Current advancements in our technology have made certain forms of identity theft relatively simple. It can be nearly impossible to trace the crime back to the criminal. It is also not very expensive to set up this crime. With the widespread exchange of electronic cash, it can be simple for individuals to part with their earnings. But there is more to this problem than the items that were just mentioned.

Placing “distance” between the criminal and the victim

Even with the availability of the current means to commit fraud, one thing stands out. There appears to be a huge supply of identity theft fraudsters. In order to be successful at committing identity theft fraud, two things are needed. The correct skill set to commit the crime is mandatory. There must also be the willingness to be deceptive and target the victims. The most adept identity theft criminal must be completely willing to engage and then betray the trust of another. This trait is actually very rare. It is indicative of a personality disorder that can lead to psychopathic or sociopathic behavior. (See: reference 1)

It is common for fraudsters to use various psychological “tricks” in order to distance themselves. This prevents them from feeling any remorse for their crime. The term that is associated with this behavior is “neutralization”. One related tactic may involve blaming the victim for the crime. For example, thinking that the victim’s “greed” is justification for taking their money. This may be common for scams that use fake claims of money to be transferred. (See: reference 2)

Another psychological trick is to look down upon the victim. This can involve depersonalization. The use of the Internet, telephone or other related devices to perpetrate identity theft helps with distancing. Remote fraud eliminates guilt that would be felt in a face-to-face encounter.

What makes victim easy to fool?

Those who fall victim to identity theft fraud will often assist in their own deception. An effective fraudster will allow the victim to fill out the gaps in a fraud scheme. This is similar to what a magician does when creating an illusion. By leading a victim to their own conclusion, the fraud is far more powerful. This can happen since we wish to believe someone who we feel will help us get more money or prevent danger. We then fill in any loopholes, ourselves. In other cases, more direct communication may be required. (See: reference 3)

Education and/or intelligence are not protections against fraud. Actually, it has been shown that more educated individuals may be more susceptible. This is because they don’t think that they can be easily duped. This type of psychology is evident in the financial market sector. There, trained professionals can be fooled by the illusion that they were in control of a particular financial scenario.

Ways to deal with the psychology of identity theft

Another factor that can be a problem is under-reporting. Victims of fraud may be reluctant to admit that they were fooled by criminal. So, while the victim goes about repairing a damaged credit report, the actual crime may be obscured. This can relate directly to the victim’s self esteem. This can sometimes make it difficult to accept that we have become victims. This can also spark a delay in dealing with the crime.

Protection against fraud

There are many ways to deal with the practical issues surrounding protection against identity theft. These include items such as guarding your personals data, etc. However, there is also a psychological element surrounding identity theft protection. A healthy viewpoint regarding the nature of predators and our own limitations is a good first step. For example, we need to understand that we are not unique entities in the world of the Internet. Therefore, strangers have not somehow located our email in order to give us money.

Additionally, beware if someone or some organization attempts to cause us some type of fear for not acting on their suggestions. In such cases, it is that very person or organization that should be feared. Finally, if you are duped, don’t feel like you’re an idiot. It’s happened to some very intelligent people. Just make sure you make the effort to report the scam as soon as possible.

References:

1. Betrayal of Trust, The Chartered Institute for IT, July, 2007, http://www.bcs.org/server.php?show=ConWebDoc.12930
2. Nigerian Scam.net, updated daily, http://www.nigerianscam.net/
3. IRS Warns of e-mail scams about Tax Refunds, IRS.gov, November 30, 2005, http://www.irs.gov/newsroom/article/0,,id=151065,00.html

Spear Phishing: The New Threat

By now, many people have at least heard about the practice of scamming consumers, known as “phishing” (see: Common Identity Theft Scams: “Phishing”). This involves sending out fraudulent emails for the purpose of accessing personal information. This information is then used for identity theft. However, as with most criminal activity, processes become more sophisticated as time goes on. The latest innovation in phishing scams is known as “spear phishing”.

Originally, the term “phishing” was used to indicate a scam where fraudulent emails were used as bait. Once the bait was taken, the victim was lured into the scammer’s “net”. With spear fishing, the victim is directly targeted. This can be viewed the same as a fisherman who uses a spear to directly target a single fish as opposed to those using a net. With spear phishing, each fraudulent email is customized for its recipient.

