Category Archives: identity theft

OK..lahoma Identity Theft?!

I stumbled on an interesting article today about data privacy, or really the lack thereof, for registered sex offenders in Oklahoma (and ultimately the State’s government employees as well). It seems that anyone on this list, or any other offender list in OK, has had their SSN numbers exposed on the Internet for the past 3 years.

…The result of this negligently bad coding has some rather serious consequences: the names, addresses, and social security numbers of tens of thousands of Oklahoma residents were made available to the general public for a period of at least three years. Up until yesterday, April 13 2008, anyone with a web browser and the knowledge from Chapter One of SQL For Dummies could have easily accessed – and possibly, changed – any data within the DOC’s databases.

What I find interesting is that a feeble attempt to protect this information was made at first. It wasn’t completely corrected until the writer of the article pointed out to the Department of Oklahoma Corrections that it wasn’t just criminals whose SSN numbers were exposed but also private data on the government employees could be found and downloaded easily.

Shortly after discovering this problem (thanks to reader AJ, who hesitantly pointed it out), I spent the following day working my way up the DOC’s call tree. Eventually, I found my way to George Floyd and explained how bad of an idea it was to have a SQL query as a parameter…

The following day, both the SVOR and Offender Search were taken down “for routine maintenance”. Great, I figured, they discovered an overlooked hole and were working to patch it up. However, when the sites came back up, I noticed that the “print-friendly page” still had a SQL query in the URL. Putting the “social_security_number” in, however, no longer displayed social security numbers. It took me all of ten seconds to figure out a way around their fix. This slightly-modified URL brought back all 10,597 SSNs once again.

…I emailed again, this time explaining the problem much more clearly and advising in BOLD, RED, CAPS that the “roster page” should be taken down immediately. I also demonstrated the power of the ALL_TABLES table, the contents of an “interesting” table named MSD_MONTHLY_MEDICAL_ACTIVITY, and how even their information was available for all to see…. That, apparently, did the trick. Soon thereafter, the sites underwent “routine maintenance” and the “roster pages” were no more. I guess they weren’t too thrilled about having their personal data up on the ‘net for all to see

Advertisements

Leave a comment

Filed under identity theft, Internet Safety

No Phishing At IDology

Customers and non-customers of a credit union recently received fraudulent emails as part of an elaborate phishing scam. It appears that the fraudster included IDology’s brand as part of their attempt to capture consumers banking information by setting up a fake website that looks similar to our corporate website.

First, I would like to emphatically say that IDology is dedicated to consumer privacy and protecting sensitive data. It’s important to understand that while our services might involve consumer interaction, we do not directly target consumers. Our “customers” are businesses. This means we would never capture personal information like a SSN or bank account information from anyone on our website.

Ironically, if the hosting provider had been using our services then we would have spotted the fraud before they could have set up the website. I am wondering how much less phishing scams would occur for financial institutions if the hosting provider required identity verification before they hosted a website.

Here are some great sites to visit to learn more about phishing scams and fake emails and how to recognize them:

 

http://www.microsoft.com/protect/yourself/phishing/identify.mspx

http://en.wikipedia.org/wiki/Phishing#Website_forgery

 

 

Leave a comment

Filed under fraud, identity theft, identity theft crime, Identity verification, phishing scams

Bust-ed Identity Thief Going to Jail

Check out this news and video clip from a San Diego news channel.

It’s really an interesting story and goes to show how being a victim of identity theft isn’t just about your credit card being misused…one of the thieves used a fake identity to get a $9K breast implant procedure done.

Needless to say it also shows the importance of data security and privacy and why you need to be mindful of who has access to what data in your company. The two ladies in this story worked in the billing department of Sharp Healthcare and stole patients social security numbers and financial credit information.


Leave a comment

Filed under identity theft, identity theft crime

Putting A Face To Identity Theft

What image comes to your mind when you think about identity thieves?

I would guess it isn’t this couple:

id couples

 

Yet these young 20 something’s are suspected of crimes including ID Theft and forgery. You can read about it here and here.

This story just goes to show that it isn’t only faceless criminals hiding behind computer screens that we need to protect ourselves from it’s also the Joneses living next door.

Leave a comment

Filed under fraud, identity, identity theft, identity theft crime, Internet Safety, Internet Security, keeping up with the joneses, To Catch an ID Thief

Protecting Your Identity During Black Friday and Cyber Monday

Barely giving us time for the turkey to digest, some stores are advertising that they will open their doors at 4:00 a.m. this Friday to kick off the official start of the holiday shopping season. And some online retailers have already gotten a jump start and are offering deals starting today. Check out this site for a list of deals both online and bricks and mortar retailers are offering this year.

Earlier this week Consumer Reports released its annual survey on holiday shopping and the results are interesting:

The survey showed a growing preference for shopping online instead of standing in line. More than two-fifths of adults (42 percent) will shop online this year with more women joining the gift-clicking crowd (41 percent this year vs. 37 percent last year). The main allure, those surveyed said, is convenience (48 percent) but some shoppers say they go online for better selection (12 percent) and better prices (11 percent).

