Due to a rise in identity theft, it’s no longer uncommon to find mortgages and loans on a child’s credit report before the child is even old enough to vote. Unfortunately, when it comes to child identity theft, it can be many years before the fraud is discovered.

To combat this problem, the Federal Trade Commission (FTC) and the Office for Victims of Crime (OVC), Office of Justice Programs, U.S. Department of Justice, plans to hold a workshop on child identity theft, called “Stolen Futures” in July to raise awareness of the problem and to brainstorm on how to protect children from fraud.

Government, business, non-profit, legal service providers, and victim advocates will explore the nature of child identity theft, including foster care identity theft and identity theft within families, with the goal of advising parents and victims on how to prevent the crime and how to resolve child identity theft problems. The forum is free and open to the public. For more details, visit the FTC’s web page.

Popularity: 1% [?]

We’ve been getting a lot of questions from customers who received their credit reports and found errors on it. To resolve this issue, here’s what you need to do:

If you find your credit report marred by erroneous information or identity theft, federal law gives you the right to correct these mistakes. These three steps can help you repair your credit yourself:

1. File disputes. If there is inaccurate information on your credit report, you can dispute it with Experian, Equifax and TransUnion. Your credit reports may not contain the same mistakes, so contact the relevant agency according to their rules, which can be found on their Web sites. All three agencies allow consumers to submit disputes online, on the phone, or via snail mail.

If you do choose the snail mail option, send a certified letter that clearly states the facts and explains why you are disputing the item. Include a copy of your report with the mistake highlighted. You should also request a “return receipt” with the certified letter so you know when the agency received it.

The FCRA mandates that credit reporting agencies must respond to your dispute by initiating an investigation and collecting evidence from your creditors. If the information is inaccurate, they must either remove or correct the disputed information, usually within 30 days.

2. Deal with denials. If an investigation comes back and your request for a change is refused, send a letter of dispute to the creditor whose reporting statements you disagree with. The report includes contact information for each creditor listed on the report. Keep copies of all correspondence, and write notes about each phone conversation you have.

If you are unable to resolve a dispute, you have the right to add a 100-word comment to your credit report. This alerts creditors that there is an unresolved error on your report.

3. Block fraudulent information. If you are a victim of identity theft, you can block the reporting of any information in your report that is the result of identity theft.

Was Identity Theft the Problem?

If errors were the result of identity theft, you have the right to block the credit bureaus from reporting accounts that were opened or soiled by the thief, inquiries that were initiated by the thief, and other erroneous negative information.

To do so, you must file an identity theft report and provide the credit bureaus with proof of your identity. The credit bureau may deny your request for a block if you do not supply the necessary documentation or if you misrepresent facts. Find the necessary form at www.ftc.gov/bcp/edu/microsites/idtheft.

Get instant access to your credit report and score, along with the best identity theft protection on the market, with IDEssentials.

Popularity: 1% [?]

To make a point about data protection, an academic researcher dumped names, email addresses, and biographical information made available in 35 million Google Profiles into a massive database that took just a month to assemble. While he suspected he find get the info, he was shocked at how easy it was.

According to the Register, University of Amsterdam Ph.D. student Matthijs R. Koot created the database to prove how easy it would be for private detectives, spear phishers, and others to mine the vast amount of personal information stored in Google Profiles. He proved his point well—it took him just a month to create the database.

Unlike Facebook policies that strictly forbid the practice, the permissions file for the Google Profiles URL fail to prohibit indexing the list. To make matters worse, Google engineers didn’t impose any technical limitations in accessing the data, which is made available in an extensible markup language file called profiles-sitemap.xml.

“I wrote a small bash script to download all the sitemap-NNN(N).txt files mentioned in that file and attempted to download 10k, then 100k, than 1M and then, utterly surprised that my connection wasn’t blocked or throttled or CAPTCHA’d, the rest of them,” Koot told The Register.

The database contains names, educational backgrounds, work histories, Twitter conversations, links to Picasa photo albums, and other details made available in 35 million Google Profiles. It includes the usernames of 11 million of the profile holders, making their Gmail addresses easy to figure out. The 35 GB of data excludes the full-text indexes and profile photos of the users.

