Feature Article
Mark Pribish
ID Theft and Deceased Americans: A Growing Trend
By Mark Pribish
Vice President and ID Theft Practice Leader

Two years ago I wrote an article about Senior ID Theft (please read the article here) and how deceased individuals are a target for many ID Theft criminals.

Since that time, a new study released earlier this month by ID Analytics (please read the article here) confirmed what has already been known – and that is how identity theft criminals steal the PII (Personally Identifiable Information) of deceased individuals.

However, what was not known was the extent of this problem where the identities of approximately 2.5 million deceased U.S. citizens are being used each year to fraudulently apply for credit accounts.

According to the study, a comparison was made from the names, dates of birth (DOB) and Social Security Numbers (SSNs) of 100 million applications during the first three months of 2011 to data in the Social Security Administration's Death Master File to determine which applications used PII associated with deceased individuals. Based on the above, the study found:

  • Identity Theft of the Dead – Nearly 800,000 deceased Americans' identities are intentionally targeted for misuse on applications for credit products and services (like a cell phone or utility account) by identity theft criminals each year.
  • Inadvertently Misusing SSNs of the Deceased – In approximately 1.6 million applications annually, an identity manipulator inadvertently used the SSN of a deceased person.
  • Identity Theft of the Dying – Several hundred thousand potential misuses of dying people's identities each year.

In addition, some identity theft criminals make up an identity – known as Synthetic ID Theft – where the criminal intentionally creates or misspells a name and/or manipulates a Social Security Number or birth date when completing a credit application to create an identity.

So what can be done? First, the Social Security Administration (SSA) maintains a Death Master File, and all three major credit bureaus and most financial institutions subscribe to monthly updates. However, it can take up to 60 days for a name to make it onto the list.

Ideally, relatives and funeral directors notify the states of deaths and the states then communicate said deaths to the SSA. When the SSA receives a death notice, they will then flag the person's Social Security Number as "inactive."

There is also a great list of detailed preventive measures you can take from the Identity Theft Resource Center (ITRC) found here.

In addition, the ITRC recommends that you avoid disclosing the person's date of birth or mother's maiden name in obituaries and funeral notices, which are often scanned by identity thieves.

Separate from ID theft and the deceased and according to the Federal Trade Commission's (FTC) February 2012 Consumer Sentinel Fraud and ID Theft Report (please see the report here), national ID Theft and Fraud complaints by consumers for ages 50 years and older for 2011 were listed in the following order:

Consumer ID Theft Victims for 50 years of age and older:
50-59 years old – 15 Percent
60-69 years old – 9 Percent
70 years and older – 6 Percent

Consumer Fraud Victims for 50 years of age and older:
50-59 years old – 23 Percent
60-69 years old – 15 Percent
70 years and older – 7 Percent

To conclude, 30 percent of individuals at 50 years of age and older are victims of ID Theft and 55 percent of individuals 50 years of age and older are victims of fraud – so everyone, young and old – needs to keep up on the latest ID Theft related news and trends to minimize our (and the deceased) risk of ID Theft and fraud.

To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Central

Hacking Tools Catching Some Social Website Users Off-Guard

Social websites have become extremely popular these days. Everyone wants to see what has been going on with their friends from high school, college, and work, not to mention those family members that live out-of-state they have not seen since the last family reunion. Social websites fill the communication void. At a glance, you can see what events, exciting or otherwise, have taken place in these people's lives during the last ten years, or even the last ten minutes. Social websites also give us the opportunity to feel as if we are still connected to those we care about.

Once hooked to social sites, the need to be "in-the-know" drives many people to logon several times a day, or to receive every single update on their smartphones or via email. The thought of not having every bit of information as it happens is truly unbearable for some. They simply do not want to be "disconnected" from the rest of society.

As social sites continue to progress in complexity, the need for greater security also continues to evolve. Having to verify oneself on any of these sites to ensure that nobody else is logging on using their credentials is a definite necessity. However, exactly how much and what type of information should one have to share in order to verify their identity? Imagine getting a popup window asking for your credit card information in order to verify yourself! It is happening for some, and it is nothing but a scam!

How It Works:

A recent article on MSNBC from Matt Liebowitz informs us that this is the result of a cyber-attack tool known as "Ice IX." It produces a popup window that looks like your social website and tells you that you need to enter your credit card information to be re-verified. Variations of the attack tool may request your username, email address and password instead. The tool claims that this is necessary in order to provide an extra level of added security. However, nothing could be further from the truth. Once you have divulged your credit card information, or your username and password, your identity is now at risk.

Social websites are not the only sites vulnerable to the attacks either. These types of attacks are also appearing on many "non-social", legitimate business websites that require accounts. So beware!

Your Defense:

Never enter your credit card or personal account information in a popup window. If you feel there is a need to verify who you are, close the popup window and proceed to your account settings. Be sure to report the suspicious window to the operators of the website. If you are seeing these types of popups, make sure your anti-virus and malware removal software is current and up-to-date and then run a thorough scan of your system to see if it is compromised.

There are several different methods available for websites to verify one's identity rather than by entering credit card information. For example, one social website will send you a text message to the phone number provided in the account settings. The text message has a six-digit code that must be entered when logging in for the first time, or when logging in on a previously unrecognized computer or a new browser. Once the code is entered, the user can return to the site for an extended length of time without having to re-verify themselves each time. However, should the user clear their browser's cache or system cookies, they will need to re-verify themself on the social site.

Another option for verification may include the ability to have the user select an image during the initial account creation, or at a later period while you update your security settings. During future logins, the site will then display the image and ask if that is the image the user selected. If the site displays the correct image, they can be confident that they are at least at the correct site and not at a phishing site. Nevertheless, you must maintain vigilance, and always be on guard for any suspicious alerts or activity that seems out of the ordinary. Always keep sensitive PII, account and credit card information to yourself. Do not share it, and never allow another to login to a website as you.

If you believe your identity has been stolen, call 866.SMART68 today.