Saturday, March 18, 2017

I get duplicated with a fake profile on Facebook -- why?

Yesterday I got a post on my Facebook timeline warning me that my Facebook account might have been “hacked” because she got a duplicate friend request.  I didn’t think much of it, as I’ve gotten spam emails with headers spoofed to look like they are from Facebook friends.

Then, while I was out, another friend got one, and she reported it to Facebook.  When I got back on, I checked and found that the fake profile had already been removed.   I never saw it, but the friend told me it had no postings but had already attracted five “friends”.

I don’t see much point in setting up a fake profile imitating someone, but here is a cautionary tale on Forbes. from back in 2009, by someone in the BioTech industry.  Here’s a more recent tall tale from Baltimore.

The Huffington Post (2015) says that the motive could be “Likenomics”  -- teenagers overseas are hired to create them to increase hits and get revenue for less reputable interests (porn) and aren’t very savvy in who would make a credible person to mimic.

Here’s another site that lists up to ten reasons, link here.  Two of the more disturbing reasons could be revenge or trolling, or extreme political activism.  This doesn’t sound very credible with someone like me:  I hardly make a target for revenge porn.

But it might be possible to set up a fake profile to try to make someone guilty of sex trafficking or of making terror threats.  Again, that might be possible with a router.

That a fake Facebook profile would be part of a major scheme of identity theft sounds unlikely, although make some more unusual crimes (like house title theft) could be envisioned.

Let me mention I've seen fake Twitter accounts (like one imitating popular actor Richard Harmon).  I use Instagram very little, but when I created it I had to have a fake account set up in my name (with no images -- which could be dangerous) removed.  I don't have Snapchat (because I don't have much use for the concept right now), but I have no way of knowing if someone else could imitate me on it. Then one day the police knock.

Picture: no connection to the hack, from political demonstrations on "the Day Without a Woman".

Sunday, March 12, 2017

House stealing is a relatively under-reported consequence of identity theft, and has happened to owner-occupied homes

An email from Quora (a site you can join and supply answers to questions and get followers) discusses the grim possibility of house stealing as a result of identity theft, major link here.

And the FBI has a little known link on the problem here.
The problem is more likely to occur with a vacant house, or even a rented one; but titles have been stolen even from owner-occupied homes.  It’s a good idea to check your local government’s land title records (which will show assessed valuation and property tax payments due sometimes) online periodically, even once a month if possible.

Saturday, March 11, 2017

You can dispute a debt you don't recognize; don't fall for fake debt collection

I used to work for a debt collection (in the summer of 2003, while in Minneapolis), and one question would come up today:

Could a robocaller impersonate a debt collector to get PII and make fraudulent collection?  Could this happen by a message left on an answering machine or in digital voice if the user didn’t pick up?

It would sound likely, so consumers should know that they can dispute collection claims that they do not believe are valid.  If a caller mentions a debt you do not recognize, you can tell him or her to place it in dispute immediately. Here are the rules.  

Thursday, March 02, 2017

Private domain name registration is another prophylactic against identity theft

Verio (the ISP that hosts my legacy “” site) sent a email today “8 things you can do to prevent identity theft”.  While most of them are pretty much the same standard recommendations as always, one of them stands out: “Enroll all your domains in domain privacy”.

Generally private domain registration is only slightly more expensive than standard.

The email (I couldn’t find a URL reference for it) makes an interesting point.  A criminal could try to impersonate you based on the information on public registration.

It would get hard, though, it you use a business address (or a land address like a UPS store) and pat attention to your credit cards and financial accounts.  It’s also helpful to pay attention to references to your domain name online or your name (online reputation).

Two or three times, I’ve gotten unsolicited lines of credit (for hundreds of thousands of dollars each) sent to my UPS store in my business name,  I find no evidence that they have been used, but I wonder why people would offer them to me,  But if one were used, the purchase would have to go somewhere, which would identify the party.
I’ve also gotten inquiries as to registering my domain name in China (odd), and all kinds of procurement and collection deals from China, Vietnam, the Philippines, etc.   But I don’t think I’m responsible for anything someone does in China – unless I visit there.

Thursday, February 09, 2017

Identity theft insurance

Here’s a good article from the Insurance Information Institute on identity theft insurance. It was mentioned on the NBC Today show this morning.

A number of companies (besides Lifelock through AOL membership) offer it;  my experience is that it costs about $30 a month.

The article suggests that victims of identity theft often have lower credit scores and sometimes lose employment.  In the distant past, it was sometime common for some employers to hold associates “absolutely accountable” for their own reputations for security purposes.

The article also suggests aggressively checking your own credit reports in detail before doing a job search or looking for a new place to live.

One of the best defenses to your bank accounts is simply to check them regularly online, not from emails but from going directly to the sites.  Make sure you spell the URL’s right.

Identity theft insurance is often offered as a rider on property (homeowner's insurance) as it is on mine.  It may be part of umbrella coverage.  It is not the same, however, as coverage for online liability incidents, which I don't think can reliably be underwritten with ordinary property insurance.

Tuesday, January 03, 2017

Trump's "No computer is safe"

Donald Trump’s recent 4-worder “No computer is safe” could certainly be interpreted in the context of identity theft.  Because until there was widespread use of the Internet in commerce (after the late 90s) there were few such schemes.
Yet, by 2004 the problem was serious enough that Lifetime TV had produced the film “Identity Theft: The Michelle Brown Story”.
Trump, however, on Nov. 11 had announced a comprehensive program for cybersecurity despite his subsequent hints that digital life cannot be made safe (CNN story).

Remember, too, in the Old West:  there were horseback payroll robberies, and stagecoach and train hijackings, unpredictably.

Thursday, December 15, 2016

Yahoo! coughs up one billion identities to hackers

Here we go again, with another major hack, this time, over one billion Yahoo account, as reported, for example, by Tech Crunch,

Credit card and bank info was not taken.  There is such a huge cache that it sounds improbable that any one person would be targeted for identity theft.

On the other hand, you can't change your birthdate, and changing your name is impractical.  (Oh, in fifth grade, a girl wanted to change her name because I teased her over the "Life with Elizabeth" show -- and "Elizabeth, aren't you ashamed?"  Head shaken.  Betsy is a nickname for Elizabeth.)

My own Yahoo account no longer exists, it seems.  It was used during the glory days of GLIL.

Yup, there is even more pressure for everyone to move to two-factor authentication everywhere.

Here's a video on how to tell if your Yahoo! account is hacked.

YouTube has a lot of videos on how to hack Yahoo! (just type in that key search argument).