Social engineering is a term for the methods used by many identity thieves to gain access to your identity. Usually, it involves the criminal pretending to be someone they are…

All too often, people assume that children are safe from identity theft. Unfortunately, it’s not true. I don’t know if it’s because creditors don’t take the time to verify…

It’s almost comical. Phishers are finding that a large percentage of the credit card numbers they’re collecting are bogus numbers or they’re on worthless accounts. So what’s their response?…

The scams never stop coming. A new round of scams targets taxpayers, using the IRS as a front. No, it’s not income taxes, though that’s a scam of another…

Thanks to our friends at Kroll Fraud Solutions, we have some excellent 2008 tax season tips for avoiding identity theft:

The U.S. economy may not be the only beneficiary of the recently passed federal economic stimulus package – identity thieves are getting a boost, too. Why? In the wake of the recent IRS announcement that more than 130 million Americans will receive tax rebates this year, identity thieves are using the promise of extra cash to lure Americans into disclosing their sensitive personal information.

These “phishing” schemes can take a variety of forms, the most common of which involves an identity thief who calls or e-mails a consumer pretending to be an IRS employee. The consumer is promised a sizable rebate if they file their taxes early. All the caller needs in exchange is the consumer’s bank account number to deposit the check.

The bad news is that schemes like the one described above are common; the good news is that falling victim to one is avoidable – as long as consumers get smart on the facts and follow the proper precautions.

Below ID theft expert Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, offers some important advice that every consumer should know about protecting their personal information during tax season. At Kroll, Lapidus oversees a highly-skilled team that includes veteran licensed investigators who meet regularly with IRS agents to stay apprised of emergent tax fraud issues – bolstering the team’s specialized work supporting breach victims and restoring individuals’ compromised identities to pre-theft status.

Preparing your taxes?

• Beware of phishing schemes. The IRS never contacts consumers by e-mail or phone to request sensitive personal information (SSN, checking account information, etc.). If you receive a phone call or e-mail that you suspect may be a “phishing” scam, file a complaint with the Anti-Phishing Working Group and contact the IRS immediately.
• Avoid shopping mall kiosks or pop-up preparers who offer to assist you with tax preparation. Considering the amount of sensitive personal information involved in the tax preparation process, you probably don’t want to hand over your files to someone whose experience and background are unfamiliar to you. Ask a trusted friend to introduce you to his/her tax preparer or consult a local CPA association for trustworthy members.

Filing electronically?

• Avoid using wireless networks. Use of wireless networks means your data is being transmitted over open airwaves, similar to a radio transmission. If not properly secured, data can easily be picked up by an uninvited party.
• Don’t prepare your taxes on a public computer. Public computers can contain “keylogger” spyware, which records every keystroke including passwords and account information. Keyloggers make it possible for an identity thief to steal any information entered into the computer during your session. Preparing your taxes on a public computer also increases your vulnerability to “shoulder surfers” – individuals who look over your shoulder to observe what you are doing and, more importantly, collect the sensitive data you’re entering.
• Only keep a record of your tax claims as long as necessary. Thieves can’t steal what you don’t have. Purge the data once the need for it has expired. Suggested guidelines for individual recordkeeping are available online through the IRS at: http://www.irs.gov/publications/p552/ar02.html#d0e617.

Filing by mail?

• Don’t put your completed claim in an unlocked mailbox for pick-up. Instead, deposit outgoing mail at a post office.
• Take it one step further and opt for delivery tracking. That way you can be certain that your information has gotten to the IRS safely.
• Waiting for your tax rebate? Promptly remove mail from your mailbox after delivery. The longer your mail sits in an unsecured mailbox, the greater your chances of it falling into the wrong hands.
• You may also choose to have the IRS deposit your tax rebate directly into your bank account, further minimizing the risk of theft.

The Better Business Bureau of Chicago and Northern Illinois has released its top 10 scam list for 2007. Even though this is a regional list, it fits nicely with what we’re seeing here at Fight Identity Theft:

1. Check Scams

Would-be victims receive a check in the mail, allegedly for winning a sweepstakes, lottery or promotion. The check supposedly covers taxes or other fees (see the text of the letter below). Here’s how the scam works:

• You deposit the check in your bank.
• You then pay the fees described in the letter via a money transfer.
• Unfortunately there isn’t any prize money and your bank eventually will tell you that the check you deposited is a forgery.
• You now owe the bank the money ($2,998.65 in the example below).
• You try to track down the money you sent out via money transfer, which is just about impossible.
• The scammers are now richer and you are poorer.

