ID Theft Victim puts her Evil Twin back on probation in San Francisco

San Francisco's Hall of Justice

Identity theft victims often get pretty frustrated after being accused of being deadbeats by collection agencies, or even being charged with a crime they didn't commit.

Trying to seek justice seems to do little good, either. Law enforcement rarely has the resources to investigate individual cases, unless an identity thief is caught "red handed."

Mike Weiss (San Francisco Chronicle) did an interesting article about a victim (Karen Lodrick), who caught her evil twin, Maria Nelson.From the Chronicle story:

The only other time Lodrick, a 41-year-old creative consultant, had seen that particular coat was on a security camera photo that her bank, Wells Fargo, showed her of the woman who had stolen her identity. The photo was taken as the thief was looting Lodrick's checking account.

Now, here was the coat again. This woman -- a big woman, about 5 feet 10, maybe 150 pounds -- had to be the person who had put her through six months of hell and cost her $30,000 in lost business as she tried to untangle the never-ending mess with banks and credit agencies.

During the pursuit -- Karen confronted Nelson, who had noticed she was being followed -- asking her to wait until the Police arrived. Nelson informed her she couldn't wait for the Police because she was on probation.This might be one of the more honest statements Nelson has made in the recent past.

In fact, Nelson has eight previous convictions for fraud, and is on probation for one of them! She also had a warrant for her arrest in Yolo County, which is about 2 hours North of San Francisco.

Shortly after this confrontation, Nelson dumped a wallet in a trash can. Here is what it had inside:

In front of West Coast Growers, she dropped a wallet into an abandoned shopping cart. Lodrick, still after her, picked up the wallet -- also Prada -- and found an entire set of identification, including credit cards, a Social Security card and a debit card all in the name of Karen Lodrick.

Later, when she returned to the bank that had been her original destination that morning and took possession of the lost driver's license, it was a perfect forgery -- with a hologram and a California seal -- and it had Lodrick's name but Nelson's photo and physical characteristics.

Because of Karen's individual efforts, the San Francisco Police responded, and Nelson was apprehended.

Eventually, she was convicted, but this probably did little to give Karen satisfaction for everything she went through.

At her sentencing, Nelson showed little remorse, smirking and waving at Karen. And why not, despite her long criminal record, Nelson received 44 days (time already served) and yet (another) three-year probation.

Karen was able to make a statement at Nelson's sentencing, where she said:

I can't believe it. I went through six months of hell, and she's going to get probation? She was on probation when she victimized me. Obviously, probation's not helping.

Chronicle story with more detail, here.

It's pretty obvious why Nelson was smirking, committing identity theft is relatively easy, the consequences are pretty lacking, and it pay's well.

So far as the ease common criminals can obtain all sort of counterfeit identification documents, I have a lot of information how bad a problem this is, here.

The abuse and lack of controls on certain technologies have made counterfeiting pretty easy to accomplish. Likewise, the ease in with credit is issued, makes committing identity theft a pretty lucrative venture.

I did a post about how easy it is for criminals to use someone else's credit, here.

Where do you think the millions of illegal immigrants get the necessary documentation to obtain employment?

Of course, illegal immigrants aren't the only people using these documents.

Counterfeit documents are distributed by organized crime gangs, who sell them to ANYONE with the money to buy them.

As long as the consequences for identity theft remain minimal, we are going to see a lot of good people like Karen, go through hell.

When are laws going to start protecting the people, paying all the taxes to enforce them?

Consumers Union Calls for Congress to Protect People's Personal Information

The Consumers Union is calling for voters to let their elected officials know they are concerned about identity theft.

Here are what the Consumers Union considers to be the key issues:

In every state, you should be able to place a "security freeze" on your credit file so thieves can't open new accounts in your good name. Companies and agencies should be required to notify you when the security of your private information has been breached. If lawmakers are serious about making us more secure, this should be the first thing they do when they return to Washington. Help us send this clear message now to your Congressional Representative and Senators.

If you are concerned about this issue, you can add your thoughts by sending a message to Congress, here.

The last time this issue came up before the election - a bill was being pushed through. Here is more information on it and what I wrote about it:

Don't Allow HR 3997 to Take Away Rights from Identity Theft Victims

This bill is still pending - and if passed in it's current version - it threatens to mute State laws already enacted to protect people from identity theft.

