Identity Theft: Following the Profits and Victims

web browsingWe know identity theft is a billion dollar business conducted by criminal enterprises. These are NOT mom-and-pop operations! So we must take it seriously. What happens with the money stolen/scammed? And who are the victims and what do we know about their plight? Continue reading


Protecting Yourself from Identity Theft

I wrote last week about the epidemic of identity theft. This week, again based at least in part on information provided by speakers at the 2nd Annual Government Identity Fraud Conference earlier this month, I’ll share some ways everyone can use to protect themselves from ID Theft.

First, a recap: Remember, experts tell us that with all the breaches that have occurred in the past few years, everyone’s identity has already been stolen. That means even though you have not been a victim, it doesn’t mean you won’t be. One Bulgarian ID thief/fraudster who got caught noted that they have so much data it will be years before they use up all the stolen identities already available.

And after all, the FBI reports it only costs $.35 on the dark web to purchase a real, identity!

So what can we do? Here are some ideas from the experts.

  1. Passcode protect everything. Don’t use obvious passwords like your dog’s name or your street address number. Instead use a passphrase that is a combination of words, numbers, and symbols at least 11 digits long.
  2. You say you can’t remember anything that long? Here’s a link to Morgan Wright’s free online course on setting a passphrase you can remember: Morgan graciously provided this link to us at the conference.
  3. Change your passwords regularly. No, not every year, every month or so. Remember, even if one of your sites is breached and gives up usernames and passwords, they are only good until you change them. So change them regularly.
  4. Use a unique passphrase for each website or application. Don’t just clone that one password you can remember and use it for all your sites. Make them all unique, not just variations on a theme.
  5. OK, you say you can’t possibly remember all those passphrases? Neither can I. So use a password/passphrase management application. I use Dashlane, but there are many out there and they are all pretty good. Most will synch between devices. Pick your favorite.
  6. Make sure you are running malware protection software on all your devices. Start with your computer and then ensure you have protection on all your mobile devices. 
  7. Make sure the operating systems on your devices are up to date. Set them to auto update. Much of every update includes software patches for known security holes in the operating systems.
  8. Never, ever, use a public WiFi without using a VPN connection. Public WiFi is one of the easiest pathways to your data. Few of them are secure.
  9. Don’t fall for spear phishing emails! Spear phishing is a targeted email sent to you that appears to be from someone you know asking a reasonable question. But they almost always want you to send them private information about yourself or others. There’s a pair of rules to live by here. First, if it doesn’t sound right — it probably isn’t. Second, if someone, even someone you know, asks you to send personal information of any kind over the open internet, before responding, contact them directly to confirm it is legitimate (calling them is best). An ounce of protection… Keep in mind that spear phishing is the number one tool for espionage and information theft.
  10. Finally, although there is more, take the next step in privacy protection and use 2-factor authentication. This method requires not only a password/phrase but a secondary process of answering a question or using a unique PIN. It’s not foolproof, but it is a major step forward in security. Many applications and sites now offer this option.

Remember, the Identity Theft Resource Center reports an identity is used to the detriment of the real owner every 9 seconds in the United States. Here are ten ways you can protect yourself.

Again, thanks to the good folks at the ITRC and LexisNexis Risk Solutions for the conference and to Morgan Wright and Walt Manning for their great presentations — some of their information is included in this article.


And stay tuned — there’s more!

Combating Identity Theft

I recently had an opportunity to attend the second annual Government Identity Fraud Conference. This event gathered more than 150 government managers dedicated to protecting citizens from identity fraud and theft. Great dialogue and information sharing opportunity.

So what did we learn? Let’s start with ID theft and tax fraud. The IRS reported that through November 2015 it stopped more than 1.4 million fraudulent tax returns valued at $8 billion. Yes, billion! Many states are on the defensive as well, including Indiana, Georgia, Ohio, California, and others. During the past three years they, too, have stopped millions of dollars in fraudulent tax returns. For example, in 2014 Indiana stopped more than $88 in tax fraud attributable to identity fraud. These organizations demonstrate the significance of the problem, and I have not even addressed Medicare fraud, Medicaid fraud, unemployment fraud…etc. Experts tell us identity fraud is a multi-billion dollar business of organized crime. We’re not talking about your run-of-the-mill tax cheat here, but organized efforts to steal identities and use them to submit fraudulent claims for tax refunds, healthcare reimbursements, etc.

Those experts also tell us that — are you ready for this? — everyone’s identity has been stolen. Everyone is already compromised. And they are all available for sale on the “dark web” or the “deep web.” I’ll write more about those in future blogs.  Your identity has been stolen, it may not have been used just yet. The point to remember here is: be vigilant!

Why? Don’t believe this is a problem of epidemic proportions? The Identity Theft Resource Center, a non-profit organization dedicated to aiding victims of identity theft, reports that every 9 seconds someone becomes a victim of identity theft. Every 9 seconds!

Another point to keep in mind is that government entities are working to protect and defend citizens as best they can from identity fraud. Hence the conference and information sharing at all levels of government, city, county, state and federal. Know that there is a concerted effort to defend against these acts as well as to attack this problem aggressively at all levels of government. And this effort must continue to gain in sophistication and subtlety. Crooks are getting more sophisticated — and so must we. That’s part of what this conference does annually, share information and techniques to defeat these efforts.

In coming weeks I’ll attempt to outline, without giving away any secrets to the bad guys, where and how criminals are perpetrating this identity fraud and where the stolen money goes (you’re going to hate the answers), what governments are doing about it, and what citizens can do to combat the problem.

The conference was an outstanding opportunity for information sharing and collaboration. It’s part of the solution to this problem, so thanks to the Identity Theft Resource Center (ITRC), the National Center for Missing & Exploited Children and LexisNexis Risk Solutions for presenting the annual conference that allows government organizations to learn, discuss, collaborate and defeat the crooks. These organizations’ websites also provide good information about this topic.