Don’t take the bait: Avoid phishing scams

CONSUMER FORUM

By Russ Van Arsdale, Executive Director, Northeast CONTACT

Posted May 18, 2013, at 1 p.m.

 

There’s a kind of social engineering designed to part consumers from their hard-earned money.

It’s called phishing, and it’s become one of the most common scams. It was the fourth most common scam reported to the National Consumers League fraud center last year, and — when lumped in with all “imposter scams” — it ranked No. 8 in the top 10 frauds reported to the Federal Trade Commission.

Phishing involves a number of ways that con artists gain people’s trust and thereby gain access to their personal and/or financial information. Once that’s done, it’s a short step to stealing someone’s identity, cleaning out their bank account or otherwise wreaking havoc on their financial lives.

The director of consumer protection at the Consumer Federation of America says new phishing schemes are popping up every day.

“We want people to realize that it should be no different when someone approaches you online or by phone asking for that information,” Susan Grant said in a news release last week.

For whatever reason, some of us are more trusting of nameless, faceless people who hit us up by email or over the phone. Most of us would not think twice about refusing a request for personal information from someone who rang our doorbell; when that person makes an electronic approach, we might think twice.

That’s what the con artists want. They pretend to be someone they’re not: an employee of your bank, a government official or an officer of the company where you work. They call or email you with what sounds like a legitimate request for information; instead, it is a (sometimes) cleverly disguised way to get you to reveal your Social Security number, bank account number or other personal data that they can use.

The approach by telephone might be the easiest phishing attempt to ward off. You can simply say, “Sorry, I don’t do any business over the phone,” and hang up. It may be a little tougher when the come-on appears in your email.

It might say that you’ve left something off your income tax return: “Don’t delay your return — click here.” Or you may be asked for an account number “to pay the administrative fee on this prize you’ve won.” The variations are endless … and so is the phishing.

A common theme among phishing attempts: They are not what they seem to be. If you’re asked to click on a link, picture or anything from a source you don’t know, DON’T DO IT. You might be downloading malicious spyware onto your computer. You also could be redirected to another, unknown website where trouble awaits. A request to “join my social network” might really be a hook that someone is using to try to reel you in.

The Consumer Federation has a new video summarizing these and other helpful hints at www.consumerfed.org/fraud. If you think you have been a victim of identity theft, visit www.IDtheftINFO.org to find out what to do. There’s more information about scams and protecting your identity at the FTC website, www.consumer.ftc.gov.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit http://necontact.wordpress.com or email contacexdir@live.com.

Thieves target children as easy victims of identity theft – Bangor Daily News

CONSUMER FORUM

By Russ Van Arsdale, Executive Director, Northeast CONTACT

Posted May 12, 2013, at 12:46 p.m.

Here’s a quick quiz: Which of the following scenarios means your child has become a victim of identity theft?

• You receive a notice from the Internal Revenue Service that your child did not pay income taxes, or that the child’s Social Security number was used on another person’s income tax return.

• You or your child are turned down for government benefits because benefits are being paid to another account bearing the child’s SSN.

• You get bills or collection calls for goods or services that you did not order.

The correct answer is: “All of the above.” Each scenario could be an example of a child’s identity being stolen.

A study by Carnegie Mellon CyLab in November 2011 found that 10.2 percent of more than 40,000 juveniles who were studied experienced some kind of identity theft or fraud. The comparable rate among adults was 0.2 percent.

Why the big difference? Children are routinely issued SSNs as infants; if a child’s number is stolen, the theft may not become apparent for months or even years. Those numbers are prime targets for thieves, who look for SSNs with clean histories. With them, thieves can commit financial fraud, do an end-around bad credit ratings and get around constraints placed on illegal immigrants.

Theft can also occur within families. A driver whose license is suspended or revoked might “borrow” the child’s SSN to establish a new identity and regain a license. A person might assume the identity of another family member to repair credit, apply for a job or to avoid arrest.

When a parent discovers that the child’s ID has been stolen, he or she bears the burden of proving that the child is in fact a child, and that the child did not run up the bills that someone else is trying to collect. The parent becomes lead investigator, trying to figure out how the child’s personal information got into the wrong hands while setting the record straight.

