Cringely on Identity Theft 630
Boiled Frog writes "Prompted by the theft of his mail, Cringely investigates how easy it is to steal identities from government publications. In this article he explains how he got the identities of 300,000 people which he calculates to be valued at $65 billion dollars. If Cringely can do it, anyone can."
Article is spot on. Happened to me.. (Score:5, Informative)
In San Francisco, when some people move out, they throw all this crap they don't need anymore on the curb. I saw this thoughout the city, time and time again, so when it came time for me to move, I did the same.
I got rid of almost everything! This included, tons of old papers - possibly old pay stubs. Big NO NO! At one point, I even noticed some people looking through the big pile. "Just people who like crap", I thought.
Six months later, the Postmaster General Attorney's office in San Jose calls me saying they've arrested someone on postal fraud that had my name and info in his little black book. It was under a section that basically was ready to have a drivers license and social security card issued in my name with this guy's picture!
To make a long story short, the guy went to prison and I had to notify all agencies where I had any type of id or credit/bank card to put a watch on them for the next six months.
My lesson learned: shread everything.
However, online, this is a totally different issue and the only thing I can suggest and do about that is to check into companies and try to make sure they are responsible about how they store your credit-card information. I've personally written to all the online companies I use to ask as how they protect my information. If it ever seemed like they weren't up to snuff, I explained my concerns and asked for some sort of reassurences. Although, I must admit, that's not the best thing and sometimes letters to the BBB and other groups/agencies are necessary.
This is really scary (Score:2, Informative)
Which goes to show you... (Score:5, Informative)
Don't have to worry about such things.
Re:Article is spot on. Happened to me.. (Score:5, Informative)
Good to hear this person actually went to jail. I should add that the other thing you should do is check your credit history and cancel all old credit cards that you may not even know are still active. A friend of mine had someone get access to three old credit cards that he had cut up, but had not actually cancelled the accounts. A couple of years later he was surprised to find the companies were telling him he owed $30k worth of charges.
Credit monitoring services (Score:5, Informative)
True Credit [truecredit.com] turned out to be the cheapest at $11/quarter for the basic service. This is not a referral link, and I'm not affiliated with them in any way. Just sharing information.
Money isn't the issue (Score:5, Informative)
You have to apply for coverage, and show evidence that your ID was in deed stolen. That can take months or years! And a lot of effort goes into all that. One of the worst parts is trying to restore your credit rating. While the whole process really shouldn't cost very much money ( $1000) it costs a quarter of your life to repair all the damage.
Re:Office of Redundancy Office -- RTFA (Score:-1, Informative)
It comes from his ability to gather X number of names, and each name has an estimated rip-off values (as computed by the U.S. Secret Service) of $217,000 (which was an average computed from a sample of identity thefts in one study).
Next time, RTFA.
Avoiding the Post Office. (Score:5, Informative)
"Why would we replace your book?"
"BECAUSE YOU LOST IT????"
This is exactly why I use Fed Ex or UPS when ordering things. They can track your packages and they take responsibility when they screw up. Perhaps the Postal Service could take a lesson?
Re:Avoiding the Post Office. (Score:5, Informative)
Fed-Ex or UPS won't replace your item if you didn't get insurance, either.
We just got a PC shipped back to us from the field by UPS. The box was smashed, and the machine looks like CowboyNeal sat on it. Picking it up I could hear all the fancy shmance electromonical doodads rattling around inside the twisted case.
UPS won't do shit about it, because the fool didn't pay the 5 bucks for insurance.
Re:Article is spot on. Happened to me.. (Score:3, Informative)
Re:Which goes to show you... (Score:5, Informative)
Good idea but many places won't deliver to a PO Box as they've been used for fraud for eons. They want a brick & mortar delivery point.
Scary websites... (Score:4, Informative)
My wife and I tried buying something on the web on this one particular site. It asked me to register since I was buying stuff for the first time there. Filled up everything on the "new account" page and hit "register me". The page came back in error saying the id I was trying to register was already taken so I had to try another one. Not so bad. What was bad though was THE PAGE RE-LOADED WITH ALL THE FIELDS IN IT PRE-FILLED WITH THAT ALREADY-EXISTING USER ID's DETAILS! Address, phone number, first/last names everything on there for the taking.
Scaaary. We politely backed out of the site and decided to buy elsewhere.
Mobile Phone Companies Require SS# (Score:3, Informative)
Recently I signed a new cellphone contract and they *would not* allow me to sign the contract without giving them my SS# (which I imagine is for a credit check). What's the legality of that? Is there any way to avoid handing over SS#'s in these situations? Its terrifying that cell-phone services have huge databases of millions of Social Security numbers.
