tag:blogger.com,1999:blog-320785882024-02-08T02:53:18.872-08:00ID THEFT - PREVENTION, DETECTION, RECOVERY - A SERVICE OF KNIGHTSBRIDGE CASTLEExpert Resources for the Prevention, Detection, and Recovery from over 80 crimes of Identity Theft. A service of KnightsBridge Castle, leaders in independent personal information security management and risk reduction.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.comBlogger171125tag:blogger.com,1999:blog-32078588.post-28026680939908439782007-04-25T09:56:00.000-07:002007-04-25T09:58:21.180-07:00HOW WIDESPREAD IS IDENTITY THEFT – DELOITTE AND TOUCHE REVEALS 15,000,000 VICTIMS LAST YEAR.<a href="http://www.dca.ca.gov/images/cabanner.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 385px; CURSOR: hand; HEIGHT: 38px" height="62" alt="" src="http://www.dca.ca.gov/images/cabanner.jpg" border="0" /></a><br />KnightsBridge Castle participated in the California Governors Identity Theft Summit on April 11, 2007 and once again we had the opportunity to view a widely divergent set of statistics concerning the growth of Identity Theft crimes in the US. <br /><br />In the last two years, federal agencies such as the FTC and commercial enterprises such as the credit card companies have painted a picture a crime in decline citing approximately 7 million incidents. Both the FTC and the credit card firms have been somewhat self congratulatory about the reports they have issued or sponsored indicating a decline in the crime. However this rosy picture was somewhat tarnished when leading a leading market research company, Gartner Research, contradicted these reports recently and indicated that in the same period identity theft crimes had grown by 50% and is now exceeded 10,000,000 incidents per year.<br /><br />Rena Mears, Partner in the auditing firm of Deloitte & Touche was the keynote speaker at the Governors conference and in her remarks she indicated that Deloitte’s estimate of identity theft crimes for this period was in excess of 15,000,000 victims in 12 months. In addition she commented that the financial impact of identity theft crimes had doubled in the pas 12 months. In other words the amount of money stolen or defrauded had increased significantly. She also noted that victim recovery (the ability to recover the financial loss – but not the loss of time and effort) had dropped from 87% in 2005 to 61% in 2006.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-82784983097446812082007-04-12T11:07:00.000-07:002007-04-12T11:09:41.732-07:00IRS FRAUDS AND TAX SEASONKnightsBridge Castle staff was interviewed a second time last week by NBC television about IRS Tax Frauds. The program will be aired tonight on the Bay Area NBC affiliate channel 11. <br /><br />We offer here on our blog the critical issues discussed during the interview.<br /><br />IRS TAX FRAUDS<br /><br /> <br />Identity Theft Frauds which result in IRS Tax fraud are the most common type of Identity Theft – not credit card fraud<br /><br />33% of Identity Theft involves hijacking a Social Security Number (SSN) for purposes of reporting illegal income, fore example:<br /><br /> Employment fraud, and false employment<br /> Money laundering transactions, DMV fraud, Medical Benefits Fraud<br /><br /> <br />The financial exposure of IRS Tax frauds are real – there is no policy of forbearance or quick resolution to these frauds – they are painful and expensive to unwind,<br /><br />Two Common IRS Frauds<br /><br />9095 Tax Form<br /> You receive an official looking IRS 9095 tax form with an urgent message to complete the form and FAX is to a special IRS number. Failure to comply will result in your bank account being frozen. The form asks for your full personal information including banking information – such as bank routing numbers. The form is fake, and the special telephone number is a direct line to organized criminals.<br /><br />IRS Email – Tax Refund<br /> You receive an official looking email from the IRS informing you that you are eligible for a significant refund. The amount is often about $500 and the only requirement is that your reply to the IRS email with your personal information and your banking information – such as bank routing numbers.<br /><br />Objective of these frauds<br /><br />To obtain your personal information and your banking information and to then loot your bank account through wire transfer or other money transfer methods. <br /><br />If you supply this information and do not exercise due caution and care in protecting your personal information, your bank has no obligation under law or in common practice to reimburse you for your loss. You have been robbed and you are unavailable to receive restitution from the bank, because you freely gave personal information without exercising care.<br /><br />How to Spot an IRS Fraud<br /><br />The government and business will never ask for information they already have. Confirmation gambits are always fraudulent.<br /><br />Confirmation gambit – where someone poses as a business or government official and seeks your personal information (Such as SSN and banking information) to confirm your identity and to maintain their records.<br /><br />Confirmation information is asked for in an email, by fax, or on the telephone.<br /><br />You are offered a windfall from a business or government by email, telephone, or fax.<br /><br /> <br />Tax Time Advice to Consumers<br /><br />File your taxes electronically – reduce the potential for your paper forms and documentation to be lost or stolen by criminals<br /><br />If you do file paper forms, hand them to a uniformed postal employee who is behind the counter at a post office<br /><br /> NEVER place them in street corner post boxes, of outgoing mail drops in<br />Businesses. <br /><br />NEVER hand them to someone standing in front of the post office at the filing deadline who looks like a postal official. Always go inside the post office.<br /><br />Once a year, use a commercial service to ensure that your SSN has not been hijacked by someone for use in committing fraud. The cost can be as little as $10 to detect the use of your SSN by someone else.<br /><br />Never respond with sensitive personal information (including SSN and banking information) if you are contacted by email, fax, or telephone. If you are concerned, call back the business or the government agency at the number listed in the phone book and ask to talk to a representative about this matter.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-40144054067361894232007-03-29T14:53:00.000-07:002007-03-29T15:02:09.652-07:00TJ MAXX – ADVICE TO CONSUMERS - NBC INTERVIEW<a href="http://www.nbc11.com/images/structures/headers/site_header_logo.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 264px; CURSOR: hand; HEIGHT: 91px" height="77" alt="" src="http://www.nbc11.com/images/structures/headers/site_header_logo.jpg" border="0" /></a><br /><div><br /><br />Tim Logan, CEO of KnightsBridge Castle spoke to NBC television today about the risks of fraud and impersonation crimes resulting from the loss of over 45 million credit card and debit card records by the retail company TJ Maxx. NBC wanted to know what consumers can do to protect themselves from this criminal attack.<br /><br />“The TJ Maxx threat is serious,” said Tim Logan. “The loss of credit card numbers, debit card numbers, PINS, security features and drivers’ license number, to organized crime groups, presents a very real threat to consumers,” he continued. “This was not lost tape, or misplaced data. Organized criminals targeted TJ Maxx and systematically looted their databases over a six year period. This stolen information will be used to commit frauds and impersonation crimes for years and years,” said Tim Logan.<br /><br />What can consumers do to protect themselves if they shopped at TJ Maxx? Mr. Logan provided NBC with the following general advice:<br /><br />-- Take this threat seriously.<br /><br />-- Remember commercial credit monitoring services will not protect you against this fraud. Credit monitoring will capture these frauds 60 to 90 days after they occur and have gone to collections. “Its like a fire alarm that goes off after the house has burned to the ground,” commented Logan.<br /><br />-- Place a 90 day fraud alert on your credit records with the credit bureaus. Then lock down your credit records with a Credit Freeze in 25 states.<br /><br />--Monitor your credit card accounts by checking statements immediately upon receipt – better yet, check using internet account tools once a week.<br /><br />-- Debit Card holders are at the greatest risk. If you debit card has been compromised, cancel the card and have a new one issued. Debit cards do not provide adequate protection against fraud. They are not regulated by federal credit regulations as are credit cards with which your actual out of pocket loss is limited.<br /><br />-- Subscribe to a service which monitors the dark web, where criminals buy and sell stolen information such as that taken in the TJ Maxx incident.<br /><br />-- If fraud occurs:<br />o Notify the credit card company, or the debit card issuer immediately by phone. Then notify the credit rating companies. Failure to notify both the credit issuer and the credit rating companies may result in the loss of critical consumer rights under federal law.<br />o Always follow up in a written letter – keep copies and send a postal return receipt requested form.