An Identity Theft Protection and Recovery Service Based on Trust

The new identity theft protection and recovery service by Truston is live. The service is unique because it doesn't require you to give up your personal information, which could be stored in a database, and used to commit identity theft if it falls into the wrong hands.

In case you've missed the weekly stories, databases are being compromised all the time and according to the Privacy Rights Clearinghouse (which is keeping tabs), 97,326,222 people in the United States have been compromised by data-breaches since February, 2005.

I probably need to make a disclaimer that this number might grow before I publish this post. Nonetheless, here are the ugly statistics as of this writing.

Tom Fragala, who is the CEO and a former identity theft victim himself did a great post on his blog describing the service:

myTruston is a web-based service that protects you from identity theft. It is simple and safe.

How simple? One minute sign up. And myTruston works by providing you a recipe-like format, one task at a time, for dealing with identity theft. That goes for both prevention and recovering from fraud.

Why is it safe? Because our members never send us any confidential personal information. All we need is your email address to help you. Every other prevention and recovery service requires you to give them your name, address, SSN, and even power of attorney.

What does it cost? Our prevention services will always be free! And our recovery services are free until January 2007.

We’re getting some nice kudos from people. You can see an updated list here. One example:

"Very slick. You're a genius for coming up with something so simple yet effective & helpful. I'll definitely spread the word." - Jed Tucker, myTruston member

The bottom line is that finally we have a resource where someone can protect themselves and recover (if they are victimized) without putting themselves at additional risk.

And even I had no problem "navigating" it!

Here's the previous post, I did about myTruston:

Truston - An Identity Theft Service I Trust

If you would like to check out myTruston, link here.

Why Do We Keep Blaming Identity Theft Victims?

I just got done reading an article by Mark Seagraves (WTOP Radio) about 478 laptops that have been stolen from the IRS. Mark was able to obtain this information via the "Freedom of Information Act."

At first, I thought "here we go again," but in reality -- there are probably thousands of laptops that have disappeared in the private sector that were never made a public record via the "Freedom of Information Act."

In fact - in a lot of the data breaches observed - the breached seem to disclose as little as possible. I wonder if we know about every data-breach that might have occurred?

Articles about missing laptops compromising "millions" make good stories, but in reality, laptops are a desirable item and get stolen all the time. It's entirely possible they are bought and sold on the black market and even used by criminals, who are clueless of their "information value."

I predict sometime in the near future, we'll see a story on information was compromised by the theft of a smart phone. They're pretty easy to steal and (desirable), also.

On the other hand - with chat forums selling personal information for a few dollars a pop - the amount of compromised information out there is potentially huge.

Recently, we saw stories where personal information was being harvested off hard-drives that were thrown-away, or given to charity. How many hard-drives have been discarded without removing the information on them?

Again - with the amount of personal information being stolen and used in financial crimes - who knows? Some "expert" will argue that none of it has been used and the criminals using it are unlikely to comment.

No matter where it comes from, the astronomical increase in identity theft, clearly indicates that a lot of information is being compromised - whether stolen from a laptop, garbage can, or via malicious software, sometimes referred to as crimeware.

I had to chuckle recently when some "security experts" observed that in most identity theft cases, the information compromised came out of trash cans. Whether they are right, or wrong - the information sent in mass mailings starts in a database - sold for a profit and printed on a computer.

The only difference is the method of mail being used. Trust me, the Postal Inspection Service investigates a tremendous amount of fraud that is sent via snail mail and mail fraud is nothing new.

Yes - according to the experts - we are to blame and need to take action to ensure criminals don't compromise the sensitive information being sent to us in mass mailings. Is anyone paying us for our time to rectify a problem, we didn't create? Has anyone ever considered that maybe we shouldn't be mailing this type of information and then making it too easy to obtain one financial instrument, or another?

We see technology fixes, which are highly publicized, but seem to have short lifetimes after "saavy" criminals defeat them. An example of this is the "chip and pin" technology - which seemed to be compromised in no time at all on older ATM machines.

There are still a lot of older ATM machines to be used.

I've also seen "experts" blame people for not keeping their virus protection up-to-date, or falling for social engineering schemes. Are they to blame for e-commerce sites that are easily faked and complete "do it yourself" scamming kits routinely available on the Internet?

An entire security industry has grown up around this problem and if you want protection - which doesn't always work - you need to line someone's pockets. In fact - in many instances - you not only have to line their pockets once, but you also have to pay for all the countermeasures that are developed when their measures are defeated.