In a spear phishing email, the recipient’s name and some other piece of personal information is contained. Instead of the generic “your account has been compromised” email, unique mails are sent.

An example was a recent incident where corporate executives received fraudulent emails. The emails stated that the executives were being sued. This new type of scam made it easy for the executives to be tricked into clicking on the link enclosed in the email. From there, the identity theft scam would begin.

Here is another example:

Dear Mr. Sam Smith
IUP Account Owner,
We are currently revising our email data base and e-mail login center. We are in the process of deleting all inactive IUP email accounts in order to create more space for our new accounts. To prevent your account from being deleted, you will need to update the account below so we will know that it is a currently used account.
CONFIRM YOUR EMAIL IDENTITY HERE
E-mail username: ____________
E-mail password: ____________
This notice is from the IUP email messaging center
Thank you for using IUP!
Warning Code: VX7G77AAJ
Thank You,
IUP Email Team

https://fakemail.iup.Edu/

How Spear Fishing Works

Spear Phishing emails will contain a link that leads to a fake website. The website is designed to collect personal information to be used for identity theft. This process has become extremely sophisticated. So much so that even experienced security professionals have difficulty determining that it’s a scam. This is due to the authentic look of the fake website.

Another method of attack involves a spear phishing email that contains a downloadable file. These files will appear to come from a legitimate source. However, the file will contain a malware program. Once this program is downloaded, it will seek out personal information on your computer. This information is then collected and transmitted to the criminal once the victim is online.

Spear phishing is more difficult to catch than standard phishing. This is due to the extra effort and time on the part of the criminals. Research is involved in order to gain access to bits of personal information. These bits of personal information are needed to create a convincing email. It also requires extra effort to put together the fake websites. However, the payoff is generally much larger than with a simple phishing scam.

Spear Phishing in the News

In October of 2008, a popular social networking site, LinkedIn, was targeted for a spear phishing attack (See: references 1). Approximately ten thousand users received emails that attempted to lure them into the scam. This particular scam involved downloading software that was designed to collect personal information. Brian Krebs, of the Washington Post (See: references 2), first reported the story. In his blog post, he mentioned that the email recipients were addressed directly by name. This made the emails look authentic.

Additionally, the message was sent from the domain “support@linkedin.com” with a subject line reading “Re: business contact.”

The email stated: “We have exported the list of business contacts that you have asked for.” The message then asked the recipient to open the attachment that was purportedly the list of business contacts that the user had requested. But instead, it loaded a malicious software program to steal data such as passwords and usernames from the victim’s computer.

So, what steps are needed for protection?

Even though this form of attack is very sophisticated, there are some things to keep in mind. Most spear phishing attacks are aimed at upper class individuals and corporate employees. Even so, one should always be on their guard.

Opening an attachment from a stranger is always a bad idea. Even attachments that seem to come from family members or friends can be suspect. A criminal can send you a message that may appear to come from a trusted source. So, only open an attachment that you are actually expecting. In any case, always scan an attachment for viruses, as well.

References:

1. IdTheftBlog.com, October 14, 2008 – http://idtheftblog.wordpress.com/2008/10/14/linkedin-users-targeted-in-spear-phishing-attack/
2. Washington Post, October 8, 2008 – http://voices.washingtonpost.com/securityfix/2008/10/spear_phishing_attacks_against.html

Before the time of computers, it was relatively easy to apply for a false passport. It could be done merely by using the name of a deceased person who died in childhood. Of course, this is no longer true due to electronic data searches. However, not all the loopholes have been closed. Imaginative identity thieves can still obtain passports. A recent case involved a New Zealand Parliament member. Act MP David Garrett was caught using the identity of a deceased child from the 1980s in order to apply for a passport. (See: reference 1)

Information contained in a passport

Your passport contains more than just a few items of personal information. It will also contain a photograph of you and a record of the countries that you have entered. Some of the items in a passport are usually overlooked by its owner. But these same items might seem very important to an identity thief. The most important page of a passport is the page that is laminated. This is designed to protect the removal or defacing of the owner’s photograph. It also contains identification details. These details will include:

• Passport number
• Surname
• Given name(s)
• Nationality
• Date of Birth
• Sex
• Place of Birth
• Issue and Expiry Dates

The owner’s signature is also contained in a passport, as well. All of this information can create a good framework to facilitate identity theft. A robust black market can be found in some countries regarding passport reproduction. This will also include stealing and modifying genuine passports. The motivation for this industry is generally for illegal immigration.

