We Are All On Watch...for ID Theft
Identity theft is one of the fastest growing types of consumer fraud. No one…not even governments are impervious to the ID Theft predators.
Once identity thieves have your personal information, they can drain your bank account, run up charges on your credit cards, open new utility accounts, or get medical treatment on your health insurance. An identity thief can file a tax refund in your name and get your refund. In some extreme cases, a thief might even give your name to the police during an arrest.
Tricare: In 2011, Servicemembers were alerted that Tricare was hacked. About 5 million Tricare military patients treated in San Antonio area military treatment facilities as far back as 1992 was affected by a health information breach involving the theft of backup tapes for electronic health records, federal officials reported. Science Applications International Corp., reported the breach Sept. 14. 2011. The tapes were stolen from the car of a SAIC employee who was responsible for transporting the tapes between federal facilities in San Antonio. Information on the breached tapes included Social Security numbers, names, addresses, phone numbers and some personal health data, such as clinical notes, lab tests, and prescriptions.
Anthem Health Insurance: In 2015, over 80 million patient and employee records, potentially exposing names, dates of birth, Social Security numbers, email addresses, employment information and income data. What could happen:
Medical providers could bill you for services you didn’t use.
Your health plan rejects your legitimate medical claim because the records show you’ve reached your benefits limit.
A health plan won’t cover you because your medical records show a condition you don’t have.
Target: In 2013, over 40 million credit and debit card accounts, as well as data on 70 million customers.
eBay: In 2014, over 145 million customer accounts, including personal information.
JPMorgan Chase: In 2014, over 76 million households and 7 million small businesses were affected by a data breach that included sensitive financial and personal information.
OPM: In June of 2015, the United States Office of Office of Personnel Management Office (OPM) Director Katherine Archuleta testified on Capitol Hill in Washington that OPM databases were hacked. The New York Times reported on July, 9th, 2015 that 21.5 million people were swept up in a colossal breach of government computer systems that were far more damaging than initially thought, resulting in the theft of a vast trove of personal information, including Social Security numbers and some fingerprints. The Times article states that every person given a government background check for the last 15 years was probably affected. The Office of Personnel Management said hackers stole sensitive information, including addresses, health and financial history, and other private details, from 19.7 million people who had been subjected to a government background check, as well as 1.8 million others, including their spouses and friends. The theft was separate from but related to, a breach revealed last month that compromised the personnel data of 4.2 million federal employees. Again, they blamed China. The New York Times pointed at a scary reality. The breaches constitute what is apparently the largest cyber attack into the systems of the United States government, providing a frightening glimpse of the technological vulnerabilities of federal agencies that handle sensitive information.
Yahoo: In July 2016, this internet giant account was hacked for the tune of 200 million names and passwords. To Yahoo’s embarrassment, they show up on the ‘Darknet’ for sale. This mess gets worst. The first reported data breach in 2016 had taken place sometime in late 2014. The hackers had obtained data from over 500 million user accounts, including account names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers. Forensics added insult to injury when it revealed that Yahoo had a far more massive breach in August 2013 breach. In fact, this breach is now considered the largest known breach of its kind on the Internet. Yahoo! stated that an unauthorized third party had snatched data from over 1 billion user accounts, including unencrypted security questions and answers.
IRS: On April 7th, 2017, Forbes Magazine reported that the Internal Revenue Service revealed that up to 100,000 taxpayers may have had their personal information stolen in a scheme involving the IRS Data Retrieval Tool, which is used to complete the Free Application for Federal Student Aid (FAFSA). In March 2017, federal officials observed a potential data breach and took the tool down. The IRS said it shut down the Data Retrieval Tool because identity thieves that had obtained some personal information outside of the tax system were possibly using the tool to steal additional data. The good news is that less than 8,000 fraudulent returns were filed, processed, and returns issued, costing $30 million. 52,000 returns were stopped by IRS filters and 14,000 illegal refund claims were halted as well. Recent massive consumer data breaches across consumer sectors confirmed most consumer fears including servicemembers… No one…not even the companies that provide credit reports and scores are impervious to the ID Theft predators.
E-Sports Entertainment Association: On January 8, 2017, ESEA, one of the largest video gaming communities, issued a warning to players after discovering a breach on December 30, 2016, At the time, it wasn’t known what was stolen and how many people were affected. However, in January, it was revealed that their breach involved over 1.5 million leaked records. Compromised information included city, state, last login, username, first and last name, bcrypt hash, email address, date of birth, zip code, phone number, website URL, Steam ID, Xbox ID, and PSN ID.
