Sunday, December 14, 2008

Keeping an ID Theft Victim's Information Private is Catching On

Tom Fragala, CEO of Truston Identity Theft Services, started his MyTruston identity theft and recovery product based on the principle that he didn't believe an identity theft victim should have to give up their information to a third-party to protect themselves. After all, most of this information gets stored in a database, which is one of main places (besides trash cans) identity thieves go to steal information.

Information stored on databases is legitimately bought and sold by information brokers all the time. Criminals sometimes pose as having a legitimate interest to access the information. Of course, there have also been cases of dishonest employees selling it without a so-called legitimate purpose. This makes it extremely difficult to determine exactly where any stolen information originally came from. At this point in time, so much information has been stolen, we routinely hear about it being sold in chat rooms right over the Internet.

It didn't make sense to Tom to put all this information in another place, where it could potentially be compromised again. Databases have created an ability to store more information than ever before and transfer it with a click of a mouse.

Having been an identity theft victim himself, Tom had some rather personal feelings on the subject. It should also be mentioned that Tom has spent thousands of hours being a personal advocate for victims of this crime.

Since launching the do-it-yourself tool — where you don't have to be an expert to protect yourself or recover from identity theft — it has received numerous awards and become a hot topic within the technology industry itself. Besides not having to be an ID theft expert — you don't have to expose any of your personal information to a third party and the protection aspect is and always has been free. There is a charge for using the recovery tool, which can be cancelled anytime. I'll tell you a secret about that last statement, further down.

I discovered the latest news that the Truston concept is catching on when reading Tom's blog, which is well worth a read if you are interested in identity theft or privacy issues. "Today we announced that our MyTruston product has been included in the portfolio of the Affinion Security Center, the largest provider of identity protection and privacy services. Affinion has nearly 35 years of industry experience and over 65 million members of their many products. Clients of their identity protection and privacy products include Wells Fargo, Bank of America and The Hartford Insurance. Truston's Software-as-a-Service technology is deeply integrated within the Affinion Security Center’s core solution platform, IdentitySecure," according to Tom himself.

Just the day before, Truston also announced a partnership with CreditFYI, which is a one-stop shop for the best credit card rates, best loan rates, as well as, to learn how to protect your good name and credit rating.

Besides Affinion Group and CreditFYI, Truston is a private label partner with Identity Force, which provides identity theft protection services to the U.S. Government. Truston has been given a Four-Star rating by PC Magazine and has received several awards. "Truston's awards include a 2008 Product Innovation Award, a Hot Company 2008 Award, being selected for 10 Companies to Watch in 2008 by the Pacific Coast Business Times, the 2008 Tomorrow's Technology Today award, and it was identified as a leader by Javelin Strategy & Research in their December 2007 identity theft market report," according to the press releases.

If you are interested in just how user-friendly the tool is, the Truston site has a tour you can take.

I've also had the pleasure of speaking with Tom on several occasions and beta tested the tool myself before it rolled out. I've covered this in several blog posts on Tom and the MyTruston identity theft tool.

Now for the secret I promised earlier in the post. I mentioned that using the tool always has been and always will be free, but there is a nominal charge for using he recovery services. The secret is that if you go directly to the Truston site - you can use everything free for 45 days. Last, but not least, this free trial doesn't require you give them a credit card (which will get charged if you forget to cancel) until after the trial expires.

Most Internet Scams Start with Spam

I'm sure we've all noticed spam levels are slightly down, or that our spam filters seem to be working a little better. Nevertheless, spam continues to get through filters and for the next few weeks, a lot of it will have a holiday theme. Due to the sour economic situation, it's also likely going to take advantage of financial fears or the promise of a rescue from an already bad situation.

Since most unfortunate situations involving fraud, phishing, and financial misdeeds on the Internet start with a spam e-mail, it pays to use a little common sense and caution before falling for a too good to be true, or sometimes scary e-mail from an unknown source.

Last week, Symantec issued its December 2008 State of Spam Report. It predicts that although spam volumes are down after a lot of providers blocked access to sites hosted by, we will likely see them rise again. Spam levels dropped a reported 65 percent after this happened. " was allegedly hosting a significant number of botnet command-and-control systems'" according to the report. The bad news is that the report indicates the bad guys are moving elsewhere and that a number of them are hosting their efforts from IP addresses in (where else) China.

Getting back to the holiday season, the report notes that spammers are mimicking marketing come-ons from legitimate retailers offering holiday shopping deals. This makes it hard to distinguish exactly who is behind the e-mail. Sometimes the line between legitimate and illegitimate becomes a little blurry, which is something spammers have always taken advantage of.

The report also reveals a lot of links leading to malware infected sites in spam e-mails are using political themes to draw in their victims. Items related to Barack Obama are especially popular with spammers and scammers. In another twist to using Obama's good name, one spam campaign offered a Barack Obama coin, "a piece of history for only $9.95 plus shipping." This was an attempt to steal debit and credit card information.

Hot news stories were also used as lures to download malicious software. In particular, the recent Mumbai terrorist attacks pointed to links designed to infect machines. Ironically, a lot of this malware is designed to turn a computer into what is referred to as a "zombie," which when used in a botnet is used to send out even more spam.

While we haven't seen the holiday season pass, spammers of the scammer type are already using the IRS name to steal personal and financial information. The pre-tax season phishing scheme mentioned in the Symantec Report involved a come-on designed to snare people by telling them they had a tax refund or economic stimulus payment due to them. The link in these e-mails went to fake IRS site(s) — complete with offical logos — designed to steal personal and financial information.

The IRS isn't alone when it comes to having their good name spoofed. Just this week the FBI reported that their name was being used (yet again) in a campaign involving a typical Nigerian 419 scam. If an intended victim got leery after initially responding — they were threatened with "official consequences" should they fail to turn over the required personal and financial information.

Fear or scaring a victim into submitting to a scam is nothing new. In fact, some of it is now being referred to as Scareware. Scareware most frequently surfaces as a fake message claiming your computer is infected. In then offers to fix the problem for a nominal amount of money. My guess is that malware might actually be downloaded on a system by clicking on one of these come-ons.

Since it's hard to pay in cash over the Internet, anyone who pays on this form of extortion might have their method of payment stolen, also. Symantec recently released another report showing how many personal and financial details are for sale (super-cheap) on the Internet.

Alex Eckelberry of Sunbelt Software and the popular Sunbelt Blog just posted a visual presentation of scareware examples on his Flickr account.

There is little doubt that spam and its intended purposes have made the electronic world somewhat of a "virtual minefield" at times. It pays to make your computer bullet-proof by using good state of the art software from a legitimate vendor, but even if you are protected in this manner, you also need to protect yourself from social engineering schemes designed to lure a person into doing something they are going to regret later.

The Anti Phishing Working Group offers sage advice (from a variety of reputable sources) to the average person on how to avoid becoming a victim. Interestingly enough, they also recently released a report that is rather ominous stating the the number of crimeware spreading URLs are at an all-time high. Crimeware is another name for malware when it has a pure criminal intent.

To close this post, I'll point to a amusing video Symantec did on the 12 Days of Christmas Spam. It's probably best to end on a lighter note on what has become a serious problem.