Protecting against passport identity theft

Authorities are constantly making efforts to improve passport design. These designs entail hidden identifiers that can prove the authenticity of a passport. This is similar to steps that are taken to prevent currency counterfeiting. Following recent terrorist attacks, efforts in this area have increased. For example, data chips are used by many countries in biometric passports. Information is also exchanged on passengers internationally. Advanced checking procedures and other modifications are also being used to combat passport fraud.

Since losing your passport can be a very serious matter, you should take steps to prevent this. When traveling, keep your passport with you at all times. A passport can be carried in a money belt, along with other valuables. This is better than using a bag that can be snatched. A hotel security box is another option. Some foreign hotels require this, as it may be needed for inspection by authorities.

Should a passport be lost, the issuing authorities should be contacted immediately. This will usually be done through the owner’s country’s embassy. A replacement or temporary passport can usually be obtained. This will allow one to continue on their journey. But a delay will usually be experienced, as well. The local authorities may also wish to investigate.

New methods are also being developed by those who wish to steal passport information. With the advent of using radio frequency chips in passports (RFID) other security concerns have arisen. Criminals have devise ways to intercept the frequency that carries the owner’s information. (See: reference 2) The U.S. State Department has countered concerns by indicating its safety precautions. These will include encrypted signals and “passive” chips. A passive chip will not broadcast its signal unless it is within a few inches of a chip reader. (See: reference 3)

References:

1. PM: Garrett’s use of baby’s identity ‘bizarre’, New Zealand Herald, September 16, 2010, http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10673929
2. Criminal use a new method to steal your identity, WSFA 12 News, November 11, 2008, http://www.wsfa.com/Global/story.asp?S=9322307
3. United States to Require RFID chips in passports, PC World, by Grant Gross – IDG News, October 17, 2005, http://www.pcworld.com/article/123246/united_states_to_require_rfid_chips_in_passports.html

Why purchase a paper shredder?

A paper shredder is basically a simple mechanical device that cuts up paper into small pieces or thin strips. In order to protect your sensitive information, you should destroy documents such as:

• Bank statements
• Tax documents
• Utility and other bills
• Credit card statements
• Any documents that feature personal information

One should also bear in mind that documents in your trash can make their way to foreign countries. This happens when municipal disposal services transport trash outside local jurisdictions. This frees up local dumps and incinerators. In foreign landfills the locals can go through the garbage and retrieve personal information.

Paper shredders are relatively inexpensive and a lightweight personal shredder runs about $40. These are designed to shred standard paper documents. Heavy-duty shredders can also be obtained to shred DVDs, CDs, etc. These shredders will run about $600. Paper shredders are also available in different types. Some will just cut documents into strips. But there are also high security shredders that can shred documents into very small particles.

Things to consider when purchasing a shredder

One of the very first things to consider when buying a shredder is safety. A shredder can be a safety hazard if not used properly. Each year, fingers are damaged or lost due to the misuse of shredders. This holds especially true of young children. Therefore, it’s important to take note of the safety features of any shredder that you wish to purchase. Fortunately there are many good safety features that can be found on many different models of shredders.

One of the best safety features to be found are sensors that will shut the shredder off. The sensors react when fingers come near the paper insertion opening. Other safety features include extra thin paper openings. Child-proof safety locks are also a good measure. Safety flaps can prevent contact with the paper cutter blades when the shredder head is removed from its basket. An interlock switch can keep the head from being turned on if not seated in its basket. All of these features are recommended and can be found in quality shredders.

Identity theft security feature levels

In order to indicate the level of shredder security, standards have been defined. These indicators determine proper use for the shredder based on residential, commercial or government standards. These standards are, as follows:

• Level 1 – paper is cut into 12 mm strips
• Level 2 – paper is cut into 6 mm strips
• Level 3 – (confidential) – paper is cut into 2 mm strips
• Level 4 – (commercially sensitive) – paper is shredded into 2mm x 15 mm particles
• Level 5 – (Top Secret or Classified) – paper is shredded into 0.8mm x 12mm particles
• Level 6 – (Top Secret or Classified) – paper is shredded into 0.8mm x 4 mm particles

Also, it’s best to purchase a shredder that is rated at a higher level than what you think you’ll need. This is due to the ratings sometimes being a bit too optimistic. You might as well also get one that shreds credit cards, CDs, etc.