“I’m curious about whether there are any implications to the fact that it is completely trivial for a single individual to do this – possibly there aren’t,” he wrote. “That’s something worth knowing too. I’m curious whether Google will apply some measures to protect against mass downloading of profile data, or that this is a non-issue for them too.”

According to Google, users can choose to make Gmail addresses, and other certain pieces of information, public, or private. Users can also set their profile settings to prevents search engines from indexing their profiles.

One key takeaway here: As a user, remember how easy it was for this guy to compile permanent records the next time you’re deciding whether to post something to Google, Twitter, Facebook or some other Web 2.0 service.

Popularity: 1% [?]

LinkedIn’s professional networking website may have security flaws that make users’ accounts vulnerable to attack by hackers who could break in without entering their passwords.

According to Reuters, a security researcher named Rishi Narang discovered the security flaw, revealing that the problem is related to the way LinkedIn manages a commonly used type of data file known as a cookie.

When a user enters the proper username and password to access an account, LinkedIn’s system creates a cookie “LEO_AUTH_TOKEN” on the user’s computer that serves as a key to gain access to the account. Many websites use such cookies, but what makes the LinkedIn cookie unusual is that it doesn’t expire for a full year from the date it is created. This means that anybody who gets hold of that file can load it on to a PC and easily gain access to the original user’s account for as much as a year.

The vulnerability is described in a posting on Narang’s blog at www.wtfuzz.com.

LinkedIn said that it already takes steps to secure the accounts of its customers. “Whether you are on LinkedIn or any other site, it’s always a good idea to choose trusted and encrypted WiFi networks or VPNs (virtual private networks) whenever possible,” said the company in a statement.

LinkedIn added that it is preparing to offer “opt-in” SSL support for other parts of the site, an option that would cover encryption of those cookies, in the next few months.

Popularity: 2% [?]

CRN reports that an Apple AppStore phishing scam has emerged, a sign that hackers are developing attack techniques that carefully target their victims.

Researchers at F-Secure discovered the scam, which appeared as a fake order confirmation from Apple immediately after a user makes a purchase at the AppStore.

The email response sent to users appears legitimate: “To view the most up-to-date status and make changes to your Apple Online Store order, visit online your Order Status.”

“The ‘coincidental’ timing is enough to warrant at least an attention from the intended recipient,’” said F-Secure researchers in a blog post. “Combined with tricks such as spoofed address and vague links, the recipient might even fall for the trap.”

It may seem real but don’t be fooled. If you click on the link, you’ll be sent to an unrelated drug store spam site, not affiliated with Apple or the AppStore. Fortunately, for now, the attack leads to a spam site, as opposed to a more malicious fake AppStore login page that attempts to trick the user into submitting credentials or credit card information. However, it’s alarming that attackers can target users so specifically while also going after the largely untapped Apple market to distribute malware.

“The next time you see another post on a phishing attack and think ‘there’s no way I’m going to fall for that,’ you might want to reconsider,” said F-Secure researchers in a blog post. “As general users become adept at detecting a phishing attempt, the authors are changing their tactics and are taking the time to learn about the target beforehand.”

Popularity: 1% [?]

A government audit of seven hospitals exposed a patient’s worst nightmare: 151 security weaknesses that expose patients’ online medical records. Two reports released by the inspector general of the Health and Human Services Department reveal that efforts to connect hospitals and doctors so that they can electronically share patient medical information has caused a number of security breaches that expose patient data to hackers.

Exposed information includes identifiers, such as names, birth dates and Social Security numbers, that can be used to steal identities or falsely bill insurance companies. According to the report, security gaps need to be addressed quickly to “ensure a secure environment for health data.”

According to the audit, the government agency encouraging the nation to move towards electronic records has safety procedures in place. However, the agency has not issued general security requirements for the computer systems at the hospitals and at doctors’ offices, where information is often stored.