<br />o File a police report – without a report no crime has been committed and without a police report you cannot exercise your full rights to legal protection including permanent “fraud alerts” no-cost credit freezes, and lessened probability of later collection demands by creditors.<br />o Watch carefully for any suspicious activity involving your Drivers License information, such as unrecognized traffic violations, or auto insurance increases which may result from DMV or insurance fraud.<br /><br /><br />Tim Logan concluded “This is a serious breach of confidential financial and personal data. Consumers who take action to protect themselves now will avoid enormous grief and trouble later if they just take some simple precautions. No one will protect you. You must rely upon yourself to prevent and recover from this crime.”<br /><br /><br /></div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-90973458195786349022007-03-20T10:48:00.000-07:002007-03-20T10:53:35.205-07:00IDENTITY THEFT – ONE THE RISE? OR IN DECLINE?<a href="http://knightsbridgecastle.com/crimert.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://knightsbridgecastle.com/crimert.jpg" border="0" /></a> Symantec, the internet security company and key provider of internet anti-virus software, released its annual Internet Security Threat Report volume XI this month. The Symantec report, similar to the Gartner report issued last week are in sharp contrast to studies issued by both the Federal Trade Commission and research sponsored by the credit card companies. While the FTC and credit card companies report declines in “identity theft”, both Gartner and Symantec describe a crime wave of unprecedented proportions growing rapidly and adapting to the weak preventative measures provided by government and business.<br /><br />At KnightsBridge Castle we not surprised by the findings of growth in identity theft and frauds facilitated through the theft of personal information. However, we were surprised by the quantity of this activity originating in the USA. In recent years many analysts had assumed that the systems in which phishing scams, spam scams, internet initiated fraud, and the criminal resale of stolen and breached information had moved to safe havens offshore. The Symantec report indicates that up to one third of all this illegal activity still resides in the United States and therefore subject to the our law enforcement.<br /><br />Here are some of the surprising findings of the Symantec report:<br /><br />The Unites States was the top country of attack origin, accounting for 33% of worldwide attack activity.<br /><br />86% of the credit card and debit cards advertised for sale on underground and illegal economy servers were issued by banks in the US<br /><br />The government accounted for 25% of all identity theft related data breaches, more than any other sector.<br /><br />51% of all underground economy servers were located in the USA.<br /><br />46% of all known phishing web sites were located in the USA<br /><br />The US has the largest proportion of spam zombies.<br /><br /><br />These findings are alarming, in that government regulatory agencies and law enforcement have within their reach the many of these illegal activities, yet they do little or nothing to shut them down. A phishing site in Moldavia or Beijing presents great challenges for American law enforcement, however a criminal server offering stolen banking information for sale located in Detroit is an entirely different matter. In our opinion its time for the Federal Trade Commission and US law enforcement to get focused on this crime wave and recognize that much of the threat lies in the USA and is therefore within the reach of the long arm of the law.<br /><br />The full report is available on Symantec’s website at:<br /><br />http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport<br /><br /><br /><div></div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-21282034745822736672007-03-15T09:47:00.000-07:002007-03-15T09:48:06.518-07:00DEBIT CARDS AND INCREASED RISK OF FRAUDAt KnightsBridge Castle we often advise clients to not use debit cards for payments. In our opinion the legal protections against fraud provided by “credit cards” are significantly superior to those protections against fraud found in “debit cards.”<br /><br />Credit card use and fraud is protected under federal fair credit laws which limit your exposure to $50 per fraudulent charge. Most credit card issuers (but not all) will wave this fee in the event of fraud. However debit cards have fewer protections and losses are generally limited to $50 if the bank is notified within business two days. Losses reported after two days are limited at $500. If the loss is reported following a 60 day delay, the bank is under no obligation to reimburse you. While some banks offer added protections for debit cards, consumers are often ill prepared to follow the complex provisions of these additional debit card protections. For example, the added protections against fraud provided by VISA and MasterCard require that the debit card be authorized by a signature rather than a PIN. In a recent Wall Street Journal article the author commented:” The reason: Banks get higher fees from merchants when consumers use debit cards with signatures, rather than PINs.”<br /><br />Whatever the risk, consumer protections against fraudulent use of cards is best provided by credit cards regulated under the federal fair credit laws. At KnightsBridge Castle we do not advocate either debit or credit payments. However, in our opinion, and based on our experiences in assisting fraud victims, you are far far safer using credit cards. If you don’t like debt, then pay off the card fully when you receive the bill.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-69559883002640955492007-03-12T14:32:00.000-07:002007-03-12T14:37:13.510-07:00FRAUD ALERTS – POOR PROTECTION AGAINST IDENTITY THEFT<a href="http://knightsbridgecastle.com/SSNBODY.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://knightsbridgecastle.com/SSNBODY.jpg" border="0" /></a><br /><div>The CEO of an Identity Theft company which provides “fraud alerts” placed on your credit records with the credit reporting companies recently advised fraud alerts as a preventative technique for the prevention of identity theft. The CEO said “Placing a fraud alert with the major credit Bureaus … is a great frontline for defense.” By doing this the CEO explains any time someone tries to change the information on your credit report or open up a new account, the credit card company has to call you first for verbal authorization.”<br /><br />While this sounds like good advice <strong>"fraud alerts" are a very poor defense against identity theft</strong>. Why?<br /><br />The fraud alert is not statutory – it is advisory. New credit issuers are not required to notify you of a new account. The law advises them to do so and in our experience less than half provide notice – often little more than a message on your answering machine or voicemail.<br /><br />Secondly, fraud alerts are easily manipulated by credit thieves and they can be changed, removed, or worse modified by credit thieves. For example, the security measures of the credit bureaus are so poor, that credit thieves with a minimum of personal information can and will either remove the alert, or change the phone number to themselves.<br /><br />Most important is that a fraud alert is applicable only to credit theft. Credit theft is less than 25% of identity theft. The single greatest form of identity theft is Social Security Number hijacking often for purposes of illegal employment. Fraud alerts do nothing to prevent or detect from the common identity frauds of IRS fraud, Medical Benefits Fraud, Drivers License fraud or over 70 other frauds facilitated by the theft of identity information.<br /><br />Lastly, the CEO of this company charges $99 per person per year to assist you with this free service.<br /><br />If you think that the small benefit of fraud alerts are of value, save yourself some money. Buy 12 envelopes and $4.68 of stamps. Address each envelope four times with the addresses of the credit reporting companies. Write a letter demanding a fraud alert. Place a copy in each letter. Then once a quarter mail three letters – one each to each credit reporting company. Save yourself $93.<br /><br />Even better take a really effective measure to protect yourself against credit fraud – lock down your credit history with a credit freeze. New applications for credit cannot be processed without your permission to access your report. </div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-3514259967952618892007-03-09T12:46:00.000-08:002007-03-09T12:47:35.718-08:00IDENTITY THEFT UP 50% IN RECENT SURVEY15 million Americans were victimized by some sort of identity-theft related fraud in the 12 months ending in mid-2006, according to a survey by Gartner, Inc. Gartner’s survey is contradictory to the credit card company funded surveys indicating a 10% decrease in the crime for a similar period. The new survey revealed more than a 50 percent increase since 2003 when the Federal Trade Commission (FTC) reported 9.9 million American adult identity theft victims.