Facebook gets into the business of preventing ID theft for boosted posts

Just a quick note.  If you submit a post of issue-oriented commentary on your Facebook page (not member account) and don’t try to sell anything and then try to boost the page, Facebook may turnyou down and do a very careful vetting of your ID and residence (to make sure it isn’t Russia).

  

This will included photographing both sides of your driver’s license and having a letter sent to your residence (not business or PO) along the mines of my own proposal in the past based on NCOA.

China has started implementing its social credit system; could such a concept happen in the US with credit reporting?

Business Insider has reported that China has already started implementing its social credit system, based on surveillance. 

People who get penalized can be denied some accommodations and Internet services.  Some of the bad behaviors are familiar in credit reporting (late payments), but they also include, spending too much time on video games.

Could anything like that ever happen in the US?  Could charities get control of ranking individual citizens’ “community engagement”?

  

There’s also a problem that when people use sharing economy services (rideshares and especially Airbnb) they can build up reputations as consumers.  Could these find their ways into the credit reporting systems?

Russian "Fancy Bear" creation of fake websites could create an identity theft threat

A recent report by major news media on Russian hackers creating fake websites relative to some conservative think tanks and politicians could have serious implications in the identity theft world. 

  

Alex Johnson has a typical story about “Fancy Bear” on NBC News. 

The implication is that foreign hackers could create websites purporting to belong to controversial individuals.  This might work with celebrities, but would possibly be very serious for those less well known if foreign interests wanted to make examples of them in order to show a certain kind of combativeness.

Hosting companies and domain registrars could be pressured to prevent fake registration, or (without net neutrality) telecom companies could be pressured not to allow them to connect. 

There have been numerous cases of fake Facebook profiles of even lesser known people (this has happened to me once, and it was caught quickly by a friend before any material was posted on it). 

Usually these get removed quickly.  Twitter also has a false profile problem with celebrities, but has gotten better at catching and removing them.  When you find a celebrity profile with few or no tweets, you can question whether it is fake.

Platforms in which a person does not have an account can present an issue.  When I got an Instagram account, I found a fake one there with no posts, and it had to be removed first.

  

There could be serious problems if lesser known people were falsely implicated in criminal activity by fake profiles.  This is also obviously an “online reputation” issue.  There have been prosecutions when a person’s router was used surreptitiously for criminal purposes.  This can also be a problem when having quests (hosting or Airbnb), and is usually handled by allowing only guest account use.

Experian actually recommends people register their families (or even every member) as domain names through ICANN as an identity theft prevention tool.  But I can see how this could cause objections.

Russia still insists it "hears" (from Trump) that there was no "meddling" in the 2016 elections.  These attacks may have been directed at those who were most critical of Putin, this time.  Remember Sony and North Korea. 

It could be possible for someone's identity to be hijacked overseas, and be arrested only when in another country, maybe if compelled to travel to a less stable country for work. 

Banks and retailers capture user behavioral biometrics to stop impersonation

Retailers and banks are using “behavioral biometrics” to determine how you swipe, tap, or handle a mouse. NYTimes story by Stacy Cowly.  

  

This could be useful in identifying fraud at ATM’s (and there is a recent scandal in progress overseas. Mike Snider story on USA Today).   So it sounds useful to limit identity theft.

It could be helpful in providing security to websites, to help identity malicious logon attempts (with Jetpack and Sitelock). 

    

But it also means that even a lot more data is being collected that hackers could find some day.

Which states are the worst for identity theft?

The Denver Post has a story by Tynin Fries ranking states as to losses due to identity theft per capita.
  

Nevada was the worst, but Colorado was second.  The other states are big urban states: California, Maryland, and New York.  Colorado’s loss per victim seems to be about $4400.

It still is hard to believe these losses are unrecoverable.

This recent study was from SecureLife.  But a 2017 study had ranked Michigan as #1.

A good question would be to relate identity theft to election fraud.  We’ll come back to that later.

Experian's tips for vacation travel

Experian has an article giving advice on avoiding tech scams while on summer vacations. 

Attackers may set up similarly spelled names to legitimate hotel servers within a few hundred feet of the hotel.

Experian recommends either getting a VPN or using the hotspot from your own smartphone provider (which can be put on the phone or be a separate physical device – although the latter means one more electronics item to get through the TSA).

Experian has a separate article on preparations before leaving home for the airport. It recommends limiting the credit cards you carry to just two or three, and contacting your credit card company for these cards.  It is also advisable to contact your home security company. 

Mueller's probe reports widespread identity theft as a result of Russian hacking; who is liable?

Around noon today, Deputy Attorney General Rod Rosenstein announced indictments of twelve more Russians for hacking activity associated with the 2016 elections, as part of Mueller’s probe.

The announcement seemed controversial since it occurred during Trump’s Europe trip.  

Rosenstein emphasize that no American citizens were charged, and that there was no finding that the hacking changed the election.

But he said that around eleven individuals had their identities stolen.  It was not clear if these were Americans or other western nation citizens.

  

It is possible for people to be held liable for misuse of their identities in some circumstances.  Some employers presume that associates will take absolute responsibility for any misuse of their identities, as with credit checks. So this is a noteworthy announcement.