LifeLock Blog

A former California insurance agent James Alfred Morris, 66, has been arrested and charged with eight felony counts of identity theft and six felony counts of grand theft. These charges come after he allegedly stole a man’s identity to sell insurance policies and collect the commissions.

Morris had lost his license to sell insurance in 2003 for similar fraud violations. Morris used a former employee’s identity to submit 15 applications for life insurance so he could collect the commissions. The $8,457 in commissions where paid directly to a bank account that Morris controlled. The California Department of Insurance was unaware of this until the insurance company discovered Morris’s insurance applications were fraudulent and filed a complaint against Morris, claiming he owned them the commission money back.

According to the police it’s only a matter of time before people like Morris get caught. Accordingly to Commissioner Poizner of California “Stealing another’s identity and then stealing money from an insurance company will never succeed. We will hunt you down, make sure you are prosecuted and then sent to jail.”

Perhaps the insurance industry is not the best place to commit identity theft and fraud. Perhaps there are already too many companies and government operations out there to expose and prosecute people trying to commit insurance fraud. Perhaps what the say about life insurance salesmen are true.

A hacker let himself in through an unlocked virtual door at RockYou Inc and walked off with more than 32.6 million login names and passwords for users of Facebook, MySpace, Friendster and other social networking sites.

The login information was unencrypted and virtually unprotected, and, according to ComputerWorld, the users’ names were the same as those of the users’ Gmail, Yahoo, Hotmail or other web mail accounts. Though few people include Social Security or financial accounts information on their social media sites, any of that information in users’ web mail accounts could be accessed with accessed information.

RockYou says more than 130 million unique users take advantage of their tools for social media sites every month, including applications and services for greeting cards, horoscopes, games, emoticons and photo uploads and slideshows.

A segment of the database was posted on the hacker’s website along with his claim that he accessed 32,603,388 accounts, including their unencrypted, plain-text passwords. He warned RockYou, “Don’t lie to your customers, or i (sic) will publish everything.”

The data breach was discovered after database security firm, Imperva Inc, warned RockYou that hackers were using a serious error in their system to access to RockYou’s massive user database. At least another day passed before RockYou brought down the site, according to Imperva. RockYou said in a statement they immediate brought down the site and addressed the problem.

More than 285 million records were compromised in data breaches last year, and more than 50% of all breaches required little or no technical skill, according to the Verizon Business 2009 Data Breach Investigations Report. The investigators also reported that 83% of all data breaches could have been prevented last year if the victims had employed simple, inexpensive controls.

I am sure you have called a contact or support center by phone and heard a recording telling you that your call may be recorded for quality assurance. What exactly does that mean and how does it keep you safe. You trust a lot of sensitive information to complete strangers all the time. Strangers that work for a company in a call center that, let’s face it, can’t be fun to work in. So the turn over rate is pretty high for most companies. So what keeps employees from working for a couple of months and then  walking away with enough information to steal the identities of hundreds of people? That’s where the quality assurance comes in, but is it good enough to prevent identity theft?

These call recordings don’t just record the phone calls but they also record what the employee is typing into the computer, their page navigation and data retrieval. The system will also sync up the phone conversation to the input on the screen so that delays and errors in data entry may be recorded. So many times the whole conversation from phone to desktop is recorded.

Supervisors can review the recording to evaluate the employee. The recordings are also there to catch and prevent employees from accessing files that they didn’t need. Sometimes supervisors can catch employees who write down a customers card number by the simple fact that there was a delay in the customer giving the number and the employee punching it into the computer.

Even though a call center wouldn’t be the easiest place to steal peoples identities there have been people who have done it. The companies are responsible for the security of their customers information  but security measures are not always enough. There are people who slip through the system and steal peoples identities. So be careful who you do business with and what information you give them, and as always keep an eye on your accounts for signs of identity theft.

Amadeus Harlan who was also known as Johnny Harlan had been claiming he was a Denver Broncos football player in order to gain people’s trust. Police say that the 40-year-old man would routinely pretend to be a NFL football player to convinced people to give up their private information. He then used their private information to steal the identities of the those people to obtain loans and expensive cars.

Last week he was convicted of writing phony payroll checks to his employees of his bogus business he had started. He faces up to 48 years in prison in the jefferson county case and can face up to 24 years in the Denver case.

Makes you wonder what these people were thinking. There is not a lot of information on what kind of business the man started and why people would trust him and hand over their private information. It seems to me this guy perhaps offered to hirer them for his business and instead of hiring them stole their identities. A couple sources online say that the man posed as the football player online and went after his fans to gain their trust. This seems to make more sense because it would be easier if your victims didn’t know what you looked like. What ever the case may be you can be sure that not everyone is who they say they are especially online.

