Fraud

We know everyone is looking for that best deal online, especially during the Black Friday shopping blitz. Here are some quality online shopping tips from Intersections, Inc. (provider of the Identity Guard identity theft protection service).

We also recommend a post from the always excellent Privacy Rights Clearinghouse - "Holiday Shopping? Ten Timely Tips"

Don’t Let Would-Be “Grinches” Steal Your Financial Health and Identity During the Busiest Shopping Season of the Year!

As the biggest holiday shopping days of the year quickly approach, consumers everywhere will be lining up at stores on "Black Friday" for pre-dawn sales that will hopefully net great bargains and savings on holiday gifts. For those that don't want to fight the massive crowds at the malls and local shopping centers, they'll surf the Web on "Cyber Monday" - the Monday right after Thanksgiving - to catch even better sales, conveniently ordering their gifts online to have them shipped all over the world.

Finding the right deal on the perfect gift is going to be a priority this holiday shopping season as consumers everywhere are penny pinching during tougher economic times. The National Retail Federation expects average holiday spending this year will be around $682.74, down 3 percent from $705.01 last year, so getting the best value for your money is key, whether the gift is found on the Internet or at a retail store. With major online price breaks offered on Cyber Monday, online shopping sales are expected to increase 18 percent over last year, according to Information Resources, Inc.

To kick off the 2009 holiday shopping season, Intersections Inc. (Nasdaq: INTX), a leading global provider of consumer and corporate identity risk management services, and provider of IDENTITY GUARD® Total Protection, the award winning identity theft protection service, advises holiday shoppers to take extra caution to avoid damaging their credit or becoming a victim of identity theft. Identity theft peaks this time of year -- wallets are stolen, credit cards are accidentally left behind and scammers everywhere are looking to prey on their next victims -- but there are simple steps consumers can take to avoid making careless decisions that can have a long-term effect on their financial well-being.

Intersections recommends the following safety tips for holiday shoppers:

1. Protect your computer from online threats including money-stealing Trojans. Fraudsters are eagerly waiting to take advantage of the millions of credit card transactions that will be made online this holiday season. They are lurking to find any weak links in your network to gain access to your personal and credit information. More recently, they are using sophisticated Trojans to grab your bank account and credit card login information, disable your security software, and sneak into your bank account by pretending to be you. Trojans are even smart enough to quietly drain your bank account over the holiday period based on the assumption that you'll be too busy to check exactly how much you're spending until the New Year. The best way to avoid Trojans is to (a) not open attachments or click on email links; (b) be careful where you surf and stick to online "neighborhoods" where you really feel safe; and (c) regularly patch your computer and update your anti-virus, anti-spyware and firewall software.
2. Take a tip from online merchants and "trust but verify." Whether it's online shopping searches, incredible gift offers, or holiday wishes from your Twitter "Tweeps" or Facebook friends, the best way to avoid gift-wrapping yourself for scammers this year is to turn your cynicism on to the highest level. If you think before you click, you might just play Grinch to an identity thief.
3. Be careful buying gift cards. Make sure that you purchase gift cards that are legitimate and secure, and avoid buying gift cards secondhand from an unverified source. UK-based security firm Corsaire recently found that the vulnerable magnetic-stripe technology used for gift cards and customer loyalty cards make these attractive targets for hackers. Additionally, the research revealed that gift cards can easily be "sniffed" off the shelf in the checkout line with a scanner and cloned, card numbers can be stolen, and retailers' gift card Web sites can be hacked.
4. Avoid Tweet Traps! Scammers fully understand the power and reach of social networks, and gathering places like Facebook and Twitter are a feeding ground for all kinds of thieves this holiday season. According to the eHoliday Study by Shop.org (a division of the National Retail Federation), 47.1 percent of retailers said they will be increasing their use of social media during the holidays. The biggest threat to be wary of this year is the "Tweet Trap" - a message that appears to be from a trusted friend or follower passing on some great news, a real bargain, or a worthy cause, but instead hides spam, phishing fraud, or a malicious download. Consumers should be cautious about Tweets or Facebook messages about great holiday deals, must-have gifts, or hard luck stories, even if they are coming from "friends." If they sound interesting, do your own research to see if they're genuine. But don't click or download.
5. If a deal sounds too good to be true, it probably is. This scam has focused on promising shoppers the hard-to-find gift at an irresistible price and in most cases, the gift doesn't exist, doesn't arrive, the seller demands far more for it, or simply steals the shopper's credit card information. But this year, hackers are upping the stakes by hacking into the search ranking systems of the major search engines like Yahoo! and Google so that their fraudulent or malware-infected web sites appear at the top of shopper searches. And most shoppers still believe that if a Web site is at the top of a search engine's list, it has to be legitimate.
6. Do NOT give out your financial information over the phone or email. If your bank or credit card company sends you an email or even calls you warning you of insufficient funds or other problems with your account, contact them directly using the customer service numbers posted on their web sites. Don't respond to their emails or to any number they provide in an email or phone message.
7. Keep travel plans private. Don't give a gift to digital burglars by Tweeting or posting updates to Facebook about your holiday plans like when you're going to be away from home or all the cool stuff you bought. Otherwise your new purchases may end up under someone else's tree.
8. Do a post-holiday credit health check-up. After the holidays are over, be sure to check your credit reports, credit card statements and bank statements to verify all transactions. Each transaction you made, either in retail stores or online, could have been compromised, adversely affecting your credit and your credit score. Notify your bank or credit card company immediately if you see anything suspicious.