When a person turns 18 and applies for financial aid for college or tries to rent an apartment, only then might he or she discover that his or her identity was stolen years before. The investigation becomes a cold case, with a fraudulently obtained credit history in shambles and no way to find out exactly what happened. The thief often uses the identity until the credit history is destroyed and the thief can no longer get credit using that identity.

Parents are urged to check their child’s credit history when the child is no older than 16, to make sure that history is clear (access the three major reporting agencies for a free annual report at www.AnnualCreditReport.com).

The nonprofit Identity Theft Resource Center (www.idtheftcenter.org) says sometimes parents who get in financial trouble use the SSN of their own child in an effort to rebuild their financial lives. They may think they will pay off their bills in time, so that their child’s credit history won’t be damaged; that may or may not be the case.

Identity theft was the Federal Trade Commission’s leading complaint last year (the 13th straight year the crime ranked number one), with over 369,000 complaints. The FTC has step-by-step help at its website: http://www.consumer.ftc.gov/features/feature-0014-identity-theft. The Maine Attorney General’s website ( http://www.maine.gov/ag/consumer/index.shtml) has a checklist of action steps as well. Victims may also contact the Identity Theft Resource Center at 888-400-5530.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit http://necontact.wordpress.com or email contacexdir@live.com.

To prevent identity theft, guard your Social Security number

CONSUMER FORUM

By Russ Van Arsdale, Executive Director, Northeast CONTACT

Posted Feb. 17, 2013, at 3:12 p.m.

Almost everything you read about preventing identity theft advises that you guard your Social Security number, or SSN, like gold. Why, then, do some agencies insist that you carry certain documents containing your SSN everywhere you go? And as one local consumer asked us, why when you call some companies does everyone who answers the phone need to know your SSN?

We know that identity thieves try all sorts of tricks to access our SSNs. With the numbers and some other personal information, they can open accounts or apply for jobs posing as you. They can also try to get a refund from the Internal Revenue Service; alert the IRS immediately if you receive a letter saying:

• The IRS has information you’ve been paid by an employer that you don’t know.

• It has received more than one tax return with your name on it.

The IRS will work with you to straighten things out. Of course, it’s simpler if you can avoid the hassle in the first place by keeping your SSN out of the hands of thieves.

That can be a problem if you carry it everywhere. Thieves are not shy about picking your pocket or handbag and helping themselves to your SSN, as well as whatever cash you might be carrying. For that reason, experts in preventing identity theft advise you to leave your Social Security card and other documents that contain your number at home, unless it’s mandatory that you have it.

That’s where the San Diego-based Privacy Rights Clearinghouse, or PRC, has a problem with some companies and government agencies. PRC notes that in 2006, the U.S. Government Accounting Office found that 42 million Medicare cards, eight million Department of Defense ID cards and seven million Veterans Affairs ID cards carried SSNs. It took until the middle of 2011 for the numbers to begin disappearing from the military IDs.

The Social Security Number Protection Act became law in December 2010, but will take three years to fully implement. Many consumers are unhappy that their SSNs appear on their Medicare cards, which they may feel obligated to carry. The PRC suggests you photocopy your Medicare (or other) insurance card and either blacken or cut out the last four numbers of your SSN. Cut the photocopy to wallet size and carry that, instead of your card with the full number on it. Once you’re in a database, that should be sufficient for identification or authentication purposes.

The “last four numbers of your Social” has become a theme song for entities that still use SSNs as identifiers. We’re asked to believe that revealing a partial number is not risky. Consumers Union, publishers of Consumer Reports, disagreed in a September 2007 letter to the Federal Trade Commission, saying “use of even a partial SSN may be an ineffective authenticator given the widespread availability of these numbers.”

During this tax season, identity thieves are sending out bogus emails by the millions, trying to trick us. Don’t give personal or financial information to a caller or email purporting to be from the IRS — the agency does not do business in those ways. And don’t click on anything in any unsolicited email.

For more on the subject, visit the Federal Trade Commission website at www.ftc.gov and search “tax related identity theft.”

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit http://necontact.wordpress.com or email contacexdir@live.com.

