Identity Theft
Sunday, January 7th, 2007by Sumner Feinstein
‘The Sumner Advantage’
IDENTITY THEFT is a problem which has become one of the top crimes in the United States with over 10 million victims last year alone. My main expertise is in the area of Computer related fraud and I’ll by including a discussion of what I call SAFE COMPUTING. I plan to give you an overview of Identity Theft along with some ‘hints’ along the way of steps you can take to avoid being one of the victims.
To start with let’s define the subject: “Identity Theft” is simply when someone
uses your personal information, without your permission, to commit fraud or other crimes.” It can cost you time and money and destroy your credit rating and ruin your good name. Unfortunately you can’t completely eliminate the risk of Identity Theft but you can reduce the odds that you’ll become a victim.
One of the main personal characteristics that the ‘bad guys’ prey on is our generally trusting nature. Today, I hope to sensitize you to some security issues and show you, through examples, that everything is not always as it appears. (DEMO - this demonstration was done with a deck of cards and emphasized the point that ‘you just can’t trust what you think you are being
told) In the past, Identity Theft was mainly carried out by pickpockets or thieves who got hold of your wallet or pocketbook. While that still remains a technique used today, the most prevalent cases of Identity THEFT now originate from the use of ‘information technology’ from records gleaned from the vast information databases or from your own computer. They then use this information to make all types of financial transactions, open new accounts in your name, or just pose as you to establish a new identity.
Identity Theft has become so commonplace that an entirely new vocabulary has developed to cover the various types… Here are a few:
“Dumpster Dumping”… They rummage through trash looking for bills or other papers with your personal information on it. Let me relate a personal experience.
When Harriet and I were leaving our home in Florida recently we filled up a ‘gazilion’ trash bags. One of the bags was made of clear plastic and had miscellaneous papers inside. On trash day I happened to be looking out the window at 7:00am and saw that when the truck stopped in front of my house the driver got out to assist the helper. The helper stopped at the clear bag… ripped it open and rummaged through all the papers… obviously looking for a bill or something with personal information on it. Fortunately, Harriet and I had shredded anything which had our name on it and we do that regularly today. So my first suggestion is to buy and use a shredder religiously. It is just as easy to shred something as to put it directly in the wastebasket.
A takeoff on the ‘Dumpster Dumping’ is ‘Mail Box Cleanout’. This is where mail is removed from unsecured mailboxes… once they have your Visa bill, for example, they are off and running. “Skimming”
They steal credit/debit card numbers by using a special storage device to process your card. For example, when you sign in at a hotel you are given a room access card… they will be only too happy to issue one for other family members as well. That card has not only your room number coded on it, but all of your credit card information as well. When you leave the hotel do not turn that card back in. There have been many cases where the clerk has kept the returned cards and processed them at their home with a purchased card reader, easily getting all your information.
A takeoff of this technique is the actual temporary stealing of your credit card. Recently a plot was uncovered at a Route 1 hotel where the clerk failed to give the harried visiting traveler back their credit card. An accomplice in the lobby was watching the event, got the credit card, went to the mall and made a number of purchases. Then quickly returned back to the hotel where the clerk gave the card back to the owner… apologizing for accidentally holding it. The clerk knew that the customer wouldn’t find out about the fraud until they returned home from their trip and got their bill. Because of these and other frauds of this type, it is imperative that whenever you use your credit card that you immediately get it back and check all charges on your monthly bill to be sure they are legitimate. More on that later.
“Phishing” This is done either over the phone or, more commonly, with a bogus Email on the internet which looks as though it came from the legitimate source. The routine is simple… you are advised that fraudulent activity has been noticed on your account which is about to be closed. However, they tell you that by verifying the account information you can avoid the closure. Tens of thousands of people annually fall for the ruse and get their Identity Stolen in the process. Should you get such a phone call or Email do not give out any information. Instead, call the phone number on your credit card… not a number given in the Email, to see if, in fact, there has been an account
problem.
“Change of Address Scam” This is a relatively simple one for the thief to carry out once he has your basic information. The purpose is to extend the time between the fraud and your finding out about it. They simply fill out a ‘change of address’ form with the credit company so that the bills go directly to their address… they may even pay a minimum payment just to keep the account open longer.
“Debit Card Fraud” The use of debit cards has grown exponentially in the past few years… the problem is that you don’t have the same protection with a debit card which you have with a credit card.
There is a $50 exposure limit per card with a credit card… but generally none, with a debit card. Someone could remove a significant amount of money from your account should they get your card or a copy of it and your simple pin.
“Pretexting” If you’ve been following the problems at Hewlett Packard, then you know that their embattled CEO, whose just been fired, used an investigative firm which employed ‘pretexting’. They used Social Security numbers and other personal information to impersonate HP directors and journalists. The impostors then tricked phone companies into turning over detailed logs of their home and cellular phone calls.