Here’s a sample of a check one of our readers received in the mail. The scammers will often place a reputable company on the forged check:

2. Advance Fee Lenders

These frequently will contact people by phone after they’ve filled out an online loan application or have found an advertisement in a local newspaper.

This is a similar scam to the check scam described above.

3. Online Employment Offers

Offers that look for "shipping" or "billing managers," "payment processors" or anything with a financial sounding name very frequently turn out to be fraudulent listings that are, in actuality, looking for victims to commit money laundering.

Other bogus online employment offers request money for travel, work visas, etc. Some scammers don’t ask for money, but instead ask for your personal info (name, DOB, SSN, address, mothers maiden name) in order to steal your identity or sell your info to someone that will.

Be extremely careful when dealing with online employment. Don’t send money to anyone. Use a company’s main number and then ask for your contact within the company vs. just dialing direct to the number you’ve been given in order to verify your contact really works at the company you’re interested in.

4. Lottery/Sweepstakes Notification Letters

Epidemic in proportion, these are very much like the fake check scams.

5. Overpayment Scams

These usually are found in forms of online ads and typically in places such as Craigslist or other classified forums on the Internet.

Same kind of scam as #1 with a slight twist.

A check overpayment scam begins when a scam artist replies to the classified ad or auction posting and offers to purchase the item for sale with a check, then comes up with a reason for writing the check for more than the purchase price for the item. The scammer asks the consumer to wire back the difference after the check is deposited. Later, the scammer’s check bounces, leaving the consumer liable for the entire amount.

6. Mortgage foreclosure rescue scams

Scammers contact residents and offer them a desperate plan that is affordable and supposedly allows them to keep the home. Here’s how it works:

The scammers will offer to lower your monthly mortgage payment while also promising that in a short time you can own your home free and clear of any debt. The con artist claims to offer or arrange for a new loan but instead tricks the homeowner into selling the home to the con artist or a third party and agreeing to either lease the home back or purchase it back on a land contract.  The con artist or third party will pay off the existing mortgage or take out a loan. If the scammed homeowner lived in the home for a number of years, he or she likely built up and is surrendering significant equity. Equity is the market value of the home minus the value of all mortgages and other liens on the home. The con artist now owns the home and has stripped or taken the equity out of the scammed consumer’s home.

Consumerlaw.org has a great pdf which covers this fraud in detail – http://www.consumerlaw.org/news/ForeclosureReportFinal.pdf

7. Marketing/Investment Scams

People are solicited by mail or e-mail and told they can make thousands of dollars working from home by buying a special kit, book or tape collection.

8. Inheritance Scam

An e-mail or letter is sent to the victim from someone claiming to be related to them, or from somebody that claims to know that the victim’s distant relative is either very sick or has died and left inheritance money.

9. Phishing Scams

Generally, e-mails are sent from what looks like a legitimate bank or financial institution, asking for confirmation of account numbers and personal information.

- See some examples of a typical phishing email – Paypal phishing scam.

10. Nigerian Scam

E-mails or letters are sent from someone claiming to be an official or agent from a foreign country, informing the recipient he or she is seeking a foreign company or individual into whose account they can deposit funds left over from government funds, a business bank transaction or a confiscated family inheritance.

- See some examples of a typical Nigerian Email Scam.

Every one loves a "Top 10" this time of year, so here is a great one from our friends at Kroll Fraud Solutions. It was put together by Brian Lapidus – Kroll Fraud Solution chief operating officer and identity theft expert.

Enjoy!

1. Beware the Word "Prevent"

No person and no product can prevent identity theft. As long as criminals can benefit from stealing, there will be theft. Sensitive personal information (SPI) is everywhere, housed and archived in a mind-boggling variety of ways. Individuals and companies can reduce access to SPI and improve safeguards around it by working to change how we share, collect, store and dispose of information.

2. There Are No Guarantees

This mantra holds true for a lot of things in life and dealing with identity theft is no exception. While a number of instances of fraud can be restored to pre-theft status, some identity dilemmas simply can’t be fixed. If you’re on the ‘no fly list’ thanks to an imposter or an error, you’ll stay there. A third-party solution cannot deliver a remedy.

3. Watch for "Shoulder Surfers" and "Skimmers"

Shield the entry of personal identification numbers (PINs), and be aware of people standing entirely too close by when using your credit or debit card in public. Especially with the advent of cell phone cameras, a sneaky, shoulder surfing thief can get your private information pretty easily, if you’re not careful. It’s also advisable to use teller machines that are familiar to you, so you are in a better position to identify when the equipment looks different or doesn’t “feel right.” Your increased awareness may reveal a skimmer’s attempt to steal PINs and banking details at that site.