<br /><br />“Hackers are exploiting Internet auctions, nonregulated money transmittal systems, the ability to impersonate lottery and sweepstake contests, and other types of imaginative scams,” said Avivah Litan, analyst at Gartner. “The thieves have also discovered the weakest links in the U.S. payments systems. Typically, the weak links are found among the five or more million businesses that accept electronic payments from consumers, and the consumers themselves.”<br /><br />In the past two years KnightsBridge Castle has seen enormous inconsistency in surveys attempting to characterize identity theft crime growth. The FTC has indicated that the crime is diminishing. The credit card company sponsored surveys have also indicated a small decline in the crime. On the other hand Federal Banking officials have completed a study indicating a 103% increase in mortgage fraud facilitated by identity theft for the same time period. Now we have Gartner’s report of a 50% increase.<br /><br />These survey inconsistencies can sometimes be explained through examining the survey firms definition of identity theft. The FTC survey exclusively focuses on credit card crimes, thus ignoring identity crimes in false employment, IRS fraud, medical benefits fraud, and more than 70 other frauds facilitated through identity theft. The credit card company sponsored surveys are in our opinion biased and are funded to allow the credit companies to assure the public that new security measures are working to stem this crime wave.<br /><br />While we lack the survey facilities of the FTC, Gartner, and the credit card companies, we do feel that we have a good feel for the state of identity theft in the USA. In our opinion this crime wave continues unabated, and if anything the Gartner survey may understate the real rate of growth both in the US and through out the world.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-5291600347847811692007-03-05T12:05:00.000-08:002007-03-05T12:07:44.056-08:00AGE OF FRAUD AND THE END OF CASH<a href="http://knightsbridgecastle.com/OneHundredDollar.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 177px; CURSOR: hand" height="302" alt="" src="http://knightsbridgecastle.com/OneHundredDollar.jpg" border="0" /></a> Two recent articles hit our desk at the same time and got the staff at KnightsBridge Castle thinking about the future of Identity Theft. The Economist Magazine featured an article announcing the end of the “cash era”. Electronic commerce, including the credit cards, debit cards, pay pal, and electronic payments from bank accounts has greatly diminished the need for notes and coins in the cash economy. The Economist noted “Notes and coins are already a small fraction of the money in most rich countries.” The article predicted that the within a few years cash as we understand it would cease to exist.<br /><br />The second article was a series of comments by the President of the Association of Certified Fraud Analysts. In these comments the president of the association commented that the crime of the new century would be fraud. New technologies and new systems were actively creating new opportunities for criminals engaged in fraud and theft. Clearly the proliferation of frauds and identity theft confirm his views<br /><br />As we enter a cashless society many classes of crime may diminish. For example when a bank contains no cash, or a store has no cash, certain types of robbery will disappear. However they are most certain to be replaced by new types of robbery and fraud.<br /><br />Therefore we at KnightsBridge Castle believe that Identity Theft, and the frauds that are committed using personal information, are a crime wave that will not diminish. Reluctantly and sadly we find ourselves watching the unprecedented growth of identity theft and fraud as we exit the age of cash and enter the age of fraud.<br /><br /><div></div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-33937066476464511452007-02-21T09:27:00.001-08:002007-02-21T09:28:43.764-08:00BOGUS CD RATES REVEAL BOGUS ON-LINE BANKSInternet banking rates can be too good to be true. A company called Federal Savings offered an 8.85 percent rate on a six-month CD on its internet banking site. When bank rating agencies sought more information, the company's Web site disappeared. Later it popped back up with a 6.25 percent rate. When questions concerning the companies operations were directed to Federal Savings the company did not answer. Its Web site is down again, and the company could not be reached. To see whether a bank is federally insured, go to <a href="http://www.fdic.gov/" target="_blank">http://www.fdic.gov/</a>.<br /><br />Banking scams are growing on the internet and caution is advised. Make sure that the internet bank you have selected is legitimate. In addition carefully look at the name and URL (website address) of the bank in question. In the example cited above, there are many legitimate banks with Federal Savings in their name. So don’t be confused by names which sound legitimate or resemble know banking institutions.<br /><br />Fraudulent banks on the internet can steal both your money and your identity. Use caution in selecting internet banking sites.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-32622848672632045822007-02-20T12:29:00.000-08:002007-02-20T12:32:05.275-08:00IT’S TAX TIME – WATCH THOSE W2’s AND 1099’s<a href="http://knightsbridgecastle.com/IRS.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 270px; CURSOR: hand" height="165" alt="" src="http://knightsbridgecastle.com/IRS.jpg" border="0" /></a><br /><div>Most of us are careful about divulging our Social Security Numbers or Taxpayer ID Numbers. However soon to arrive in your mail will be key information which can be used to commit a wide variety of harmful identity theft and crimes of fraud. This mail often has blazed across the front of the letter such phrases as “Important Tax Documents” or other phrases that identity thieves can quickly spot. In addition the format for these documents and the envelopes that contain them make them very easy to spot if left unattended in an unsecured mail box.<br /><br />Identity thieves and credit fraudsters often target un-secured mail boxes. A variety of techniques are used. Some of these techniques are simple such as opening unlocked mailboxes and simply taking the mail. Others are more sophisticated and include using simple tools to extract mail. Sometimes identity thieves will steal mail directly from postal authorities.<br /><br />Identity thieves, criminal imposters, and other fraudsters know that tax time can be harvest time for identity theft. And W2’s and 1099 tax forms are of great value in committing the many crimes of identity theft.<br /><br />Here are a few tips for protecting this important information and for preventing identity theft.<br /><br />-- Locked Mailbox – get a locked mailbox or use a postal box to receive important documents such as W2’s and 1099<br /><br />-- Clear Out Your Mailbox within 8 hours of receipt of your mail. Don’t let mail pile up in a mail box. Find out the time your mail is usually delivered and pick it up as soon after delivery as possible.<br /><br />-- Store W2’s, 1099’s, and other tax documents in a locked and secured place within your home or office. Burglars know that these documents have street value and can be sold for cash to other criminals. Don’t leave these documents lying about the house or in conspicuous places such as boxes labeled Tax Documents, or next to your computer.<br /><br />-- File your taxes electronically or by handing your tax documents directly to a postal official within the post office. Go to the post office window; never post tax documents in outside mail boxes.</div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-4912957308400547772007-02-14T11:51:00.000-08:002007-02-14T12:02:22.955-08:00MOST RECENT DATABREACHES<a href="https://www.databreachdefender.com/images/blue%20and%20yellow%20logo.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 400px; CURSOR: hand" alt="" src="https://www.databreachdefender.com/images/blue%20and%20yellow%20logo.jpg" border="0" /></a><br /><div><a href="https://www.databreachdefender.com/images/blue%20and%20yellow%20logo.jpg"></a><p><br />At KnightsBridge Castle we track databreaches as they are reported. The loss of personal information security, enabled by a databreach at a government agency, merchant database, or other source is an increasingly common vector for identity theft, impersonation crimes, criminal activity, and fraud.