Tag Archives: identity theft

Covid-19 Double Whammy: Losing Your Job and Hit by Identity Theft

Here in Colorado we are hearing stories that are likely being played out elsewhere.

A server went to file for unemployment benefits after being laid off and discovered that someone else was claiming benefits in their name.

This is a rotate on the old tax refund scam where someone claims a tax refund that is due to you.

In this case the crook obtains some personal information like name, birth date and social and filed for benefits IN A DIFFERENT STATE.

Historically, this has not been a problem for state unemployment departments but right now, with unemployment claims up by a factor of 10x and nationally by new claims are up by 20x, departments are probably doing a lot less due diligence than they need to be doing.

What is apparent is, like we saw a few years ago with tax refunds, the government was not and is not prepared to deal with fraud in unemployment claims. Hackers are always the leading edge.

Given that some of the systems that the states are using are 20, 30 and even 40 years old, it is highly unlikely that the states will create a systemic fix any time soon.

This person is apparently out of luck because they don’t know what state the claim was made in. I am guessing the states will need to be on the wrong end of a lawsuit in order for them to change this nationwide.

Even just trying to reach the state unemployment departments on the phone is more than a challenge.

For people who lost their job to be a victim of identity theft and have their safety net ripped out from under them – that is a huge problem with no quick fix.

Source: CNet

Guess How Long It Takes For Thieves to Use Stolen Data?

The FTC recently did an experiment to see how quickly thieves used stolen data after it was posted on the dark web.

They created 100 fictitious consumers and gave them credit cards or bitcoin wallets.  Each fictitious consumer had a name, email and passwords as well.

They posted the data twice – first on April 27th and then again on May 4th.

There are two kinds of thieves, the FTC says.  Ones who run test transactions to see if the card still works and others who just make big purchases right off the bat.

After the data was published on May 4th, it took thieves NINE MINUTES to start using the data.  On April 27th, it took a little longer – NINETY MINUTES.

In either case, it says that it doesn’t take very long.

In total there were over 1,200 attempts to use the bogus accounts.  In addition, there were close to 500 attempts to access the bogus emails.  The attempted transactions were for more than $12,000.

One note that the FTC did make – none of the accounts that had two factor authentication enabled were accessed.   Almost everyone offers two factor authentication these days.  We recommend that you use two factor authentication whenever it is available.

Information for this post came from CNN.

Merry Christmas – Is Your Child A Victim of Identity Fraud?

Now that Christmas has come and gone and your kids are actively playing with their new goodies, have you considered protecting their identities from fraud?

Two recent breaches bring the subject to the forefront.  VTech Holdings, the Hong Kong based toy maker offers an app store called Learning Lodge and messaging system called Kid Connect.  In November, after a journalist told them they had been hacked, they said that information on almost 5 million adults and 200,000 kids had been taken.  A few days later they revised that to 6.4 million kids.

This month, the toy maker Sanrio, who makes the Hello Kitty line of toys, among others, was hacked and exposed information on over 3 million customers.

In both cases the data was not encrypted, although since we don’t have details of the attacks, we do not know if encryption would have helped.  In the Sanrio case, the user’s passwords were not encrypted – that we know is a problem.

So why are kids especially vulnerable?  Because attackers know that parents do not look for identity fraud for their kids.  If someone assumes your kid’s identity, it is likely that you will not discover it.  In theory, an attacker cannot open a credit card in your kid’s name, if your kid is under 18.  In theory.  There are plenty of other kinds of fraud to consider.

In fact, according to the Tech Times article:

If an adult looking into getting a “free ride” for a few days, months or, worse, years, is able to obtain that clean slate and claim it as theirs, they can start using your child’s information to mask their own identities. They wouldn’t have much of a problem with getting caught too soon unless the parent decides to check up on their child’s record and discovers the anomalous activity.
The affected child could wake up many years later as an adult prepared to lead a responsible life only to find out they already have a bad credit score and incurred a huge debt.

For parents, this means monitoring what your kids are doing online, checking their credit reports and generally being observant. 

Just in case you think I am a member of the tin foil hat crowd, I am.  By the way, MIT did some research and discovered that for certain raido wave frequencies, tin foil hats actually increase the amount of radio waves absorbed, but I digress.  A quick Google search shows that even the Federal Trade Commission has a page on child identity theft (see here).

So while your kids play with their new toys, now is the time to start training them about identity theft.



Information for this post came from Techtimes and CNBC.