Heads up! The Identity Theft Resource Center blog has moved! You can now find all of the latest on identity theft, fraud, scams and other related topics on our website.  Thank you to everyone who continues to support the ITRC and our efforts to educate the public!



Check Fraud: What To Do When It Happens to You


The first step is to call your bank and shut down the checking account.  You must file a police report with your local police department stating the check book was stolen.

You will need to go to the bank and have Customer Service go through your account and verify the checks clearing through the account are yours.  It is recommended to have the bank write a letter stating the date and the reason the checking account was closed.  Please ask your bank to notify you if any checks come in on the closed account so that you can take the proper action to clear up the matter with any merchant or bank.

You will need to contact the check verification companies because even though the account has been shut down; any checks written on the closed account will be denied payment by your bank.  The check verification companies will unsuccessfully try to collect on the fraudulent check on behalf of the company that accepted the check.  The company that took the check will not know why it did not clear; only that it was denied payment by your bank.

It is important to ask what identification was used by the person when it was presented to the clerk. You need to check to see if it is your driver’s license or state identification card number.  If it is your driver’s license, you will need to request a new number from your driver’s license office.  You will have to ask if your state allows this, as each state differs on that particular request. They will inform you whether they allow you to get a new number, and if so, what documentation is required.

Check Fraud may not look like a problem at first, because you have shut the account down.  The problem is that even though you have done everything correctly, you still can become a victim.  This is because the thief can wait to use the stolen checks or create new counterfeit checks and put your information on those them.  You must take the time to check periodically with the check verification companies to see if they are holding any checks with your information.

Check Fraud is very easy to do, but creates a lot of work for you when you need to the matter cleared up.  The holiday season is fast approaching and you must be attentive to your purse especially if you are carrying your check book.

"Check Fraud: What To Do When It Happens to You" was written by Wilma. Wilma is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to www.idtheftcenter.blogspot.com.


First the Banks, Now the White House


It has been a particularly disturbing couple of weeks as headlines throughout America highlight how some of our most powerful financial institutions were being hacked by alleged foreign powers. It all began on September 17 when the FBI issued a joint Bank Fraud Alert with the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Internet Crime Complaint Center.

The Bank Fraud Alert warned banks and financial institutions that hackers were using Distributed Denial of Service (DDoS) attacks to take down their consumer websites to distract both the consumers and bank cybersecurity while millions of dollars were fraudulently wired out of peoples’ accounts. The very next day, Bank of America was reported to have website problems and consumers were having trouble accessing the website and their bank accounts.

On September 19, J.P. Morgan Chase Bank was reported to have similar problems as their website went down and consumers could not access their bank accounts. That same day, FS-ISAC raised its Current Financial Services Cyber Threat Advisory from “elevated” to “high” for the first time in its history. A few days later on September 25, Wells Fargo suffered website outages followed by website problems for U.S. Bank and PNC Bank the next day.

A hacker group by the name of Izz ad-din Al qassam Cyber Fighters has been claiming responsibility for these DDoS attacks, but experts warn that it is more likely that an organization with far more money and capabilities is responsible for these attacks. Senator Joseph Lieberman, Chairman of the Homeland Security Committee, stated in a C-SPAN interview that he believed Iran’s government sponsored the cyber-attacks.

Now, the Washington Free Beacon reported on Sunday that alleged Chinese government hackers had breached a computer system associated with the White House Military Office. A White House official confirmed that hackers had breached an unclassified computer network, but emphasized that the network had no unclassified information and no data appeared to have been stolen.

Apparently, the breach was made possible by a spear phishing attack, which involves the use of a message that appears to be authentic and contains a file or link to be clicked on which then installs malicious software onto the computer. The Senate blocked the Cybersecurity Act of 2012 in August which was designed to help bolster cybersecurity in critical infrastructures in the United States, leaving the Obama administration to consider issuing an executive order to improve cybersecurity instead.

"First the Banks, Now the White House" was written by Sam Imandoust, Esq.  He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to www.idtheftcenter.blogspot.com


Classification to Mitigation: What You Need to Know about the Multiple Faces of Identity Theft

Identity theft is a term now common in the American vernacular.  Though the term is familiar, what it represents is often misunderstood by large segments of the consumer population.  Many people commonly associate the term with someone making illegal use of a credit card number.  By most current definitions however, that type of crime is more properly referred to as credit card fraud and is no longer considered a true example of identity theft.  So what exactly does the term “identity theft” mean?