<br /><br />Here is a list of this weeks top five databreaches –<br /><br /></p><p><a href="http://www.courier-journal.com/apps/pbcs.dll/article?AID=/20070214/NEWS01/70214030"><br /><span style="color:#990000;">Wellpoint</span></a> - [2007-02-14]<br /><br />(196,000 Social Security numbers among information on stolen tapes)<br /><br /><a href="http://www.nbc4.com/news/10983140/detail.html"><br /><span style="color:#660000;">Washington D.C. Metropolitan Police Department</span></a> - [2007-02-11]<br /><br />(Social Security numbers for 2,000 police officers exposed)<br /><br /><a href="http://news.bbc.co.uk/2/hi/uk_news/6349041.stm"><br /><span style="color:#660000;">Department for Work and Pensions (UK)</span></a> - [2007-02-10]<br /><br />(Bank details of as many as 26,000 pensioners sent to wrong addresses)<br /><br /><a href="http://www.fortwayne.com/mld/journalgazette/16667910.htm"><br /><span style="color:#660000;">State of Indiana</span></a> - [2007-02-10]<br /><br />(5,600 people and businesses notified about credit card numbers on hacked server)<br /><br /><a href="http://www.wsls.com/servlet/Satellite?pagename=WSLS%2FMGArticle%2FSLS_BasicArticle&c=MGArticle&cid=1149193124169&path=!news!localnews"><br /><span style="color:#660000;">Radford University</span></a> - [2007-02-09]<br /><br />(Breached computer contained 2,400 Social Security numbers and birthdates)<br /><br /><a href="http://www.wral.com/news/local/story/1198897/"><br /><span style="color:#660000;">East Carolina University</span></a> - [2007-02-09]<br /><br />(Social Security numbers, names, and some credit card numbers for 65,000 posted to web)<br /><br /><br /><p><a href="http://www.nbc4.com/news/10962978/detail.html"><br /><span style="color:#660000;">St. Mary's Hospital</span></a> - [2007-02-08]<br /><br />(130,000 names, Social Security numbers and birthdates of patients on stolen laptop)<br /><br /><a href="http://clubs.ccsu.edu/recorder/news/news_item.asp?NewsID=175"><br /><span style="color:#660000;">Central Connecticut State University</span></a> - [2007-02-07]<br /><br />(Letters reveal Social Security numbers for about 750 students)<br /><br /><br /><a href="http://www.omaha.com/index.php?u_page=1000&u_sid=2326625"><span style="color:#660000;">University of Nebraska, Lincoln</span></a> - [2007-02-07]<br /><br />(72 Social Security numbers posted on public web site for over two years)<br /><br /><a href="http://www.wmdt.com/wires/displaystory.asp?id=58386284"><br /><span style="color:#660000;">Johns Hopkins Hospital</span></a> - [2007-02-07]<br /><br />(Missing computer tapes contain Social Security numbers of 52,000)<br /></p></div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-8412693119385265192007-02-12T12:04:00.000-08:002007-02-12T12:04:22.052-08:00FRUDULENT DEBT – IT KEEPS GOING, AND GOING, AND GOING<a href="http://knightsbridgecastle.com/torso.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://knightsbridgecastle.com/torso.jpg" border="0" /></a><br /><div>Under federal and state law you are not responsible for debts incurred by fraudsters and identity thieves. The mailing of a stop contact notice to a creditor, together with a police report of the crime, and an FTC approved identity theft affidavit provides the needed notification to the debtor that a fraud has been committed. Debtors usually cancel the debt after a short investigation.<br /><br />However, this does not mean the end of collection headaches for a proven fraudulent debt.<br /><br />For example the collected bad debts of a credit card issuer or merchants may be packaged in bundles of debt and sold to debt collection companies. After some time these bad debts may be packaged and sold again. And then sold again. <br /><br />Each new collection company may have no record of the status of the debt as fraudulent.<br /><br />At KnightsBridge Castle we very often see debts that have been acknowledged as fraudulent and forgiven by the debtor, show up in the new collections efforts by collections companies – regardless of the status of the debt as a proven and accepted fraud.<br /><br />It is critical that you keep written copies of all correspondence regarding the cancellation of a debt. Never fail to follow up a phone call to a debtor with a written notice of the fraudulent charges – even if the debtor says this is not necessary. Do not rely upon “fraud alerts” “information postings” or other notices with the credit rating companies for protection. Credit collections companies who purchase bundles of supposed “bad debts” pay little or no attention to the records of these companies. There only goal is to get money from you – regardless of the proven status of the fraudulent debt.<br /><br />These fraudulent debts can show up time and time again. And each time you may need to provide copies of the original correspondence about the fraud to stop collections companies from harassing you. <br /> </div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-72528642076197496802007-02-02T13:14:00.000-08:002007-02-02T13:26:30.685-08:00LOTTERY SCAMS PROLIFERATE AND HIT HOME<a href="http://knightsbridgecastle.com/torso.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://knightsbridgecastle.com/torso.jpg" border="0" /></a><br /><div>The famed and highly successful Canadian Lottery Scam has begun to spin off new variants and twists. This week we talked with yet another victim of this scam who lost well over $100,000. </div><div> </div><div><strong><span style="font-size:85%;color:#666666;">We have modified some of the elements of this story, but not the basic facts, in order to protect current and potential victims.<br /></span></strong><br />The victim was notified by email of his extraordinary winnings in a Netherlands lottery by a large and ethical lottery company in Europe. However the email was from criminals not from the lottery company. He was directed to a legitimate looking website and given his client access information. And amazingly there was a web page indicating a balance in the lottery bank of millions of euros. All they had to do was provide personal information and pay fees and taxes and the money would be released to him. These criminals are after both money and key identity information to be used in later crimes.<br /><br />Once again the tragedy of “too good to be true” strikes home.<br /><br />Here is a copy of the criminal email. </div><div></div><div><br /><strong><span style="color:#333399;">From: "Tracy Moore" <</span></strong><a href="mailto:xxxxx@hotmail.com"><strong><span style="color:#333399;">xxxxx@hotmail.com</span></strong></a><strong><span style="color:#333399;">> <span style="color:#ff6600;">(NOTE; THIS IS FROM A FREE EMAIL HOSTING COMPANY NOT THE NETHERLANDS LOTTERY FIRM)</span><br />Date: February 2, 2007 8:56:51 AM PST<br />Subject: ANNUAL WINNING NOTIFICATION !!! CONGRATULATIONS !!!<br />Reply-To: </span></strong><a href="mailto:xxxxx@aim.com"><strong><span style="color:#333399;">xxxxx@aim.com</span></strong></a> <span style="color:#ff6600;"><strong>(NOTE; THE REPLY IS TO A WIDELY DISTRIBUTED SPAM GENERATOR PROGRAM)<br /></strong></span><span style="color:#333399;"><strong><br />ANNUAL WINNING NOTIFICATION !!! CONGRATULATIONS !!!<br />Computer Ballot Jackpot 'A' Draw Result.<br />FROM: De LOTTO.NL<br />PRIZE AWARD DEPT.<br /><br />REF No: QNL/4A51/8C60/06<br />BATCH No: XA3/312-59<br />TICKET No: 334/ 660078<br />SERIAL No: 05908<br />LUCKY No: 9-43-97<br /><br />WINNING EMAIL NOTIFICATION [FOR CATEGORY "A" WINNER ONLY].<br /><br />Dear Lucky Winner,<br /><br />Congratulations to you as we bring to your notice, the results of the Free Email Computer Ballot Jackpot 'A' draw 1st Category of LOTTO.NL.<br /><br />We are pleased to inform you of the result of the Lottery Winners International programs drawn today, 29/01/2007. Your E-mail address attached to Ticket number 334/ 660078 with Serial number 05908 drew the lucky numbers 9-43-97, which consequently won in the 1st category; you have therefore been approved for a lump sum payout of EUR2, 500, 000. 00 Euros. (TWO MILLION, FIVE HUNDRED THOUSAND EUROS). CONGRATULATIONS!!!<br /><br />This lottery is a promotional program by LOTTO.NL (Biggest lottery Organization in the Netherlands) to advertise to the world its existence. All participants were selected through a computer ballot system drawn from over 50,000 companies and 2,000,000 individual email addresses from all over the world, as part of our international promotions program, which we intend to conduct several times a year.<br /><br />To file for your claim, please contact our /your processing agent<br /><br />CONTACT:<br />**********************************************<br />Mr. Andrew Thompson<br />Email: </strong></span><a href="mailto:nlsoftwarepros@aim.com"><span style="color:#333399;"><strong>nlsoftwarepros@aim.com</strong></span></a><br /><strong><span style="color:#333399;">Tel. No: +31-61-047-4520<br />Fax. No: +31-84-722-2680<br /><br />**********************************************<br />You are advice to provide him with the following information:<br />Names:<br />Telephone/Fax number:<br />Nationality:<br />Age:<br />Company (if any):<br />Winning reference and Batch numbers:<br /><br />NOTE: All winnings must be claimed not later than 14 days, thereafter unclaimed funds would be included in the next stake. Remember to quote your reference information in all correspondence. Members of the affiliate agencies are automatically not allowed to participate in this program.<br /><br />Furthermore, we call on you to make sure that you save a copy of this mail and note every letter clearly as stated for we will not be held responsible should there be any complications in this transaction due to laxity on your part. Congratulations once more from our members of staff and thank you for being part of our promotional program. Should there be any change of address do inform our agent as soon as possible.<br />Congratulations once more from our members of staff and thank you for being part of our promotional program. Pls Do not reply to the email address from where you received the information, thank you.<br /><br />Yours truly,<br /><br />MS Caroline Van Bosch<br />Promotion Manager.<br />THANK YOU AND CONGRATULATIONS!!!