"With a soft economy and higher unemployment rates, consumers are under increased pressure to cut holiday spending, and this may lead to an increased willingness to take on greater risks," said Steven Schwartz, Intersections' Executive Vice President of Consumer Solutions. "While retailers will respond with timely offers and special discounts, it's important for customers to protect themselves from scammers and cyber scrooges who may try to prey on their emotions with targeted offline and online schemes."

One way to protect yourself is to be vigilant about where you shop (online or at the mall), what information you provide and to whom, and to protect your computer from spyware, malicious code and Trojans. Intersections' IDENTITY GUARD® Total Protection is the most comprehensive offering on the market today covering personal information, credit reports, public records, computer, Internet and mobile transactions. The service also provides sophisticated software that protects consumers against keylogging attacks, secures their passwords and user IDs as they navigate online, identifies legitimate websites, and protects their computers from advanced malware software. IDENTITY GUARD® Total Protection also provides identity theft recovery services and financial reimbursement insurance in the event identity theft occurs. Find out more at www.identityguard.com.

So you received a data breach notification in the mail… no big deal, right? Not according to Javelin Strategy & Research’s latest report. In fact, Javelin’s latest research reveals you are four times more likely to suffer identity fraud if you’ve received a data breach notification within the past year.

The average fraud victim will spend 30 hours and $496 out-of-pocket costs to restore their affairs, merchants and financial providers will spend billions to protect systems and brands, and law enforcement will work hard to chase the bad guys.

Many states around the country are enacting laws requiring entities that have experienced data security breaches to notify affected individuals whose personal information may be at risk. However, there seems to be a disconnect between breach notifications and consumer awareness of the risk they bring.

Why You Should Take Notice

• During each of the past three years, an average of 11% of consumers received a breach notification.
• Of these consumer breach victims, more than 33% experienced exposure of their Social Security numbers and 15% had their ATM PINs compromised.
• Despite 19.5% of breach victims suffering some kind of fraud in the past year, only 2% attribute their fraud to the breach.

Come On, Do I Really Need To Worry About This?

It might be a good idea considering the Identity Theft Resource Center has already tracked 356 data breaches so far this year. Forty-six of those breaches have involved financial institutions, and when they or their third-party service providers are breached, it’s nasty.

Take for example the Heartland Payment Systems breach earlier this year. The result of this breach was a staggering compromise of 130 million credit and debit cards. Now that’s a lot of Visa cards…yikes!

What You Can Do?

There is very little we can do to avoid data breaches, however there are steps that we can take to better prepare ourselves for the next time that breach notification shows up in the mailbox:

• If you get a data breach notification, don’t dismiss it. "Data breach notifications are intended to help consumers take protective action," said Mary Monahan, Javelin Managing Partner & Research Director.
• Obtain credit monitoring services. Most companies will provide this free of charge in the event of a security breach, so take them up on it. You may also consider employing a more complete credit monitoring service or even initiating a credit freeze.
• Limit the amount of sensitive data you give out online or over the telephone. If the requested information has nothing to do with the transaction you’re making, don’t provide it. For more on this, read our article about becoming a "privacy grouch."
• Avoid or be cautious using wireless devices, “convenience cards”, credit cards or unfamiliar online transaction sites.

Lastly, remember the words of the orator, Robert Green Ingersoll when he said:

“It is a thousand times better to have common sense without education than to have education without common sense.”