Anyone?
Re:Avoiding the Post Office. (Score:3, Informative)
get it by paying a little more for it (note the "Declared Value" field
on the FedEx Airway bill).
Re:You want some wine with that cheese? (Score:5, Informative)
Your employer is the one entity which is required to ask for your SSN -- it's used to pay your FICA and Medicare taxes, as well as to route your employer's contribution to your account. Those taxes? Well, if Social Security is still around when you retire, they're what sets your benefit level...
Re:Are you dissing Cringely? (Score:2, Informative)
It happens more than you think! (Score:5, Informative)
Xerox/scan all your bank cards, credit cards, drivers license, etc front and back. Write down all the contact info and make sure you keep a copy in a safe place. NOT YOUR WALLET! If anything is lost or stolen call immediately!
Open a second bank account to use for online transactions. I transfer only the amount of money I need to cover gas, lunch, online stuff to it. I don't use an ATM card on my primary checking/savings. If someone grabs a carbon, they don't get access to anymore than the few bucks I keep as a buffer.
And as many have and will say here: Don't give out your SSN, check your credit report regularly for new lines of credit and shred early - shred often!
Re:Which goes to show you... (Score:4, Informative)
123 This St. # 666
They'll take and sign for packages for you, too.
Re:Article is spot on. Happened to me.. (Score:5, Informative)
Will the REAL Robert X. Cringely please stand up? (Score:5, Informative)
Cause and Prevention (Score:5, Informative)
There is certainly a degree of catch-22 involved between convenience and security. When my wallet was stolen with license and SS card (dumb to carry both but I recently needed them starting a new job)a few years back, I was glad that I was able to get a new drivers license with no identification except a birth certificate copy I was able to get with just my SS number and no identification - but the ease of doing so certainly gave me pause for thought.
In addition to the sound advice of shredding, a good idea is to lock your credit reports from being issued without your consent and opting out of pre-approved CC offers. Instructions for both at this article - http://abcnews.go.com/sections/scitech/TechTV/tec
I'm just thankful my house has a mail slot that drops into an inaccessible bin inside the home.
wait until this happens to you (Score:5, Informative)
With the key, you just drive it off the shopping mall lot. And there's no sign of forced entry, so the insurance company says "you left the key in the ignition, tough for your claim. Happened to us on vacation. And 10 year old clean cars are in more demand for the body parts, it isn't just the new Hondas.
Tape over that damned number.
Re:You want some wine with that cheese? (Score:3, Informative)
Re:Avoiding the Post Office. (Score:3, Informative)
I nearly tripped over my new DVD burner on my way in the house the other day, and my wife had been home ALL DAY!
Locking mailboxes? (Score:4, Informative)
I found this place that sells a "locking mailbox": http://www.oregontrailbox.com/
I think I'm going to get one from them. If you come across anything better, or have experience, please reply.
Re:Article is spot on. Happened to me.. (Score:5, Informative)
Wrong, stupid. (Score:3, Informative)
It's same philosophy as Car alarms. They dont prevent theft, they just encourage you to take the other guy's car because it's less trouble.
Re:Mobile Phone Companies Require SS# (Score:3, Informative)
I questioned the sales rep when I was in the same situation. He said that it's used for nothing but the credit check.
Then I got my first bill and saw that the first half of the account number was a significant portion of my SSN. I suppose that could be a 1/10000 coincidence.
Re:Mobile Phone Companies Require SS# (Score:1, Informative)
Re:Will the REAL Robert X. Cringely please stand u (Score:4, Informative)
How far to go to protect your identity? (Score:2, Informative)
- Limit giving out personal info to anyone
- Cross-shred [cfsshreds.com] anything with info on it
- Give out 867-5309 [project80s.com] as my phone number
But, ever tried not to provide your social etc for:
- Doctor's office (They will want payment at time of visits). I've begged with them not to use my SS#, but it's an easy and unique identifier, they said.
- Electric company (They wanted $300 cash in lieu of a SS#)
I agree with the first poster about the mailbox, but outside of apartments or high-rises, how many lockable mailboxes have you ever seen? I'd like to, but it's probably against my HOA anyway.
We provide much of the information that could be used against us, as a convenience for ourselves.
YANAL (Score:3, Informative)
An employer is not required by law to obtain an employees Social Security number. The law requires only that they ask for it. (How can they be required to obtain an employees SSN, when in fact, there is no legal requirement that a person obtain an SSN in the first place?)
Take a look at this [networkusa.org].