<br /><br />************THIS IS NOT SPAM***********</span></strong><br /><br />_________________________________________________________________<br /><br /><br /><br /><strong><span style="color:#660000;">From the official website of the Netherlands Lottery company:</span></strong></div><div><br /><strong><span style="color:#660000;">De Lotto warns against a large Lottery scam. In an e-mail (or letter), which is written in bad English, the addressee is told that he/she has won a large amount of money in a lottery. When the ‘lottery’ is contacted, it turns out that the prize can only be collected if a payment is made of thousands of dollars/euros for ‘handling fees’. Obviously the prize is never paid out. The organization behind the fraud operates under different names, often derived from well known lotteries. For example: Lucky Day Lottery, De Lotto Netherlands, Interlotto, Oy Keikkaus Switzerland, El Gordo de la Primitiva and Global Trust Lottery. The police and the Ministry of Justice have been informed about the fraud. Nevertheless, it is hard to stop the malpractices. The criminals give false addresses, and cannot be traced via the stated telephone numbers, e-mail addresses and P.O. Boxes. Neither do they have permanent addresses and moreover, they change their identity regularly. </span></strong></div><div><strong><span style="color:#660000;"><br />If you should receive such an e-mail, do not respond in any way, don not provide these people with any personal identity information and do not pay any money!<br /></span></strong></div>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1170266109375088022007-01-31T09:53:00.000-08:002007-01-31T09:57:12.763-08:00BILLING SCAMS ON INCREASE ON THE INTERNETFraudulent billing scams, facilitated by spamming, are clearly on the rise. We have noticed a significant increase in fraudulent bills in recent months.<br /><br />Fraudulent billing scams are an old and established fraud, but the new scams have a very different intention that the older more traditional frauds. Traditional billing frauds often relied upon the recipient assuming that the bill was valid and then paying it. The amounts were often low, and both individuals and even large corporations would often pay rather than take the time and energy to confirm the amount owed.<br /><br />These new on-line billing frauds have a more sinister intent. They are after your identity profile which allows the criminals to commit dozens of crime against you, including looting of all you financial resources including bank accounts, engaging in financial transactions in your name, money laundering, and other serious crimes.<br /><br />For example here is a criminal email received by this office in recent days. We are not members of Ebay, and our Chief Financial Officer who previously worked with Ebay views these billing statements with both alarm and disgust. The name server to which the View Invoice link is connected is not a registered site. The site is probably in Asia or Eastern Europe – far beyond the reach of US law.<br /><br /><span style="font-size:85%;color:#330099;">Hello Member,</span><br /><span style="font-size:85%;color:#330099;"><br />Your monthly eBay Invoice is now available for online viewing.Invoice Date: Jan 26, 2007Amount Due: $47.34<br /><br />You can review your current Invoice details and Account Status at any time by clicking this link:<span style="color:#3333ff;">VIEW INVOICE</span><br /><br />For future reference, you can access your invoice by following these steps:<br /><br />Go to the eBay Home page.<br /><br />Click My eBay at the top of the page, and sign in with your eBay User ID and password.<br /><br />Click the "Seller Account" link (below My Account in the left navigation menu).<br /><br />Click the "Invoice" link.<br /><br />Regards,<br />2007 eBay, Inc.<br /></span><br /></span>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1170265035714849282007-01-31T09:35:00.000-08:002007-01-31T09:42:38.536-08:00BEWARE ON-LINE LOAN OFFERS AND APPROVALSIn recent weeks we have received at KnightsBridge Castle an increasing number of fraudulent loan offers. Many of these offers come in the form of “pre-approved” loans and are sent to staff individually and to some general email addresses such as “information” and “press”. That a legitimate “pre-approved” credit offer should come to an email address without any possible credit history, such as “information,” tells you immediately that this spam is from a criminal group.<br /><br />These spam messages then lead to websites that look legitimate, but to the trained eye they are clearly fraudulent and intent on committing criminal acts.<br /><br />What are these criminal groups after? Your personal information, as required on any loan application, is a pure gold for a thief. This information is key to hijacking your identity and committing a wide variety of crimes against you such as mortgage fraud, IRS fraud, credit frauds, and simply looting your bank account.<br /><br />These sites are either harvesting your personal information or asking you to pre-pay processing fees. The processing fee scam has two benefits, it helps pay for the cost stealing your identity information, and it allows the criminals to initiate unauthorized electronic transfers from your bank to the criminal organization. The result, it is a looted bank account, for which the bank need offer no restitution. You freely gave up your banking information and were defrauded. Banks are under no obligation to make the fraud good by restoring your funds.<br /><br />The techniques used to make these websites seem real vary. But they often include the use of the following elements.<br /><br /><strong>Https URL name certificates</strong> – yes criminals can buy a HTTPS website certificate as easily as a legitimate business. Https is a URI scheme which is syntactically identical to the http:// scheme normally used for accessing resources using HTTP. Using an https: URL indicates that HTTP is to be used, but with a different default port (443) and an additional encryption/authentication layer between HTTP and TCP. This system was designed by Netscape Communications Corporation to provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons.<br /><br /><strong>Use of Seals and Logos</strong> from respected institution such as the Better Business Bureau (BBB) appear fraudulently on the website.<br /><br /><strong>The use of local addresses</strong> are used on the website, however the fraudulent business is not local at all but offshore and far beyond the reach of US law.<br /><br /><strong>The use of a legitimate bank or lending institution’s name</strong>. The name of the website and the logo look like a familiar brand name, but they are not part of the banking institution at all. They are scams.<br /><br /><strong>The use logos and realistic looking links</strong> of Truste or other website verification techniques such as Verisign. TRUSTe, founded in 1997, is an independent non-profit organization best known for its Web Privacy Seal. VeriSign is well known for the VeriSign Secured Seal, which is an outward expression of a Web site's authentication and encryption commonly posted to VeriSign SSL Certificate customers' Web sites. However these logos can be stolen and pasted on the offending website. Also the click through verification can be faked if the user lacks the tools for checking the ultimate location of the responding website.<br /><br /><strong>THE BOTTOM LINE<br /></strong>If you need a loan, for a car, debt consolidation, or just to pay for something you want, go to your local bank. If you must use an online service, go directly to the website from your browser, never to a link provided by email.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1169674876986240252007-01-24T13:39:00.000-08:002007-01-24T13:41:17.540-08:00THE CANADIAN LOTTERY SCAM HITS HOME<a href="http://knightsbridgecastle.com/MANEYE.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://knightsbridgecastle.com/MANEYE.jpg" border="0" /></a><br />I was contacted by a close friend of the family this weekend who had received a large check drawn on a Canadian bank in the amount of $85,000 together with a letter urging the friend to cash the check and the then send a check for $7500 to cover taxes due. This was the now infamous Canadian Lottery Scam, in which good looking but bogus checks are sent for supposed lottery winnings. The victim is asked to pay a fee, in this case $7500 as soon as the check is deposited. <br /><br />Fortunately for the family friend they did not immediately write a check but instead waited for the check to clear the bank. Of course the check bounced – it was a good looking but very bad check.<br /><br />However, the friend of the family wanted to know why the check bounced. After all they had won a lottery. Should they resubmit the check? Clearly something had gone wrong. Perhaps they should pay the $7500 first and then resubmit the check again.<br /><br />Patiently I explained that this was a well known fraud. However the family friend did not want to hear this. They wanted to believe that this “too good to be true” opportunity for significant gains was real. Our family friend became heated in the argument. Insisting again and again that it must be real because the check was clearly a real check. And that taxes were clearly due. And that the could really use the money.<br /><br />“Did you enter a lottery in Canada” I asked. “No” was the reply. “Did the check bounce?” I asked. “Yes” they said. “Is this too good to be true?” I asked again. ?Well yes, but I still think it’s valid” was the reply.