Tag Archives: identity theft

Identity Theft from 1965 Uncovered through Face Recognition

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2023/08/identity-theft-from-1965-uncovered-through-face-recognition.html

Interesting story:

Napoleon Gonzalez, of Etna, assumed the identity of his brother in 1965, a quarter century after his sibling’s death as an infant, and used the stolen identity to obtain Social Security benefits under both identities, multiple passports and state identification cards, law enforcement officials said.

[…]

A new investigation was launched in 2020 after facial identification software indicated Gonzalez’s face was on two state identification cards.

The facial recognition technology is used by the Maine Bureau of Motor Vehicles to ensure no one obtains multiple credentials or credentials under someone else’s name, said Emily Cook, spokesperson for the secretary of state’s office.

Experian Privacy Vulnerability

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2023/01/experian-privacy-vulnerability.html

Brian Krebs is reporting on a vulnerability in Experian’s website:

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report. All that was needed was the person’s name, address, birthday and Social Security number.

Anatomy of a Scam – Secret Shoppers

Post Syndicated from David original http://devilsadvocatesecurity.blogspot.com/2011/03/anatomy-of-scam-secret-shoppers.html

Here’s a recent example of a secret shopper scam. Like many scams, this one attempts to lure people who think that accidentally receiving a secret shopper invitation is a way to free money. In the end, it is merely an attempt at identity theft – though it may also involve a fee scam as well!

If the recipient bothers to check who it is from, it purports to come from Dow Chemical, with an email address that is [email protected], with a cc to [email protected]. The hsbrv.net domain points back to a Betty Prevo, with an email address listing [email protected]. That sounds suspiciously like our david212 address as well. The whois results are below:

Administrative Contact:
Prevo, Betty [email protected]
1368 X W. Estes Ave
Chicago, Illinois 60626
United States

For those who are interested, that address points to an apartment building in Chicago. Interestingly, Betty Prevo apparently exists and does live in that area in Chicago, but she’d probably be interested to find out that she’s running various domains.

Blumail? Well, it’s a free email service that, “provides global e-mail accounts, educational content, employment needs, entrepreneurship, networking, story / experience sharing, mentoring and volunteering opportunities to youth and others who are coming online in developing countries.” In this case? It’s a great place for a scammer to get free email hosting. It’s also a well known 419 scam domain. Blumail is a legitimate service, unlike the hsbrv.net domain we first looked at.

Now, the actual scam letter:

Hello there,

My Name is David Anderson and I am your group regional Instructor from within the USA.Henceforth you will be working with me on the completion of your Mystery Shopper’s Position application. Like you already know, your weekly per assignment is $300:00 Flat for working with us and will come in payments of $300 each per assignment you complete for the company.

Note that the name actually somewhat matches the email address – that’s often a missed detail for our scammers.

PAYMENT TERMS:
Your payment would be sent ($300) per assignment , Also the company is in charge of providing you with all expense money for the shopping and other expenses incurred during the course of your assignment.All the tools you will needing would be provided to you with details every week you have an assignment.

JOB Description :
1} When an assignment is given to you,You would be provided with details to execute the assignment and in a timely fashion.
2} You would be asked to visit a company or store in your area and they are mostly our competitors as a secret shopper and shop with them to know more about their sales and stock , cost sales and more details as provided by the company then report back to us with details of whatever transpired a the store. But anything you buy at the shop belongs to you,all we want is an effective/quick job and reports.

Free money, and what sounds like a somewhat reasonable reason why the company would want you to do this. The grammar is even better than most letters of this type.

ASSIGNMENT PACKET :
Before any assignment we would provide you with the resources needed {cash}Mostly our company would send you a check which you can cash and use for the assignment. Included to the check would be your assignment packet .Then we would be providing you details on here. But you follow every single information given to you as a secret shopper .

It starts to fall apart here with lines like “Then we would be providing you details on here”.

And now for the meat of the scam:

KINDLY RECONFIRM YOUR INFORMATION BELOW TO PROCEED ON FIRST ASSIGNMENT:
Full Legal Name :
Full Physical Address :
City :
State :
Zip code :
Age:
Nationality :
Home and Cell # :
Present Occupation:
Email:

Thank you for reading.
Yours sincerely.
Contact Person: David Anderson
Time: 24 Hours daily by e-mail

And that’s the anatomy of a secret shopper scam. A simple way to hook the gullible into providing details for identity theft.


A Different Angle on Identity Theft: When Identity Thieves Use Your Identity

Post Syndicated from David original http://devilsadvocatesecurity.blogspot.com/2010/09/different-angle-on-identity-theft-when.html

The story of Dr. Gemma Meadows, as reported by MSNBC is an intriguing one. Like many victims of identity theft, she was contacted by her bank and informed of fraudulent activity. What happened next though, is a bit off the normal path for identity theft victims.

Various packages with a wide range of values started to show up, and have continued to show up. Now, Dr. Meadows spends time tracking and returning packages, as well as fielding calls from various vendors from whom the items are ordered.

Why? According to the article, and what she has been able to determine, the identity thieves are using her information to test validation scripts on e-commerce websites. Her valid address, phone, and other details are being used to make transactions appear valid.

Interestingly, the scripts seem to work in some cases, flagging the transactions as possible fraudlent. The article mentions that some sites note that the item is to be shipped thousands of kilometers away from the order location, and that others call to verify that she is the one placing the order. Many others, however, don’t do as well, and the stream of packages continues.

The article is well worth a read. We’re used to seeing lives disrupted by identity theft and the credit and financial issues that can go with it. Receiving packages when criminals use your identity to support their crimes in a different way is an entirely different event, and appears to be one that law enforcement and our database driven society isn’t geared to handle.