Identity Theft and Peer to Peer Sites

Are P2P sites safe?

Peer-to-peer (P2P) file sharing networks are very popular. Especially the music sites. Napster got this started back in the late 90′s.

The problem with P2P file sharing sites is that you can share a whole lot more than you thought you were sharing. Identity thieves can use these programs, including Limewire, to search your computer for tax returns, bank statements, credit reports and student financial aid info. They know exactly what they’re doing and what to look for.

Tiversa Inc. is a computer security company monitors global file sharing networks on behalf of the world’s largest financial institutions, government agencies and individual consumers. The US Attorney General asked them to monitor the P2P sites for a two week period.

At the end of the two weeks, Tiversa reported:

• Almost 56,000 requests for files involving “credit card”
• Over 75,000 requests for specific credit card statements by brand
• 50,000 requests for ‘tax returns’
• Over 317,000 requests for files involving ‘pin’and ‘user id’

 File sharing networks open your computer and your sensitive data to thousands of cyber-criminals. They happily use or sell your information to commit identity theft and fraud.

To secure the personal information stored on your computer, the FTC suggests that you:

• Set up the file-sharing software very carefully. If you don’t check the proper settings when you install the software, you could open access not just to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents.
• Talk with your family about file-sharing. Parents may not be aware that their children have downloaded file-sharing software on the family computer and that they may have exchanged games, videos, music, pornography, or other material that may be inappropriate for them. Kids may not understand the security and other risks involved with file-sharing and may install the software incorrectly, giving anyone on the Internet access to the family’s private computer files.
• Be aware of spyware. Some file-sharing programs install other software known as spyware. Spyware monitors a user’s browsing habits and then sends that data to third parties.
• Use and update your anti-virus software regularly. Files you download could be mislabeled, hiding a virus or other unwanted content. Use anti-virus software to protect your computer from viruses you might pick up from other users through the file-sharing program.
• Close your connection. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows file-sharing to continue and could increase your security risk. "Always on" connections may allow others to copy your shared files at any time.

 Here’s a list of P2P sites:

Acquisition	eDonkey2000	Kazaa Media Desktop	Phex	WinMX
Aimster	Freewire	LimeWire	Piolet	XoLoX
Ares	Gnotella	LordofSearch	Poisoned
Ares Lite	Gnucleus	Mactella	Qtella
Audiogalaxy	Grokster	Madster	Shareaza
BearShare	GTK-Gnutella	Morpheus	SoulSeek
BitTorrent	iMesh	NeoNapster	SwapNut
Blubster	Kazaa Lite	OneMX	TrustyFiles
Direct Connect	Kazaa Lite K++	Overnet	Warez P2P

The University of Chicago has a page with directions to disable the above P2P sites – http://security.uchicago.edu/guidelines/peer-to-peer/

Medicare Card and Identity Theft

For anyone covered by Medicare, you know your Medicare ID number is actually your social security number.

This creates a problem with keeping that number secure when you carry your card in your wallet. All your life, you’ve probably carried your health insurance card with you, so naturally, you carry your Medicare card. Isn’t that what Mom and Dad used to do?

A better solution is to make a copy of both sides of your Medicare card. Get some scissors and cut out the last four digits of your social security number. Don’t use a black marker – actually cut them out.

You won’t be denied emergency care from hospitals or doctors because your last four numbers are missing.

Put your card in a safe place like a fireproof box in your house. You’ll only need to carry it if you have an appointment with a new doctor. Now you’ll have one less critical piece of information safely tucked away from identity thieves.

Telephone Phishing Scam

I heard about a credit card telephone scam recently that was quite well done and easy to fall for. The thieves sometimes identify themselves as from Visa and sometimes from Mastercard.

Here’s how it works…..

You answer your phone and the person calling you says they’re from the "Security and Fraud Department at VISA (or Mastercard)". They even tell you their badge number.

They say your account has been tagged for an unusual purchase pattern and they’re calling to verify it. [Now that has a real ring of truth. I've had my credit card company verify purchases in the past.] They even have the name of the bank your card is issued from.

They ask if you purchased an Anti-Telemarketing Device for $497.99 from a company in Arizona. Naturally, you say ‘no’. [Note - this is one of the few times you get to say anything.]

The caller will then tell you you’ll get a refund issued before your next statement. They say the credit will be sent to (reads your address) and asks if that’s correct. So you say ‘yes’.

This is starting to establish a pattern of trust and believability because up to now, the caller knows your credit card number, the bank issuing it and your address.

The caller goes on to say they’ll be starting a fraud investigation and if you have any questions, you should call the 800 number on the back of your card and ask for ‘Security’. You’ll also be given a six digit reference number to use if you call.

So by now you figure this is legit and maybe you’re even looking at the back of your credit card for that 800 phone number. The thief is just about to set  the hook on this phishing scam.

So far, you haven’t provided any information a thief could use and the caller seems to know all about your card and is doing his best to help you with a fraudulent charge. You’re just a little rattled thinking your number has been stolen and grateful that the "Security and Fraud Department" is on the ball.

The one last thing the caller says is that he needs to verify you have actual possession of your card. He’ll ask you to look at the back and read off the 3 security numbers that are usually in the upper right corner on the back. You think that sounds reasonable and read them to him. He will tell you that you’re correct and thank you for verifying it. Then tell you to call if you have any questions. Good-bye – have a nice day.

Presto – you’ve been scammed.

Many times thieves get your name, addredd and card number. They’ll even know the issuing bank but unless they have posession of the card, they won’t know the security code on the back. Once they have this code, they can order anything online – it’s just like holding your card in their hot little hands.

When you get your next statement, you just may find you now have a $497.99 charge for that anti-telemarketing device along with a lot of other charges for things you never ordered.

Your credit card issuer will NEVER ask you for any numbers. If they call you to verify a charge, they already know they’re talking to you and they won’t ask you to verify any numbers. They’ll just ask if you made that charge. Never give out any information over the phone to anyone.

A classic ploy for telephone phishers/scammers is to tell you some kind of alarming news. That gets your brain side-tracked and keeps you from thinking normally. Then when they ask you to verify information, you just blurt it out. If you keep your wits about you and refuse to ‘verify’, the next step the scammer will usually do is to threaten to shut down all your financal accounts. You think your bank would really do that to you knowing full well there’s another bank on the corner you can switch to?

Never give any stranger such information as:

• Social Security number
• PIN number
• Security number on the back of your credit card
• Driver’s license number
• Bank account number
• Credit card number
• Password
• Mother’s maiden name
• Birth date

When agressive sales people (even honest ones) call on the phone and shoot questions at you, we have a tendency to answer them. They start off with, "How are you today?" just to get you started answering. Next thing you know, they’ll ask if you rent or own, how much your mortgage is, yada yada. It’s a sales techinique. If you wouldn’t tell a stranger on the street this type of thing, don’t tell someone who calls or emails either. 

 

« Previous Page