LifeLock Blog

Charlie Sheen has been all over the place this week, his show ‘Two and a Half Men’ has had the rest of it’s 8 episodes canceled, he had a very interesting interview with Pierce Morgan, and he joined Twitter making a world record for shortest amount of time to reach 1 Million followers. All that to say he is getting a lot of attention on the internet and elsewhere. Cyber criminals and mischief-makers start to see dollar signs and are seeking to poison search results with Charlie Sheen keywords.

Every time someone or some situation gets popular criminals seek to take advantage of it. We see it with Facebook issues and we saw it with Obama’s inaugural speech among many others. According to the spokesperson over at Invincea, a software security firm, criminals are looking to

“poison the search results and the link would appear to be taking you to a Charlie Sheen video, when actuality it is directing the user to a malicious site. Most of the time these malicious sites are fake anti-virus attacks … where the user thinks they’re infected when in reality, running the (anti-virus) scan is what installs the malware.”

Of course these fake malware sites are completely bogus and you should never click to scan for malware virus on any website. People are getting smarter about this kind of thing, but it seems criminals are getting sneaker too by attacking popular topics and keywords. Amoung the most dangerous keywords, other than Charlie Sheen, right now are “Jenni J-Woww” — Jenni “Jwoww” Farley of “Jersey Shore.” Be careful as you Google these popular search terms and don’t fall for their trickery.

Stay Safe – The Credit Protector

Well it’s tax season again and people are gearing up to prepare their tax returns in hope of getting just a little bit back from old Uncle Sam.  Every year however people are scammed into giving away important information that ultimately leads to an identity theft. Tax time can be a confusing and hectic time for some and leaves them open to scammers impersonating the IRS and other government agencies.

What the Scam looks like.

These tax related scams often times manifest themselves in the form of an email. The sender will often times impersonate the IRS or the treasury and include attention grabbing titles like “Tax Refund”  or “IRS Notice.” The email will then inform you that you need to provide information to them in order to receive your refund or to prevent from paying a penalty or fee. Also scammers use fake or phony websites to try and steal information from their victims. These websites might look identical to the IRS but are used by the criminals to trick users into entering data into them.

What you should know.

You should know that the IRS does not send unsolicited e-mails to tax pays. So if you do not contact them via email then it’s not really the IRS. Also many of these emails are sent by individuals who’s first language isn’t English. So look out for unusual grammar and sentence structure because these are dead giveaways. When presented with a IRS website make sure the URL starts with http://www.irs.gov/. If it does not it’s not the real IRS website and you should leave.

Every year new scams come out and scammers find new and interesting ways to take advantage of unsuspecting people. So keep your eyes open and your information safe this tax season.

Larry Smith on the Left Joseph Kidd on the right

Identity theft is a serious matter and has ruined people’s lives. The amazing thing is it doesn’t take a brilliant criminal to pull off a long term identity theft and ruin someone’s life. No one knows this better than a Florida man named Larry Smith.

17 years ago a homeless man named Joseph Kidd stole Larry’s identity. Joseph Kidd was a simple drifter and used the identity as an alias passing all his medical bills, tickets and warrants on to the real Larry Smith. The identity theft has prevented Larry from gaining access to his medical benefits as well as almost getting his license suspended for unpaid tickets Kidd was racking up in California.

Things were about to get worse when Joseph Kidd violated his parole after completing time for non-violent crimes. The problem was Joseph was booked using his alias Larry Smith. Because of this the real Larry was arrested in Florida and put into prison in Orlando. His wife and family or course were shocked and didn’t sleep until they convinced the police their Larry wasn’t the Larry they were after. They were also concerned that their Larry would be extradited to California because Kidd had violated his parole. Larry was eventually released and the Joseph Kidd was found and sent back to California where he served more time.

The kicker to this story is that when Joseph was booked for violating his parole he was booked as Larry again and even given a parole Id with Larry’s name on it. Instead of just fixing the matter it seemed it was easier to just let Joseph keep tormenting the real Larry Smith. Well it seems the real Larry is going to get his life back after Det. Jim Hudson of California’s Placer County Sheriff’s Department has taken his case and arrest Joseph Kidd for multiple counts that include identity theft and welfare fraud. The detective says “Undoing 17 years of damage to this guy will take years to fix, but I’m committed to making sure Mr. Smith is no longer considered a felon and I want to give him back his medical benefits.” I applaud the detective and I think that’s a great place to start.

who are the red flag laws for anyway? I know the regulation says creditors and that was supposed to include health care providers, attorneys, doctors, hospitals, and anyone who allows people to deffer payments. I’m sure they meant to include them in the regulations to make their professions less likely to be used and abused by identity thieves. It seems the attorneys and health care providers as well as other who  permit payment to be deferred have been left off the hook.  Pending litigation by the American Medical Association and other physician organizations has all but gotten them exempt as well. So who are these laws for anyway?

What follows is the new clarification as to what a creditor means.

SECTION 1. SHORT TITLE.

This Act may be cited as the `Red Flag Program Clarification Act of 2010′.

SEC. 2. SCOPE OF CERTAIN CREDITOR REQUIREMENTS.

