Job Search Scams: 6 Ways to Protect Yourself Against Identity Theft

Identity theft rings have set their sights on the 15.7 million Americans who are unemployed and looking for work. Here's how to ensure you don't end up a victim.



Fri, November 13, 2009 -- CIO-- As U.S. unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers.

"We have seen a large proliferation of these scams over the past six to nine months because of the employment situation," says Lyn Chitow Oaks, chief marketing officer of TrustedID, which provides identity-theft protection services to individuals, families and businesses.

1. Never share your bank account information up front. Legitimate employers don't need to access your bank account until you become an employee, says Oaks. If they ask for it as part of the application process, it's a warning sign that this "employer" may be up to no good.


2. Never share your Social Security number up front. Legitimate employers will ask for your Social Security number only when they're serious about making a job offer (e.g., after they've interviewed you) and need to conduct a background check, or after you've accepted their offer and they need your Social Security number for tax purposes, says Oaks. Identity thieves will find sneaky ways to ask for your Social Security number up front. Don't fall for their ploys.

3. Never agree to a background check up front. "Until you know you're a candidate for a position, it's not necessary for an employer to do a background check," says Oaks, adding that the only exception may be the government. "They need your Social Security number to complete a background check," she says, "and if you give them the opportunity to do that, they'll learn all kinds of personal information."

4. Research potential employers. If you're unsure whether a potential employer you've found on a job search site is legitimate, Oaks says to find out whether the business has a physical address and to check with the Better Business Bureau in the state where the business is allegedly located to make sure they're licensed.

5. Consider sharing less information on your resume. Many people include their phone numbers and mailing addresses on their resumes, and indeed, employers like to know job applicants' area codes and Zip codes because they sometimes screen candidates based on that information. But if you're wary of identity theft, you may want to include only an e-mail address, at least during initial stages with prospective employers, says Oaks. She also recommends creating a unique e-mail address for your job search. "If employers are interested in you," she says, "they'll contact you."

6. Opt out. When you sign up for e-mail newsletters and offers from legitimate businesses, opt out of receiving offers from their third-party business partners. That can cut down on the amount of spam e-mail you receive and decrease the chances of your personal information ending up on the black market.

This Incident has been confirmed. In Katy , TX

As a woman was putting gas in her car, a man came over and offered his services as a painter, and had his business card in his hand. She said no, but accepted his card out of kindness and got in the car. The man then got into a car driven by another gentleman. As the lady left the service station, she saw the men following her out of the station at the same time. Almost immediately, she started to feel dizzy and could not catch her breath. She tried to open the window and realized that the odor was on her hand; the same hand which accepted the card from the gentleman at the gas station.

She then noticed the men were immediately behind her and she felt she needed to do something at that moment. She drove into the first driveway and began to honk her horn repeatedly to ask for help.. The men drove away but the lady still felt pretty bad for several minutes after she could finally catch her breath. Apparently, there was a substance on the card that could have seriously injured her.

This drug is called 'BURUNDANGA ' and it is used by people who wish to incapacitate a victim in order to steal from or take advantage of them.

This drug is four times dangerous than the date rape drug and is transferable on simple cards.

So take heed and make sure you don ' t accept business cards at any given time alone or from someone on the streets. This applies to those making house calls and slipping you a card when they offer their services.

http://www.snopes.com/crime/warnings/burundanga.asp

Customer Data May be Too Risky to Keep

CIO Insight

With data security an oxymoron at many companies, it's time to rethink who controls customer data in the first place.


By Dan Gillmor - 2005-09-05

Companies keep finding ways to misplace consumers' personal data. Courier services lose tapes on their way to long-term storage facilities; malevolent social engineers con their way into access; laptop computers holding multiple databases are stolen.

We hear a lot about these kinds of things now because a new California law requires companies to disclose to consumers when their data has been compromised. It should be obvious, though, that data loss has been happening for some time, because the level of security in these cases seems to have been, at best, pervasively inadequate.

All of which makes me wonder: Why are companies keeping our data at all? Wouldn't they—and we—be better off in the long run if data wasn't collected and stored in the first place?

