time.

All this is to say that just because you cut your documents into strips doesn’t mean they are safe. The advantage of a cross-cut shredder is that it cuts your documents vertical and horizontal. This turns your documents into confetti which is considerably harder to put back together than the strips. If you are really serious about keeping your documents secure after shredding them a cross-cut shredder would be a good step in that direction.

JP Morgan Chase Bank admits to having lost a computer data tape containing customer information earlier this year. Bank officials have so far refused to reveal how many customers are affected by the data breach, how many customers have been notified, or even when the data breach occurred. But it appears they’ll have to answer those questions soon.

This week two Republican members of the Congressional Committee on Energy and Commerce, Rep. Joe Barton and Rep. George Radanovich, sent a letter to James L. Dimon, Chairman and CEO of JPMorgan Chase and Co. asking these questions and more.

In notifying the untold number of affected customers, the bank offered them one year of free enrollment in Chase Identity Protection. The congressmen asked whether the affected customers will be automatically charged for ongoing participation in the program, or will the program be automatically discontinued unless customers specify otherwise.

The committee members sent the letter October 7, and set a deadline of October 31 for a written response from the bank.

In July 2006 Chase Card Services (a division of JP Morgan Chase) notified 2.6 million current and former Circuit City credit card account holders that five computer tapes containing their personal information had been accidentally sent to the trash. It indicated that it believed the tapes were safely “buried in a landfill.”

In August 2005 JP Morgan Chase admitted that a laptop containing customers’ personal and financial information was stolen. The bank said then that the number of customers affected was unknown.

The IRS has had problems with people filing tax returns as someone else and collecting the returns. This is a huge identity theft problem and the IRS has taken measures to help prevent it, but is it working and is it enough.

About 90% of fraudulent claims were found out and stopped before payment was made, but that still left that %10 percent that was getting through. Which doesn’t sound like that much but it cost the government and taxpayers 15 million in 2008. That is of course only the fraudulent refunds they know about. There is sure to fraudulent refunds that the IRS doesn’t know about and have not been reported.

In 2008 the IRS put 4 new infinitives into effect that were designed to help prevent identify theft cases. One of them is designed to flag accounts so that IRS employees could easy identify problems and come to solutions. The IRS also created a screening system to help pick out potential fraudulent returns. In 2010 the IRS is considering the expansion of screening process but they are still not sure how the original system is working. They are still trying to find ways of measuring how well the current system is working.

The IRS is revisiting their strategies for identity theft identification and related Tax problems. It’s good to see the IRS admitting the problem and trying to do something about it. There are so many times I see companies ignoring the problem and choose to remain ignorant. At least the IRS is admitting they don’t know if their system is good enough and are willing to work on it. Perhaps one day we will not have to worry about false tax returns because the IRS will have perfected their system. Until them keep your information safe and keep an eye out for IRS problems.

A new Act has gone into effect as part of the U.S. Department of Health & Human Services, the Health Information Technology for Economic, and Clinical Health (HITECH) Act. According to this Act insurance providers that don’t use the HHS-approved techniques of encrypting and protecting data will be forced to notify individuals within 60 days of a data breach. If the breach affects for than 500 people the breach must be reported to the HHS and to the media.

The Act later goes on to say that “healthcare companies must publicly disclose data breaches only if the breach threatens significant financial or reputational harm to the individuals affected.” The HHS decides whether or not the threat is significant enough to inform the press and make the data breach public.

I feel this law will aid in forcing companies to protect their data better and making them release information about their data breaches. I only hope that the HHS policies on data encryption and security are tight enough to keep people out. If they are not then the law will help protect companies from having to release information about their data breaches. After all the HHS gets to decide what to disclose and what to keep from the public. I feel it could be a step in the right direction to keeping insurance information just a little bit safer.