A (Potentially) Taxing Situation | Consumer Information from FTC

February 12, 2013

by

Carol Kando-Pineda

Attorney, FTC

Tax season is here. It’s time to get your files and forms in order. You may be well-versed in W-2s and 1099’s, but do you know that an identity thief can mess up your tax files or even get to your tax refund before you can file for it?

Tax-related ID theft can happen in a few ways; all of them involve your Social Security Number (SSN). If someone uses your SSN to get a job, the employer reports that person’s income to the IRS using your SSN. When you file your tax return, you don’t include those earnings. The IRS doesn’t know those wages were reported by an employer you don’t know, so the agency would send you a notice or letter saying you didn’t report that income.

Sometimes an identity thief uses your SSN to file for — and get — your tax refund before you file. Then, when you file your return, IRS records show the first filing and the refund. You’ll get a notice or letter from the IRS saying more than one return was filed for you.

If this happens to you — or if the IRS sends you any notice or letter indicating a problem — contact them immediately. Visit the IRS  online or call 1-800-908-4490. Specialists will help you get your tax return filed, get you any refund you may be due, and protect your IRS account from identity thieves in the future.

One additional point: the IRS never starts contact with a taxpayer using email, text, or social media that asks for personal or financial information. If you get an email that claims to be from the IRS, do yourself a favor: don’t reply or click on any links.  Instead, forward it to phishing@irs.gov.

On February 20 and 21, 2013, the FTC, federal and state enforcement agencies, and consumer advocacy groups will hold a series of Town Halls in South Florida to discuss how to combat tax-related ID theft.

If you suspect identity theft, learn more about how to repair the damage.

Get a check from the federal government? Watch out for scams

CONSUMER FORUM

By Russ Van Arsdale, executive director, Northeast Contact

Posted Jan. 13, 2013, at 5:41 p.m.

Ever since the federal government said it would stop sending paper checks in favor of using direct deposit, scam artists have been hard at work. With a March 1 deadline for the switch coming, expect crooks to ramp up their illegal efforts.

Scammers call, write or email to phish for personally identifiable information, such as Social Security numbers. Once they have enough information, the crooks can claim a false identity and set up an account to receive federal payments.

The U.S. Treasury Department is getting the word out that the switch to direct deposit will be complete as of March 1. Everyone who receives Social Security, veterans’ or other federal benefits should be aware that many such payments will no longer be made by paper checks.

There are two basic reasons for the change, which has been under way for a number of months. Right now, about 93 percent of all federal payments are directly deposited. The Eastern Area Agency on Aging, or EAAA, estimates 3,200 recipients in Hancock, Washington, Penobscot and Piscataquis counties are still receiving paper checks. Fully implementing direct deposit is expected to save the government $4.6 million a month, or a billion dollars over the next decade.

It’s also intended to make those federal payments more secure. Federal statistics show that more than 440,000 Social Security checks were stolen in 2011, and $70 million in checks were fraudulently endorsed. Direct deposit is expected to cut those figures dramatically.

Dyan Walsh, EAAA’s director of community services, says about 300,000 Mainers use direct deposit. “It’s a safety issue,” Walsh says, “to reduce the chance of anything happening to those payments.”

However, there are still risks. Those scammers are already on the phones, claiming to be government officials and asking people for the information that will help the crooks steal their money. Be aware: Governments don’t call or email and ask personal questions; if someone calls you claiming to be a federal official and wants personal information, just hang up.

Instead, you should take the initiative to make sure your payments are secure. The Treasury Department has launched the Go Direct campaign, explaining and promoting the change at www.GoDirect.org. Information is also available through a toll-free call to 800-333-1795, from 8 a.m to 8 p.m. Eastern time, Monday-Friday.

You can arrange for direct deposit to your bank or credit union account, either by phone or online. Christopher Pinkham, president of the Maine Bankers Association, says people in the industry are ready to answer customers’ concerns, especially about safety.

“It’s remarkable how well [direct deposit] works,” he told me.

Visit your bank or credit union and ask questions directly, if using the phone or email makes you uneasy.

You may opt to receive your payments by way of what’s called Direct Express Debit Mastercard. There’s no charge to sign up for the prepaid debit card, and most services are free. Those who have not arranged direct deposit by March 1 will receive their payments this way.

