Friday, February 16, 2018

Russian election hack may have used synthetic ID theft of real US persons



It appears that some of the fake Facebook and other social media accounts involved with the 13-point Mueller indictment today may have been created as synthetic fake people with info stolen about real US persons, as in this Wired story
  
It does not appear that there was widespread direct harm to the persons stolen (credit scores, false prosecutions)


A fake profile of me was created on Facebook in early 2016, caught by a friend, and removed by Facebook before I knew about it.  It has no content.  But it is conceivable that this could have been Russian activity.
  
A detailed story in the Washington Post about the indictment by Rosalind S. Heldeman and others appears here.
  
Apparently some real US citizens joined fake groups not knowing these were Russian.
Here is a Scribd pdf text of the US Attorney in Washington DC (37 pages).  It is said to read like a spy novella. 
  
It is not clear how easily individuals named could be extradited and prosecuted.
    
The story could turn out be relevant to “fake business scams” currently discussed on my IT jobs blog.

Monday, February 12, 2018

Equifax hack even worse than previously thought; DL info could be exposed



The Equifax hack was worse than we thought.  Maybe it is “so bad”.

It looks like it compromised names, social security numbers, tax id’s, and driver’s license, for up to 143 million people. DL exposure could complicate TSA security. 
  
Tech Republic has a current story and video by Allison DeNisco Rayonne, here
  
The company that I worked for in Dallas in the 1980s, Chilton, was very nearly bought by Equifax in 1988 before TRW made a better offer (now it’s Experian).


But all my work there in the 1980s was on a mainframe, on member billing systems, with little interface with consumer records.
  
There is unusual attention this year to the possibility of IRS W-2 fraud, which could be related to Equifax.

Tuesday, February 06, 2018

Experian lists 20 kinds of identity theft


Today Experian (aka TRW, Chilton, and Pinger) offered a missive “20 Types of Identity Theft and Fraud,” the long list here.


Some are surprising.  One is driver’s license ID theft, very common, and it gets around the picture. Another is Biometric.  Still another is if a criminal gives your identity to police when arrested, which can make the police come after you, although it’s hard to see how a police department doesn’t catch it.
   

But one possibility would be to get into someone else’s Internet accounts, social media or domain, and place illegal content there or distribute from it, framing the other person.  This hasn’t happened as much as one might fear it could. Another is using someone’s wifi router for illegal purposes, causing that person to have his account canceled. 

Saturday, January 06, 2018

People with trusts might have to be careful when in their own name, if someone makes an fraudulent id-based claim and judgment; is overseas debt a risk?


Every few days I get an email with a spoofed sender address that purports to claim some stuff was bought using my iCloud signon.   Often they are games, and most of them are in Jakarta.  I think there has been one claim of a purchase on the Philippines (on one of the southern islands having violence), and a couple in former Soviet republics.  So it sounds like a simple phishing attack.

There is never a bill on a credit card, and I forward them to reportphishing@apple.com

I wonder, if someone had my SSN and somehow created accounts in foreign countries and ran up bills, could I ever be pursued for them?  I would think not unless I traveled to the country.

But it is possible for people to be pursued for judgments for fake accounts using their social security numbers.  In my case, I think it would be pretty easy to prove that it wasn’t me. 

Here’s the rub.  I have two trusts based on inheritances.  A lot of it is in my late mother’s name.  Some has been used to my name only, because for some future purchases that works better.  The part under mom’s trust name is supposed to be immune from creditors.  There could be a theoretical risk of seizure of money in my name only.  Inherited money might not be as well protected (if derived from an estate) for essentially “political” reasons, from tampering in a case like this.
  

I’ll check with Apple soon (at a store) and see if they know what is going on overseas.  

Tuesday, December 12, 2017

Synthetic identity fraud seems little known but accounts for a lot of identity theft


Here’s a discussion of how “synthetic identity theft” or  “synthetic identity fraud” works.   It often uses social security numbers of minors or of individuals not likely to need credit for years.  The fraudster creates fictitious people out of combinations of real information.

'
  
Note toward the end of the article that legitimate card users are solicited to allow others to use their credit history for compensation. This would sound criminal even on the part of the legitimate holder. I have never encountered this personally.  Note the “data furnishing” process.
  
Experian has a brief blog posting explaining the problem to businesses.  But Experian says that synthetic fraud accounts for 85% of all identity fraud. 

Monday, December 04, 2017

Credit card and telecom companies getting more pro-active with using NCOA to detect consumer relocations


Well, I have to say that the USPS NCOA system is working, as I got an email last night from Verizon Wireless asking me to confirm (with 2-step identification) my recent move to a condo, including the “phone numbers” of my iPad and Midi hotspot as well as main smart phone.

As I’ve noted here before, activity with NCOA can be a useful tool in reducing the risk of identity theft (Sept. 25, 2006). 

I’m also finding that some companies can detect that a UPS store, which claims to be a land address, really is not one and prefer to mail to real residences.  This may be a new security trend, as companies beef up their customer "clientization" databases.  I prefer to get less mail at home and more in a UPS store where there is someone there to receive it when I am away.

Tuesday, November 14, 2017

Experian gives 12 symptoms of identity theft


Experian (which used to be TRW which in turn used to own Chilton and Pinger) has a list of twelve warning signs that your identity might be stolen. It’s a pretty interesting list.

Particularly disturbing are #8 – you could find out from your employer, who might not be that forgiving – and #9, you get unexpected two-factor authentication requests. 


Failing to receive expected bills (which might be electronic) is another one.
  

I wonder about, if you have a small business, getting unrequested lines of credit.