The Better Business Bureau of Alaska, Oregon and Western Washington are warning residents of a “phishing” scam is using the non-profit organization’s name in emails and blogs to con consumers and businesses into revealing their personal information.

The e-mails, titled “Attention Better Business Bureaus Consumers!” asks “registered and new BBB consumers” to click a link to register new software and update contact information.

The BBB advises anyone receiving a suspicious e-mail to not open the message or not click on any links, because doing so could enable a download of a virus or spyware.

Instead, forward the message to phishing@council.bbb.org so it is reported to U.S. Secret Service’s Electronic Crimes Task Force. Updates on the phishing attack are on the BBB Web site at the Security and Alerts Web page at http://www.bbb.org/securityalerts.

Last year, the President’s Identity Theft Task Force outlined a strategic plan to fight identity theft. Now Attorney General Michael B. Mukasey and Federal Trade Commission Chairman William E. Kovacic released a report outlining the task force’s progress.

The Conservative Voice reports that the highlights of the report include expansion of the Task Force’s data security and identity theft business and consumer education campaigns; exploring means of improving consumer authentication processes to prevent the use of stolen information to commit identity theft; launching new initiatives to help identity theft victims recover; and improving law enforcement tools to investigate and prosecute identity thieves.

Should federal prosecutors pursuing illegal immigrants using other people’s Social Security numbers be allowed to charge them with identity theft?

According to the New York Times, the federal appeals courts are divided on the issue. Some experts argue that workers who use false Social Security and alien registration numbers must know that they belong to a real person. Therefore, they should be subject to a two-year sentence extension for “aggravated identity theft.” Others argue that many illegal immigrants use counterfeit Social Security cards to get jobs but are unaware that they belong to real people.

A 2004 law makes it a crime to use knowingly, “without lawful authority, a means of identification of another person” in connection with a variety of other offenses. The United States Court of Appeals for the Eighth Circuit, in St. Louis, said that government needs to prove only a knowing use of false information and not that the defendant knew the fake number belonged to a real person. Two federal appeals courts — in Richmond, Va., and Atlanta — have agreed with the Eighth Circuit’s interpretation. Three — in Boston, San Francisco and Washington — have disagreed. They said prosecutors must prove the defendant knew the fake number belonged to someone else.

However, knowledge requirements often give rise to difficult issues in interpreting criminal statutes. Expect to see tighter legislation in the near future.

Could submitting an online job application put you at risk of identity theft? If you’re not careful, the answer is yes.

According to BBC News, iProfile, a business intelligence company, in partnership with the Information Assurance Advisory Council (IAAC), conducted an experiment during the recent national identity fraud prevention in October. The company set up a website for a bogus company called Denis Atlas, and lured 107 people into submitting their resumes, which were full of personal information that could have led to identity theft. The most common ones were full address and date of birth. One application included both a passport and national insurance number.

Of the resumes, 61 contained enough information to apply for a credit card. iProfiles said that a quick search of the website would have shown that it was in fact a fake operation.

The Nov. 1 deadline for new federal identity theft regulations requiring financial institutions and other creditors that provide financing is fast approaching, reports eWeek. Known as FACTA (Fair and Accurate Credit Transactions Act), the rules require covered organizations to re-examine their ID theft prevention policies and implement new procedures and business practices.

More specifically, FACTA requires a written ID theft prevention policy that includes polices that identify “patterns, practices or specific activities that could indicate identity theft,” according to the FTC (Federal Trade Commission). Violators of the new rules can be subject to civil penalties of up to $2,500 per violation.

The new regulations – also known as Red Flag rules — have long been thought to only apply to financial institutions such as banks, savings and loans, mortgage lenders and credit unions, but as the compliance deadline nears, SMBs (small and midsize businesses) are concerned the rules may also cover them. While clearly targeting financial institutions, the rules also cover “any person or business” that arranges for customer credit.

The agency defines a creditor as “any entity that regularly extends, renews, or continues credit; any entity that regularly arranges for the extension, renewal, or continuation of credit; or any assignee of an original creditor who is involved in the decision to extend, renew, or continue credit.”

A business alert issued by the FTC adds, “Accepting credit cards as a form of payment does not in and of itself make an entity a creditor.”
The FTC added the Red Flag rules to FACTA in January. Businesses are required to define policies for recognizing red flags in identity verification. Typical red flags include discrepancies in address histories, fraud alerts on consumer reports, questionable use of Social Security numbers, credit freeze notifications and unusual patterns of customer activities.

Once those definitions are in place, companies are then required to define appropriate courses of action when a red flag drops.