Ben Bernanke is a victim of identity theft. This is proof positive that it can happen to anyone.

Ben Bernanke - the Federal Reserve Board chairman - was one of hundreds of victims of an elaborate identity-fraud ring, headed by a convicted scam artist known as "Big Head," that stole more than $2.1 million from unsuspecting consumers and at least 10 financial institutions around the country.

How Did It Happen?

On August 7, 2008, Anna Bernanke - Ben Bernanke's wife - was at a Starbucks when her purse was stolen off the back of her chair.

What Was in Her Purse?

It's not good...

• Driver's License (no problem)
• Four credit cards (not so great - the fewer the better)
• Checkbook (no problem)
• Social Security card (OUCH!!!)

So the thieves had Mrs. Bernanke's SSN, Date of Birth (from the Driver's License), home address, and home phone (from the checks). This is the perfect combination of personal data.

It goes without saying that you should never carry your Social Security card in your purse or wallet. It should be tucked away in a very safe place at home or in a bank lock box. You should also limit the number of credit cards you carry. Just think of how many banks you'd like to call and/or fraudulent transactions you want to deal with and limit your cards accordingly.

Who Were the Thieves?

The thieves were part of a crime ring called "The Cannon to the Wiz." Here is the entry from the Urban Dictionary for "cannon":

Cannon - Old school term for a skilled pickpocket. "Stumpy is a real class cannon - he can clean out a vic's pockets faster than a flatfoot can eat a donut!"

These thieves were after personal information as well as checks and credit cards. They worked in government or medical offices or were simple pickpockets or mail thieves. They attended major sporting events in order to target victims with wallets and purses full of loot. One such victim was Donna Pendergast - an assistant Michigan Attorney General. Her experience went like this:

The robber was so adroit he managed to lift the wallet from her purse without her even knowing it. "They took it right out of my purse while it was on my shoulder," she said. "I didn't feel a thing."

Have They Been Caught?

Yes and no.

Federal agents busted the identity theft ring this summer, but George Lee Reid - the one who fraudulently used the Bernanke's checks to steal $9,000 - had the charges dropped against him, but the Feds are now searching for him again on related charges.

More information on this story from Newsweek.

Lately I've received several "smishing" text messages on my phone and I finally captured the audio of a full phone interaction with their voice response system.

Audio of Smishing Call

Here is the audio from a smishing phone call I recorded. Listen closely to see how they use fear to manipulate the victim into providing information.

What is Smishing?

Well, someone somewhere comes up with these cute names for things and "smishing" is no different. It's a play on the term "phishing", and the "Sm" part comes from SMS, which is the technical name for text messages on cell phones (Short Message Service). Did that make sense? If not, here's a description from the fount of all knowledge - Wikipedia:

Similar to phishing, smishing uses cell phone text messages to deliver the "bait" to get you to divulge your personal information. The "hook" (the method used to actually "capture" your information) in the text message may be a web site URL, however it has become more common to see a phone number that connects to automated voice response system.

Scam Tactics 101

As you listened to the call, you should have noticed a few tactics scammers use to get your information:

• Sound Official - The call starts with "You have reached Credit Union's National Association online banking center." That doesn't even make sense, but it sounds good. Scammers will imitate real brands or sometimes use something pretty generic like this, but they're always going to try to look and sound official.
• Create Fear and a Sense of Urgency - It doesn't take long before they start to scare you with "Compromised accounts may ruin your credit, place you in debt with us or other financial institutions." They add "Failure to run this process will result in account suspension or financial penalties." My favorite attempt to scare you is when they threaten you with prosecution if you give inaccurate information - unbelievable.

What Do They Ask For?

In this call, they are trying to capture a credit card number, expiration date, PIN, and card security code. With this information they will attempt to make purchases online with your card, pull money from your account with an ATM, or possibly create a fake card containing your information.

How to Protect Yourself

It should be obvious to most people that these messages are scams. Unfortunately, the scammers just have to get a small percentage of people to fall for these messages to make it worth their time. Just like spam email, if a few people respond it will continue to be financially viable.

What complicates things a bit is some banks are now using text messages as a communication method for alerts or other information. In these alerts they'll often ask you to phone in to confirm a transaction or to alert you to a problem with your account.

If you're concerned at all about the origin of an alert, always call your bank directly using the phone number from a bank statement or official web site. Never call using the number provided in a text message.

Read more about about smishing tactics in this recent Yahoo article.