The best working definition of true identity theft is simple: The improper or illegal use of someone’s personal identifying Information (PII).  It’s that simple.  PII is defined as any information that uniquely identifies you as you.  More specifically, your social security number, passport, birth certificate, driver’s license or state ID card, and similar documents that alone, or in combination, are unique to you as a person.  ITRC considers that your PII can be used to commit several different types of identity theft.  We classify these as five (5) basic types of identity theft:  financial, criminal, medical, governmental, and cyber/reputational.  There is also child identity theft, but other than the age of the victim, these are always one or more of the 5 types above.

  • Financial: Financial Identity theft is simply when someone uses another’s PII for financial gain.  This can include using a SSN to open a new line of credit, a utility bill, a student loan, etc.  Unlike the unlawful use of an existing, and legitimate credit card, these new fraudulent accounts may exist for extended periods of time before the victim becomes aware of them.  Checking your credit reports or getting a call from a collection agency are two of the most common ways financial identity theft is discovered. Victims should file a police report and then dispute any fraudulent charges with the various affected merchants and creditors.
  • Criminal:  Criminal Identity Theft occurs when someone has successfully impersonated the victim when dealing with law enforcement.  This can be accomplished a multitude of ways.  The most common is when a thief uses a victim’s SSN, Name, and perhaps date of birth to acquire a driver’s license.  In the event this thief is cited or arrested by a member of law enforcement, the thief will pretend to be the victim thereby creating a fraudulent criminal history for the victim.  Victims of this form of ID theft should have their local police fingerprint and mug shot them, and when appropriate send that information to whatever the arresting or citing law enforcement might be, so they can get issued a letter of clearance from the court, clearing them of responsibility.  
  • Medical: This form of identity fraud occurs when a criminal makes use of the victim’s PII (such as an SSN or Medical insurance card/number/Medicare card etc.) to receive medical treatments and benefits and then leaves it to the victim and their insurance carrier to pay the bills.  These events may also leave mixed medical records, which can be a significant problem to the victim.  There is also a growing trend used by illegal pharmaceutical sellers as well as prescription pill addicts to use someone’s identity to steal prescription drugs without leaving a paper trail back to them for anyone to follow. Victims of medical identity theft need to get in touch with their insurance provider as well as the place where the procedures were performed, or where the medical supplies/drugs were purchased, and inform them of the fraud.  This should include showing proof of that this misuse was brought to the attention of law enforcement.  
  • Governmental:  This is when the victim’s PII is used to acquire government benefits that the thief would not otherwise be entitled to.  Things like government grants and loans, welfare assistance, even a large tax return a victim might be owed from the IRS are all strong motivators for criminals.  Often those in this country illegally will have reasons to engage in governmental Identity theft in order to find gainful employment, or avoid detection.  In addition to previously listed steps, victims should request an “earnings history report” at their local branch of the Social Security Administration.  This report will show where someone has been working, and  can be useful in mitigating the fraud.

Cyber/Reputational identity theft is the newest emerging form of identity theft.  This involves the use of one’s name, likeness, online passwords or other associations in order to exploit or damage one’s reputation, or perhaps to gain access to their contacts or emails, or just to spam someone’s online relationships with advertisements or Trojans.  Mitigation for this type of theft is best done through contacting the site administrator. (i.e. for a fraudulent Facebook profile, the only way to resolve the issue is through dealing with Facebook staff directly).

For additional questions or concerns, please contact the ITRC.  ITRC provides no-cost toll-free assistance to consumers and victim at (888) 400-5530, or itrc@idtheftcenter.org.

"Classification to Mitigation: What You Need to Know about the Multiple Faces of Identity Theft" was written by Matt Davis.  Matt is a Victim Advisor at the Identity Theft Resource Center.  We welcome you to repost the above article, as written, giving credit to and linking back to www.idtheftcenter.blogspot.com


Securing Our eCity® 2012 Symposium and Awards


Securing Our eCity® is a private foundation dedicated to improving public awareness of the issues and problems regarding cybersecurity in today’s advanced digital age. Founded in 2008, Securing Our eCity® reached out to local businesses in San Diego, California to educate their staff as most businesses did not realize the potential threats they faced. In 2009, Securing Our eCity ® decided that they would focus on San Diego to make it a model city for cybersecurity to serve as a beacon for the rest of the world. 

Since then, Securing Our eCity® has tapped Liz Fraumann as their executive director and under her leadership have reached out to hundreds of businesses and stakeholders in the San Diego area. In 2010, Securing Our eCity® was presented with a White House award for achieving the best community-based cybersecurity awareness program in the nation. Assisting businesses, families, and people of all ages to better prepare for a safer online experience, they are making the online world a better place for everyone day by day. 

Securing Our eCity® is hosting its 3rd annual Cybersecurity Symposium and Awards event on October 11th and 12th at the SDG&E Energy Innovation Center in San Diego, California. For the past three years, Securing Our eCity® has held this event in October, Cybersecurity Awareness Month, inviting the best and the brightest in the field of cybersecurity to discuss relevant cyber-crime issues and awarding those who further the cause of Securing Our eCity®. 