Auditors found that 4 out of the 5 types of security weaknesses discovered could be classified as “high impact,” meaning that they could result in losses of valuable information that could even lead to severe injury or death. The hospitals where the breaches were found are located in California, Georgia, Illinois, Massachusetts, Missouri, New York, and Texas, but have not been identified due to the possibility of hackers using the information.

Popularity: 4% [?]

The Sony PlayStation Network is finally back online but the company was again targeted by hackers. This time, personal data from an unknown number of Sony customers on its Greek website, SonyMusic.gr, has been stolen—and exposed online.

According to ConsumerReports.org, a hacker, with the alias of “b4p_vipera,” posted customer data stolen from an attack on the Sony site online. The data—which included e-mail addresses, phone numbers and passwords—was apparently obtained by using a so-called “SQL injection attack.”

This latest attack on Sony may not be as expansive as the previous PSN break-in, where nearly 100 million global subscribers’ account information was stolen. While more sensitive customer data—such as credit card info—wasn’t exposed, identity thieves can still use the other information for phishing expeditions.

Popularity: 4% [?]

Problems with mortgages and identity theft are at the top of a consumer complaints list from the Illinois Attorney General.

The state of Illinois received 7,035 complaints dealing with consumer debt in 2010, which is down from the 7,843 complaints in 2009. The consumer debt category includes mortgage foreclosure, collection agencies and credit card companies.

Complaints involving identity theft ranked second on the list of complaints, including reports of fraudulent charges to existing accounts and thieves opening new credit card accounts in the names of others.

However, overall, the numbers are declining because people are increasingly aware of the problem.

Popularity: 1% [?]

We’re hearing more stories about child identity theft every day. Simply stated, it must be stopped. It can have long and far-reaching consequences on kids when they grow up. Awareness is key. Tell your family, tell your friends, tell your kids–tell anyone who will listen–to be careful. All it takes is a few simple precautions.

Children and teenagers are prime targets for identity thieves for a number of reasons. They typically have clean credit reports, making it easy for scammers to take out loans in their names. They are also more likely than any other age group to post personally identifying information on social networking sites, such as MySpace and Facebook, which are often targeted by fraudsters looking for personal information. And because most children don’t use their Social Security numbers until they’re old enough to apply for a job or loan, identity theft could go undetected for years.

Fortunately, by arming your children with knowledge and common sense, you can help protect their children’s identity. The following tips will drastically reduce your child’s risk of identity theft:

1, Don’t reveal your child’s Social Security number unless you have to. Just because your child’s school or Little League team asks for a Social Security number doesn’t mean you have to give it to them. Ask if you can use another method of identification.
2. Check your child’s credit report every year. The three major credit-reporting agencies—Experian, Equifax and TransUnion—now give you one free copy per year. A child typically doesn’t have a report on file, so any activity could indicate that he or she is a victim of identity theft. Equifax (800) 525-6285; Experian (888) 397-3742; or TransUnion (800) 680-7289.
3. Teach your child not to give out his or her personal information, especially on Facebook or other social networking sites. Sharing too much information on a public site can be dangerous, as identity thieves can misuse any type of personal information.
4. Be suspicious of any marketing letters, collection notices, or pre-approved credit offers addressed to your child in the mail. These could be red flags that your child’s identity is being misused.
5. In the event your child’s identity was stolen, ask the credit bureaus to add a victim statement to the child’s credit report. To prevent further damage, consider enrolling your child in an identity protection service, which will place fraud alerts on his or her credit reports and do several other things to fight identity theft.

Popularity: unranked [?]

It’s frightening to think of all the ways we’re exposed to identity theft. From computers to mailboxes to company data breaches, we’re all at risk. Fortunately, there are ways to protect against and resolve id theft.

What makes you feel the most protected from identity theft? We’d love to know. Share your thoughts on our Facebook poll at:
http://www.facebook.com/home.php?sk=question&id=10150247252340932

While you’re there, we hope you’ll become a Facebook fan. Simply click the “Like” button and you’ll be our newest fan, with access to the latest tips, news, stories, and more.

Popularity: 1% [?]