For convenience, make sure the waste bin isn’t difficult to empty. As a final tip, get one with reverse and auto-stop/start modes. The reverse mode is handy for clearing out paper jams. The auto start mode will automatically turn the shredder on when the paper is inserted.

• Identity theft is defined as unauthorized or attempted use of existing credit cards (credit card fraud) or other existing accounts such as checking accounts (bank fraud). Identity theft may also involve the misuse of personal information to obtain new accounts or loans, or to commit other crimes. (Identity Theft – Facts and Figures, 2009)

• According to the Federal Trade Commission (FTC), thieves get your information by stealing records from businesses, by stealing your mail, rummaging through your trash, or abusing their employer’s authorized access to credit information or by impersonating someone who has a legal right to access your report. They may also steal your identity by capturing your credit or debit card numbers in a data storage device, by stealing your wallet or purse, by completing a “change of address form” to divert your mail, by stealing personal information from your home, or by posing as legitimate companies asking you for information through e-mail or phone (a practice known as “phishing”). (How Identity Theft Occurs, 2010)

• The FTC also states that armed with your personal information, thieves may call the issuer of your credit card to change the billing address and then run up charges on your account. They may also take a variety actions in your name: open new credit card accounts, establish phone or wireless service, open a bank account, or carry out many other forms of fraud. (How Identity Theft Occurs, 2010)

• The FTC recommends that if you become a victim of identity theft, you should take these steps immediately: (1) place a fraud alert on your credit reports, and review your credit reports; (2) close the accounts that you know, or believe, have been tampered with or opened fraudulently; (3) file a report with your local police or the police in the community where the identity theft occurred; and (4) file a complaint with the FTC. (How Identity Theft Occurs, 2010)

Statistics

• A report by the Federal Trade Commission’s (FTC) Consumer Sentinel Network (CSN) called The Consumer Sentinel Network Data Book for January through December 2009 states that the CSN received more than 1.3 million complaints during 2009. The composition of the complaints was as follows: 54 percent fraud complaints, 21 percent identity theft complaints, and 25 percent other types of complaints. (FTC Complaint Data, 2009)

• According to the CSN report, the most common form of reported identity theft was credit card fraud (17 percent), followed by government documents/benefits fraud (16 percent), phone or utilities fraud (15 percent), and employment fraud (13 percent). Other significant categories of identity theft reported by victims were bank fraud (10 percent) and loan fraud (4 percent). (FTC Complaint Data, 2009)

• The CSN report also states that Florida is the state with the highest per capita rate of reported identity theft complaints, followed by Arizona and Texas. (FTC Complaint Data, 2009)

• The Identity Theft Resource Center (ITRC)–a nonprofit organization that assists identity theft victims, educates the public about identity theft, and provides enterprise consulting related to information breach–has conducted annual identity theft victimization surveys since 2003. Seventy-four percent of respondents to the surveys reported ‘unlawful use of personal identifying information’ for only financial identity theft crimes; the remaining 26 percent consisted of criminal identity theft, governmental identity theft, and/or combinations of those actions. (ITRC’s 2009 Aftermath Study, 2009)

• The ITRC report showed that opening new lines of credit continues to be the most frequently occurring use for stolen identities. This was true of 55 percent of respondents to the surveys upon which the report was based, while 34 percent of the reported cases involved charges on stolen credit and debit cards. (ITRC’s 2009 Aftermath Study, 2009)

References:
• Identity Theft – Facts and Figures. (2009). Retrieved from http://www.ncjrs.gov/spotlight/identity_theft/facts.html.
• How Identity Theft Occurs. (2010). Retrieved from http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt04.shtm#How.
• FTC Complaint Data. (2009). Retrieved from http://www.ftc.gov/bcp/edu/microsites/idtheft/reference-desk/national-data.html.
• ITRC’s 2009 Aftermath Study. (2009). Retrieved from http://hosted.verticalresponse.com/358216/36f148a40f/1746500010/8c36bcaafa/.