Businesses love income streams.

Then there are the faux providers of protection, which can lead to more information being sifted from your computer if you happen to download their "fixes." It's very difficult for most consumers to determine - who is reputable and who is not - when their ads are right next to each other on the Internet.

Sadly enough - one of the solutions has been to offer "identity theft insurance," which means that people are being asked to finance their own protection. A lot of this is being sold by the same people, who are buying and selling all the information that caused the problem in the first place.

We need to address to the real issue, which is there is too much information out there that is "poorly protected" and easily accessed for "dubious purposes."

Please note that I'm not advocating that people don't need identity theft protection, or to protect their systems. Virus protection, firewalls and identity theft protection are probably good things to have in the current enviroment we are dealing with.

And I'm not saying all the "experts" are wrong. Trust me, a lot of them are hard working, thoughtful and dedicated people trying to make a difference. The problem is that money can buy a lot of experts and those using and abusing people's personal information have plenty to spend.

We need to stop believing that technology can cure the problem and realize we are dealing with a social issue. The bottom line is that a lot of sensitive personal information is being poorly protected and too many people are being victimized by the use of it.

Since so much money is being made by making "sensitive information" too easy to access, the people making a lot of money are resistant to change. Until we make it less profitable for them to continue "enabling" the problem, the problem isn't going to disappear and is likely to grow.

If the people enabling the problem are "resistant to change," perhaps the answer is to create laws to protect the innocent and make it a little harder for the guilty to do business as usual!

Blaming victims for something they didn't cause is getting a little old!

Don't Allow HR 3997 to Take Away Rights from Identity Theft Victims

Received an e-mail from the Consumers Union - about the identity theft bill (HR 3997) being voted on in Congress this week.

This bill (many believe) isn't consumer friendly and will weaken existing state laws to protect the rights of "identity theft" victims.

I decided to pass this on and see if anyone else wants to let Congress know how you feel.

Here is the letter:

Great news! Together, we're putting the kibosh on identity thieves. In roughly one year, consumers like you sent more than 420,000 emails to lawmakers across the country asking them to pass strong identity theft protections.

Due to these efforts, 25 states have passed laws protecting consumers. Last week, more than 1,500 consumers from 49 states and the D.C. called their representatives and asked them to “vote no” on HR 3997, a do-nothing identity bill. The effort paid off as the House delayed a vote on the bill! Help us kill this bill once and for all. Find out how you can help!

If you are interested in why (many of us believe) this isn't the bill to pass, here is my most recent post - along with previous posts about this subject:

The Financial Data Protection Act Doesn't Protect the Citizen

Diary of an Identity Theft Victim

I came upon an interesting series of blog posts by Julie O'Brady on her experience of becoming a statistic (one of 9 million according to the FTC) of identity theft.

Julie recounts the "trail of tears" a victim experiences - from discovery of the problem to finally clearing her financial name - and documents it in a series of posts.

In Julie's own words, here is her summary:

The months of June and July, 2005 meant that each day for me was back to Square One with my own personal investigation; i.e. doing research online, contacting every possible authority I could, and then working with the attorney general, private investigator, police detective, and finally postal inspector. I took it upon myself to prepare extensive documentation that I updated and shared with all the authorities and agencies working on the investigations.

To my knowledge, at the very least, the 2 suspects were apprehended by the senior inspector and another victim was identified and quite possibly spared the victimization of the Nigerians.The 2 suspects were college age students who had already secured fake IDs; were picking up lots of merchandise through the drop box; had been selling the merchandise on eBay and other auction sites; and then sending proceeds to the Nigerians who recruited them!

Here again - as Julie has aptly highlighted - only through a lot of "tenacity" was she finally able to get help from a postal inspector - who was able to catch two (possibly more) of the "growing army of Internet recruits" that more organized entities use to do their dirty work.

This highlights why greater efforts need to be made to go after the root sources of crime on the Internet. Since many of the recruits claim to be victims - all too often - there is no prosecution and since the "recruiters" are normally overseas, little is done from a legal standpoint.

Julie did take the time to write about this - and more importantly - didn't give up, which makes her worth of admiration. She also has put together a series of resources to help others.

For Julie's entire story, link here.

Here are some other examples, where organized entities use recruits (dupes) to commit crimes for them:

Cyber Gangs Luring Children to Launder Money

BBB Worker Takes Job Processing Fraudulent eBay Transactions