Some attorneys are ambulance chasers—a term coined to describer personal injury lawyers who follow ambulances from car wrecks to the hospital so they can shove their business cards into the hands of accident victims. Apparently at University Medical Center, attorneys—and possibly others—can simply buy victims’ information from the Las Vegas hospital’s employees.

Kathy Silver, the hospital’s CEO, admitted to legislators this week that she’s know for three weeks that the names, birth dates and Social Security numbers of at least 21 people who were patients at the UMC October 31 and November 1were sold. Those 21 patients were among 71 to receive services on October 31 and November 1, all of whom may be victims of the privacy breach.

The hospital’s chairman of the board, County Commissioner Lawrence Weekly learned of the data breach at the same time Silver did. When asked why he didn’t take steps after learning of the privacy breach when Silver did, he said he didn’t know selling patients’ information is illegal. (more…)

Perhaps the most common of identity thefts is the credit card identity theft. This is when someone steals your credit card, check card, or debit card numbers and places charges on them posing as you. It’s a little bit different from the kind of identity theft where people can actually apply for new credit cards. This type of Identity theft is where they are just using your existing card’s information to make charges.

This type of identity theft can be prevented or at least caught earlier with a couple precautions. The first precaution is to make sure you keep an eye on your cards. Oh course if someone steals your wallet or purse and can assume they are going to try and steal money from your accounts or charge stuff to your credit cards. However, most people don’t know that people can steal your credit card number without stealing your card. When you hand your card to someone for processing make sure they don’t swipe your card into a skimmer, a handheld card scanning device that could be held in your hand, attached to a belt or ankle or other parts of their body. This of course will only work if you can see them when they run your card. Employees that process the card away from the counter can’t watched for this type of scam.

The next tip is a simple one but so many people don’t do it. You should always shield your pin from view when typing it in. Shoulder surfing is a technique where people look over your shoulder to see your pin. Sometimes it’s a simple as someone peaking over your shoulder, but people have been known to record your pin using video cameras and fake keypads among other things. A skimmer attached to the ATM completes the scam and they have everything they need to steal from your account.

Just like a password you should change your card number every so often. You can request a new card number from your bank however often as you like. It is time consuming because you have to change all your online accounts to the new number but this will cut all ties to any exposed card numbers.

Something I have been enjoying is alerts from credit card and check card accounts. Some banks like Bank of America have alerts that will send text messages informing you of what is happening to your account. My accounts inform me of any large purchases, unusual purchases, and low account balances. These alerts are often in real time and will help you catch fraudulent charges. You have to report fraudulent charges within 30 days at most banks and 60 days for most credit cards. So knowing a charge is fraudulent sooner is better than knowing about much later.

Identity theft protection is always a good idea. My favorite identity theft protection company is LifeLock above all other services. They have proven themselves to the be leader in identity theft protection. There is no one I would trust more than LifeLock with my credit. Not all identity thefts can be prevented, but what can be prevented LifeLock will be there to protect you.

Phishing scams are one of the easiest ways to get personal information from people. If you can’t steal information from the public trick them into give it to you. Phishing scams are website that request personal information from you who pose as a legitimate company or organization. They typically prey on people’s fear of hackers and password security to motivate their victims to visit the fraudulent website and enter their information.

H1N1 and the CDC is no exception. A phishing email and website has gone viral and has reached a lot of people telling them they need to fill out a Personal H1N1 Vaccination Profile. The website asks for personal information as well as health information. The site also has links on it that install viruses on your computer, which also might be something spreading the emails around.

The best way to prevent phishing attacks is to be skeptical of links in emails and be aware of the URL you visit when going to a website. You can do a simple search for the company like the CDC to find the real URL of the company. This is a good way of checking whether or not a website is real or not. Having said that never give out personal information on a website unless you know for certain it’s a legitimate business or organization that is going to protect it.

There were three reported data breaches at institutions of higher learning in the United States last month, making November a relatively uneventful month for data breaches. I say relatively uneventful because there have been 72 data breaches so far this year at colleges and universities—an average of more than six a month so far this year.

There were also fewer records exposed than in many other months, with a total of only 5,409; that compares well to October when there were more than twice that number of records exposed in a total of seven reported breaches.

The November data breaches bring the total number of reported exposed records to 868,286. The actual total is much higher than that, though; 11 of the incidents were reported with an “unknown” number of records exposed, and in one incident the number of exposed records was reported as “thousands.”

• 11/1—Bloomsburg University of Pennsylvania, Bloomsburg, PA
• 574 records exposed
• Stolen laptop
• Names, Social Security numbers and grades of students enrolled in a psychology class taught by Julie Kontos between Summer 2004 and Spring 2006 were stored on the laptop stolen from a university office.

(more…)