This sounds counterintuitive, and it certainly goes against today's common business practices. It's basically been an article of faith that gathering, storing and massaging ever more data is a good thing. Information can be power. It helps determine risk and reward. It helps a company know its various constituents better, including customers and suppliers. And it's worth money.

The current model fails in two areas. One, as noted, is with shamefully lax security. The other is the perverse notion that our personal lives are a commodity to be bought, sold and traded without serious regard for privacy or the consequences of sloppy handling. This doesn't even take into account the common problem of data that is outright false.

It is distressing that most personal information—such as what we spend and where we spend it, not to mention the ultimate skeleton key for identity thieves, our Social Security numbers—can be bartered at all. And when information is compromised or incorrect, consumers are largely responsible for cleaning up the chaos that results.

The data collection system is, at long last, beginning to fray at the edges. Consumers are growing more worried and angry over what they're learning about shoddy storage and trading practices. A recent survey by Harris Interactive found an increase in identity theft and a decrease in consumer confidence that negatively affected purchasing decisions.

The worst practices are drawing the attention of trial lawyers who, in the absence of more serious government enforcement, are prosecuting the promise-breakers.

But the California law may be a canary in the coal mine for keepers of data, because it signals the possible reappearance of legislators into an arena they've tried hard to avoid—a natural tendency, given the prodigious amounts of campaign contributions legislators have collected from the data collectors and sellers.

It's in this context that we should be asking whether the rewards of holding on to consumer data are worth the trouble—and whether it's possible to create an infrastructure that gives consumers much more control over their information from the outset.

Eric Norlin, a vice president at Ping Identity Corp., and a longtime writer on these matters, advocates "federated identity"—a decentralized system that would have the effect of giving consumers just this sort of granular control. "This is about customers being able to make their identities portable," he says, "to allow individuals to present the ID they choose to present to the service provider."

For example, if I were buying a plane ticket, I could give the airline permission to charge a certain amount of money to my credit card. But the airline wouldn't need access to the actual credit card number if I'd simultaneously given the card issuer enough information about the transaction to make the transfer. The bank or other card issuer would need my permission to pay the airline, but the entire transaction could take place in a seamless mesh of business logic, using advanced Web services, that lends parts of my identity to those who need it on a temporary basis.

This leaves a single potential point of failure (for this transaction, at any rate) from an identity-theft standpoint: the bank. Even though banks can, and sometimes do, get careless with data, a financial institution that builds and maintains an excellent record for data security will win more business. Competition for customers would bring more business to providers that are the most careful.

For such a system to have any chance of working, a variety of technologies is required. Ultimately, consumers and merchants must trust that the parties they're dealing with on either side of the transaction are indeed who they're supposed to be. Also, data cannot be easy to compromise. So encryption as well as the ability to digitally "sign" what we send around are crucial.

A viable public-key encryption infrastructure meets these requirements, and the technology's inventor is Whitfield Diffie, Sun Microsystems' chief security officer. He questions whether institutions would ever buy into an identity system where the data resided solely with consumers, but says there's no fundamental technical barrier.

Still, the practical difficulties are not trivial. Mortgage lenders may lose some of their ability to uncover information borrowers may have failed to disclose, and that would mean greater lending risk. One way around the problem might be harsher contract sanctions for failing to give lenders correct information when asked, plus a higher interest rate for more limited kinds of disclosure. In such transactions, people will have to make visible more verified data about themselves than in deals, such as a simple purchase, where the stakes are lower.

Another real-world barrier, Diffie notes, is the lack of a ubiquitous key infrastructure. The old AT&T could have created that, given its one-time dominance of communications. Federal agencies such as the National Security Agency had the wherewithal to do it, but the NSA damaged its credibility with the public by trying to exert improper control over encryption. Federated identity advocates are painstakingly building an infrastructure today that they hope will solve the problems of tomorrow.

One drawback with user-controlled data has nothing to do with business, and that is the government's wish to spy on us. Law enforcement might find its job complicated by an identity system that decentralized control and collection of information.