<br /><br />Finally the family friend, an elderly woman who clearly would benefit from any financial windfall, agreed not to send any money until the resubmitted check cleared the bank. She wanted to believe. <br /><br />In this conversation I became the unreasonable person and hostility was directed toward me for informing her of a simple truth – it was a scam, there were no winnings.<br /><br />The power of greed and of scams which appeal to this weakness in human nature continues to amaze us at KnightsBridge Castle. We have on occasion become the subjects of anger and resentment when we tell clients and potential clients that their supposed wonderful windfall is a nightmare fraud in disguise. I greatly hope the family friend will not send the money as requested by the fraudsters. However I am not really certain that she will follow our advice.<br /><br />Greed and wishful thinking are as powerful as narcotics in clouding reason. Fraudsters rely on this weakness in our nature every day.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1169229829965218252007-01-19T10:02:00.000-08:002007-01-19T10:03:51.556-08:00IDENTITY THEFT AND PROTECTING YOUR CHILDREN<a href="http://knightsbridgecastle.com/family.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://knightsbridgecastle.com/family.jpg" border="0" /></a><br />While millions of Americans struggle with identity theft each year we often forget the need to protect our children from the ravages of this crime. Identity theft is not a crime that affects only adults. The crime is frequently directed against children. Why? The records of children are perfect for committing crimes – they are blank slates upon which a criminal may construct elaborate and complex identity crimes which are unlikely to be detected for many years.<br /><br />Parents of minor children need to monitor the personal information about their children to ensure that identity theft is detected quickly and terminated before one of the many crimes of identity theft are committed -- such as IRS tax fraud or medical benefits fraud. Identity crimes against children may have very long lives and they can affect your child’s tax status, their qualifications to enter schools and colleges, their credit ratings, and their employment prospects. Children can be affected in hundreds of ways which can damage their future prospects in life.<br /><br />What can you do to protect your minor children?<br /><br />The first line of defense is to monitor the use of your child’s Social Security Number (SSN). The use of the number can be detected through the use of specialized fraud prevention and detection tools such as those used by KnightsBridge Castle’s eye-spy™ programs. KnightsBridge Castle’s experience has been that as many as 30% of minor children’s SSN’s have been compromised. The unauthorized use of the SSN runs the gamut of simple transposition errors to full blown identity hijacking. When the unauthorized use of a SSN is detected a series of proven steps for the assessment of the use can be undertaken. While these steps can be complex they are effective in limiting the damage to your child’s future. <br /><br />If you can catch unauthorized use of a SSN and shut down the identity thieft of a minor child at an early age then the damage may be limited. However, the trauma and confusion of discovering your child’s stolen identity when applying for his first job, or seeking a student loan, or applying for college can be heartbreaking.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1169056795458566192007-01-17T09:59:00.000-08:002007-01-17T10:01:56.126-08:00PHISHING ATTACKS - NOVEMBER 15 TO TODAY<a href="http://knightsbridgecastle.com/fly_fishing.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 200px; CURSOR: hand" alt="" src="http://knightsbridgecastle.com/fly_fishing.jpg" border="0" /></a><br />Here is a list of recent phishing attacks. This list is compiled from a variety of sources.<br /><br />01.16.07<br />Phishing Alert<br />The Co-operative Bank p.l.c.<br /><br />01.15.07<br />Malicious Websites / Malicious Code<br />Brazilian and Russian hackers are now cooperating in launching new very advanced phishing techniques.<br />01.11.07<br />Phishing Alert<br />Kaw Valley State Bank and Trust<br /><br />01.10.07<br />Phishing Alert<br />ELGA Credit Union<br /><br />01.09.07<br />Phishing Alert<br />MoneyGram<br /><br />01.09.07<br />Phishing Alert<br />RHB Bank<br /><br />01.04.07<br />Malicious Website / Malicious Code<br />Adobe Acrobat XSS Vulnerability<br /><br />12.28.06<br />Phishing Alert<br />Andover State Bank<br /><br />12.19.06<br />Phishing Alert<br />Caisse d'Epargne<br /><br />12.19.06<br />Malicious Website / Malicious Code<br />Skype Trojan Horse<br /><br />12.18.06<br />Phishing Alert<br />Birmingham Midshires<br /><br />12.11.06<br />Informational Alert<br />Cyber Extortion via Web Mail<br /><br />12.06.06<br />Malicious Website / Malicious Code<br />MS Word Zero-Day<br /><br />12.05.06<br />Phishing Alert<br />Community America Credit Union<br /><br />12.05.06<br />Phishing Alert<br />First South Bank<br /><br />12.05.06<br />Phishing Alert<br />Mazuma Credit Union<br /><br />12.04.06<br />Informational Alert<br />Webcast: Exploit 2.0<br /><br />12.01.06<br />Malicious Website / Malicious Code<br />MySpace XSS QuickTime Worm<br /><br />11.21.06<br />Phishing Alert<br />Interchange Bank<br /><br />11.20.06<br />Phishing Alert<br />Yorkshire Building Society<br /><br />11.18.06<br />Phishing Alert<br />Derbyshire Building Society<br /><br />11.18.06<br />Phishing Alert<br />Summit National Bank<br /><br />11.18.06<br />Phishing Alert<br />Bank of Cyprus<br /><br />11.15.06<br />Phishing Alert<br />State Bank of India<br /><br />11.15.06<br />Phishing Alert<br />First Exchange Bank<br /><br />11.15.06<br />Phishing Alert<br />Central National Bank of Enid<br /><br />11.15.06<br />Phishing Alert<br />Fake Bank: McLloyds Bank International<br /><br />NOTE: We are now recieving more than 5 PayPal phishing attempts per day against our request for information email address at KnightsBridge Castle.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1169053678690114352007-01-17T09:05:00.000-08:002007-01-17T09:08:54.656-08:00IT’S TAX TIME AND THE IDENTITY THEIVES ARE LOOKING FOR YOUR MAIL<a href="http://knightsbridgecastle.com/crimert.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 122px; CURSOR: hand; HEIGHT: 138px" height="206" alt="" src="http://knightsbridgecastle.com/crimert.jpg" border="0" /></a> Its tax time and our mailboxes will be full of important tax information such as 1099’s and W-2’s. These documents are highly prized by identity thieves since they are the “keys to the kingdom” and can be used to commit a wide variety of crimes against you such as IRS fraud, medical benefits fraud, bank and brokerage wire transfer fraud, and a wide variety of other ugly crimes.<br /><br />The envelopes in which these documents are delivered are easy to spot and without a locking mailbox or other secure delivery mechanism you may be inviting thieves to enter your world and wreak havoc.<br /><br />If you don’t have a locking mailbox get one immediately. Better yet use a Post Office Box and get the added security of protection by the postal inspectors while the mail remains in your PO Box.<br /><br />Pick up your mail as soon as possible. Don’t let unattended mail sit in an insecure mail box.<br /><br />If you’re traveling then have your mail held at the post office until you return. Get a bunch of the yellow card “Authorization to Hold Mail” (PS form 8076) and keep them handy.<br /><br />And now the most important advice of all –<br /><br />FILE ELECTRONICALLY OR IF POSTING YOUR TAX RETURNS CARRY THEM INTO THE POST OFFICE AND HAND THEM TO A POSTAL EMPLOYEE WHO STANDS BEHIND THE COUNTER. Never, never, put tax forms in the blue post boxes on street corners. Never, never hand tax forms to persons standing on the street in front of the post office that may or may not be identity thieves.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1168726520345212032007-01-13T14:07:00.000-08:002007-01-13T15:32:22.903-08:00FILE AN IDENTITY THEFT AFFIDAVIT WITH THE FTC – EXPECT THAT THEY WILL DO SOMETHING WITH THE INFORMATION?<a href="http://www.usdoj.gov/atr/public/guidelines/ftcseal2.gif"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 121px; CURSOR: hand; HEIGHT: 119px" height="121" alt="" src="http://www.usdoj.gov/atr/public/guidelines/ftcseal2.gif" border="0" /></a><br />One of the popular misconceptions about the Federal Trade Commission and the Social Security Administration is, that when you report identity theft crimes to them, that these agencies will actually do something with the information you provide to protect you or initiate an investigation on your behalf. The truth is that both the FTC and the SSA will do nothing with the information you provide other than perhaps file it. There are some exceptions to this general rule of inaction, but these are few and far between. Theft of social security benefits is one exception. Hijacking of your social security number and using it for other illegal purposes will not be investigated by the SSA.