Here's a relevant excerpt (And please ignore the religious component... That's not the point.):
VIN numbers (Score:5, Informative)
http://www.snopes.com/crime/warnings/vin.asp [snopes.com]
As stated in the link, I highly doubt anyone can just steal a car of the shopping mall lot. It takes too long to get a key made. You will be home by then. Also, I think covering the VIN number may be illegal in some states/countries.
800-Ask-USPS (Score:2, Informative)
What is the post office going to do? Nothing. hundreds of thousands of mailpieces, some containing financial and personal information, goes through some of the larger metro Post Offices everyday. You think your carrier is going to remember anything about that one piece of mail from you know who that should have been there last week? The postal inspectors will look into the obvious more severe cases, but the have their limitations also. FBI doesn't even look into every case either.
As far as getting reimbursed for one shipment from Amazon, read above to understand why Cringley repeats the "we'll investigate it phrase", something I say everyday.
If you think that FedEx or UPS will solve the problems, then you might be right. Of course you get what you pay for. If you pay for the same type of delivery from USPS, express mail, then you also get tracking, insurance for up to $100, service to a PO box (if needed), and all for less. If you look for minimal cost, expect minimal service.
Re:wait until this happens to you (Score:2, Informative)
Re:Article is spot on. Happened to me.. (Score:5, Informative)
This is different from the "security alert" that most people tell you to put on your credit report when fraud happens.
With a "security alert," basically it's just a notification to creditors that they should be careful. They can still get your credit report. Apparently, many creditors ignore this warning so you are not guaranteed that someone else isn't applying for credit in your name.
With a "security freeze," no one can get your credit report (with a few exclusions such as the police with a court order). It's much much safer.
The credit report agency sends you a PIN that you use to temporarily or permanently remove the security freeze. For example, if you are applying for a mortgage in the next 15 days, you can remove the security freeze for 15 days, and it will be put back on once that period of time is up.
The credit report agencies do not want people to know about this option because if everyone takes advantage of it then their whole system fails.
Under California law, there is no charge for a security freeze on your credit reports IF you have ALREADY been the vicitim of fraud. (Someone used some of my checks and stole my credit card number before, so I qualify). If you have not ALREADY been a victim, you can pay some ridiculous amount to have it put on (on the order of $50/year).
I believe Texas may have a similar law (because my letter including the PIN from one of the agencies said "security freezes are only available in California and Texas" and that if I move out of CA then I have to notify them so that they can remove the security freeze).
For the last year, I played the credit report agencies' game. I PAID THEM $80/year to get access to MY OWN INFORMATION to make sure no one was using my credit fraudulently. When I renewed a couple of months ago, they changed their policy and limited the number of times a year you could view your credit report. So I dropped them, and was going to sign up with a competitor (still playing the game) when I found out about the security freeze.
For more info:
http://www.privacy.ca.gov/financial/cfreeze.htm
http://www.fightidentitytheft.com/legislation_c
Of course, if you are not in California (or Texas I think), then you can try seeing if your representatives in DC will make this a national requirement.
Joey
Re:wait until this happens to you (Score:4, Informative)
Tape over that damned number.
Go ahead, if you don't care about violating federal law and giving the police a reason to believe that the car has been stolen. From U.S. Supreme Court case NEW YORK v. CLASS, 475 U.S. 106 (1986) [findlaw.com]:
Re:We do not have identities. (Score:3, Informative)
A. DNA is not unique -- consider identical twins, for example
B. DNA is not secret either; certainly no more secret than fingerprints. You leave piles of copies in the form of hair and shed skin cells whereever you go.
Re:Avoiding the Post Office. (Score:3, Informative)
I've had dozens upon dozens of packages from UPS (as well as Fedex) and had to give my signature on every last one of the packages that required it. Never has a single package been left, if it required a signature. You need to take this up with your local office, since it sounds like you just have a single UPS delivery person that isn't doing their job.
easier than you think.. (Score:2, Informative)
Today everyone puts confidential information [peoplehacking.com] on forms, etc. and submits them "securely". Well, SSL is a good start but the biggest cause of identity theft is the human factor. For those of you who have a Paypal [peoplehacking.com] account, maybe you got an email in the past couple months that said your account was being verified..blah..blah... Have any idea how many people fall for that crap? I train [peoplehacking.com] people for a living to teach them how to stop this type of information theft and yet my own family still calls me up to ask if it was bad for them to have entered all their personal information [peoplehacking.com] in a piece of email.
Kinda reminds me of when the popups started appearing that looked like Wintendoze had an error but were really adverts for some corporate sleezeball to sell his lame software...pfft.
I just have three words (Score:2, Informative)