Even so, there is enormous logic and value to society in returning people's personal lives to their own control. The credibility of future electronically based commerce may depend on consumers' trust in the system. They are losing faith already, and a data Chernobyl is in no one's interest.

The way we're going, however, such a meltdown might be hard to avoid. It would be wise to plan now for the aftermath, wiser still if companies would consider—just consider—the possibility that data retention itself could be the heart of the problem, and seriously analyze the alternatives. That alone would move the ball ahead.

Corporate America has an unfortunate addiction to centralized data that it doesn't need. Sometimes, losing control is an advantage.


http://www.myinvisusdirect.com/Rgrabowski
http://www.cioinsight.com/c/a/Past-Opinions/Customer-Data-May-be-Too-Risky-to-Keep/

Cyber Crime Statistics

The following cyber crime statistics illustrate of some of the general trends in the field of hi-tech crimes. Marked increases in cyber crime statistics result in an increasing need for professionals capable of responding to and investigating cyber crimes, and conducting computer forensic examinations of evidence in these cases.



Cyber Crime Statistics from the 2006 Internet Crime Report*


In 2006, the Internet Crime Complaint Center received and processed over 200,000 complaints.


More than 86,000 of these complaints were processed and referred to various local, state, and federal law enforcement agencies.


Most of these were consumers and persons filing as private persons.


Total alleged dollar losses were more than $194 million.


Email and websites were the two primary mechanisms for fraud.


Although the total number of complaints decreased by approximately 7,000 complaints from 2005, the total dollar losses increased by $15 million.


The top frauds reported were auction fraud, non-delivery of items, check fraud, and credit card fraud.


Top contact mechanisms for perpetrators to victims were email (74%), web page (36%), and phone (18%) (there was some overlap).


* The Internet Crime Complaint Center is a clearinghouse for online economic crime complaints. It is maintained by the National White Collar Crime Center and the Federal Bureau of Investigations. To review the results of the study, visit the National White Collar Crime Center’s site, at http://www.ic3.gov/media/annualreport/2006_IC3Report.pdf .


Cyber Crime Statistics from the 12th Annual Computer Crime and Security Survey*


Between 2006 and 2007 there was a net increase in IT budget spent on security.


Significantly, however, the percentage of IT budget spent on security awareness training was very low, with 71% of respondents saying less than 5% of the security budget was spent on awareness training, 22% saying less than 1% was spent on such training.

71% of respondents said their company has no external insurance to cover computer security incident losses.


90% of respondents said their company experienced a computer security incident in the past 12 months.


64% of losses were due to the actions of insiders at the company.


The top 3 types of attack, ranked by dollar losses, were:


financial fraud ($21.1 million)


viruses/worms/trojans ($8.4 million)


system penetration by outsiders ($6.8 million)


* The complete results of this study, as well as past studies, which are conducted annually by the Computer Security Institute, can be found at the CSI website www.gocsi.com . Interestingly, these statistics are compiled from voluntary responses of computer security professionals. Thus, there is certainly an inference that the damages due to computer security incidents are much higher than those cited here, as companies without responding security professionals undoubtedly were the victim of computer security incidents.


Cyber Crime Statistics from the Online Victimization of Youth, Five Years Later study*


Increasing numbers of children are being exposed to unwanted sexual materials online.


Reports of online sexual solicitations of youth decreased while reports of aggressive sexual solicitation of youth did not (perhaps indicating that some prevention and education measures may be working, while the most serious offenders may not be deterred).


Online child solicitation offenses are rarely reported to any authority.


Incidents of online harassment and bullying increased.


*This is an empirical study based on approximately 1500 surveys conducted with online youth in 2005 that were compared to the results of a similar study in 2001. The study was conducted by the National Center for Missing and Exploited Children, the Crimes Against Children Research Center, and the Office for Juvenile Justice and Delinquency Prevention at the United States Department of Justice. The complete results of the study can be found here http://www.missingkids.com/en_US/publications/NC167.pdf .