Details of the scam

This latest scam involved an individual who was selling items on Craigslist prior to moving. He received a reply to one of his Craigslist ads. The reply requested that he check a video on a site to confirm the exact identity of the item he was selling. The message contained a link to the video. The sender stated that he would buy the item if it was the one depicted in the video.

Once the individual clicked on the line, he was taken to the scam website. There, he was prompted to download the software so that they could “view” the video. The download actually consisted of malware. The malware would then take over the computer. Once this occurred, unwanted ads would continuously pop up. There was also the possibility of sensitive personal information from the victim’s computer being sent back the malware originator.

Uninstalling malware and returning everything to normal is difficult. In this case, the scammer did provide instructions on how to remove the malware. For those who have become a victim of this particular fraud, they would need to recall the name of the host site. They would then need to key that name in and follow it with: /movies/uninstall.html.

However, the best thing to do is to just not fall for the scam.

Other Craigslist scams

Another recent Craigslist scams involved a request for a potential buyer to leave their phone number. The pretense is that the potential “buyer” would call back later in order to transact business. However, the phone number is used to make expensive premium calls which become the responsibility of the victim.
The majority of other Craigslist frauds are phishing scams for identity theft and advance payment scams. Advance payment scams are also known as Nigerian scams. (See: reference 2) In a standard Nigerian scam information and money is requested in exchange for a large sum. The information, that is “needed”, can include bank account numbers, phone number and other personal data. Advance payments will also be request to cover miscellaneous bribes, fees, taxes, etc. Craigslist phishing scams will make an attempt to get personal data for the purposes of identity theft.

Here is a recent variation of an identity theft scam. In London, a person wishes to rent an apartment. She is fooled into thinking that she is dealing with an actual apartment owner. The scammer tells her that she doesn’t need to send him an advanced payment. This tactic is designed to establish trust. But the scammer tells her a tale of past problems with payment. So he suggests that the victim send $2500 to a relative or friend of her choice. This will prove that she has the money to pay for the apartment.

But the scammer also requests a copy of the payment transfer as proof of the payment. Shortly thereafter, the scammer shows up at the Western Union office while assuming the identity of the person that the money was sent to. He then collects the $2500. Here, it’s not made clear if Western Union paid out on a copy or if they were duped into thinking that it was an original. An investigation is being made. The lesson here is that not only should you send electronic payments to strangers, but you should not send copies, either.

Two main rules for avoiding Craigslist scams include never handing over financial and confidential information. Additionally, don’t believe something that sounds too good to be true.

References:

1. Craigslist Scams, Fraud Guides.com, http://www.fraudguides.com/internet-craigslist-scams.asp
2. Nigerian Scams, Crimes-of-Persuasion.com, http://www.crimes-of-persuasion.com/Crimes/Business/nigerian.htm

Taking a closer look at spyware and keylogger programs

Spyware is a category of software applications that are designed to record a user’s habits while they are online. These habits are then reported back to the spyware initiators. There are a number of resulting adverse effects. Some spyware programs will produce unwanted ad pop-ups and other forms of browser hijacking. Others will create serious security breaches. These can include: keystroke logging, personal data compromise and dialup ISP phone numbers changed to expensive toll phone numbers. Backdoors can also be installed in order to allow an entrance for hackers.

A computer is usually infected with spyware when “free” software is installed from a criminal website. The user will believe that they are getting illegal software from a hacker site (“warez” sites). However, any downloaded software is a potentially infected program that will allow a hacker access to the infected system. Other spyware sources can include: online games, download managing programs, instant messaging, peer-to-peer software and porn/crack websites. Most spyware is aimed at Internet Explorer by Microsoft. However, spyware can also be found that targets other browsers (Apple Safari, Mozilla Firefox, etc.). But this happens much less frequently.

Recent methods of infection require no user interaction at all. These are known as “drive-by” downloads (See: reference 1). Here, the spyware is attached to the user’s system just by visiting an infected website. Other way to become infected include: clicking on an infected pop-up, opening a zipped file or by clicking on an infected Java Applet or Active X file. Spyware can even be hidden in an image file or inside the drivers of new hardware.