(a) Amendment to FCRA- Section 615(e) of the Fair Credit Reporting Act (15 U.S.C. 1681m(e)) is amended by adding at the end the following:

`(4) DEFINITIONS- As used in this subsection, the term `creditor’–

`(A) means a creditor, as defined in section 702 of the Equal Credit Opportunity Act (15 U.S.C. 1691a), that regularly and in the ordinary course of business–

`(i) obtains or uses consumer reports, directly or indirectly, in connection with a credit transaction;

`(ii) furnishes information to consumer reporting agencies, as described in section 623, in connection with a credit transaction; or

`(iii) advances funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person;

`(B) does not include a creditor described in subparagraph (A)(iii) that advances funds on behalf of a person for expenses incidental to a service provided by the creditor to that person; and

`(C) includes any other type of creditor, as defined in that section 702, as the agency described in paragraph (1) having authority over that creditor may determine appropriate by rule promulgated by that agency, based on a determination that such creditor offers or maintains accounts that are subject to a reasonably foreseeable risk of identity theft.’

(b) Effective Date- The amendment made by this section shall become effective on the date of enactment of this Act.

Confused? Yeah so am I, not sure what all that says but it seems no one except for people who most likely already have identity theft detection programs active have to follow these rules. These Red Flag laws started out as a great idea, but now they a simply a job that can be fixed simply by complaining enough about them.

News of data breaches are becoming more common these days. With new laws concerning data breach disclosure and the fact identity theft is one of the fastest growing crimes in America you can see why. Many schools, colleges, and universities around the country have battled with data breaches. Whether someone hacked in and stole some data or like in some cases it was simply left unprotected on the server. University of North Florida is not longer a stranger to the pains of dealing with a data breach as they start to notify more than 106,000 students and applicants of their recent security breach.

According to a security advisory post on the school’s website a person outside of the US has manages to access a recruitment file sometime between Sept. 24 and Sept. 29. The document contained information from current students as well as current applicants ranging from 2007 to 2010. Information provided in the file included: Social Security numbers, names, and dates of birth. Some of the records even had the students SAT and ACT scores.

UNF is working with the FBI to investigate how the attackers gained access to the files as well as make sure no other files have been compromised. UNF is dedicated to protecting it’s students from this sort of breach and is investigating new technology the protect it’s servers. The main difficulty is along with better technology comes new and effective ways of breaching it. Security of important information is always a uphill battle one that I’m sure UNF is willing to fight.

A Bulgarian citizen, who was living in Oregon, has been charged with identity theft of a 3-year-old child, who was kidnapped and killed in 1982, after applying for a US passport. Doichin Krustev has plead not guilt to the charges.

Doichin Krustev, better known to friends in Oregon as Jason Evers, assumed Evers’ identity when he was just 16. The real Jason Robert Evers was kidnapped and killed in 1982 at the age of 3. Krustev was caught when he tried to apply for a US passport, which checks names and Social Security numbers against the death records by a division of the US state department.

According to kboi2.com Krustev was the son of a “respected scientific scholar in Bulgaria, attended high school and college in the United States, living with a former Reagan administration lawyer and his physician wife outside Washington, D.C. He dropped out of college and disappeared about 15 years ago,”

US federal court documents suggest that a plea bargain is imminent. Krustev has been charged with knowingly making false statements on his passport application  and aggravated identity theft.

It’s a sad situation. A runaway college dropout runs away from his friends and starts a new life with a stolen identity of a child who was kidnapped and murdered. The parents of the child who had his identity stolen have got to be angry with the situation. I’m sure the theft has caused them stress and brought to the surface feelings and thoughts that they would prefer to soon forget.

According to a Federal indictment an employee of Johns Hopkins Hospital stole names, social security numbers and address from patients and was providing them to individuals who were using the information to open credit cards. The accomplices used the information to apply for instant credit at over 50 local stores.  The scheme did more than $600,000 in damages before it was stopped.

Jasmine Amber Smith, the employee at Johns Hopkins Hospital, as well as four others have been charged with conspiracy to commit bank fraud and identity theft by the Maryland U.S. Attorney’s Office. According to the indictment the sensitive information was stolen from August 2007 through March 2009. We don’t know where in the hospital Smith worked but we can assume she had access to personal information. In the time Smith worked at the hospital as least 50 individuals and stores were affected by the breach. Some of the stores that were affected include stores such as Sears, ManoSwartz, Best Buy, Boscov and Toys R Us.

This is not the first time hospital employees have been brought up on charges of identity theft. In fact I would say that you hear about identity theft breaches most often from banks and hospitals which seems counter intuitive. These are the institutes that are designed to protect us! Protect our money and our health but you seem only able to trust their employees as far as you can throw them. It’s probably not true that a majority of business related identity thefts come from those two institutions, but it seems like it sometimes.

Ever since 1984 October has been known as National Crime Prevention Month. The purpose of which is to encourage awareness of crimes and how consumers can arm themselves to prevent these crimes from happening to them. When the general public is aware of a particular crime and understands how to prevent it you usually see a decline in that particular crime.

