[ISN] Teaching teens about ID theft

InfoSec News isn at c4i.org
Wed Dec 14 16:11:33 EST 2005


http://seattlepi.nwsource.com/local/251779_lcenter13.html

By DEBORAH BACH
SEATTLE POST-INTELLIGENCER REPORTER
December 13, 2005

Applying for a job at an electronics store two years ago, Zach Friesen
was stunned to learn that the store manager was turning him down
because of his terrible credit record.

"I looked at him and said, 'I've never had credit in my life. What are
you talking about?'" the 19-year-old recalled.

Someone had rung up about $40,000 worth of bills related to a
houseboat purchase under Friesen's name -- when he was 7 years old.  
The fraud went undetected for a decade, and only when he applied for
the job did Friesen discover that he was a prime target for identity
thieves, who are increasingly focusing on young people.

Friesen cleared up the situation and got the job.

Since August, the University of Colorado sophomore has been traveling
to high schools in various states, educating teens about identity
theft through an initiative undertaken by Qwest Communications.

Also participating in that effort is Judith Collins, a professor of
criminal justice at Michigan State University who recently spoke to
students at Franklin High School in Seattle.

"How many of you know what it means to be credit-worthy?" Collins
asked, standing at the front of the room. No hands were raised.

"Anyone familiar with credit reporting agencies?" Again, no hands.

That lack of knowledge, Collins told the class, is exactly what makes
18- to 29-year-olds the quickest-growing group of identity theft
victims. Teens typically don't have credit reports, having never
applied for a loan or a credit card, which leaves their Social
Security numbers lying dormant for years.

"Perpetrators know this," Collins said. "That's why you're so
vulnerable."

Collins knows all too well what she's talking about. She was an expert
on white-collar crime when someone obtained her Social Security number
in 1999 and used it to open 33 credit card accounts, ordering masses
of merchandise to a post office box in California.

Though a federal law passed in 1998 made identity theft a criminal
offense, Collins said she got little help from police and conducted
her own investigation.

She uncovered about 25 other victims living within a 45-mile radius of
her home who all went to the same medical clinic, leading Collins to
suspect that someone broke into the clinic's patient database.

The experience was "so traumatic" that Collins turned her attention to
identity theft, helping start Michigan State's Identity Theft Crime
and Research Laboratory.

She has worked with hundreds of young people since that time and has
many harrowing stories -- of teens whose bank accounts have been
cleaned out, who have been denied employment and student loans or
ended up with criminal records resulting from crimes committed using
their identity.

Collins recounted the experience of a young woman at Michigan State
who was studying in the library one day and went to the bathroom,
leaving her backpack with her purse inside sitting by her table. When
she returned her purse was gone, taken by a woman who police believe
was casing the campus, looking for someone who resembled her. Spotting
the young Latino woman, with long, dark hair like her own, she'd found
her match.

The thief used the student's driver's license to cash a bad check --
unbeknownst to the victim until police showed up at her home on
Christmas Day and arrested her in front of her extended family.

Teens' belief in their invincibility, Collins said, puts them at
additional risk. According to the National Cybersecurity Alliance, 40
percent of Americans under 25 believe that they are more likely to be
hit by lightning, audited by the IRS or win the lottery than be the
victim of a computer security problem. In reality, computer security
breaches -- viruses, hacking and scams -- affect about 70 percent of
computer users.

Federal Trade Commission statistics for 2003 show that of the
approximately 10 million cases of identity theft that year, the
largest percentage -- 28 percent -- was among 18- to 29-year-olds.  
Washington ranked 10th in the nation in identity theft per capita,
with credit card fraud the most common form.

>From money laundering to drug trafficking, Collins said, identity
theft is used in almost every crime committed today, costing the U.S.  
economy an estimated $50 billion annually. Terrorists rely on assumed
identities to conceal their activities and whereabouts, she said,
mentioning that al-Qaida training manuals contain tips on stealing
identities.

"It's the crime of the 21st century," she said.

