Feature Article
Mark Pribish
The Internet was Created For Convenience and Reliability, Not ID Theft and Data Breach Events
By Mark Pribish
Vice President and ID Theft Practice Leader

The Internet was created for convenience and reliability, NOT your security where ID Theft and Data Breach events have become commonplace in almost every business, across every industry group.

The Internet or cyberspace is, in a way, the new Wild, Wild West - where ID Theft criminals are not limited by state and national borders or state and national laws - but instead are hindered only by the strength and integrity of an organization's security posture.

Unlike the ID Theft and Data Breach criminals of the past - who, primarily hacked into websites for fun and personal reputation - today's ID Theft and Data Breach criminals are in it for the financial gain, personal and sensitive data, and intellectual property (e.g. new product development, proprietary business strategies, etc.).

In fact, it can be argued that cybercrime has become larger than the illegal drug trade and that cybercrime (http://en.wikipedia.org/wiki/Computer_crime) is no longer solely for hackers, but also organized crime.

So why am I writing about Internet and cybercrime in this month's ID Theft newsletter article? The answer is simple - to increase your consumer education and consumer risk management.

According to Symantec (a software security company) about 90 percent of the 140 billion emails sent daily are spam - and, of this number, about 16 percent of these emails include scams attempting to steal your money. Typically, these scams range from phishing attacks (which can trick you into unknowingly giving your bank account information or passwords); to spear-phishing (where ID Theft criminals personalize an email to you so that you trust them and open the email, only to find their intention was to steal your personal or business information).

So how can you be proactive in protecting your personal information from those ID Theft criminals roaming the Internet looking to steal your personal information?

One way is to take advantage of the Fair and Accurate Credit Transaction Act (FACT Act) - where every consumer in the United States has annual access to their credit reports at NO COST from www.annualcreditreport.com.

Annualcreditreport.com was created to support the FACT Act and is sponsored by the three major consumer credit bureaus (Experian, TransUnion and Equifax) so that all consumers can request and obtain a free credit report once every 12 months.

While the primary option in obtaining a credit report is to go online to view and print your report through a secure Internet connection, you can also request your free credit report via an automated phone call (877-322-8228). In addition, you can also complete the annual report request form and mail it to the following address:

Annual Credit Report Request Service
P.O. Box 105281
Atlanta, GA 30348-5281

Whenever I mention annualcreditreport.com to family and friends, I always encourage them to order their report once every four months (e.g. January, May and September) from a different bureau, so that they are able to benchmark any changes to their credit file every four months for free.

Under the Fair Credit Reporting Act (FCRA), consumers have the right to obtain information from the MIB Group, Inc. - formerly known as the Medical Information Bureau - and today known as MIB.

MIB is a membership corporation owned by almost 500 member insurance companies located in the United States and Canada. According to MIB, their mission is to detect and deter fraud that "may occur in the course of obtaining life, health, disability income, critical illness, and long term care insurance."

Your MIB file contains coded information that identifies medical conditions and/or medical tests that are reported by MIB members to MIB, under broad categories. There are also a few codes that are non-medical related. These codes report potentially hazardous jobs or hobbies - or of a motor vehicle report showing a negative driving history. MIB has no actual reports or medical records on file, just the coded information by the member.

Consumers in the United States can receive a copy of their MIB consumer file once a year for free by calling MIB's toll-free number for disclosure at 866-692-6901.

Please note that MIB can provide a medical consumer file only if you have applied for individually underwritten life, health or disability income, during the last seven years.

You also have access to your driving license status by contacting your individual Motor Vehicle Division (MVD) by state, or by going through a third-party marketing company. Whether you are applying for a job as a commercial driver, or considering a new auto insurance company, it is a good idea to check out your Motor Vehicle Record (MVR). Your MVR will include traffic convictions, points, suspensions, etc., which will help you understand your eligibility for employment and/or better insurance rates.

Unlike the credit report and medical report - there is a cost to an MVR report which can vary from state, and/or third-party. For example, in Arizona (where I live) I can go online to view and print a copy of my driver's license record at a cost of $3.00.

So, in an effort to protect yourself from identity theft and to have the latest and greatest information on yourself, you may want to obtain your latest and greatest credit information, medical information, and driver's license information - to check for accuracy and completeness - as well as to make sure that no one else is using your name and personal information.

To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.

Sincerely,
Mark


Scam Central

Google AdWords Scam

Many companies and individuals use online marketing tools to help drive traffic to their websites, which they hope will then lead to a sale. For many such companies, traffic generated from online advertising is the sole source of leads, and may makeup the majority or perhaps even the totality of their income.

Imagine receiving an email informing you that your online advertising campaigns have been stopped. That is the message a new email targeting Google AdWords customers is delivering. The email is a phishing attempt that works by causing panic among online advertisers. If your advertising campaigns are not running, new leads are not coming in, no new sales are being made, and income is being lost. If this is your sole source of income, you simply cannot afford to have your campaigns shutdown.

How It Works:

As with all deceptive phishing attempts, you receive an email which claims to be from the purported source. When you open the email you see the Google AdWords logo and a reasonably-official-looking message. The message tells you that your online campaigns have stopped running. The email then suggests that you log into your account and see if there are any problems and of course a convenient link to a fake login screen is provided. However, this email is not from Google, and the provided link does not go to a Google website.

Your Defense:

Though it is not always easy to tell if an email is genuine, there are a few precautions you should always take to help differentiate legitimate emails from phishing attempts.

  • Use common sense first. Do you even have an account setup with the sender of the email? In this case, if you don't have a Google AdWords account, why is Google sending you an email saying there is a problem with your campaigns?
  • Examine the email carefully. Phishing emails commonly contain misspelled words and use poor grammar. Many of these phishing emails are generated by thieves overseas who do not natively speak English. Look closely at the image above. The word "with" is spelled "wit" and the phrase "Your campaigns seems to have stopped" is grammatically incorrect. It should read "Your campaigns seem to have stopped."
  • Do not click any links provided in the email. Links in phishing attempts are not pointing to the valid business domain address they are purported to be. Instead, they will point to a scam website that is waiting to steal your information, or perhaps plant a Trojan, virus or keylogger on your system the moment you arrive at the site.
  • Do not call phone numbers provided in the email. Scam artists are able to setup elaborate voice systems to make you think they have dialed a trusted call center. In reality, they are simply being redirected to a thief.
  • Research the email online. Find out if others have already identified this email as a possible phishing scam. Chances are you are not the first to receive the email.
  • Do not rely on the contact information in the body of the email. If you think there is a possibility that the email may be legitimate, visit the sending company's website directly (in this case Google AdWords), and use the phone numbers and links provided there to contact support.

You should send a copy of any phishing email you receive to the support group of the company the email reportedly came from. If you get the Google AdWords phishing email, send a copy to Google and let them know about it. They can then provide their users with fraud alerts and post information on their website regarding what one should do if they have received the email.

Be sure to stay alert. Identity thieves and scam artists are getting much better at making emails such as this one look more authentic and genuine every day. However, by following the tips noted above, you can stay one step ahead of the scam artists and keep your information, your PC, and most importantly, your identity safe.

If you believe your identity has been stolen, call 866.SMART68 today.