disLEXia

Tuesday, 22. July 2003

FTC Warns Against Phisher Sites

Earthlink and the FTC warns against "phisher" sites that collect users' personal information in order to drain a bank account or steal an identity: Phisher site spams instruct consumers to click on a link to what looks like a real corporate Website and input their personal information. The fake, or "phisher" Website looks like it comes from a legitimate company with whom a consumer may have a relationship, but the fraudulent site is really just a vehicle to steal information. [GrepLaw]

http://www.nbc4columbus.com/technology/2347693/detail.html http://www.fbi.gov/pressrel/pressrel03/spoofing072103.htm http://www.boston.com/dailynews/202/economy/_EarthLink_Warns_Internet_User:.shtml

10:15 | permanent link | mail this

Identity theft explodes in US

Almost 4% of Americans had their identity stolen in the past year, new research suggests, and the problem is only getting worse. [BBC News Online]
10:02 | permanent link | mail this

ID thieves rip off 7m US adults a year

By John Leyden Posted: 21/07/2003 at 12:57 GMT

  Seven million US adults,were victims of identity theft in the 12 months ending June 2003, according to Gartner. The analyst group is calling on banks to make it tougher for crooks to obtain credit in false names.

Gartner says its figures represent a 79 per cent increase in people affected by ID theft since its last survey in February 2002.

It takes issue with a common misconception about identity theft - that it's a Net crime perpetrated by anonymous, career criminals.

"Identity theft is not necessarily a high-tech crime, and can just as easily damage the credit reputations of low-tech adults who don't spend any time on the Internet," said Avivah Litan, vice president and research director for Gartner.

"More than half of all identity theft - where the method of theft is documented - is committed by criminals that have established relationships with their victims, such as family members, roommates, neighbours, or co-workers," said Litan, citing numbers published by the Federal Trade Commission.

With identity theft, a thief takes over a consumer's entire identity by stealing critical private information, such as the Social Security number, driver's license number, address, credit card number or bank account number. The thief can then use the stolen information to obtain illegal loans or credit lines to buy goods and services under the stolen name. Identity thieves typically change the consumer's mailing address to hide their activities.

"Many banks, credit card issuers, cell phone service providers and other enterprises that extend financial credit to consumers don't recognize most identity theft fraud for what it is," Litan said. "Instead they mistakenly write it off as credit losses, causing a serious disconnection between the magnitude of identity theft that innocent consumers experience and the industry's proper recognition of the crime. This causes a disincentive to fix the problem with the urgency it requires."

Without external pressure from legislators and industry associations, financial service providers (FSPs) may not have the sufficient incentive to stem the flow of identity theft crimes.

According to Gartner, consumers and lobbyists must press banks and other FSPs to wholeheartedly back efforts such as the US Fair Credit Reporting Act and BITS' Work on Identity Theft.

BITS , the Technology Group of The Financial Services Roundtable, was formed by the CEOs of the largest US financial institutions as the strategic "brain trust" for the financial services industry in the e-commerce arena.

The Fair Credit Reporting Act would cover security and accuracy of personal financial information and access to credit and financial services; BITS' initiative would make it easier for victims to report a crime to financial institutions.

"Most importantly, however, banks and FSPs must implement solutions that effectively screen for application fraud, so they don't wrongfully extend credit to identify thieves," said Litan. "Without industry prevention efforts, consumers whose identities have been stolen will continue to bear the brunt of social and indirect economic costs."

Additional information is available in two Gartner reports. These reports examine the rising trend of identity theft and what solutions are emerging in the market to prevent it. [The Register - Security]
09:58 | permanent link | mail this

Feds nab teen who scammed AOL

The Federal Trade Commission settles charges against a 17-year-old boy who used spam to snooker AOL customers into giving him their credit-card numbers. After going on a shopping spree, he's agreed to repay the money and spam no more. [Help Net Security]
09:56 | permanent link | mail this

Crime pays for identity thieves

The number of consumers who have fallen prey to identity thieves is severely underreported, market researcher Gartner said in a survey.

Crime pays for identity thieves Posted by Mirko Zorz - LogError Tuesday, 22 July 2003, 2:41 AM CET

The research firm estimates that 3.4 percent of U.S. consumers--about 7 million adults--have been victims of identity theft of some form in the past year. Moreover, arrests in identity theft cases are extremely rare, catching the perpetrator in only one out of every 700 cases, said Avivah Litan, vice president of financial service for Gartner.

"The odds are really stacked against the consumers," she said. "Unfortunately, they are the only ones with a vested interest in fixing the problem."

The release of the survey comes as state and federal governments are trying to stem the problem of identity theft. On July 1, California started requiring companies to report to consumers any incident that may have compromised their personal data. And new national legislation, the Fair Credit Reporting Act, would help protect victims once they determined that their identity had been stolen.

[Help Net Security]

http://zdnet.com.com/2100-1105_2-5050295.html

09:54 | permanent link | mail this

Wednesday, 04. December 2002

Identity Theft More Often an Inside Job

[LinuxSecurity.com]
22:32 | permanent link | mail this

Monday, 02. December 2002

Lax Security: ID Theft Made Easy

Victims of one of the largest identity theft cases in the United States agree with industry experts that limp security policies at credit bureaus made it easier for the criminals to do their dirty work. By Michelle Delio. [Wired News]
12:48 | permanent link | mail this

Friday, 29. November 2002

Security Experts Say Identity Theft Scams Likely To Get Worse

The massive identity theft scam cracked by the FBI this week underscores the need to tighten down security in the finance industry, security experts said, as the scope of the latest scam continues to grow.