4. Keep Your Social Security Card Safe at Home

Unless you’re on your way to fill out a job application, there are very few reasons to carry around the crown jewel of SPI. At lunch a few weeks ago, the woman beside me opened her wallet for a credit card and there was her Social Security card, too. Remember, ID theft and fraud are not exclusively credit-related – thieves can use a clean Social Security number to construct a whole new life.

Additional note from Dave: I regularly receive emails from Fight Identity Theft visitors explaining how they just had their purse or wallet stolen with their Social Security card inside. Remove that card today!

5. Destroy Before You Dump That Old Computer

Erasing data just enables the computer to write over that space again; it doesn’t actually eliminate the original bits and bytes. Physically remove the hard-drive to ensure you’re not tossing out or passing along your personal details. Our company is often called upon to recover data from an erased or damaged drive; we’re very good at it – and so are some professional thieves.

Additional note from Dave: You could also consider using a software tool like Eraser to do a complete wipe of your drive. If you physically remove your drive, smash the drive with a hammer (find someone strong) before throwing it in the trash.

6. Choose "Forget Me’ Instead of  "Remember Me"

  How many Web sites do you frequent that invite you to enable an automatic log on the next time you visit? Don’t check that box! When convenience trumps confidentiality, you’re asking for trouble. The harder you make it for hackers to follow your trail into an online store or bank account, the better.

Additional note from Dave: This is absolutely necessary when using public computers. In fact, you should avoid accessing any secure sites from a public computer (like a library, internet cafe) or when using a public wireless network or wifi hotspot.

7. Don’t Rely On Fraud Alerts Or Credit Freezes Alone

Fraud alerts are meant to stop an identity thief from opening new accounts in your name. Credit freezes let you restrict access to your credit report, which would also make it hard for someone else to open new accounts. But, neither one will stop a thief from trading your SPI for cash, or using it for tax fraud or in any of the countless other ways fraudsters exploit stolen identities.

8. Practice Prudent Posting

Social networking sites on the internet enable individuals around the world to chat, share photos, recruit employees, date, post resumes, auction property, and more. Because the Web makes it possible for any posted document to link with another, any data you put out online have the potential to stay there for what amounts to electronic eternity.

Additional note from Dave: I suggest creating usernames or an email address that don’t contain your name or anything traceable to you, whenever possible. You also might consider using different usernames on different sites. This makes sense because if someone is able to determine that you use "CatLuvr55" on one site, it’s an easy search to track down  "CatLuvr55" on any other sites where you have a profile.

9. Keep That Key

When you check out of a hotel where you were issued a card-key to unlock the door to your room, don’t leave the card-key behind. Hold on to it until you’re safely home and can shred or otherwise discard it safely. Some say it’s an urban myth that the card-keys hold vital details like credit card numbers, while others report having tested and confirmed the presence of private data coded into the magnetic strip. Even if there’s no definitive answer, why risk it?

Additional note from Dave: Not sure I’m convinced on this one. I’d need to see more data showing that it is a problem. Snopes.com debunks this pretty thoroughly.

10. What’s In Your Wallet?

Make photocopies of the personal material in your wallet: Driver’s license, credit cards, insurance cards, all of it – front and back. Should your wallet be lost or stolen, you won’t be left wondering what was actually taken, and you’ll be able to quickly notify the appropriate agencies about what has taken place.

This has bounced around the internet the past few months, but I just had to share it.

In this clip, an eBay scammer appears on Judge Judy and is absolutely destroyed. Her scam was listing cell phones on Ebay, but instead of delivering an actual phone, she ships the buyer a photo of a cell phone.

How cute.

She tries to defend her scam by claiming that the buyer should have seen "photo only" in the fine print of the ad. Yeah, I’m sure that would work at a car dealership as well… 

"I’m sorry sir, we can’t let drive the Mercedes home tonight. You actually only purchased the Mercedes S-600 brochure – not the car. We’re sorry, but that’s what the contract states if you look here at the bottom of page 15."

Fraud is fraud, whether it happens on eBay or at your local car dealership. Too bad the scammer got her comeuppance on a TV show instead of a real court. In any case, Judge Judy makes it pretty clear she’s going to do her best to sick the IRS and child protective services on the woman.

Charles Darrow patented Monopoly in 1935. Since then, millions of people have turned giddy when receiving the "Bank Error in Your Favor" card from Community Chest.

Unfortunately, bank errors are nothing but a hassle in real life – the only thing you collect is a headache and frustration. To help reduce the headache, here are 10 things that everyone should know about bank errors:

Be Patient
The problem will not be solved over night. Banks process many transactions every day and it may take a few days for them to track down and solve your problem.