<br /><br />We have written extensively on the Public Relations campaigns of the FTC in their mistaken attempt to assure us that they are fighting this crime wave. However their pronouncements have no real substance to support any factual base for their competency in dealing with the crime wave of identity theft. After all, what can 14 employees within the FTC actually do with over 8 million reported cases per year? Here is a copy of the letter returned to a client following a report by the client of identity theft as outlined on the FTC website.<br /><br />References in this letter to sharing the data with police departments are true, however we are aware of no police department that accesses or uses this information - and we have talked with many departments over the last two years. Raw and unverified information placed into the FTC Sentinal database is of no use to the police in investigating crime.<br /><br />Please note, they do provide a brochure, but at the same time say nothing about what if any action will be taken. From long and hard learned lessons we are confident that they will only file the report and do nothing.<br /><br /><span style="font-size:85%;color:#330099;"><strong>June 21, 2006<br />Re: FTC Ref. No. NNNNNNN<br />Dear XXXXXXXXXXXXXXXX:<br /><br />Thank you for contacting us about identity theft. The information you have requested is enclosed. We hope it provides information that will be useful to you. Please let us know if you have any other questions or concerns about identity theft.<br /><br />You can always reach us in three ways:<br />1) you can call us toll-free at 1-877-ID THEFT (1-877-438-4338);<br />2) you can visit our website at </strong></span><a href="http://www.consumer.gov/idtheft"><span style="font-size:85%;color:#330099;"><strong>www.consumer.gov/idtheft</strong></span></a><span style="font-size:85%;color:#330099;"><strong>; or<br />3) you can write to us at:<br />Identity Theft Clearinghouse<br />Federal Trade Commission<br />Washington, DC 20580<br /><br />For consumer problems not related to identity theft, please call the FTC's Consumer Response Center toll-free at 1-877-FTC-HELP (1-877-382-4357), or visit the FTC's website at </strong></span><a href="http://www.ftc.gov/"><span style="font-size:85%;color:#330099;"><strong>http://www.ftc.gov/</strong></span></a><span style="font-size:85%;color:#330099;"><strong>.<br /><br />We appreciate any comments or suggestions you may have. Please mail any feedback to us at the above address. The efficacy of our identity theft tracking and referral program is dependent upon information we receive from people like you. Thank you for contacting us. How We Use Your Information<br /><br />We use personally-identifying information gathered from consumers in various ways to further our consumer protection and competition activities. We collect this information under the authority of the Federal Trade Commission Act and other laws we enforce or administer. We enter the information you provide into our database to make it available to our attorneys and investigators involved in law enforcement. We also may share it with a wide variety of other government agencies enforcing consumer protection, competition, and other laws.<br /><br />If you contact us because you have been the victim of Identity Theft, we also may share some information you provide with certain private entities, such as credit bureaus and any companies you may have complained about, if we believe that doing so might help resolve identify theft-related problems.<br /><br />In addition, when you submit a complaint, you may be contacted by the FTC or any of the agencies or private entities to whom your complaint has been referred.<br /><br />In other limited circumstances, including requests from Congress, Freedom of Information Act (FOIA) requests from private individuals, or in accordance with our public record rules, we may be required by law to disclose the information you submit.<br /><br />The information you provide is up to you. If you don't provide your name or contact information, it may be impossible for us to refer, respond to, or investigate your complaint or request.<br /><br />Sincerely,<br /><br />Identity Theft Clearinghouse Enclosures:1. Take Charge: Fighting Back Against Identity Theft (CRE-02)</strong></span>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com2tag:blogger.com,1999:blog-32078588.post-1168632309009165892007-01-12T12:03:00.000-08:002007-01-12T12:05:10.303-08:00FEDERAL PROSECUTORS MOVE AGAINST THE IDENTITY THEFT CRIME OF “PRETEXTING”<a href="http://knightsbridgecastle.com/digphone.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 198px; CURSOR: hand" height="133" alt="" src="http://knightsbridgecastle.com/digphone.jpg" border="0" /></a><br />“Pretexting” is an identity theft crime in which someone poses as the victim in order to obtain private commercial information such as billing information and telephone number call lists. The protections with businesses, such as the phone company or utility company are few, but the law is very clear – it’s illegal.<br /><br />However law enforcement at both the state and federal level has been lax in prosecuting this crime. But with the recent revelation of identity theft crimes against board members at Hewlett Packard by the Chief Executive Officer of the company, the reluctance to prosecute seems to have evaporated.<br /><br />Within weeks of the public appearance of this crime the California Attorney General moved to prosecute the crime. On January 11, 2007 it became apparent that Federal Prosecutors were also moving against a private detective working out of Colorado and for HP. Today on the 12th the press announced that an arrest had been made by federal officials for the identity crime of pretexting by the private eye.<br /><br />Pretexting is a crime. It has been a crime for years. Pretexting is the theft of confidential, protected, and private information. We support both state and federal prosecutors in their willingness to tackle this crime.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1168290443386624992007-01-08T13:06:00.000-08:002007-01-08T13:40:15.400-08:00TODAYS EMAIL AND PHISHING SCAMToday’s emails and phishing scam is included below. The domain name for this site was registered on January 4. Needless to say we have not applied for a loan. The email came to our general information email address. The URL provided has no server and an analysis of the actual coding of the email indicates that a redirect to another hidden site is highly likely.<br /><br />Here for you amusement and amazement is today’s email scam:<br /><br />_______________________________________________<br /><br /><span style="font-size:85%;color:#330099;"><strong>Thank you for your loan request, which we recieved yesterday, your refinance application has been accepted<br /><br />Bad credit OK, We are ready to give you a $371,000 loan, after further review, our lenders have established the lowest monthly payments.<br /><br />Approval process will take only 1 minute.<br /><br />Please visit the confirmation link below and fill-out our short 30 second Secure Web-Form.<br /><a href="http://www.XXXXXXXXXX.xxx">www.XXXXXXXXXX.xxx</a> </strong></span><br /><p><span style="font-size:85%;color:#330099;"><strong></strong></span> </p><p><span style="font-size:85%;color:#330099;"><strong>___________________________________________________</strong></span></p><p><span style="font-size:85%;color:#330099;"><strong></strong></span> </p><p><span style="font-size:85%;color:#330099;"><strong><span style="font-size:100%;color:#000000;">Using a safe sacraficial browser we visited the site and noticed that the website had unauthorized logos for the CAN-Spam organization, VeriSign, Equal Housing Opportunity logo, and Trust-e. The links to these organizations were not links at all, but simple pictures of the logos of the trusted site. </span></p><br /><br /></strong></span>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1167845592720694052007-01-03T09:31:00.000-08:002007-01-08T13:05:34.286-08:00CREDIT INFORMATION LOCKDOWN - LIST OF STATES<strong><span style="font-size:130%;">States Allowing Credit Record Lock Downs</span></strong> <strong><span style="font-size:130%;">– States Allowing Credit Freezes</span></strong><br />California, Colorado, Connecticut, Delaware, Florida, Illinois., Kentucky., Louisiana., Maine, Minnesota, Nevada., New Hampshire. New Jersey, New York, Oklahoma., North Carolina, Pennsylvania., Rhode Island, Utah*, Vermont., Wisconsin.<br /><br /><br /><strong><span style="font-size:130%;">States With Freeze Rules Following ID Theft</span></strong><br />Hawaii, Kansas., South Dakota., Texas, Washington.<br /><br />* Effective September 2008KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1167844967554109602007-01-03T09:19:00.000-08:002007-01-03T09:22:48.150-08:00NIGERIAN SCAM – IT KEEPS GOING AND GOING AND GOINGRegular readers of this blog will remember a few weeks ago that our staff met with a victim of the Nigerian Scan. After restraining our shock that someone could fall for this obvious fraud, we realized that what is common knowledge to ourselves is not so common to others. This is the variant of the Nigerian Scam we received today. <br /><br />The scam email is classic in its form and offer. <br /><br /><span style="color:#330099;">SAGARDOY LEGAL PRACTITIONER´S &FINANCIAL SOLICITOR´S HOLLAND.Barrister James ParkerE-mail: </span><a href="mailto:?????@yahoo.com"><span style="color:#330099;">?????