Sunday, December 22, 2013

Target Stores Data Breach

Some details on how the Target data breach occurred as well as insight into how and where this type of information is traded and sold in bulk and very quickly:

Smart phones

An article to get started on smart phones and what value they provide to an Identity Thief:

This is a great reminder that there are multiple types of Identity Theft.

This article from the ACLU illustrates how "The type of data stored on a smartphone can paint a near-complete picture of even the most private details of someone’s personal life."

"The astonishing amount of personal data police can extract from your smartphone" is based on the ACLU article above but has some good commentary of it's own:

Gift Card Fraud

I have been involved with professional training from a major retailer that described how thieves will photograph gift card data from cards before they are sold and then use that information to cheat the buyer of the gift card once it is activated.

This article discusses a very similar procedure:

An excerpt:
"Criminals steal gift cards from store racks before any money has been added to them and then use an electronic card reader/writer to copy the information from one gift card to another, making an identical copy. Then they take the card back to the store for unsuspecting customers to purchase. Once money is added to the card, the criminal can then go on a shopping spree with someone else’s money."

If "78 percent of retailers have been victims of gift-card fraud" how does that translate to customers? This article explains some of the issues facing retailers:

Krebs Skimming posts

Krebs On Security has an excellent variety of posts about Skimmers which are a method to obtain information for use in Bank Fraud, Credit Card Fraud and Financial Identity Theft:

Saturday, December 21, 2013

Wealth Managers Hacked

Fascinating example of how it doesn't matter how careful you are with your Identity or Finances, other people have been entrusted with it and if they are the weakest link in your Identity chain then that is where you can most easily be compromised.

A quote "EJ Hilbert, a former FBI counter-terrorist who was appointed head of Kroll’s cyber investigations this summer told the Financial Times: ‘It’s scary. Wealth managers are being used to get millions of dollars."

The article!

Saturday, December 14, 2013

Holidays and Identity Theft

The Fall Holiday Season is also known as "Identity Theft Season." In some circles at least.

10 Reasons related to why consumers are particularly vulnerable to identity theft during the holidays because many relax their guard and substantially increase the exposure of their financial information:

Tips on Protecting Your Identity During the Holidays include not letting your credit card out of sight and getting a credit monitoring service. It also mentions photocopying your credit cards but I suggest you copy the contents of your purse or wallet in case you loose it and need to know what to report as stolen, missing or in need of replacement:

10 great tips from the LA Times include not buying gift cards except from a person who sells you one from behind a counter:

IRS and Identity Theft

Tax refund ID Theft is growing epidemic:

"More Americans' identities were stolen in tax refund crimes in the first six months of 2013 than in all of 2012, said an Internal Revenue Service watchdog on Thursday who described the problem as "a growing epidemic."Tax refund fraud has exploded in recent years. Scammers typically use stolen names and Social Security numbers to file phony electronic tax forms for IRS refunds."

The IRS provides advice and resources including an affidavit on the following sites:

$3.6 Billion paid to Identity Theives via fraudulent refunds, down from $5.2 Billion

Obamacare and Identity Theft

My general thought on Obamacare is that illegal workers needed a job to get healthcare in your name before, now with your credentials they can just go online and get it without needing a job. If they work for cash... they can now just go online and get healthcare without having to bother to report to work somewhere or apply for a job.

Along that line, if someone qualifies for a subsidy and gets healthcare using your identity, whom do you think the IRS will ask to pay that back when it turns out you don't qualify for the subsidy when you file your own, accurate tax return?

A few links from around the web with some relevant excerpts:
How Obamacare Makes Theft Of Your Identity More Likely
"Stealing a medical identity is more lucrative than other kinds of identity theft."

St. Louis woman has Identity Compromised at including her Account, Address, Social Security Number

This article relates most directly to what I've said and have been thinking

"The risks of potential identity theft are very real, and 13 attorneys general have expressed deep concerns about the security of the exchanges’ information."

The 5 types of Identity Theft

Here is an article on the 8 Types of Identity Theft which Jake enumerates as
  1. Financial
  2. Insurance
  3. Medical
  4. Criminal
  5. Driver's License
  6. Social Security
  7. Synthetic
  8. Child
His article on is here

I will write more on this later and maybe just update this post. There are really 5 Basic Types that lead to 10 or 11 common manifestations.

The 5 Basic Types of Identity Theft are:
  1. Driver's License
  2. Character/Criminal
  3. Medical
  4. Social Security
  5. Financial
This article from SHRM regarding employer liabilities in 2008 highlights these 5 types of ID Theft (Michael Hall is no relation that I'm aware of):

The 10 or 11 Common Types of Identity Theft therefore and what the Basic Type they are based on are:
  1. Financial (Financial)
  2. Insurance (Financial/Medical)
  3. Medical (Medical)
  4. Criminal (Character/Criminal)
  5. Driver's License (Driver's License)
  6. Social Security (Social Security)
  7. Synthetic (Combination from the 5)
  8. Child (Any of the Basic 5 from a Minor)
  9. Business (Usually Financial but based on a Federal Tax ID, not an SSN)
  10. Deceased (Any of the Basic 5 from a Deceased person)
  11. Cloning (Combination of Character/Criminal and another type thus impersonating the victim)
Now that I have fleshed out this outline, I probably need to do a basic post on what Identity Theft is, but this is a good definition for starters and I got it from the FTC years ago:

“Identity Theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.”
I also read an article from Kroll that I can not share... that added "or to conceal the thief's true identity."

Perhaps more on this later.

College Students at High Risk for Identity Theft

A story from Austin, TX new station KXAN on the BBB, college students, and identity theft.

Some good tips but it mentions that you should look for "https://" for a secure website when shopping online but then also tells the story of someone who put in credit card info for a purchase on a completely fake website.

You need a plan to mitigate damages when they happen. There is no way to avoid a determined ID thief particularly when your info is captured as collateral damage or incidentally.


Welcome to my blog. The primary purpose of this Blog is to provide links to source material that I may have quoted in a presentation or training or researched in answer to a question I have been asked.

I hope this site helps you share this information with others and/or conduct your own research. Please contact me with any questions. Thank you for visiting.