Category Archives: Identity Theft

Tickets stolen after social media photos with barcodes posted

Posted on by

Concert tickets showing barcode on Internet A headline from ABC News in Houston, TX this morning caught my attention: “Thieves stealing barcodes from pictures of event tickets posted on social media.”

This can include using sites such as Facebook or Twitter to share images of paid events that others might want to enjoy–think football, baseball, basketball games, hockey matches, concerts, and more.

“…barcodes can be copied from pictures of real tickets and printed on homemade tickets. That would let someone else into the event while the real ticket holder gets shut out… Scam artists can make fakes and sell them to unsuspecting concert goers.” (source)

How come it’s so easy for the scammers?

Many barcodes have their actual number printed next to the barcode, which means anyone with a barcode maker could type in that number and add your barcode to their homemade counterfeit or home-printed ticket.

Picture of concert tickets online

So how can I prevent someone from stealing my ticket online?

Don’t post pictures that display the barcode. Cover it up if you must publish it, or wait until the event has ended. Also, in the case of showing anything valuable, make sure your social media privacy settings are set as visible to Friends only, rather than Public.

What else can we learn here?

Be careful about buying any event tickets from third parties. That doesn’t mean none can be trusted, but it should make us more cautious about trusting the seller, even if the seller didn’t realize they may have been given counterfeit tickets.

When You Die, You Still Live Online

Posted on by

What will happen to all your personal emails after you’re gone? What about your Facebook page and your documents and photos stored in the cloud? Traditional wills include the future of your physical assets and bank funds, but one thing that may get overlooked are the many online and digital accounts you may have. Wouldn’t you like all your online accounts to be closed, terminated, or financially distributed to the right person and in the right way when you are no longer around?

Preparing your Digital Accounts. Although you can make legal documents online (LegalZoom, RocketLawyer, Global-Wills), speaking with an attorney may be the most comfortable way to start. If you have a good relationship with a lawyer or have known people who have used them for this very thing, having a real person around can be very helpful to answer some of your questions. One important thing to know is that if you do not have a will or your will does not name an Executor, then the probate court involved in settling your estate will name one. That might get messy since basically, state law will make the determinations. But if you have a Last Will and Testament in place, the appointed Executor can manage all your accounts will the proper legal means. They can handle all final affairs related to your estate (no matter how small). But it may be wise to add a special paragraph to your will for this “Digital Executor.” For instance:

“My Executor may manage, distribute, or terminate my digital assets. My digital assets shall mean electronic assets that are stored on my computers, any electronic devices, or on any online accounts, including, but not limited to, social networking sites, online backup services, servers, email accounts, photo and document sharing sites, financial and business accounts, domain names, virtual property, websites, and blogs. An instructional document with associated websites, usernames, passwords and related information, shall be found in my Letter of Instructions.”

Including something like this will directly put the person (or persons) who you trust in charge of these accounts. It will also bring those accounts to their attention and avoid them being forgotten into the digital abyss. For more information on protecting this, see IWKYS post: A growing crisis: Loved ones dying without sharing passwords.

Closing Accounts for the Deceased. Hopefully your loved ones were able to designate an Executor with access to their Important Papers or access to their passwords. If not, one good resource for finding information about closing online accounts is Deceased Account. It’s a free resource provided by LifeEnsured for families to help manage the on-line accounts of deceased relatives. It provides links, information, and various state laws on what is known about closing these accounts. While it may not be convenient to accomplish this shortly after the loved one has passed, it’s understandable and appropriate in regard to security measures. Some services like Gmail and Twitter have information readily available which generally includes:

  1. A death certificate copy. (Keep in mind that some services are time sensitive.)
  2. A driver’s license or some form of official identification.
  3. Information regarding your relationship with the deceased and your purpose.

These requirements are also similar for closing bank accounts (along with the Important Papers of the deceased and/or a safety deposit box key), but speaking directly with the bank should be able to answer most questions. Other services mentioned on Deceased Account may not be so clear. For instance, Facebook encourages you to memorialize the deceased instead of closing the account. This may or may not be appropriate. Closing Facebook accounts can be a challenge anyway since they only offer deletion by request.

While this post is certainly not an exhaustive resource for outlining the benefits of having all your Important Papers in order (Last Will and Testament, Advance Directives, Power or Attorney, DNR, etc.), it may help encourage you to organize your accounts and alleviate some of the hassle in closing them when we pass on.