LifeLock, the leader in identity theft protection, is teaming up with the FBI Law Enforcement Executive Development Association to hold special identity theft summits for local and statewide law enforcement. The Summits are scheduled between October 19 and 28 in the following cities: Montgomery, Alabama, St. Louis, Missouri, and New Orleans, Louisiana. The purpose of the special summits is to educate law enforcement about the latest in identity theft statistics, how to fight the crime better, and new techniques criminals are using.

In addition to the identity theft summits LifeLock will also be holding several free educational presentations around the country designed for the general public. The presentations will educate and help the general public understand the risk of identity theft, common ways identity theft can happen, and current identity theft trends. Here are four quick tips that can help protect you, and will give you a taste as to the information given in the LifeLock identity theft presentations.

• ID your caller ID – Thieves are implementing a new technology to trick a phone’s caller identification system by giving a false name and number. The safest way to avoid being fooled is to crosscheck the phone number. If the caller ID gives the name of a bank, check the number that bank has listed to be sure it’s legitimate.
• Don’t let thieves RENT your identity – Even if you’re a homeowner, it’s a smart idea to request your rental history in case someone is using your PII to secure an apartment or other rental property in your name.
• As if going to the doctor wasn’t bad enough – Believe it or not, thieves these days even go to the lengths of using your identity or health insurance information to get their hands on pills and other drugs. You can contact companies, such as Intelliscript, to request your full 5-year history of prescriptions.
• Debt that (seriously) isn’t yours – It’s simple, really. If a so-called “debt collector” is hounding you and you don’t believe you owe anything, tell them to stop contacting you. According to federal law, a debt collector cannot continue to contact you if you tell them to stop. After you confirm you don’t owe the debt the person says you do, you may then discontinue all contact from the debt collection company by sending a letter to the collector. Be sure to keep a copy of the letter and the return receipt for verification purposes. If the “debt collector” still contacts you, other than to let you know there will be no further contact or to inform you that the agency is filing legal action, it is a violation, most likely by an identity thief.

LifeLock, the leader in identity theft protection, has just added a new service to it’s already robust set of services. LifeLock has providing the one of the best identity theft protection service for several years now. LifeLock has listened to what their customers have been requesting and they are adding a new feature, LifeLock’s Credit Score Manager.

The new feature can be added either to your regular membership or a command center membership. It provides a tri-bureau credit management system that allows LifeLock members to monitor their credit daily as well as send alerts when charges are made to your credit files. Members can receive monthly credit scores from TransUnion as well as annual scores from all three major credit bureaus.

Todd David, LifeLock CEO, has this to say about LifeLock’s new Credit Score Manager, “We have heard from consumers across the country that not only is it important that they protect their personal information from identity thieves, but that more and more life events are occurring where their credit scores and reports matter.”

The new LifeLock Credit Score Manger comes with the following set of features.

• Daily Tri-Bureau Credit Monitoring (TransUnion, Equifax, Experian)
• Monthly Credit Score Updates
• Annual Tri-Bureau Credit Reports
• Annual Tri-Bureau Credit Scores
• 24/7 Credit Dispute Assistance

Taxpayers should always be careful with their personal information. Not only because someone could steal your identity and open credit cards, but because they can also file a tax return in your name getting whatever refund you are entitled to. This happens more often than you think and is popular among illegal aliens as well as identity thieves. Illegal aliens us it to get work and to appear legal, while identity thieves just want your money. In fact billionaire Donald Bren had his tax refund check stolen from him worth 1.4 Million dollars just a month ago. So believe if it can happen to someone like Donald Bren it can happen to you.

Here are some simple things you can do to prevent a tax related identity theft.

- Know that the IRS doesn’t contact people through email. If you get an email claiming to be from the IRS you can forward it to phishing@irs.gov.

- Know that identity thieves obtain your information through several means including but not limited to stealing your wallet or purse off your person, car or home, spam email messages, going through your trash, and accessing information left from insecure websites.

- If you visit a site that is claiming to be an official IRS website and it doesn’t start with www.irs.gov, you should forward that link to the IRS at phishing@irs.gov.

- To learn how to identify a secure website you can visit the Federal Trade Commission at www.onguardonline.gov/tools/recognize-secure-site-using-ssl.aspx . Also know that even information sent to secure websites can be read and breached with the right tools. Always make sure your network is secure and that your computer is free of viruses.

- Never carry your Social Security card with you unless absolutely necessary, and make sure to store it in a safe place.

- If someone is using your Social Security number to obtain a job it will seem as if you are not reporting all your income.

- If you receive a notice that more than one tax return has been filed in your name you may have had your identity stolen. Don’t delay in contacting the IRS to begin the process of resolving the matter. You will need to prove your identity by submitting a copy of your valid government-issued identification – such as a Social Security card, driver’s license, or passport – along with a copy of a police report and/or a completed Form 14039, Identity Theft Affidavit. The IRS has a special department called the Identity Protection Specialized Unit which can be contacted toll-free at 800-908-4490. If you would like to learn more about the FTC guidance for reporting identity theft visit  www.ftc.gov/idtheft.