Spyware spying techniques

Different spyware programs will function differently, depending on the software. Some forms of spyware will simply gather and transmit information. This may be solely for marketing databases. Others can be used for serious criminal purposes. In all cases, however, the spyware will make an attempt to identify the information sent across a network. This information will need to be linked to a unique source. This source can be a cookie located on a hard disk or some form of a Globally Unique Identifier (See: reference 2). The user’s logs are then sent to source that is analyzing the information. This information will usually include: usernames, passwords, IP address, GUID, hostname and various pertinent keystrokes.

Keylogger types

Keyloggers are software applications designed to record and transmit user keystrokes. The transmitted information may contain sensitive personal financial data. It may even transmit source code from software development companies. Keyloggers are not new, by any means. But they are getting renewed attention due to the growth of spyware use. Particularly, because of how easy a computer can become infected. There are three types of keyloggers:

Kernel or driver keyloggers are located at the kernel level. This means that it gets data from an input device. This will usually be the computer’s keyboard. The keylogger software will replace the interpreting keystroke software. This keylogger will remain undetectable since it comes up when the computer is booted. This happens before any user-level detection software is started. A disadvantage to this type of keylogger is that it can’t capture auto-complete passwords. This is because that type of data is passed in the computer’s application layer.

Hardware keyloggers are devices that are connected between the computer and the keyboard. Their small size can allow them to go undetected for extended periods of time. Their disadvantage lies in the fact that one would need to have physical access to the computer. Hardware keyloggers can capture hundred of keystrokes. As such, they can compromise passwords and banking information.

Software keyloggers that use a “hooking” mechanism utilize the SetWindowsHookEX() function. This Windows function is used to monitor all system keystrokes. This software is usually packaged in the form of an executable file. This file will initiate the Windows hook function. An additional DLL file is used to initiate logging functions. Auto-complete passwords can be captured with this software.

Keyloggers in the news

In 2008, the sale of a keylogger known as “RemoteSpy” (from CyberSpy Software) was temporarily halted by a U.S. District Court (See: reference 3). This was done at the request of the Federal Trade Commission (FTC). The allegation was that the RemoteSpy software violated the FTC Act.
The complaint was filed in by the FTC on November 5 and alleged that the software could be maliciously and remotely deployed. The FTC Act would be violated by software that can be installed without the user’s permission. The installed software could then be used to secretly collect personal data pertaining to the user. The allegation also accused CyberSpy of illegally gathering and storing personal data collected by RemoteSpy.

References:

1. “Sophos Security Analyses,” Sophos, http://www.sophos.com/virusinfo/analyses/
2. “GUID – Globally Unique Identifier,” Audit My PC.com, http://www.auditmypc.com/acronym/GUID.asp
3. “District Court Halts Keylogger Spyware Sales, CNET News, November 17, 2008, http://news.cnet.com/8301-13578_3-10099123-38.html

The increase in scam emails has been attributed to a poor economy. During these times, scam artists will increase their efforts in order to prey on the unsuspecting. One may see a current spike in mortgage rescue and government debt-relief scams. However, most scams are only variations of scams that have existed for many decades. In this way, today’s Internet scam may actually be an updated version of a scam that was popular back in 1920.

The latest government-related scams

Some of the more recent scam techniques will entail con artist who are posing as U.S. government officials. For example, these fake officials can say that they’re from the IRS, FBI or Department of Justice. A person may be contacted thought a phishing email, telephone calls, voice and text messages. They may even knock on your door.

The IRS has issued warnings to consumers to alert them of recent criminal activity regarding IRS identifiers. These can include the IRS log and name or even a phony IRS website. This is designed to fool taxpayers into thinking the scam is sponsored by the IRS.

Current scam examples

The Making Work Pay section of the economic recovery law of 2009 (See: references 1) is the inspiration for this phishing email. In the email, details of a purported refund credit that is available to workers, retirees and other consumers are outlined. It will be pointed out that refund credit can be issued directly though an individual’s bank account. All that needs to be done is to register the bank account with the IRS. The email will have a link that supposedly will register the bank account and claim the refund amount. The link will lead to a phony website to register the bank account. The phony site will not only request bank information, but will also ask for a social security number and other personal identification.