Tricked by a fake mind reader with an Internet research team

Posted on by

Computer analysts mining personal information on the InternetHere’s a short video that demonstrates how easy it is to find information about a person online. In this setup, random people were invited to see a mind reader, while being told it was for an upcoming TV program. What the people didn’t realize was that while their mind was supposedly being read, a team of cyber analysts were hidden behind a curtain, researching anything they could find out about their subject.

.

Over $485 million lost to Internet fraud in 2011

Posted on by

Top 5 reported Internet crimes for 2011 - IC3Fast Company:

The Internet Crime Complaint Center, or IC3 as the group is also known, has released its annual Internet Crime Report for 2011. The center received 314,246 complaints during the year, adding up to an estimated $485 million in losses for the year.

From the IC3 Report:

The most common victim complaints included FBI-related scams, identity theft and advance fee fraud. IC3 received and processed more than 26,000 complaints per month. Based on victim complaints, the top five states were California (34,169), Florida (20,034), Texas (18,477), New York (15,056) and Ohio (12,661). Victims in California reported the highest dollar losses with a total of $70.5 million. For victims reporting financial losses, the average was $4,187.

Over the past decade, Internet fraud has become one of the fastest-growing crime concerns facing the public. Nearly all crime that once was committed in person, by mail or over the telephone can now be committed through the Internet.

Top 10 States for Internet Crime Complaints

.

 

Protect your RFID-enabled credit cards, debit cards, and passports

Posted on by

A few weeks ago at a security conference, a demonstration proved how easily the number of a credit card with RFID (Radio Frequency IDentification) technology could be stolen from across a room without touching the actual card:

[Kristin] Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer’s credit card onstage and obtained the card’s number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer’s money with the counterfeit card she’d just created. (Continue reading: Hacker’s Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets).

Credit card with Blink and wifi signalHow do you know if your credit or debit card is using RFID? A common sign is when the card says “Paypass,” “Blink,” or has a wireless signal icon on the back.

What can you do to prevent your credit card from being read wirelessly? Here are a few options:

  1. Carry only cards that do not have this RFID technology. You can talk to your bank or card issuer to ask for one without RFID.
  2. Leave your important credit cards (such as those you use to pay bills online) safe at home, so that if your card number is stolen, you’ll have less hassle to deal with adjusting recurring payments.
  3. Get a RFID blocking sleeve or wallet. (Available for purchase on Amazon here). This will come especially handy when traveling. You can achieve a similar protection here by wrapping your cards in foil, but this isn’t a very convenient solution for most people.

Note: Passports are vulnerable to this exploit as well, at least passports that use RFID technology.

Here’s a news clip from last year where a similar device was used to demonstrate stealing a credit/debit card number from a victim, transfer the card information to a hotel room key, and then use the key to make a purchase with no questions asked:

 

Major companies teaming up against phishing spam

Posted on by

Phishing spam messageMicrosoft, Facebook, Google, PayPal and many other large online companies have officially announced that they are teaming up and collectively advocating a new standard in technology to help fight phishing spam. This is great news for everyone because it’s not just about detection; it’s about stopping spam before it can ever reach your spam folder. While it certainly won’t kill the giant beast that is spam, it could definitely serve a devastating blow to the spammers who are forging email signatures and inserting false company logos into their bogus emails. The technology is called DMARC, or “Domain-based Message Authentication, Reporting & Conformance.” You can read more about the specifics on DMARC.org.

Although DMARC may lower the amout of spam, it’s still just as important to stay on your guard when checking messages. Here are some tips to recognize these “fishy” tactics:

  1. Think twice. Do you really need to update your account information now? Is it really an emergency? Would your bank really close your account over this?
  2. Read again. Even though it has the official logo of your account, are there any design flaws? Does it contain bad spelling or poor grammar?
  3. Verify the addresses. Did the email originate from the right company? Was the email sent to your secondary email account that your bank doesn’t even know exists? Is the link they want you to visit just the number of an IP address?
  4. Check the company’s website. There should be an official statement from the company. Contact the company yourself by opening a new browser window and manually typing in the official website address (do not click on any links inside a suspicious message).

Be suspicious; your bank account and your identity depend on it. For additional information, check with the FTC.