Thieves access personal information through myriad means, from lifting
records from the workplace to stealing mail containing bank
statements, credit card offers and tax information. They rummage
through trash, use "change of address" forms to divert mail to another
location, steal purses and wallets, and obtain credit reports by
posing as a landlord or an employer.

More sophisticated crooks hack into databases or scam victims through
"phishing" -- sending e-mail or pop-up messages that claim to be from
a legitimate business or organization asking the recipient to update,
validate or confirm his or her account information and often warning
of dire consequences for failing to act. The messages direct victims
to Web sites that look just like the real thing -- for example, PayPal
or eBay.

Finding a mother's maiden name, a commonly suggested password on many
Internet sites, is pay dirt. From there, Collins said, thieves can
obtain original birth certificates, get Social Security cards and even
apply for passports.

"They engage in complete identity takeover," she said.

Once they collect enough personal information, thieves might call
credit card issuers to change the billing address on an account, then
run up charges on it. They might open credit cards under the assumed
name, creating delinquent accounts that become part of the victim's
credit report.

They might apply for phone or wireless service under stolen names,
open bank accounts and write bad checks on them, buy cars, get jobs,
file fraudulent tax returns or file for bankruptcy. They may give the
victim's name to police during an arrest and when they ignore a court
date, an arrest warrant is issued for the victim.

Though identity theft can go undetected for years, Collins said,
sudden pitches from credit card issuers or banks to teens should serve
as a red flag.

Potential victims can find out if a credit report has been issued in
their name by asking any of the three major nationwide consumer
reporting companies -- Experian, Equifax and TransUnion -- for a copy
of their credit reports. The Fair Credit Reporting Act requires
reporting agencies to provide any consumer with one free credit report
annually upon request.

With teens making up about 20 percent of its customer base, Qwest last
year hosted a summit in Denver on protecting young people from
Internet theft. The company launched a public awareness campaign,
developing an educational video with the Denver District Attorney's
Office and hiring Collins to develop a curriculum.

Melodi Gates, Qwest's director of information security, said that as
more young people became company customers, Qwest looked at what sort
of educational outreach programs were available to them about identity
theft and found very little.

"We saw an opportunity to bring a message to people who might not have
heard as much (about it) and are increasingly a set of victims," she
said.

Friesen, the college sophomore, spends about a week each month
traveling around talking to young people in the hope that he can help
them avoid the situation he found himself in two years ago. He
realizes he escaped relatively unscathed, but the experience is
nonetheless disquieting.

"I haven't seen any more problems so far, but that's not to say I
won't," he said. "I know my number's out there. But thanks to getting
involved with Qwest and their campaign, they've done a great job in
helping me understand more ways to keep myself safe."

PROTECTING YOUR IDENTITY

* Never carry your Social Security card or birth certificate with you. 
  Keep them in a safe place at home.

* Don't loan your cell phone, driver's license, checkbook or credit 
  card to anyone.

* Don't leave your purse, wallet or backpack unattended.

* Don't use your mother's maiden name for a password. Choose strong 
  passwords and change them often.

* Don't respond to e-mails asking for personal information, even if 
  they appear to be from legitimate Web sites. If you are concerned about 
  your account, call the organization or open a new Internet browser 
  and type in the company's correct Web address yourself. Do not cut 
  and paste the link from the message into your browser -- phishers 
  can make links look as if they go to one place, but instead send you 
  to a different site.

* Never e-mail personal or financial information.

* Use anti-virus software and a firewall, and keep them up to date.

IDENTITY THEFT WARNING SIGNS

* Applying for a driver's license and discovering that one has already 
  been issued in your name.

* Telemarketers calling and asking to speak to you.

* Receiving preapproved credit card offers, bank statements or 
  collection statements in the mail.

* Being denied applications for student loans, an apartment or a 
  credit card.

For more information about how to obtain a credit card and what to do
if you're a victim of identity theft, go to www.incredibleinternet.com

© 1998-2005 Seattle Post-Intelligencer





More information about the ISN mailing list