When making the switch you’ll need your Social Security number or claim number; 12-digit federal benefit check number; amount of most recent federal benefit check; financial institution’s routing transit number, and your account number and type — checking or savings. Work with a trusted friend or relative if you need help.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit http://necontact.wordpress.com or email contacexdir@live.com.

Maine’s Department of Professional and Financial Regulation Announces Cease and Desist Order Against “Woodhaven Advisors”

Bureau of Consumer Credit Protection says company is a predatory advance fee loan scam, falsely claiming to be located in Portland, Maine

GARDINER – Maine’s Bureau of Consumer Credit Protection issued a Cease and Desist Order against Woodhaven Advisors this week and warned consumers about this nationwide phony consumer loan company falsely claiming to be located on Forest Avenue in Portland.

A consumer in Oklahoma contacted the Bureau seeking licensing information about Woodhaven Advisors, which maintains a professional-looking website (www.woodhavenadvisors.com).  The company offered the consumer a $10,000 loan in exchange for four upfront monthly “collateral payments” of $200.38 totaling more than $800.

A Bureau investigation revealed that no lender by the name of Woodhaven Advisors is located at the Portland address listed on the site.  As a result of the investigation, the Bureau issued a formal Cease and Desist Order against Woodhaven Advisors on November 27, 2012 (www.WoodhavenAdvisors11_27_12.com).

“Woodhaven Advisors is not registered with the Bureau to make or broker consumer loans to Maine or out-of-state borrowers,” said David Leach, Principal Examiner with the Bureau. “The company is also not listed in corporate filings with the Secretary of State’s Office.  Additionally, the Portland City Clerk’s office confirmed that no such company is located at the address listed on the company’s website, nor is Woodhaven Advisors registered to do business in Portland.”

Leach sent an inquiry to the company’s “customer care” e-mail address.  The company responded on November 26, 2012 with profane language.

Advance fee consumer loans are illegal in Maine and the remainder of the United States.  Consumers who fall victim to advance fee loan scams pay the upfront money, but never receive the promised loan funds.  When consumers follow through with transactions of this kind from fraudulent lenders, they are often directed to wire advance fee funds, using services such as Western Union, Money Gram or Green Dot, to Canada or another foreign country.

“Once the money is wired or mailed to the scammers, there is little if any chance of recovering those funds,” Leach added.

The on-line application from Woodhaven Associates asks applicants to disclose their Social Security number, street address, and telephone and email contact information.  The disclosure of personal financial information such as Social Security numbers, dates of birth and bank account information can lead to a subsequent identity theft incident and additional losses of funds.

The Bureau notes that Maine has issued licenses to many reputable lenders and loan brokers, and advises consumers to never wire or mail advanced, certified funds to unknown consumer lenders or brokers. The Bureau recommends that consumers deal only with known, licensed lenders and brokers, and encourages consumers to call the Bureau (207-624-8527) to verify the license status of any company engaged in the consumer loan business. The Bureau also maintains a roster of licensed supervised lenders and loan brokers on its website, www.Credit.Maine.gov .

###

The Bureau of Consumer Credit Protection is part of Maine’s Department of Professional and Financial Regulation, which encourages sound ethical business practices through high quality, impartial and efficient oversight of insurers, financial institutions, creditors, investment providers, and numerous professions and occupations.  Consumers can reach the Department at www.maine.gov/pfr.

TD Bank’s lost tapes procedures questioned | The Portland Press Herald / Maine Sunday Telegram

Experts see signs of flaws in its handling of personal data and notification to customers, some of whom are upset.

By Jessica Hall jhall@pressherald.com
Staff Writer
October 10

TD Bank made procedural errors when it lost computer tapes containing sensitive personal data, including Social Security numbers, and risked exacerbating potential problems by waiting more than six months to notify customers of the breach, security experts said Wednesday.

“It doesn’t sound like they were using proper controls. It’s not good practice to ship unencrypted backup tapes. It has become a lot less common for financial institutions to lose data these days,” said Robert Richardson, an independent computer-security analyst and former director of the San Francisco-based Computer Security Institute, an association of computer security professionals.

TD Bank, which has 54 branches in Maine, began notifying customers last week that tapes including names, addresses, Social Security numbers, account numbers and debit or credit card numbers were lost in March while being transferred between bank locations. The bank said it was not aware of any misuse of the information, but did not explain how the tapes were lost.