Xbox: In February 2017, Xbox experienced similar hack. Approximately 1.2 million Xbox 360 users were affected and may have had passwords, e-mail addresses, IP addresses, usernames, and passwords stolen in the breach.
InterContinental Hotels Group: On February 7, 2017, the company announced a data breach. ING informed regulators and consumers that malware such as Torpig which is a sophisticated type of malware program designed to harvest sensitive information, such as bank account and credit card information from its victims was found on servers which processed payments made at its on-site restaurants and bars at Crowne Plaza, Holiday Inn, Candlewood Suites, and Kimpton Hotels, The malware was active from August 2016 to December 2016 and stolen data includes cardholder names, card numbers, expiration dates, and internal verification codes. Restaurants hit included the Sevens Bar & Grill at Crowne Plaza San Jose-Silicon Valley, the Bristol Bar & Grille at the Holiday Inn in San Francisco’s Fisherman’s Wharf, InterContinental San Francisco, Aruba’s Holiday Inn Resort, and InterContinental Los Angeles Century City.
Verizon: On July 13, 2017, one of the nation’s largest telecommunications company reported that 14 million Verizon subscribers may have been affected by a data breach. These records were held on a server that was controlled by Israel based Nice Systems.
Equifax: On September 7, 2017, Equifax, one of the three largest credit agencies in the U.S., suffered a breach that affected more than 143 million consumers. This massive breach involved highly sensitive data including Social Security numbers and driver’s license numbers. When the Cybersecurity forensics folks showed up. They confirmed the worst…full names, addresses, dates of birth, credit card numbers, and other personal information was compromised.
No End in Sight The data breaches we mentioned above are the tip of the iceberg. And they continue. The Federal Trade Commission-FTC has estimated that these breaches cost businesses and consumers billions. Among the uncertainty…one thing is clear. It is up to the private consumer to protect themselves from financial losses stemming from Identity and data theft.
Credit Cards and Skimmers: Statista.com revealed that ownership of debit and credit cards with smart chip technology in the United States as of August 2016 approached 51 percent. Today, it is a lot higher. yet we still still to be aware of credit card skimmers which are essentially malicious card readers that grab the data off the card's magnetic stripe attached to the real payment terminals so that they can harvest data from every person that swipes their cards. The thief has to come back to the compromised machine to pick up the file containing all the stolen data, but with that information in hand he can create cloned cards or just break into bank accounts to steal money. Perhaps the scariest part is that some skimmers don't prevent the ATM or credit card reader from functioning properly.
Here how they work The typical ATM skimmer is a device smaller than a deck of cards that fits over the existing card reader. Most of the time, the attackers will also place a hidden camera somewhere in the vicinity with a view of the number pad in order to record personal-identification-numbers or PINs. Some criminals may install a fake PIN pad over the actual keyboard to capture the PIN directly, bypassing the need for a camera. When you approach an ATM, check for some obvious signs of tampering at the top of the ATM, near the speakers, the side of the screen, the card reader itself, and the keyboard. If something looks different, such as a different color or material, graphics that aren't aligned correctly, or anything else that doesn't look right, don't use that ATM. The same is true for credit card readers. If you're at the bank, it's a good idea to quickly take a look at the ATM next to yours and compare them both. If there are any obvious differences, don't use either one and report the suspicious tampering to your bank. For example, if one ATM has a flashing card entry to show where you should insert the ATM card and the other ATM has a plain reader slot, you know something is wrong. Since most skimmers are glued on top of the existing reader, they will obscure the flashing indicator. The ATMs inside banks are generally safer because of all the cameras, although some daring criminals do still succeed at installing them there. The ATM inside a grocery store or restaurant is generally safer than the one that is outside on the sidewalk. Stop and consider the safety of the ATM before you use it. The chances of getting hit by a skimmer are higher on the weekend than during the week, since it's harder for customers to report the suspicious ATMs to the bank. Criminals typically install skimmers on Saturdays or Sundays and then remove them before the banks reopen on Monday.
Whenever possible, don't use your card's magstripe to perform the transaction. When given the choice...insert instead of swipe. For credit card readers, feel underneath the PIN pad for a slot to insert your card and its EMV chip to be read. When you use your EMV chip, the card is authorized on the device and your personal information is never transmitted. While cracking EMV readers is possible, it's much harder than magstripe skimming.
Never let your credit card out of your sight. Always keep an eye on your card or, when that’s not possible, pay with cash.
