As the Christmas shopping season approaches, it’s a good idea to do what you can to reduce your risk of identity fraud when you shop online. Read the full article

Periodically the IRS issues a list of tax scams that it considers especially troublesome. Most of the Dirty Dozen Tax Scams involve fraudulent tax filings and other abuses of the tax system. However, the first item on the list is “phishing:” the use of e-mails that appear to come from the IRS but that are actually from crooks looking for ways to steal bank account information, social security numbers, and other personal information. Read the full article

My Mac-using friends have another gloating opportunity. Microsoft released an advisory warning of a newly-discovered flaw in multiple versions of Internet Explorer, including IE 7. PCMag.com and BBC News technology correspondent Rory Cellan-Jones have posts on the problem. The flaw allows software running on hacked web sites to access the contents of your hard drive, run unwanted software, or possibly steal your passwords; as many as 10,000 sites could be infected, according to BBC News.

Microsoft recommends changing IE security settings to high (look under Tools/Internet Options); other protective actions are provided at the advisory link. Alternatively, you may want to download one of the competing (free) browsers, like Firefox, and use it until Microsoft provides a fix. Read the full article

Prescription processor Express Scripts recently reported that some of the confidential data that it maintains on millions of patients has been compromised. In October the company received an extortion letter from someone who possessed names, Social Security numbers, and prescription information for about 75 people. Some of Express Scripts’ clients (typically these are health benefit plans) received similar threats.

The company has established a website to provide information about the data loss, although at present the site doesn't contain much real information. Express Scripts believes it has identified where the lost data was stored, but gives no indication that it has figured out how many people's information was stolen.

As I’ve mentioned before, stolen medical data sells for a premium because it can be used to commit insurance fraud; medical data theft is potentially much more lucrative than credit card theft. This incident will bear close watching, especially if it turns out that a significant number of people's information was lost. Express Scripts says that it will provide free "identity restoration services" to individuals who become victims of identity theft as a result of this loss – so by the time help is provided, the damage will already be done. Read the full article

This completes the series of posts that I started during National Protect Your Identity Week. I'd like to finish by discussing several more ways to avoid becoming a victim of online ID theft. Read the full article

Today I received another bogus e-mail claiming to be from Melrose Cooperative Bank, a bank with which I do no business. It's such an excellent example of the application of social engineering to phishing fraud that I decided to share it.... Read the full article

It looks like this week's discussion on identity theft will probably overflow into next week a bit, because I'm finding new information to share. Having discussed some of the social engineering-based approaches to stealing your private information, today I'd like to take a brief look at how you can protect your computers against more subtle forms of attack. Read the full article

Only about 10 to 15% of identity thefts with known causes have been attributed to online data theft, but this statistic is not very reassuring. According to the Identity Theft Assistance Center, only 42% of ID theft victims are able to determine how their information was stolen. If the majority of victims don't know how their information was stolen, it may not be safe to assume that the 10-15% figure accurately represents all ID theft losses attributable to online sources. How can you avoid being victimized online? Read the full article

Since this week is National Protect Your Identity Week, I’ve decided to post a couple of articles that are largely drawn from a newsletter that I wrote a while ago. The threat of identity theft is real, although as I have noted before, ID theft rates don’t seem to be increasing. Even so, if you aren’t taking precautions to avoid identity theft, you make yourself an easy target. Fraud-related theft tends to increase in times of economic crisis, so it’s wise to be cautious.

The National Foundation for Credit Counseling is spearheading National Protect Your Identity Week; you may want to check out their Protect Your ID site, which has a number of useful resources on this topic. Read the full article

In June I wrote about Bank of New York Mellon's reported loss of computer tapes containing four million people's personal information. This month, BNY Mellon got around to informing me: I was one of the four million. Read the full article

Web-based e-mail accounts like Yahoo and GMail provide a lot of convenience, but apparently with convenience comes risk. Prior to the news of the hacking of Sarah Palin's Yahoo account, I had assumed that this kind of thing required a phishing attack, but now I know better. Tech sites have been speculating about how her account was accessed and it's been noted that the "lost password" protocols for Yahoo are not hard to beat. A hacker might be able to guess well enough to gain access to your account. Read the full article

Credit card network facilitator Visa, Inc. announced today that it’s piloting a new system that can provide real-time e-mail or text message notification to a cardholder whenever a card transaction is made. Users will be able to define the minimum transaction amounts required to trigger a message. The system can also send a message whenever other triggering events take place: an internet credit card purchase, an overseas card use, or a telephone transaction, for example. Read the full article

Well, it seems late in the year for this, but today I received the first phony IRS e-mail of the season. The message appears to be a "phishing" scam in which I'm suppose to click on a fake IRS link provided in the message. Clicking the link would take you to an official-looking site that would collect confidential information - most likely, the thieves are looking for Social Security numbers. The IRS has noted a number of e-mail and telephone scams involving IRS impersonators; the stimulus rebates this year provide another premise for identity thieves to use as they "reach out" to potential prey. Read the full article

As I've noted elsewhere, there are some data that suggest that the frequency of ID theft may be on the decline. However, there are also indications that the volume of stolen financial data has swelled to such levels that cybercriminals are dropping their selling prices for stolen data. Read the full article

It’s wise to do whatever you can to protect your confidential information, but some ID theft losses are impossible to avoid. According to Computerworld.com, four million or so customers of Bank of New York Mellon recently learned this the hard way. Read the full article

Identity theft seems to get a lot more attention than it used to. I’ve given it my share by writing two client newsletters offering advice on how to avoid ID theft. But this is a topic that holds considerable personal interest for me, as I’ve been the victim of a series of thefts of credit card numbers over the years. Read the full article

What does it actually cost if you don’t pay off your credit card balances each month? What does a credit card purchase cost if you just make the minimum payments? Read the full article

Return to The FFS Blog Home Page

And now, to keep my lawyers happy: This site is for educational and informational purposes only. Nothing contained here should be construed by anyone as an invitation or solicitation to buy or sell any security. This site does not contain personalized legal, tax, investment, or financial advice. Users of this site should consult with a qualified adviser to obtain advice suited to their personal circumstances. Any links provided here to other web sites are for informational purposes only. We take no responsibility for the accuracy or content of linked sites.

COPYRIGHT THOMAS A. FISHER © 2008 - 2015