Identity theft is likely to worsen in the future, said security expert Bruce Schneier, founder and CTO of Counterpane Internet Security.

&147;This is a growth area of crime. It's really profitable. We're seeing more and more professionals do it,&148; Schneier said.

Efforts by business and government to consolidate and link records on consumers from disparate sources -- in the name of improved marketing or national security -- will make it easier for criminals to gain more information on consumers to use in identity theft.

&147;That's one of the reasons identity theft is on the rise; I can steal it here and use it there,&148; Schneier said. [...] [TechWeb: Security]
11:08 | permanent link | mail this

Wednesday, 27. November 2002

Feds crack huge identity theft ring

Three men have been arrested in the bust, which so far has resulted in more than $2.7 million in losses, according to a statement issued Monday by James Comey, U.S. attorney for the Southern District of New York. The scam is believed to be the largest involving identity theft in U.S. history.

The FBI arrested Philip Cummings, who is said to have started the scam while working at the help desk of Teledata Communications Inc. (TCI). The Bay Shore, N.Y.-based company provides banks and other entities with credit reports, combining information collected by credit rating agencies Equifax Inc., Experian Information Solutions Inc. and Trans Union LLC.

Beginning in 1999, Cummings had access to the passwords and codes used by TCI's customers to access credit reports, authorities said. During that time, Cummings is alleged to have given passwords and codes to a co-conspirator and collected roughly $30 for every credit report obtained using the stolen codes.

One man, Linus Baptiste, has been charged with wire fraud in relation to the case. A second man, Hakeem Mohammed, has pleaded guilty to charges of mail fraud, authorities said.

With the illegally obtained credit reports, some victims reported having their bank accounts depleted, while others reported having credit cards, checks and ATM cards sent to unauthorized locations.

The passwords and codes stolen for use in the scam belonged to various entities that request credit reports for their customers. Those entities included banks, credit services and an apartment complex.

Ford Motor Credit Corp. is expected to be one of the hardest hit. Authorities allege that as many as 15,000 credit reports were illegally obtained using a password and code from the creditor's branch in Grand Rapids, Mich (see story). Ford Motor Credit said it had been receiving complaints from customers who had been victims of identity theft and fraud.

Other compromised passwords and codes belonged to Washington Mutual Finance Co. in Crossville, Tenn., and Washington Mutual Bank in Florida, as well as various banks around the country. All the systems that allegedly were breached belonged to TCI customers, according to the statement.

One observer said Monday that the crime was only partly a technology problem.

"It was technology-assisted, but the real problem was that this help desk employee was given access to a token that was the launchpad for fraud," said Jerry Brady, chief technology officer at Guardent Inc., a security research company in Waltham, Mass. "There are certainly good practices to control the authority of help desk personnel. It sounds like they weren't being used."

In 2000, the U.S. Federal Trade Commission reported that approximately 500,000 people were victims of identity theft, according to data provided by Kroll Inc., a security consulting company in New York. In 2001, that number rose to approximately 700,000, Kroll said. [Computerworld]
09:06 | permanent link | mail this

Tuesday, 26. November 2002

Cops Bust Massive ID Theft Ring

Federal prosecutors have arrested and charged a credit bureau help-desk worker and two accomplices who allegedly stole more than 15,000 credit reports and sold them to other crooks for $60 a pop. Michelle Delio reports from New York. [Wired News]
21:45 | permanent link | mail this

Identity Theft Case Called Largest Ever

The feds round up three people charged with stealing credit information and identities of more than 30,000 consumers. [internetnews.com: E-Commerce News]
21:44 | permanent link | mail this

Monday, 25. November 2002

Cops Bust Massive ID Theft Ring

Federal prosecutors have arrested and charged a credit bureau helpdesk worker and two accomplices who allegedly stole more than 15,000 credit reports and sold them to other crooks for $60 a pop. Michelle Delio reports from New York. [Wired News]
21:40 | permanent link | mail this

Tuesday, 05. November 2002

Online job listing an ID theft scam

'Background check' used to steal full slate of personal info By Bob Sullivan, MSNBC, 4 Nov 2002

It was just the job lead Jim needed: a marketing manager position with Arthur Gallagher, a leading international insurance broker. And only days after Jim responded to the job posting on Monster.com, a human resources director sent along a promising e-mail. We're interested in you, the note said. The salary is negotiable, the clients big. In fact, the clients are so valuable and sensitive that you'll have to submit to a background check as part of the interview process. Eager for work, Jim complied -- and sent off just about every key to his digital identity, including his age, height, weight, Social Security number, bank account numbers, even his mother's maiden name. IT WAS ALL JUST an elaborate identity theft scam designed to prey on the most vulnerable potential victims - the increasing ranks of the unemployed. ... http://www.msnbc.com/news/830411.asp [Monty Solomon via risks-digest Volume 22, Issue 35]
00:00 | permanent link | mail this

disLEXia, a research project by Maximillian Dornseif