The Internet has tons of websites offering services on how you can "BUY" protection. However, here are 5 free alternatives that will help.
Public WiFi: Never log into financial accounts or shop online while using public Wi-Fi, and make sure to encrypt and password protect your Wi-Fi at home.
Paper Shredder: Invest in a good paper shredder. It is amazing that we spend hundreds of dollars on Xboxes and PS4s bit hesitant to buy a good shredder for paper and plastics (Credit Cards). Shred private records and statements when they are outdated and a part of your required record keeping. Shred credit cards statements, solicitations, and other documents that contain private financial information.
Home or Business Mailbox: Empty your mailbox frequently, Invest in a durable mailbox with a lock. An Alternate…get a Post Office Box. Never mail outgoing bill payments and checks from home. They can be stolen from your mailbox and the payee’s name erased with solvents. Mail them from the post office or another secure location. Better yet...pay your bills online.
Do Not Call Registry: Take your name off marketers’ hit lists. In addition to the national Do-Not-Call registry. Here’s how the National Do Not Call Registry work. The law requires telemarketers to search the registry every 31 days and avoid calling any phone number on the registry. If you receive telemarketing calls after your telephone number has been on the registry for 31 days, you can file a complaint at donotcall.gov or by calling toll-free 1-888-382-1222. You need to know the date of the call and the company’s name or phone number to file a do not call complaint. A telemarketer who disregards the wishes of someone on the National Do Not Call Registry could be fined up to $40,000 for each call. The Do Not Call Registry accepts registrations from both cell phones and landlines. To register by telephone, call 1-888-382-1222 (TTY: 1-866-290-4236). You must call from the phone number that you want to register. To register online (donotcall.gov), you will have to respond to a confirmation email.
Credit Scores: One of the casualties of identity theft is that it throws a person’s credit score out of whack for several reasons:
If an identity thief uses a person’s existing credit to make purchases, victims might find themselves unable to pay their inflated credit card bills, resulting in late payments that hurt a credit score.
Identity thieves redirect credit card bills so that the victims do not notice the fraudulent activity on the account. If a person doesn’t receive his bill, he might not pay his bill on time, and this will cause his score to drop.
Identity thieves open accounts in their victims’ names. When they fail to pay the bills, the victims’ credit scores plummet.
Identity thieves can empty bank accounts, leaving a victim with no means of paying rent, mortgages, car payments, credit cards, or other bills.
High-tech hackers can steal a cellular telephone account (called phreaking) and make lengthy, over-seas calls that are charged to the victim’s phone bill. Source: How Identity Theft Impacts Your Credit Score | Experian.com
Monitoring your Credit ScoresYou actually have three. Car, Home, Credit Cards. There are four main ways to get a credit score:
Check your credit card or other loan statements. They may provide the score.
Non-profit credit counselors and HUD-approved housing counselors can often provide you with a free credit report and score and help you review them.
Use a credit score service. Many services and websites advertise a “free credit score.” Some sites may be funded through advertising and not charge a fee. Other sites may require that you sign up for a credit monitoring service with a monthly subscription fee in order to get your “free” score.
Buy a score. You can buy a score directly from the credit reporting companies. You can buy your FICO credit score at myfico.com.
Credit Reports: Many identity theft victims don’t know they’ve been targeted for weeks, months or even years after the fact. They find out when they’re declined for a loan or when a collection agency is demanding payment. If I can use an analogy, your credit score is like the dashboard of your card. Red Light comes on…time to look under the hood. When you are under the hood…you are looking at your credit report. When it comes to Credit Monitoring, you can take one of two approaches…doing it yourself or pay a company like IdentityForce, LifeLock, and IDShield to do it for you.
Credit Report Monitoring: involves ordering and reviewing your credit file activity at least three times a year. Same with your credit score. The reviews may increase based on alerts you receive. You can order your free at annualcreditreport.com or call 1-877-322-8228
Theft Protection Service: adds more robust prevention activities to reviewing credit reports and scores. Typical services include:
Alerts of change of USPS mailing address requests
Court records monitoring -Who’s looking?
Database and website monitoring
Orders for new utility, cable, and wireless services
SSN and identity monitoring
Medical ID fraud protection
Removal from mailing lists and online databases
Check-cashing requests activity
Social media monitoring for Personally Identifiable Information (PII) exposure
Monitoring of websites where criminals sell or trade stolen information
Recovery assistance and reimbursement….typically one million dollars This list is not inclusive
Conclusion: Civilian or Soldier...we are all 'On Watch'