Posts

Identity Theft – Know Your Rights

Have you experienced that clutch of fear that makes your heart skip a beat when you all of a sudden discover your wallet is missing? Your first reaction might be a cuss word for carrying all that critical information in the first place. Your second is to try to slow your mind as it frantically scans for solutions. Knowing what to do if you lose vital information and knowing your rights if you become a victim of identity theft will save you time, money and a ton of stress.

A consumer survey conducted by the Federal Trade Commission reveals, in a new report, that many identity theft victims do not understand their rights. Following is a summary of what you should know if you become the unfortunate victim of identity theft.

  • Fraud Alert. Placing a fraud alert on your credit file with the three credit bureaus (CRA’s) is the first step and may prevent identity theft if done timely. It’s important to file with each of the bureaus, TransUnion, Experian and Equifax. Although each of the bureaus claims it will notify the other two, it may take weeks or longer and you have no time to lose.Once a fraud alert is placed on your account, you should be contacted by phone by any lenders to confirm that you truly do want to open a new account. Any consumer who has a good faith suspicion that they have been, or are about to become, a victim of identity theft may place a fraud alert on their credit files. Such alerts notify potential creditors that consumers may have been a victim of fraud and that special care should be taken to verify the consumers’ identity before extending new or additional credit. It’s important to follow up after your request and verify with each CRA that it has, in fact, placed a fraud alert on your file. See the final bullet point about freezing your credit for additional protection.
  • Free Credit Report. When a consumer places a fraud alert, she has a right to request a free credit report from each of the CRA’s. These credit reports are separate from, and in addition to, the annual free credit report that all consumers are entitled to receive from the three nationwide CRA’s via annualcreditreport.com. According to the FTC survey, only half of consumers know they are entitled to this additional, free report. Again, follow up with the CRA’s if the credit reports do not arrive timely.
  • Disputing the Accuracy of Information on Credit Reports. Consumers have the right to dispute the accuracy of information on their credit report either with the creditor that provided the information to the CRAs or with the CRAs themselves. The creditor or CRA is then required to perform a reasonable investigation to determine whether the contested information is accurate. If the information is inaccurate, the report must be corrected.As Martha White reported in Time Moneyland, credit bureaus don’t always make it easy to dispute incorrect information. While almost three-quarters of respondents were able to get disputes resolved in either one or two contacts, 24% had to contact the bureau three to five times and another 4% had to initiate six or more contacts to get their dispute resolved.
  • Blocking the Release of Fraudulent Information in Credit Reports
    Generally, if a consumer identifies information on his or her credit report as being the result of identity theft and provides a copy of the police report to the CRAs, the FTC requires the CRA to block the reporting of that information.
  • Credit Freeze. A fraud alert is different than a credit freeze, which completely freezes your credit to all activity for a period of time.  To learn more about freezing your credit and how to reach the three credit bureaus, go to  https://192.241.219.145/2/.

FTC data shows that, for more than a decade, the top category of complaints it handles is identity theft. It’s essential that you know your rights and, without fail, follow up and, perhaps most importantly, be persistent.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Whose Device – Yours, Mine or Ours?

Carrying multiple personal devices is a pain and, yet, the fear of giving away critical company data is a nightmare.

For most of us, being connected equals being productive. However, this simple equation becomes complex when one has to juggle personal devices with those issued by our employers. Paramount in an employer’s mind is the protection of the company’s critical and confidential business data but they don’t want to alienate employees by being too restrictive on using their personal smartphones and tablets.

Recent research has found that nearly three out of four adults don’t protect their smartphones with security software and these same people often use their devices to access social media and websites that attract cybercrooks. Poorly-secured  devices can be easily accessed by hackers who are becoming evermore sophisticated and ferocious.

This device conundrum ties directly to corporate IT culture and the question of allowing employees to use personal devices to conduct business. The solution ranges anywhere from an outright ban (which employees often ignore) to fully embracing an employee’s choice, while building corporate safeguards to block spam and corrupt application downloading. Some companies permit it with tight controls such as having the ability to wipe the gadgets clean of all information in the case of loss. Of course that means all personal data will be wiped along with business data but studies show employee satisfaction (ergo productivity) is tied to exercising personal preference of devices.