TD Bank, which has more than 7.4 million customers and more than 1,275 retail locations, also would not say how many customers were affected. TD Bank lost the tapes in Massachusetts, but said customers on the East Coast from Maine to Florida may have been affected.

“You can understand why a bank doesn’t want to disclose the number, but as a security professional, you have to assume the worst,” Richardson said. “There could be thousands of records on a backup tape. It could be an enormous number.”

Under Maine law, companies must disclose information about data breaches or losses “as expediently as possible and without unreasonable delay,” but no formal timetable dictates how or when companies must notify customers.

Some customers said Wednesday they were going to cancel their TD Bank accounts.

“It makes you think twice about the bank. I’ll probably change banks,” said Caleb Gannon of Yarmouth, who received a letter last week from TD Bank about the loss of his personal data.

One Scarborough customer, who declined to be named because she did not want to draw attention to her lost personal information, said she and her husband would be closing their joint account as soon as possible.

“The bank said it apologizes for any inconvenience. It’s way more than an inconvenience. It’s insulting,” the customer said. “The fact that it took so long generates more concerns and more questions.”

Liz Donnelly of Bangor said she had not been notified of any problems with her account, but was concerned about TD Bank’s lack of speed in informing customers.

“It definitely makes you nervous, but it’s been kind of happening to a lot of companies. But alerting people shouldn’t be a problem like that. TD Bank has become a big institution and I don’t know if that’s better,” Donnelly said.

Maine’s Bureau of Consumer Credit Protection said it has received complaints from some TD Bank customers.

“Sometimes,” Richardson said, “there’s good reason for the delay — such as working with law enforcement — or other times they’re just dragging their feet.”

TD Bank has offered free credit monitoring and identity theft protection to customers who were affected.

The bank said it did an internal investigation and notified law enforcement, but said there was no criminal investigation.

“We worked diligently to find the tapes and conduct a thorough investigation. Since this was not a data breach of any kind, there is no criminal investigation,” said TD Bank spokeswoman Rebecca Acevedo.

Sam Imandoust, a legal analyst with the Identity Theft Resource Center, a nonprofit organization in San Diego, said customers should carefully monitor their credit report and look for any suspicious activity on their accounts.

“It’s dangerous to have all that information out there. Was it unreasonable that it took seven months to disclose? What’s reasonable and prompt? Was it as expedient as possible?” Imandoust said. “I hope nobody gets a nasty surprise on their credit report.”

Identity Theft Resource Center, which tracks data breaches and lost information, said there have been 324 breaches of data nationally with more than 9 million financial records, including bank and credit card accounts, exposed so far this year. That compares with 419 data breaches with 22.9 million records exposed in 2011, the center said.

Since TD Bank is a federally chartered bank, state regulators don’t have much control over how customers get treated. The Massachusetts Attorney General’s Office declined to comment, and the Maine Attorney General’s Office did not return calls.

The Federal Trade Commission also declined to comment. The Office of the Comptroller of the Currency, which oversees federally chartered banks, said it couldn’t comment on any specific bank or situation. TD Bank is a subsidiary of Toronto-Dominion Bank of Canada.

Other companies in Maine have also been affected by data breaches.

The biggest case involved Hannaford Bros. grocery chain, in which computer hackers stole the credit and debit card numbers of Hannaford shoppers from Dec. 7, 2007 to March 10, 2008. More than 4 million card numbers were exposed. About 1,800 fraudulent charges had been made by the time Hannaford announced the breach on March 17, 2008.

The other major data breach was reported in January 2007 and involved TJX, a retail chain that owns T.J. Maxx, Marshall’s and other stores.

Staff Writer Jessica Hall can be contacted at 791-6316 or at:

jhall@mainetoday.com

Related headlines

Thousands affected by TD Bank data loss

Related Documents

TD Bank’s letter notifying customers of lost data

What to do when you lose your wallet

CONSUMER FORUM

By Russ Van Arsdale, executive director, Northeast CONTACT

Posted June 10, 2012, at 3:59 p.m.

 You’re having one of those days when you don’t think things could get any worse. Then, you realize you don’t have your wallet.