Some other hints which might help you avoid exposure to Identity Theft are:
• Don’t carry your social security card in your wallet. That’s impossible for those of us who are on Medicare as the number the government uses for our account is our social security number
• Don’t write your social security number on your check
• Minimize the information you have printed on your checks… for example, do not put your telephone number on it
• Never click on ‘links’ on unsolicited Emails… (I’ll be talking about computer fraud shortly)
• Don’t use an obvious password on your accounts like your birth date, you mother’s maiden name, or the last four digits of your social security number.
• Keep your personal information in a secure place. If you have cleaning people coming in.don’t leave bills around.
• Get your free annual credit report from http://www.annualcreditreport.com You’ll remember earlier that I said that we are all vulnerable to Identity Theft even if you follow all the hints above. That is because there is so much information about each of us which is easily accessible on the internet that a thief who wants to get much of your information can easily do so. That’s why you should always immediately check your bills for fraudulent activity, balance your checkbook monthly, and make sure that you are receiving your bills when they would normally be mailed to you.
A perfect example of why checking your bill is so important is the front page article which appeared in the Salem Evening News on Tuesday. ‘Waitress charged in card scam’…
Here’s how police say the scam worked. Selenski would wait for a customer
to pay with a credit card and then she would write down the number and expiration date of the card. When another customer paid in cash, she would pocket the cash and charge the meal to the first customer’s credit card. The only reason she got caught, in addition to the fact that she was greedy and sloppy, was that the woman from Ohio checked her bill and saw 6 charges for the Ground Round.
Let me tell you about an exercise I did in preparing for this talk. I went on the internet and did ‘google and yahoo’ searches on Sumner Feinstein… what I found amazed me…
an Associated Press wire release from 1995 entitled… ‘Sumner Feinstein to retire from Borden’.
Information on a talk I gave last year in Florida.
A Feinstein family tree which I had removed from the web last year… but it was in a cached (saved) file in yahoo which had all kinds of information such as my mother’s maiden name, etc.
The total time for this was less than 5 minutes. Had I wanted to take another 5 minutes and spend $49 I could have found out where I lived previously, what I paid for each of my homes, my telephone information, my mother’s social security number (from the SS death database), etc. This is why it is so important that you shred everything that has your name on it… just to avoid your name from being one which is highlighted to the thief.
Now for what you should be doing on your home computer to avoid becoming
a victim. How many of you have computers. Great, most of you. Unfortunately, the home computer is probably the main source of Identity
Theft because it is so easy for the hacker to get your information. Let me start
by posing a couple of rhetorical questions
• Do you always leave the door to your house unlocked when you go out?
• On a trip, when you make a pit stop at a rest area do you leave the doors of your car unlocked with your wallet or pocketbook on the front seat?
Naturally, you answered NO to these questions… but, if your computer is not protected and you don’t practice ‘Safe Computing’ you are as vulnerable as if you had done these things. What is ‘Safe Computing’?
I’ve developed a list of 17 steps.
1. Have up-to-date Anti-Virus, Firewall hacker blocker, and Anit-spyware programs. This means having the programs continually check for ‘updates’. If you don’t have these programs installed… you must do so as soon as possible. In the meantime, you can go to security.symantec.com’ and run a security check of your computer. Simply click on each of the test links and run the two programs. One will check your firewall protection while the other will check for viruses. This may take some time, so do it when you don’t need to
use the computer. Then install the free Spybot and Adaware and new Microsoft Defender Anti-Spyware programs and run those as well.
OK, that’s about as technical as I’m going to get. So now we need some definitions…
what is a hacker, what is a virus, spyware, and a firewall?
Hackers use to be a limited to sociopaths whose main goal in life is to cause misery to others.
Today, with Identity THEFT so lucrative, it has moved out of the ‘nutcases’ and into the mainstream. A hacker can get into your computer through a number of methods… one is simply pinging your computer. What the hacker does is send an electronic signal to your computer called a ‘ping’. Each computer in the world has an identification number and the hacker will send out tens of thousands of random pings a day. When an unprotected computer gets a ping it is set up to answer and do what’s called a ‘handshake’. The hacker is now in your computer and can see everything that’s going on without your knowledge.
How do you prevent the hacker getting in through a ping… you put in a ‘ping blocker’… a firewall. (DEMO - this was a firewall demonstration showing how a firewall can block an intruder) Once in your computer, the hacker can just perform as I’ve described or he can plant a virus which will automatically carry out certain functions.
