Thursday, September 14, 2017

All three major credit companies are snowed with credit freeze requests and cannot get them processed


Now all three major credit reporting companies are having trouble processing requests for credit report freezes due to increasing volume, NBC story here.

Equifax has refused NBC's request for an interview.

All the companies say they are authorizing overtime.

Again, consumers need to watch all their financial statements for unusual charges.  The most problematic situation would be when consumers apply for credit (loan) and find incorrect accounts in their names.

As I've indicated here before (Sept. 2006), a mechanism to use NCOA could force automatic notification of all consumers of any new accounts in their names (similar to email verification for lists).  It has not been done.

My own Equifax subscription notification service did work this morning and provided an updated credit report showing no problems (yet).

Keep in mind that criminals could use stolen information many years into the future.

Thursday, September 07, 2017

Equifax lays an egg


One of the U.S. three main credit reporting agencies, Equifax, is reporting a hack that could expose 140 million people to identity theft, info including social security number, birth date, and home address (which conceivably could be used for targeting by foreign agents, although there is some safety in the mere size of the hack).   Milo Yiannopoulos has his own story on this. 

It’s unclear if hackers print credit cards in the names of the people if they would really get anywhere.  Equifax will have to recognize illegitimate transactions in the subject’s name that the subject will never know about or see a bill for.  Equifax says that no credit reports or scores were compromised.
       
 Does it know?  Can Equifax make the same search of the Dark Web that Experian offers (and that’s even part of “online reputation”)? 

  
It’s rather amazing, though, to see mortgages and car loans taken out on stolen identities and not getting caught by normal due diligence. But, then again, the 2007 subprime scandal was shocking.

Maybe it would be interesting to “own” a house you don’t know exists.  Enough movie stars own multiple condos that someone could slip one by, and even keep it rented on Airbnb. 



Update:  Sept. 9

Craig Timberg has a speculative article on p A11 of the Washington Post Saturday morning, in which he says overseas hackers could use stolen identities to commit crimes not even imagined.  Presumably he refers to child pornography, sex trafficking, and terror recruiting or money laundering with fake accounts (probably on the Dark Web) in using targets' PII.

One is reminded of risks discussed before, of a computer being infected with a virus depositing c.p., a and discovered by repairmen, a risk covered on these blogs back in the summer of 2013.  In most cases, it's probably pretty easy to prove that a fake account is not yours.  (That's been pretty easy with Facebook and social media so far, because fake accounts prop up and get reported and taken down;  Facebook is getting good at automatic detection of these.)   But there is always the remote risk of having to defend yourself against litigation or prosecution, which could increase when traveling abroad, as well as of job termination.  I have some defense in that I don't have or use P2P (although that would have changed had I hosted anyone like an asylum seeker).  In the end, you are responsible for your own reputation, no mater what.

Update: Sept. 10

Consumer Reports offers this advice.  Note the possible risk to 401(k)'s which should be closely watched.  But larger companies usually have medallion signature and verification policies. 

Tuesday, September 05, 2017

Experian offers Dark Web scan


Experian is offering a Dark Web scan of any username based on an email, at “Experian.com/scan”I tr.
I tried it and the scan found just four records dating back to 2006.  But the most recent was in December 2016.

Experian usually can’t identify an exact Dark Web source.
Reputation.com has also said it looks at the Dark Web.

Experian is offering an identity protection service, but I have Lifelock through AOL.
  
Experian is the successor of TRW. Which merged with Chilton in 1989.  Chilton had been located in Dallas, the Oak Lawn area (where I worked 1981-1988);  now it is located in McKinney, TX on US 175, north of Plano, as well as other places.

Friday, August 25, 2017

FTC reports growing cell phone account hijacking


The Federal Trade Commission reports that mobile phone accounts have been hijacked by identity thieves, who actually call and fool service centers to get access to accounts, The FTC report is here, by Lorrie Cranor, herself an FTC technology specialist with her own story, so this seems ironic. 

In many cases, virtual wallets have been depleted (they are more common for those who use digital currencies like bitcoin).



But controversial people have also been attacked. 

Wednesday, August 23, 2017

ESPN pulls sportscaster with name of "Robert Lee" from a football game in Charlottesville


In a social travesty that sounds like giving in to vigilantism, ESPN has announced it has pulled a sportscaster named Robert Lee from broadcasting the first University of Virginia football game this year.  Matthew Haag has the New York Times story here
  
ESPN said “It is a shame that this is even a topic of conversation and we regret that who calls the play-by-play of a football game has become an issue.  

Friday, August 18, 2017

People misidentified as marching with right wing in Charlottesville get doxed


Misidentification of people at the Charlottesville riots (mostly of people in the extreme right wings groups) has been taking place, with doxing and various threats to some people.
  
MSN has republished a story from the New York Times, by Daniel Victor, “Amateur sleuths aim to identify Charlottesville marchers, but sometimes misfire”, here

The story concerns a University of Arkansas professor at the engineering school misidentified was a protestor wearing a shirt from the school.  You can imagine what followed.

The article examines how the establishment press verifies identities. 

Amateur sleuths do risk getting sued, but the targets may be in danger from some time.


This could become an existential problem in social media. 

Thursday, August 10, 2017

Chip credit card technology is not perfect


ABC News reports that chips have been falling out of a few of the new chip cards, leaving consumers vulnerable, story here.
  
It’s possible for a thief to use a chip that had been found on another credit card.  So now there is a "chip hack".

  

It’s also possible for some smart phones to swipe a chip by being very new it.