Whether it was lost or stolen, it’s now gone, along with whatever cash was in it and a number of other items. Those are the focus of this article; much of the following information comes from CreditCards.com-Wallet Recovery Kit, a website allowing customers to search for and compare credit card offers.

Deal immediately with any credit cards that were in the wallet. If a thief took it, he or she won’t hesitate to forge your signature. That’s the bad news; the good news is your losses, if any, are limited by law, as long as you report the loss promptly.

Call your credit card company right away; if you had not written down the account number somewhere (more on this later), you can find the number on your most recent statement or go online, searching for the card company name and “report stolen card.” Since most companies have fraud detection specialists at work, you may actually hear from them before you realize the card is missing.

Give the representative your account number and the time frame the card went missing. If you didn’t write down your account number, you will have to answer some questions about your financial life to prove you are who you say you are. Then the customer service person will check recent account activity and ask you if the charges were really yours.

If your card has been used without your authorization, you’ll need to fill out a fraud report; that will require a police case number, so report the loss to your local department as well. Whether it’s been misused or not, the company will likely cancel the card and issue you a new one. Any reward points should be transferred to that new card.

Next, you’ll need to remove the stolen card’s data from any online accounts or automatic bill paying programs. A new card should arrive in the mail in about a week; until then, you’ll need to rely on checks or another card you may have.

Most steps are the same in the case of a missing debit card, except you report the loss to your bank. Liability limits are a bit different, too. Report the loss within two days and you’re liable for up to $50 of fraudulent purchases; after two days you may have to pay up to $500, although the bank may forgive all or part of that amount; it’s worth asking.

Your driver’s license is another high-risk document; with it, a thief can give a correct address when using your stolen cards and apply for new credit. Report the loss to the Maine Bureau of Motor Vehicles. You’ll need some identifying documents (birth certificate, passport, etc.) and documents proving your legal residence to apply for a replacement license; an online search can help you determine what you need.

Losing your Social Security card poses the greatest risk; with that number, a thief can be well on the way to stealing your identity. For that reason, DO NOT carry it routinely in your wallet.

Prepaid gift/credit cards, insurance cards and roadside assistance cards represent other, lower-risk losses. These should be reported, even if you’re not expecting to lose money as a direct result of the loss of a card.

Earlier we talked about writing down card information, and the reasons are pretty clear; replacing lost items takes time, and having your information organized where you can find it makes the process easier. Get forms for recording that data and other helpful tips at www.creditcards.com. If you don’t have a computer, a friend or relative can print the forms for you.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit necontact.wordpress.com or email contacexdir@live.com.

ID theft website launched

CONSUMER FORUM

By Russ Van Arsdale, executive director, Northeast CONTACT

Posted Sept. 11, 2011, at 7:01 p.m.

A new resource was unveiled last week in the battle to keep our private information private.

The Consumer Federation of America launched a website ( www.IDTheftInfo.org) that’s likely the most comprehensive site on the Web on identity theft. It was unveiled at a news conference Wednesday, and there appears to be something of value for anyone who might be familiar with identity theft (and that could be any of us).

The home page invites visitors to take a short quiz on identity theft; by taking it, you can see quickly what you know and what you need to know more about. From there, the navigation is easy.

There’s a variety of general information for consumers, furnished by the organizations that teamed up to create the website. Consumer Action maintains an ID Theft Library including education materials and teaching guides, to bring this basic but vital information to young consumers. There’s a report on child identity theft, aimed at helping parents prevent theft of their children’s unused Social Security numbers.

Some good, basic advice comes from Call for Action, an international network of consumer assistance and education agencies that team up with broadcasters to spread the word. A link to its website yields a laundry list of do’s and don’ts on identity theft.

Another partner in the site, the nonprofit Identity Theft Resource Center (ITRC), offers advice about correcting misinformation on medical records. The Federal Trade Commission discusses the growing problem of medical identity theft and how to minimize the risk of that happening. According to one estimate, 1.5 million Americans lose an average of more than $20,000 repairing damage done by such thefts.

Another fast-growing problem is data breaches, which Consumer Action says rose 37 percent since last year. ITRC has annual reports on data breaches, and the Privacy Rights Clearinghouse–another nonprofit–maintains a chronology of data breaches.