Most online consumers shop from home (95 percent), but among those surveyed who work full-time, 21 percent said they shop from work. Of those, 15 percent admitted to shopping during work hours.

Evenings are the most popular time of day to shop online, especially for males (63 percent) and consumers ages 18 to 34 (64 percent). Three-quarters of online shoppers do not have a day of the week when they typically shop but for those who do, shopping online peaks with 43 percent of respondents shopping the Web on Saturdays, followed by 20 percent on Sundays, 11 percent on Fridays and lesser numbers the rest of the week.

Does shopping online save time? Apparently not. Those with Internet access from home will spend about 11 hours shopping online and that’s about the same amount of time — 10 hours — as the general public.

Regardless of if you are visiting a store or shopping online, one thing still remains – you need to protect your identity! Here are some of those over heard but under heeded tips to follow all year long:

  1. Keep an eye on your credit card every time you use it – whether in a store or in a restaurant, and make sure you get it back as quickly as possible. Try not to let your credit card out of your sight whenever possible.
  2. Don’t use a debit card for online shopping. If there is a problem, a debit card could give phishers or hackers access to your entire checking and/or savings account. Plus, most debit cards don’t have the same protections that credit cards offer. And along those lines, never provide your credit card information on a website that is not a secure site. You can tell if a site is secure because the web address starts with “https:” (s means it’s secure!) For added safety check for a site certificate before submitting information on a secure page. Confirm the owner of the certificate by clicking on the padlock icon at the bottom of most browsers. You should see the owner listed as well as the site address. This address should match the Web site address at the top of the page; if they do not match, you may be at a fraudulent Web site and should not enter personal data.
  3. Check the privacy policy of any website you plan to purchase from. Make sure they have a privacy policy, that your data stays private to the merchant, and that they don’t sell or rent your information to third parties.
  4. Make sure all of your security software is up-to-date before you do your online shopping. That includes anti-virus software, anti-spyware software, and firewalls.
  5. Use a separate email account for your online shopping.
  6. Never enter personal information into a pop-up screen. Unauthorized pop-up screens can be created by identity thieves and the screen may be completely unrelated to the websites you are visiting.
  7. Never respond to emails asking you to “confirm” recent transactions after you shop. These are phishing scams that coincidentally are sent around the time you shop.
  8. Trust your instincts. If you feel something isn’t right, investigate more or buy from another vendor.

Leave a comment

Filed under black friday safety, cyber monday safety, holiday shopping safety, identity, identity theft, Internet Safety, Internet Security, marketing, protecting your credit, stolen identity

Spotting a Fake ID with Identity Proofing

A reporter at the Arizona Republic recently wrote a great article about the booming fake document market in Arizona, illegal immigrants, identity theft and how business is about to get even bigger. 

The State’s new employer-sanctions law requires verification of worker eligibility through a federal system called the Basic Pilot Program.  The system works to weed out made-up social security numbers but it won’t detect when someone is using a stolen identity. 

This program makes it kind of hard to comply with the new law I blogged about last week and how employers risk prosecution if they don’t fire workers whose names and social security numbers don’t match.  The agency that manages the program is rolling out a new feature soon which will match photos on green cards with photos stored in a government database. 

It sounds cumbersome especially when there is a much easier way for employers (and the government!) to spot a fake id that won’t break the bank or slow down the process.

Leave a comment

Filed under e-verify, employment fraud, id theft and illigal immigrants, identity, identity proofing, identity theft, social security numbers

Punishments for Identity Fraud Crime

The AJC reports today that an Atlanta man has pled guilty for stealing $1.5 million in credit from 225 people. He was sentenced to 3 ½ years in the federal penitentiary.

I commend the officers involved in catching this man, especially because his capture led to the uncovering of a multi-national scam. Many of the cards issued were from foreign banks so the true credit limit available to him couldn’t be tracked.

Some other interesting cases going on are in Kansas where a few Mexican nationals attempted to transfer Social Security funds acquired under fake identities to their other real, or fake, identities. One person has already been convicted and will hear sentencing in September. He faces up to 10 years in jail for fraud of documents and a minimum of 2 years for identity theft of 7 different people. In the other cases, the people pled not guilty and will go to trial but the dates have not been set yet.

About to go before the U.S. Congress is a bill designed to help deter identity theft by putting tighter restrictions on the use of social security numbers. In it, there are tougher punishments for those convicted of misuse of social security numbers. Specifically it will

Impose criminal penalties up to five years in prison and $250,000 and civil sanctions up to $25,000 per incident for misuse of Social Security numbers. Repeat offenders could get 10 years, and use of the numbers in drug trafficking or violent acts would carry sentences up to 20 years in prison.

The bill has already passed the Ways and Means Committee, 38-0. Now it’s on to the House.

Since the South is already in “back to school” mode, here’s a reminder on “How A Bill Becomes A Law” from Schoolhouse Rock


Leave a comment

Filed under fraud, identity, identity theft, identity theft crime, protecting your credit, social security numbers, stolen identity