Monday, December 04, 2017

Credit card and telecom companies getting more pro-active with using NCOA to detect consumer relocations


Well, I have to say that the USPS NCOA system is working, as I got an email last night from Verizon Wireless asking me to confirm (with 2-step identification) my recent move to a condo, including the “phone numbers” of my iPad and Midi hotspot as well as main smart phone.

As I’ve noted here before, activity with NCOA can be a useful tool in reducing the risk of identity theft (Sept. 25, 2006). 

I’m also finding that some companies can detect that a UPS store, which claims to be a land address, really is not one and prefer to mail to real residences.  This may be a new security trend, as companies beef up their customer "clientization" databases.  I prefer to get less mail at home and more in a UPS store where there is someone there to receive it when I am away.

Tuesday, November 14, 2017

Experian gives 12 symptoms of identity theft


Experian (which used to be TRW which in turn used to own Chilton and Pinger) has a list of twelve warning signs that your identity might be stolen. It’s a pretty interesting list.

Particularly disturbing are #8 – you could find out from your employer, who might not be that forgiving – and #9, you get unexpected two-factor authentication requests. 


Failing to receive expected bills (which might be electronic) is another one.
  

I wonder about, if you have a small business, getting unrequested lines of credit. 

Sunday, November 12, 2017

Criminals doing "id theft" of legitimate contractors to scam consumers as imposters


WJLA7 in Washington (Sinclair) is advising users about another scam, possibly with Google Business.

In a few cases, criminals have changed the contact info for legitimate contractors and scammed homeowners after repairs.
  
Customers should verify phone contact in several sources (Including own website). Google is working on confirming address changes with contractors, possibly with 2-step identification. 

Thursday, October 05, 2017

Can public record searches of property be done for nefarious purposes?


What do property records show for the idly curious?

Here’s an article .

I think it’s interesting that you can find out if a couple living in a home is going through a divorce, and might sell for less.  Sounds creepy.


There are all kinds of potential information available, such as trust ownership, trustees, the presence of inheritances or estates, and possibly home-based businesses or controversial activities.  But a lot of it might be very hard to find in some communities.  Generally, the development and clientization (with modern database management systems) of big geographical systems concerning property is likely to make more of this kind of information avaible to snoops over time.

Looking up property might be done in tandem with looking up individuals on various sites, discussed here before.  I think this can get dangerous because some individuals might be politically motivated to look up such information, rather than simply jealous over the loss of a relationship (like for stalking).
  
I’ll note also that real estate sites like Zillow will, in my experience, tend to overstate the values of many properties, given the comps of what neighboring properties have actually sold for. And it may be harder to determine the physical condition of a home. 

Thursday, September 14, 2017

All three major credit companies are snowed with credit freeze requests and cannot get them processed


Now all three major credit reporting companies are having trouble processing requests for credit report freezes due to increasing volume, NBC story here.

Equifax has refused NBC's request for an interview.

All the companies say they are authorizing overtime.

Again, consumers need to watch all their financial statements for unusual charges.  The most problematic situation would be when consumers apply for credit (loan) and find incorrect accounts in their names.

As I've indicated here before (Sept. 2006), a mechanism to use NCOA could force automatic notification of all consumers of any new accounts in their names (similar to email verification for lists).  It has not been done.

My own Equifax subscription notification service did work this morning and provided an updated credit report showing no problems (yet).

Keep in mind that criminals could use stolen information many years into the future.

Thursday, September 07, 2017

Equifax lays an egg


One of the U.S. three main credit reporting agencies, Equifax, is reporting a hack that could expose 140 million people to identity theft, info including social security number, birth date, and home address (which conceivably could be used for targeting by foreign agents, although there is some safety in the mere size of the hack).   Milo Yiannopoulos has his own story on this. 

It’s unclear if hackers print credit cards in the names of the people if they would really get anywhere.  Equifax will have to recognize illegitimate transactions in the subject’s name that the subject will never know about or see a bill for.  Equifax says that no credit reports or scores were compromised.
       
 Does it know?  Can Equifax make the same search of the Dark Web that Experian offers (and that’s even part of “online reputation”)? 

  
It’s rather amazing, though, to see mortgages and car loans taken out on stolen identities and not getting caught by normal due diligence. But, then again, the 2007 subprime scandal was shocking.

Maybe it would be interesting to “own” a house you don’t know exists.  Enough movie stars own multiple condos that someone could slip one by, and even keep it rented on Airbnb. 



Update:  Sept. 9

Craig Timberg has a speculative article on p A11 of the Washington Post Saturday morning, in which he says overseas hackers could use stolen identities to commit crimes not even imagined.  Presumably he refers to child pornography, sex trafficking, and terror recruiting or money laundering with fake accounts (probably on the Dark Web) in using targets' PII.

One is reminded of risks discussed before, of a computer being infected with a virus depositing c.p., a and discovered by repairmen, a risk covered on these blogs back in the summer of 2013.  In most cases, it's probably pretty easy to prove that a fake account is not yours.  (That's been pretty easy with Facebook and social media so far, because fake accounts prop up and get reported and taken down;  Facebook is getting good at automatic detection of these.)   But there is always the remote risk of having to defend yourself against litigation or prosecution, which could increase when traveling abroad, as well as of job termination.  I have some defense in that I don't have or use P2P (although that would have changed had I hosted anyone like an asylum seeker).  In the end, you are responsible for your own reputation, no mater what.

Update: Sept. 10

Consumer Reports offers this advice.  Note the possible risk to 401(k)'s which should be closely watched.  But larger companies usually have medallion signature and verification policies. 

Tuesday, September 05, 2017

Experian offers Dark Web scan


Experian is offering a Dark Web scan of any username based on an email, at “Experian.com/scan”I tr.
I tried it and the scan found just four records dating back to 2006.  But the most recent was in December 2016.

Experian usually can’t identify an exact Dark Web source.
Reputation.com has also said it looks at the Dark Web.

Experian is offering an identity protection service, but I have Lifelock through AOL.
  
Experian is the successor of TRW. Which merged with Chilton in 1989.  Chilton had been located in Dallas, the Oak Lawn area (where I worked 1981-1988);  now it is located in McKinney, TX on US 175, north of Plano, as well as other places.