This will lead to a criminal being able to take over the victim’s entire identity. This can include; accessing a bank account, acquitting new credit cards, creating new credit accounts and running up substantial debt. But these are only the short-term issues. Long-term problems can also arise. These can be; financial loss, IRS problems and even accusations of criminal activity.

It should also be noted that most Making Work Pay tax credits have been received by workers in their paychecks. The credit was designed for wage earners. Those workers received the money in the form of decreased withholding taxes. This is different than a lump sum payment. In addition, non-wage earners (retirees and consumers not earning wages) were not eligible for this credit.

How to Spot an IRS-related Phishing Scam

Many phishing scam emails are relatively sophisticated. Therefore they can difficult to spot. However, here are some things to look for:

• Email that is baited with a promise of an IRS tax refund.
• Offerings to pay the email recipient for taking part in an IRS survey.
• Threats for non-response. This can be in the form of additional taxes.
• Incorrect spelling of the Internal Revenue Service or other agency.
• Odd phrasing or incorrect grammar (indicating an overseas origin).
• Request for detailed personal information (SSN, mother’s maiden name, etc.).
• A very long email address for the link (move the mouse over the link to see the actual email address).
• A link that does not contain irs.gov (The actual IRS website address).

References:

1. IRS.gov, August 4, 2009 – http://www.irs.gov/newsroom/article/0,,id=211669,00.html

Where Your Credit Card is Most Likely to Be Stolen

The next time that you stay in a hotel, your room might end up costing you more than you originally anticipated. At one time, a restaurant was the number one hot spot for stolen credit card data. However, recently, it appears that the number one spot is now owned by hotels.

Booking centers and hotels seem to be the prime targets, these days. A reservation center can have literally thousands of client’s credit cards in their files. Just one successful theft can yield quite a number of fraudulent shopping sprees. The charges for these illegal activities can show up anywhere from several hours to a few weeks, after the victims have made reservations. Unfortunately, this problem is not just limited to small hotels.

Robert J. McCullen, CEO of Trustwave, stated that the problem goes all the way to the top hotel brands. (See: reference 1). Trustwave is a company that is hired by merchant and hotel owners to provide protection for their systems. Trustwave released a recent report which indicated that 38% of all identity theft data breaches came from hotels, in 2009. In contrast, restaurants only accounted for 13%. This significant increase has come about in only the last 18 months.

Reasons for Increased Hotel Identity Theft

There are several speculated reasons for the rise in hotel identity theft popularity. One reason has to do with the number of different internal hotel locations a credit card can be used. In a hotel, the danger is not just at the front desk. Credit cards can also be used in spas, gift shops, hotel restaurants and pool bars. All of these locations are directly tied to a centralized computer location. Additionally, there are only a few vendors that provide credit card software and equipment for reading credit cards.

All that a hacker needs to do is to figure out how one major system operates. Once this is accomplished, then the hacker can use the same hacking techniques to break into the systems of other hotels. For example, if a hacker compromises the system at a Salt Lake City Marriott, they might be able to hack into a Marriott in New York, as well. Or if a Sheraton system is hacked, the same procedure may be used at a Westins. This is because both are part of the same hotel parent company (Starwood Hotels).

How You Can Spot Hotel Credit Card Fraud

Hotels are doing more to combat the threat of credit card fraud. But there are some things that a consumer can do to help, as well. For example, it’s important to understand that online use of credit cards always entails an element of risk. This means that you should secure your card’s details through the use of strong passwords. You should also change your passwords often. Make sure that you only use your credit card in locations that appear secure and credible. You should also look for credit card security verification signage.

Beyond that, a consumer should know that credit card companies don’t hold the card owners responsible for fraudulent charges. This is as long as the fraud is reported to the credit card company in a timely manner.

Although, in some cases, it could take months for bogus charged to start appearing, once the card information has been stolen. The best plan of action is to check your credit statements regularly for suspicious charges. In many cases, identity thieves are patient enough to wait for relatively long periods of time before running up charges.

References:

1. Where Your Credit Card is Most Likely to Be Stolen, ABC News, July 8, 2010, Scott Mayerowitz, http://abcnews.go.com/Travel/credit-card-fraud-hotels-top-spots-stolen-data/story?id=11110760