Leaders in the field such as Tim Hamon, Senior Forensic Examiner for the FBI, Dr. Larry Ponemon, the founder of the Ponemon Institute, Andrew Lee, CEO of ESET North America, Lydell Wall, CEO of Recover Logic and many more will be participating in the upcoming 2012 Cybersecurity Symposium and Awards event. This year's event will also include what Securing Our eCity® is calling "Birds of Feather Sessions" or BoFS. These sessions will include engaging conversations with experts from the Symposium's sponsors.  The BoFS will surely be an exciting part of the event.

The Identity Theft Resource Center is looking forward to attending and has already been awarded by Securing Our eCity® for our efforts in combating identity theft.

For more information on the event please visit  http://securingourecity.org/2012oct. If you cannot make the event, you can still follow all of the action on Twitter by following #SeOC2012. 


Ransomware: It Can Happen to Anyone


Last week someone in my family asked me if I could help them with their computer.  I asked them what was seemed to be wrong with the machine.  They told me that it would start normally at first, but as soon as Windows was done loading they would get a pop-up that they had been infected with a virus that was above the level of what their normal anti-virus could handle.  They were told that they needed to pay for this additional coverage to remove the problem.  Unfortunately, they continued, and paid for the “extra service.”

This person, like so many of us, is not stupid.  In fact, they are very intelligent.  However, what is taken for granted as basic computer safety knowledge by the younger generations is may be an unknown area of knowledge to those who never created a Word document for a paper in High School, never had a Facebook account that their parents monitored, and were never taught even the fundamentals about Cybersecurity.  Today, when the Internet is no longer an option but a necessity for most of us, cyber criminals are finding an easy target in people who may be using the Internet and a personal computer for the first time.

I asked this family member if they had current updated anti-virus security on the computer, and they were not quite sure what I was talking about.  This I could believe, as many people who were raised in the age of Internet still don’t know the importance of having an anti-virus with updated virus definitions installed on their computers.  Good antivirus programs are perhaps the best way to protect yourself (and computer) from many of the threats, including viruses, malware, and cybercrime exploits.  This ounce of prevention can save people from spending a pound on a cure.

Unfortunately for my family member, it was “too little, too late” for the prevention approach, and they had to take their computer in to have it fixed. This one event cost much more than an anti-virus program would have cost, not to mention the money paid to the Cybercriminals behind the Ransomware, and the time and frustration of the related computer problems.  While it comes as little comfort to my family member now, this story has taught a lesson; use an anti-virus, and keep it up to date, always.

This experience also shows how easy it is to fall for the Ransomware scams, and how important it is to educate people about the current Cybercrime trends.  Perhaps the next family night we will not be breaking out the Scrabble, but instead a Power Point presentation on Cybersecurity.

"Ransomware: It Can Happen to Anyone" was written by Nikki Junker.  Nikki is the Social Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to www.idtheftcenter.blogspot.com


Ohio Attorney General Establishes New Identity Theft Unit


Ohio State Attorney General, Mike DeWine, has announced the creation of an Identity Theft Unit to help victims repair their credit and other problems. As a part of the Attorney General’s Consumer Protection Section, the Identity Theft Unit will offer two different ways for victims to receive assistance in resolving their issues.

The first, called Self-Help Assistance, will offer detailed guides for a victim of identity theft on how to attempt to resolve any issues created by the identity theft. The Attorney General’s website offers a downloadable form which a victim can download, fill out, and return to the Attorney General. Once received, the Attorney General’s Office will send information including instructions, contact information, and documents directly to the victim. In addition, the victim will be assigned a Consumer Advocate to help them with the process should they require assistance at some point.

The second form of assistance is called Traditional Assistance, a remarkable and ambitious program. Victims who do not feel comfortable tackling the task of rectifying their good name and credit after identity theft will be provided a Consumer Advocate who will personally communicate with credit agencies, creditors, and collectors. The Consumer Advocate will continually keep the victim informed as their case progresses. In order to receive this level of assistance, a victim must submit a copy of a police report as well as complete and submit an identity theft affidavit and an identity theft notification form.

In addition, the Ohio Attorney General’s website also posts information regarding Security Breach Information, Redaction Requests and Teaching Materials. Among the redaction requests information, forms are posted allowing individuals and safety officers to officially request that certain personal information be removed from the Internet. Programs like this one are a necessary and important step to effectively protect, educate, and assist individuals on the risks and dangers associated with identity theft.


"Ohio Attorney General Establishes New Identity Theft Unit" was written by Sam Imandoust, Esq.  He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to www.idtheftcenter.blogspot.com