Security and legal teams wrestle with this dilemma constantly in the mobil world of today and there’s no clear cut answer. Protecting a company and its clients’ data is essential; but also, productivity, efficiency, organization and responsiveness are but a few benefits of giving employees their choice of gadget.

Arming those same employees with the safety measures to secure their devices from fraudulent activities is where IT departments can manage risk. Building a parallel strategy that serves both corporate IT and the end-user is not only necessary, it is beneficial to the bottom-line.

Please see the original article by Steve Johnson of San Jose Mercury News published in The Denver Post.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation or watch him on Anderson Cooper60 Minutes or Fox Business1.800.258.8076.

 

 

 

 

 

 

 

 

 

 

The Grinch Effect: Identity Theft at Holiday Parties

Grinch Identity Theft

Huzzah! The holiday party season has officially begun! It is my favorite time of year because I try to take a few weeks off of the professional speaking circuit to slow down to a normal pace. Over the coming weeks, all of the Whos in Whoville gather to celebrate the communities to which we all belong. Whether it is a neighborhood party, a work celebration or an association shindig (okay, I’m starting to use words that my parents use), it is a great time to honor our friendships, colleagues and causes.

Unfortunately, the abundance of the season attracts malcontents who try to take advantage of our happiness and busy-ness. I call this the Grinch Effect: stealing from others while they are lost in a brief moment of joy. Like the Grinch pilfering the last stocking from the fireplace, identity thieves use our distraction to pluck pieces of private data from our festive homes. Enough already! If you are hosting a holiday party (either at your  home or in your office), here are some tips on protecting your identity to foster holiday serenity: Read more

Identity Theft's Latest Victim? Your Business.

Latest Identity Theft Trend is Stealing Your Business’s Identity to Falsify Accounts

In the past two weeks, I have been contacted separately by two local business owners to share how their business identity has been stolen and used to set up accounts with various companies on which thousands of dollars are charged and they (the actual owners) are left to pay the bills. There are no identity theft statistics on this type of crime, but I am certain that it is just coming onto the trend radar. In further proof that this is becoming a major problem for corporations, the Denver Post ran an article this morning titled “Corporate ID Thieves Mining the Store“.

Here’s how this incredibly easy form of business identity theft works:

  1. A thief scours the internet for your company information (Facebook is usually a good place to start, as is your local Secretary of State’s website). They are particularly interested in bids for government contracts, as they often contain a sample of your letterhead as well as your pertinent business information. If they can obtain the Federal ID# of your businesses, they have even more ammo to defraud you.
  2. Business name in hand, the thief logs on to your local Secretary of State’s website (the agency generally responsible for registering corporations and maintaining databases on corporations) and pays a small fee ($10) to alter the name of a corporate officer or the address of a company’s registered agent on public records. I would imagine that they generally register an identity stolen from another individual in order to cover their tracks further. In most states, there is no password to protect your official business filings from unauthorized users and changes. In Colorado, according to the Denver Post article mentioned above, officials say that “putting password protection on corporate data — where only a business owner or representative can make changes — is prohibitively expensive.”

    “In other words, the State of Colorado provides less protection for your corporate data than the average online dating service.”

  3. Now that the imposter is a “corporate officer” of your business with full authority to act on behalf of your corporation, the thief applies for a credit account in your business’s name, generally at a large national retailer (Home Depot, Lowes, AT&T, Sprint and Verizon see to be the top choices). If necessary, they use your poached letterhead to facilitate the process of setting up the account.
  4. The retailer, before extending credit, verifies with Dun & Bradstreet that you are in fact an official officer of the corporation. And where does Dun & Bradstreet get its information about your business? From the Secretary of State’s office, the very source of your illegally modified information. In other words, all parties in the process are relying upon falsified source data that remains unprotected on government websites.
  5. Using the newly established business account with terms (i.e., the thief doesn’t have to pay for what they buy, it is invoiced to the company for payment at a later date), the thief makes large purchase of equipment of services, often worth tens of thousands of dollars.
  6. Equipment in hand, the thief leaves the store never to be seen again. Your business, of course, receives the bill, and begins the arduous, time consuming and expensive process of proving that you never made the purchase, a difficult task given that the account was established by what the retailer considers to be a legitimate officer of your corporation.