A virus is simply computer code which, when installed in your computer, carries out a preordained series of events called a program. Viruses can be destructive or information gathering and the later is what we’re talking about today. You can’t normally see a virus it’s code is like the text in a cookbook, but today through the magic present in Temple Ner Tamid we are actually going to have a virus appear in front of us. (DEMO- this demonstration showed the collection of a virus and virus cloning and was done with the help of the Rabbi and his ‘supernatural’ powers)
Spyware operates in a manner similar to a virus… it’s main purpose is some level of Identity compromise… some may be fairly innocent like capturing the names of all the sites you go to and sending it to a marketing company to actual Identity THEFT stealing your information. I can tell you that in the hundreds of computers I’ve serviced in recent years, only one was completely spyware free.
Number 2 on my list. Back up important files on removable media or a second
hard drive and always check disks or CD’s you get from a friend for a virus
before you install it in your computer. If you get a new computer, always precheck any files you bring over from your old computer.
3. Use Windows Update to get the latest ‘critical updates’ from Microsoft. This
is a ‘must’
4. Avoid Email attachments both when receiving and sending Emails
5. Never open an ‘attachment’ from someone you don’t know
6. If you get an attachment and know the person and feel compelled to open
it, do what I do.contact them and ask them: Did you send me an Email with the subject on the Email? Did you originate it, or are you forwarding something someone sent to you? I only open attachments if I get a ‘yes’
answer to these two questions.
I recently had a client who received an Email from her daughter… the subject was ‘pictures’ and the body of the Email said ‘just returned from Walmart with these pictures and I knew you would love to see them’.
Well it wasn’t from her daughter and there were no pictures… instead she got an Identity Theft virus into her computer. The virus was a worm type.
Worms get into a computer, then go to the user’s address book and then, in the background, sends out an Email with the owner’s name to everyone on their Email list. This is called ‘harvesting Emails’. (DEMO - this
demonstration showed visually the effects of a worm and a destructive virus)
7. Configure Windows to always show file extensions. (Tools>Folder Options>View uncheck ‘hide file extensions for known file types’. This makes
it difficult for a harmful file (such as an EXE or VBS) to masquerade as a harmless file (such as TXT or JPG)
8. Never open Email attachments with file extensions VBS, SHS or PIP.These are frequently used by virus programs
9. Never open attachments with double file extensions such as NAME.BMP. EXE or NAME.TXT.VBS
10. When you receive Email advertisements or other unsolicited Email, do not open attachments in them or follow web links quoted in them.
11. When you get SPAM and it says ‘if you don’t want to receive this in the future, just return this Email with the subject line ‘discontinue’ or click on the
‘opt-out’ link… don’t respond as they’ll now know you are a real person. Hackers are now using this ‘opt-out’ reply method for virus installation.
12. Do not trust the icons of the attachment file. Worms often send executable files which have an icon resembling a picture or text to fool the user.
13. Never accept attachments from strangers in online chat rooms or from instant messaging
14. Avoid downloading files from public newsgroups. These are often used by virus writers to distribute their new viruses. This is especially true of the free music download sites.
15. Avoid random web site browsing. It is very easy, even for the experienced
computer user, to go to dangerous sites… I did that recently. I typed in
‘bluemountain’ but I made a typical typo error… I left out the ‘e’ in blue. The web site I was directed to was a wild porno site. It might not have been so bad, but Harriet, my mother (may her soul rest in peace) and my father were
looking over my shoulder to see how I send electronic greeting cards.
16. If you get a pop-up window or an Email which asks for any personal information… don’t respond, immediately delete it. If it lists a telephone number to call… don’t call that number, instead call the number you have for that company.
17. Do not click on unsolicited pop-up ads. Today, many pop-ups install spyware and/or viruses into your computer.
For example, if you get a pop-up which says… ‘your computer is at risk… download our program now to protect your computer’… don’t do it… most actually insert harmful material into your computer.
The last thing I want to talk about is Online Banking. This is something that I
advise my clients not to do at the present time because of system’s vulnerability. At some point, there may be safeguards installed, but the
present system is broke.
Just before I left Florida there was the case of a man who lost $90,000 from his Bank of America account. He had gone into his computer on Wednesday evening to check his account balance which showed a balance of $90,000. and on Thursday morning his funds were gone. He immediately contacted the bank and was told that he had done a ‘wire transfer’ to the Bank of Latvia the previous evening. He didn’t make the transfer.
It was done by a hacker who lives in Latvia by installing a ‘keystroke logging’ virus in his computer. You see, even when you just go in to check your account you are required to enter your account name and password. The password shows up on your screen as a row of asterisks. That’s just so someone standing behind you doesn’t see the code, but the hacker can because he’s logging your keystrokes. The man is now suing Bank of America to try to retrieve his funds which the Bank of Latvia has refused to return.
The Sumner Advantage’
Computer Problem Solving
All Windows Systems
Networking, Web Design, Tutoring
(978) 210-5124
compsum@yahoo.com
web site: http://www.thesumneradvantage.com/