Be Quick
Call in the error to the bank supervisor (there isn’t much that a teller can do) as soon as you discover it. The sooner the bank can start looking into it the better.

Keep Notes
Keep quality notes of who you talk to, when you talked to them, and what was said/promised. You may need to make several phone calls and it helps to be able to clearly state who you spoke with and what was said. You also may be required to provide documentation somewhere down the line of what you did. Good records will help make this as painless as possible.

Know the End Game
Ask for a date when the problem should be resolved. This will help keep the bank focused on solving your problem in a timely way.

Dodge Bounced Check Fees
If the mistake is an under deposit (you end up with less money than you thought), you should ask the bank to cover any fees that may occur because of the shortage of funds. The bank should cover fees to fix the problem and any others that occur because the correct amount of funds was not in the account

Don’t Spend the Bank’s Money
If there is an over deposit, don’t spend the money. It might be tempting if the bank accidently deposits an extra $10,000 in your account. Unfortunately the money isn’t yours and you shouldn’t assume that the bank is going to let you keep it. If you do spend it you are just going to have to give it back – possibly with penalties or jail time if you can’t return the money in a timely fashion.

Don’t Move the Bank’s Money
Don’t be tempted to move the money to your brokerage account so you can make some nice interest or buy one of your favorite stocks. Leave the money in the account so the bank can figure out how it got there. Don’t take the money out of the account so you don’t spend it. The bank needs it there to track where it came from. Also, the money needs to be in your account when the bank figures out where it goes and decides to move it out of your account.

Stop Dreaming
The bank’s not going to let you keep the money. Yes, the bank makes errors, but they are not going to let you keep somebody else’s money because they made an error. Get over it. Stop dreaming about that Hawaiian vacation or a mall spending spree. It’s not your money.

Complain or Switch
Some people seem to have bad luck when it comes to bank errors. I’ve been lucky and have had very few, but if you’re having to deal with a lot of errors you should complain. Call customer support and ask to speak with a supervisor. Let them know how much of a hassle these errors have been. Have a reward in mind for how they can keep you as a customer. If you have a credit card, ask them to lower the interest rate. If you’re paying monthly bank fees for your account, ask them to wave them.

If they’re unwilling to do anything for you it’s probably time to move to a new bank.

Act Fast on ATM Issues
You only have 60 days to report an ATM transaction error. So, if the ATM records show that you took out more money than you actually did or vice versa, you must report it promptly or you are out of luck.

A bank error is not the joyous occasion that Monopoly suggests. It’s more like a "Go Directly to Faceless Corporate Bank Hell" card. Follow these ten steps, however, and you’ll survive mostly unscathed.

One more thing…

We’ve noticed on a different blog post – British Lottery Scam – that people are tempted to take a bad check and deposit it, hoping that the bank will become confused and give them the money. Here’s how one poster puts it:

I received the lottery scam in the mail. There is a check enclosed that is to be cashed and sent back to pay the British taxes. What would happen if I cashed the check and kept the cash? Would the scammers loose the money?

Ummm… no. Checks like these are forgeries. The scammers don’t loose money. You just create a problem for yourself by depositing a bad check, temporarily inflating your bank account, and then suddenly having it removed once the bank figures out it’s fraudulent.

Does that sounds fun?

To learn more about bank errors, visit the always excellent bankrate.com.

The BBC is reporting that 25 million Britains were exposed to the threat of identity theft when the HM Revenue & Customs (similar to the IRS in the U.S.) lost a CD containing personal data.

Ouch!

This has to be one of the worst data breaches ever, since the CD was not encrypted (just password protected) and the data included:

• Name
• Address
• Date of birth
• Bank account details
• National insurance number

In case you’re not familiar with that last item, it’s similar to the Social Security Number here in the U.S. What else could a potential thief want?

The CD with the data was sent to another HMRC location by a lower level employee via regular mail instead of using an encrypted network connection or some other secure method. The CD never showed up at the other office and officials are now trying to determine if it was stolen or just lost.

“The data lost – bank account numbers, names and addresses – represents a gold mine for the thieves and is much more valuable to them than credit card numbers or taxpayer id numbers,” said Gartner analyst Avivah Litan.

“In fact, in the black market, bank account numbers sell for the highest price, or between $30 and $400 (£15 to £200), which is significantly more than the fifty cents to five dollars that criminals pay for credit cards.”

This disaster has already forced the resignation of HMRC’s chairman – Paul Gray. I’m guessing the employee involved was also “sacked,” as the Brits like to put it. Let’s hope so.

More coverage on the BBC site – Q&A: Child Benefit Records Lost |  Analysis: How Worried Should You Be?