 

A growing crisis: Loved ones dying without sharing passwords

Posted on by

Saving passwords online“The Seattle Times reports that a growing crisis for many families is that loved ones are dying without disclosing their passwords. Given how many accounts are set up with names and passwords, how important this is now for online banking and all the rest, how much business is being transacted in terms of commerce and purposing of consumer goods over the Internet, the failure to leave your loved ones the passwords can mean that it’s very difficult to settle the estate. It turns out in that very fine print on that page you probably paid no attention to when you check it off in order to authorize a site, includes the fact that it’s not going to reveal your password unless there’s some kind of legal instrument or court order. As one observer said, ‘It’s a lot easier to die in the body than it is to die online’.”

- Dr. Albert Mohler, via The Briefing podcast on issues of culture and faith, 1/27/12.

What can I do to protect my estate online after I’m gone? What about my relatives who have online accounts? In the Seattle Times’ article, three basic steps are suggested:

  1. Do a complete inventory of all digital accounts and assets so that your estate administrator will know just what you have of potential value (or liability) and where it is
  2. Assemble a list of all passwords
  3. Select a fiduciary and give them the proper power of attorney to administer your estate.

Important precautions: When compiling a list of all passwords, take extra care to store these passwords in a secure place. Never type them in an unprotected Word or Excel document where a malicious program (or hacker) will easily find them by searching your computer’s hard drive. You may want to disguise or scramble your login information for your bank account, credit cards, utility bills, online backups, and social network sites, however, keep in mind that if you want someone to gain access, they will need to understand your list of passwords after you pass away.

Companies already exist to address this problem of passing on your account usernames and passwords (Entrustet, Legacy Locker, DataInherit). These digital lockers may provide a basic account for free or an upgraded account for a fee, but keep in mind that handing over your passwords to ANYONE is a risk. They may have the highest level of security on their website and encrypted databases, but this will never 100% guarantee security. Those who naively think otherwise should ask: What about a hacker monitoring keystrokes on a client’s computer as the victim types their password into the site? What happens when a criminal, after stealing someone’s identity, gains access to the goldmine inside one of these digital safe services? How about an employee with malicious intent?

Consideration for the future: It will be interesting to see how this issue gets a little more complicated when we begin to rely more heavily on biometrics such as iris scans and fingerprints (which may come sooner than you think). At that point, how will loved ones pass along information to log into?

 

IBM’s Prediction: Five Innovations within Next Five Years

Posted on by

The five claims:

  1. Creating energy and electricity: People power will come to life
  2. Security: You will never need a password again
  3. Mind reading: No longer science fiction
  4. Mobile Technology: The digital divide will cease to exist
  5. Analytics: Junk mail will become priority mail

mind-reading-technologyIBM takes an in-depth look at each one of these claims at their website, linking to blog posts for each one of the five life-changing predictions. Whether these happen within the next 5 years is difficult to know, but you can be sure that serious questions about safety and privacy will come with them. How trustworthy can the retinal iris scan be if hackers find vulnerabilities? If not passwords for security, what kind of controls would be put into place over database(s) for matches in voice activated technology? Will the lines be blurred on what we call junk mail if the messages are carefully targeted to each person, yet still unsolicited? What dangers might we see in mind-reading technology if the user wishes to merely think about something without taking an action, yet the system fails to distinguish between the two? How will mind-reading technology react to the thoughts of a person who defined a particular action differently than the system? What will Identity Theft look like when we’re dependent on a valuable body part for our identity, rather than a password that can be discarded after it has been compromised?

As if they’re not already, things in the digital world are about to get really interesting.

How can I get a free credit report?

Posted on by

Free credit report search engineHow do I know which online credit report to use? The number of reporting sites being advertised seems confusing and deceptive. Is one better than another?

The FTC warns users to be careful not to fall for websites that claim to be the official free annual credit report, as many will subscribe users to monthly fees if no action is taken to cancel their services. Other questions answered by the FTC website include:

“Why would I want my credit report?”
“How long does it take to receive a credit report?”
“Where can I report false information?”
“How often can I request a free report?”

I suggest taking advantage of the FTC’s advice to stagger your reports from Equifax, Experian, or TransUnion throughout the year, rather than asking for all three at the same time. This way, it won’t be a full year before you catch on to a potentially harmful event such as identity theft showing up in your credit history. Read more from the FTC.