Far fetched? Not at all. The problem is compounded by the fact that sales associates at many national retailers receive incentive bonuses for every sale they make. Why wouldn’t they push the sale of 50 mobile phones through the system when they receive a large commission to do so. It’s much easier than selling one handset at a time.

Both actual cases I worked with involved phone companies, and each business owner has struggled desperately to prove that they did not make the purchase and do not owe on the account. In one of the cases, the business in question already had an account established with the phone company – same company name, address, phone number, etc. – and the phone company failed to ask any questions as to why they would want a second account. In many of the cases, the thieves use the same stolen business identity over and over again in different cities (rarely do they even shop in your actual city), causing the owner untold hours of time repairing their damaged Dun & Bradstreet ratings, fighting with collection agencies and sitting on hold trying to explain to large corporations that don’t have any incentive to believe what you are saying.

In a spiraling economy, taking your eye off the ball can mean you lose the game. In the meantime, you can take these steps to being affecting change and protecting your valuable business data:

  1. Contact your local Secretary of State’s Office and encourage them to resolve the issue as quickly as possible. You just might be the first person to let them know that this problem exists. At minimum, ask them to begin protecting your corporate data with a password that only the verified and legitimate corporate officers of your corporation can access.
  2. Review your corporate filing with the Secretary of State’s Office regularly to make sure that there is no altered or false information in their database. If there is, contact them immediately.
  3. While in your corporations’ listing on the Secretary of State’s website, make sure that you set up any security measures they have provided. For example, if they have email alerts anytime your profile changes, make sure you take them up on it and have a current email address in the profile. This will send you an alert anytime someone changes your file.
  4. Monitor your Dun & Bradstreet account regularly to make sure that no liens or encumbrances have been placed on your credit profile. If there is incorrect or unrecognizable data on your report, contact D&B’s fraud department immediately at 1.800.234.3867.
  5. Set up a Google Alert for your corporation’s official name, TIN and any DBAs to monitor unexpected internet activity on behalf of your organization.
  6. If you are a contract-based vendor, include a clause in your contract prohibiting the publication of your TIN/EIN/SSN in any electronic or internet form without your prior written consent.
  7. Protect your TIN, letterhead and company information as if it were currency, because it is.

Check back over the next few days for information on how to recover from this crime if you are a victim.

John Sileo speaks professionally to organizations that wish to avoid the costs associated with identity theft, data breach, social media exposure and insider theft. His satisfied clients include the Department of Defense, Blue Cross Blue Shield, the FDIC, Pfizer and hundreds of corporations of all sizes. Learn more about his entertaining and effective presentations on identity theft, data breach and fraud training or contact him directly on 800.258.8076.

Identity Theft for Businesses: Mobile Data Breach

Mobile Data Theft

Technology is the focal point of data breach and workplace identity theft because corporations create, transmit, and store so many pieces of information digitally that it becomes a highly attractive target. This book is not intended to address the complex maze that larger organizations face in protecting their technological and digital assets. Rather, the purpose of this book is to begin to familiarize business employees, executives, and vendors with the various security issues facing them.
The task, then, is to develop a capable team (internal and external) to address these issues. In my experience, the following technology-related issues pose the greatest data-loss threats inside organizations:

  • Laptop Theft: According to the Ponemon Institute, 36 percent of reported breaches are due to a lost or stolen laptop.
  • Mobile Data Theft: Thumb drives, CDs, DVDs, tape backups, smart phones
  • Malware: Software that infects corporate systems, allowing criminals inside these networks
  • Hacking: Breaking into your computer system from the outside, using networks, wireless connections, remote access, and your Internet pipeline
  • Wireless Theft: Wireless connections to the Internet in airports, hotels, cafes, and conferences
  • Insider Theft: When someone in the IT department (or elsewhere) decides to make extra money by selling your data

According to the Ponemon Institute, ‘‘Thirty-six percent of all cases in this year’s study involved lost or stolen laptop computers or other mobile data-bearing devices. Data breaches concerning lost, missing, or stolen laptop computers are more expensive than other incidents. Specifically, in this year’s study, the per-victim cost for a data breach involving a lost or stolen laptop was just under $225, over $30 more than if a laptop or mobile device was not involved.’’ Continue Reading….

The post above is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.