The best advice may be the simplest: when in doubt, go back to the basics. The website has a wealth of free information about the nuts and bolts of keeping your identity safe and your personal and financial data out of the hands of thieves. We’ve covered many of these points in previous columns, but a few bear repeating:

• Keep your financial documents and other personally identifiable information out of public view.

• Review financial statements as soon as you receive them, and challenge charges you did not make. Shred those financial records when you no longer need them.

• Carry with you only those documents you really need. Leave your Social Security card, birth certificate, passport and the like locked up securely at home.

• Give out your personal information sparingly, only on secure websites and only to people and businesses you know and trust. Don’t give out information over cellular or cordless phones.

Here’s a cheering thought: the scam artists follow the news, too. They keep up on developments in catching their cohorts in crime, in an effort to stay one step ahead of the law. They’ll seize on any official action, such as a government rebate, and create a scam that seems to fit. One more sobering prospect: all of us who use the Internet create “digital dossiers” that stay with us for life … and beyond. More on that in a future column.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates. For assistance with consumer-related issues, including consumer fraud and identity theft, or for more information, write: Consumer Forum, P.O. Box 486, Brewer 04412, go to http://necontact.wordpress.com, or email contacexdir@live.com.

Data breach a reminder to watch credit, debit cards — Bangor Daily News

Consumer Forum
By Russ Van Arsdale
Executive Director
Northeast Contact

Posted Feb. 20, 2011, at 8:48 p.m.

The news last week of another data breach made everyone in Maine who uses credit or debit cards think twice.

Surely the several thousand people who made purchases at Day’s Jewelers stores in Maine last November and December were concerned. They were assured that they had done nothing wrong, nor had the various credit unions where consumers had their credit or debit accounts.

We all took a second look at our accounts once news of the breach broke. One consumer from eastern Maine, a recent Day’s customer, wrote us saying that someone from a company billing itself as a fraud detection firm called her on Sunday to check on suspicious charges. When she was asked for the last four digits of her Social Security number, she promptly hung up.

To which we say, “Bravo.” The Maine Credit Union League says no credit union would ask such a question. We believe no credit card issuing or fraud detection company should ask for such information by phone or e-mail. And no consumer in his or her right mind should ever give it out to a caller or e-mailer he or she almost certainly had never met.

The reason is painfully clear to anyone who has been the victim of identity theft. When thieves have the last four numbers of your SSN, they’re well on their way to stealing your identity.

Those last four numbers are issued sequentially; it’s luck of the draw. The first three are a kind of area code, indicating where you were when first requesting your SSN. The middle two numbers are some sort of group ID, and while they’re a little more difficult to figure out, many persistent thieves have done so.

Some businesses still use the “last four” as a customer ID number, and some are adamant about the practice. Another consumer told us a large communications firm told her, in essence, “no Social, no response” when she asked for service. Other companies have been more accommodating, and it may take a number of consumer complaints to change the policies of the stubborn ones.

The Maine Credit Union League’s advice to members is worth heeding by all consumers:

• Monitor and review accounts on a regular basis and report any unusual charges and activity.

• Be warned of possible scams, and don’t give out any personal information by phone or e-mail. If you receive a call from someone claiming to be from your credit union asking for account information, hang up, and call back using the number on your account statement.

• If you did respond to such a solicitation, contact your financial institution directly using the phone number provided by your financial institution.

• Choose a unique PIN that does not contain the “last four” or other information thieves might know.

• Don’t deposit fraudulent checks from Internet sources; once they’re found to be bogus, you’re stuck.

• Report any suspicious solicitations and activity to your financial institution and local authorities.

• Review your credit reports to make sure all information is accurate, and get it corrected if it is not.

You’re entitled to a free credit report from each of the three major reporting companies each year. We suggest rotating among them, so you get one every four months. Visit http://www.maine.gov/pfr/consumercredit/credit_report.htm for details.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s membership-funded, nonprofit consumer organization. Individual and business memberships are available at modest rates. For assistance with consumer-related issues, including consumer fraud and identity theft, or for more information, write: Consumer Forum, P.O. Box 486, Brewer 04412, go to http://necontact.wordpress.com, or e-mail at contacexdir@live.com.