@yahoo.com</span></a><br /><span style="color:#330099;"></span><br /><span style="color:#330099;">Dear Sir / Madam, Before I proceed, I must first apologize for this unsolicited mail to you. I am aware that this is certainly not a conventional way of approach to establish a relationship of trust, but you will realize the need for my action. </span><br /><span style="color:#330099;"></span><br /><span style="color:#330099;">My name is Barrister James Parker of the SAGARDOY LEGAL PRACTITIONER´S & FINANCIAL SOLICITOR´S. Actually, I got your contact information through the U.S.A. public records while searching for a name similar to my Late client Eng. Johannes Neice an expatriate engineer who worked with the Mining and Smelting Company (Asturiana de Zinc S.A.) in Holland for Thirteen years. He died along with his family during the Tsunami catastrophic, which occurred on Monday 27 December 2004. Before his death, he deposited One Trunk Box/Diplomatic Personal Treasure containing the sum of $8.752M (EIGHT MILLION AND SEVEN HUNDRED AND FIFTY-TWO THOUSAND US DOLLARS ONLY) with a security company here in Holland, but he did not disclosed the content of deposited diplomatic consignment to the security company for security reasons. The security company has however, mandated me to present any family heir/inheritor for claims before the consignment gets confiscated or reverts to the Bureau of Diplomatic Security as an unclaimed diplomatic immunity. So I decided to search for any of my late client's relative which has been very difficult for me, as he did not declare any other person, address, partner or relatives in the official paper works of his diplomatic consignment deposit. </span><br /><span style="color:#330099;"></span><br /><span style="color:#330099;">Against this backdrop, my suggestion to you is that I will like you as a to stand as the next of kin to Eng. Johannes Neice, so that the diplomatic consignment will be released to you. With my position as his lawyer, I will now place your name as the next of kin to my late client. I will prepare every relevant document that will assist your claims, and facilitate the release of the consignment. Note that this transaction is 100% risk free. There is no atom of risk in connection to this business as I have worked out all modalities to complete the transaction successfully. Once the diplomatic consignment is released to you, we shall share in the ratio of 50% for me, 50% for you as your benefit. Reply via my private email for further clarification. </span><br /><span style="color:#330099;"></span><br /><span style="color:#330099;">Please be kind to get back to me if you are not interested so that I can further my search for another partner. Best Regards Barrister James parker (ESQ) </span>KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0tag:blogger.com,1999:blog-32078588.post-1167419330367014682006-12-29T11:06:00.000-08:002006-12-29T11:09:05.593-08:00PROVIDING PROTECTIVE SERVICES TO YOUR CUSTOMERS WHEN YOUR BUSINESS DATA IS BREACHED<a href="http://knightsbridgecastle.com/crimert.jpg"><img style="FLOAT: left; MARGIN: 0px 10px 10px 0px; WIDTH: 157px; CURSOR: hand; HEIGHT: 155px" height="227" alt="" src="http://knightsbridgecastle.com/crimert.jpg" border="0" /></a><br />We often talk with businesses about protecting their customers after their business data has been stolen, lost, hacked, or compromised. Consumers are required by law to be notified when their personal information such as name, address, and social security number (SSN) have been compromised and failure to provide timely notification caries heavy fines and penalties.<br /><br />The responses by businesses vary from simple notification of a breach containing minimal information to advanced protective services provided by the business for the “at risk” consumer<br /><br /><strong>What should a business do when faced with a breach of consumer data?</strong> Complying with the law is one thing, but retaining valued customers is another thing entirely. If customers are valued, then minimal protection will undoubtedly result in the loss of those customers. A fully formed protection program, while challenging, may actually bond the business closer to its customers as the business demonstrates care and competence in managing this very real crisis.<br /><br /><strong>Here is a list of things that will ensure that customers lose confidence in a business which is sending a breach notice:</strong><br /><br /><strong>A simple notice of breach, without explanation and with no remediation</strong><br /><br />To assure customers that you care about the breach you must explain in simple terms what happened, what you have done to correct the breach, and if the breach was intentional or inadvertent. Most breach notices, written by lawyers afraid of litigation, will say nothing about corrective action, your competence to deal with the crisis, and your loyalty to customers. A business that sends a minimal breach notice will undoubtedly scare their customers and who may well take their business elsewhere. Customers often need someone to talk to who can assure them that competent and speedy action has been taken to provide protection.<br /><br /><strong>A simple notice of breach with minimal explanation and a free credit monitoring service.</strong><br /><br />Credit monitoring provides no meaningful protection to customers if their information has been compromised. Customer information is stolen for many types of crime. For example false employment crimes, IRS fraud, Medical Benefits Fraud and over 75 other types of identity theft related fraud are undetected by credit monitoring. In other words more than 75% of all identity fraud cannot be protected by credit monitoring. Further credit monitoring services detect credit card fraud only after the fraud has occurred and the consumer is left to clean up the mess. Think of a fire alarm that goes off after the house has burned down – that’s the value of credit monitoring. Consumers are lulled into thinking they are protected by these services, but as recent press coverage (see comments on press coverage in our other blog entries) has shown, consumers become very very angry when the identity thieves strike and their imagined protection proves worthless.<br /><br /><strong>Here is a program that will work and will demonstrate competence and care of valued customers.</strong><br /><br />-- A brief and timely explanation of details of the breach without providing information of value to thieves. When did the breach occur? What have you done to keep breaches from happening again (e.g., new security measures, fired a sub-contractor, employee training programs, etc.) Was the breach intentional – was the information targeted for theft or simply lost or misplaced. A missing back up tape presents on set of challenges to a consumer, but a broken window and a smashed file case with selected records missing is something entirely different. Even worse is a targeted and hacked computer database.<br /><br />-- Consumers need assurance that you are competently protecting their interests. They need a human to talk to about the breach. Both at the company whose data was breached and at a company which provides protective services. Consumers need to know that the business cares, and that identity theft prevention, detection and recovery experts are available to discuss their concerns and to take action. Disembodied phone trees with endless recorded messages are certain to make the customer more angry that they were when the received the breach notice.<br /><br />-- A program that addresses all the avenues of crime that the loss of customer data enables is required. In addition to credit crimes, these include false employment fraud (the most common form of identity theft and devastating to consumers in the long run), medical benefits fraud, IRS fraud, bank theft and forgery, Drivers License fraud, immigration frauds, and many many others. While it may prove impossible to protect customers entirely following a breach, systems which prevent, detect, and have recovery procedures in place for these crimes is critical in keeping valued customers.<br /><br />-- Rapid reaction and response, if a consumer is defrauded, is a major requirement and is missing from almost every program available today – such as credit monitoring programs. The customer needs a hot line and a trained identity theft expert available in a timely fashion to respond to hints of fraud or to actual fraud. If a business values its customers it will not leave them in the cold when the identity thieves strike.<br /><br />Acquiring and keeping satisfied customers is a high priority for almost every business. Business managers should treat breaches of customer data using the golden rule. How do you want to be treated as a business person if another business looses control of your personal information? How would you feel if you were essentially told you were on your own, or given security tools which simply were unable to provide any meaningful safety to you or your family? A business data breach is ugly, but it provides an opportunity for the business to demonstrate that it values its customers and that it is competent in protecting them in the future. In other words it is a business that is worthy of continued patronage.KnightsBridge Castlehttp://www.blogger.com/profile/03934451688243405517noreply@blogger.com0