Saturday, March 27, 2010

Another scam pulled on grandparents, reported on NBC

On the NBC Today show today, another scam was exposed: people troll the Internet (especially social networking sites) to look for family relationships, and then call elderly people pretending to be a grandson in jail, needing money to get out on bail. It’s unbelievable that they can play on sympathy this way, and even tell the “grandparents” not to tell the parents. “Today” simulated one of these calls.

Wednesday, March 24, 2010

CA attorney general: Prescription drug rings use id-theft

From A proposal for a project to develop system to protect personal identity in credit granting

Today, March 24, California Attorney General Jerry Brown appeared on the Dr. Phil show and spoke about identify theft by people getting illegal repeated prescriptions for certain pain-relieving or mind-altering drugs and controlled substances.

The link to Brown’s appearance is here.

So that seems to be the latest wrinkle on the debate on the id theft problem, sales of painkillers to fictitious people.

Jerry Brown was a governor of California in the 1970s, lived as a bachelor in a small apartment and not in the governor's mansion, and may run again.

Thursday, March 18, 2010

Census forms will not seek personal information

Multiple media outlets this morning are reporting that 2010 Census forms are arriving by mail this week, but that individuals and families should be careful about fraudulent imitations. Census will not contact you by email; it may call you after you return the form to clarify an answer. After May 1, if you did not return the form, you may be visited door-to-door but the worker will have ID and will not come into your home.

Census does not use personal information at an individual level; it only aggregates information for statistical purposes. It will not ask for personal identifying information. Forms that ask for personal information are fake.

Census also has strict confidentially policies for its employees, who must sign a lifetime confidentiality oath, even for information that is aggregated. See my “information technology job market” blog Feb. 2, 2010, and my “some approaches to filtering and labeling…” blog Feb. 8, 2010.

Saturday, March 13, 2010

Phone scams can phish for personal info was well as Internet emails

While we hear a lot these days about phishing (and we have heard a lot about this for years), there may be an older, low-tech scheme to watch: phone phishing.

Yesterday I got a call (on a landline, even) from someone who claimed to be from the FTC (Federal Trade Commission) and who claimed that the FTC was “managing” a sweepstakes or lottery winning, and that I had won an improbable sum. I haven’t even played a lottery or sweepstakes within recent memory, and the FTC doesn’t give out winnings. This sounds like an old-fashioned ploy for personal information. I hung up.

Remember how security was in the old bricks and mortar world? People didn't worry about it much in the suburbs until perhaps the late 1970s.

Monday, March 01, 2010

Fake NCOA changes could lead to id theft (consumers union advisory insert)

The Sunday Washington Examiner on Feb. 28 contained an insert called “Dollars and Sense Guide: Credit Union’s Consumer Resource to Financial Management”. On page C14 there appears a piece “Are you at risk of identity theft?”

The recommendations for consumers are the usual ones, except that it adds suggestions to use shredders with cross-cuts producing confetti bits rather than strips or slivers. That seems kind of paranoid. It also talks about dumpster-diving and old hazards from the bricks-and-mortar world.

But the article also highlighted a particular danger that crooks could submit NCOA changes to replace your identity. The symptom would be that you stop receiving expected bills by mail (although it you switch to doing everything online, you’ll still get them). Would my September 2006 proposal circumvent this? The problem is that a financial institution would still make a hit on the (mainframe, highly secured) NCOA database and not pick up a problem. However the USPS could set up independent verification schemes that would preclude updating NCOA until these identifiers are properly supplied. The MoveForward, etc. products used by companies to update clientization databases could easily be modified to check these parameters (including extra functions in the required USPS audit of financial institutions).