Archive for the 'Identity Theft' Category

Subjects with Multiple SSN’s

Published
by
Richard McEachin
on July 9, 2008
in Identity Fraud, Identity Theft and Private Investigator
. Comments

In Canada, it is rare to find somebody with two Social Insurance Numbers (SIN).  Where this happens it may be a case of clerical error or a reference to a former SIN appropriated by an identity thief. The former reason is extremely rare. In thirty years I have only encountered this once. The Canadian SIN is used as an identifier less than the SSN is in the USA.

However, in the USA the case is somewhat different. According to Susan Daniels, of Daniels and Associates Investigations, Inc. in Chardon Ohio, when searching through database aggregators such as IRB, it is common to find a subject referenced with two or three Social Security Numbers (SSN). Here are some of the reasons a person may show-up with multiple SSN’s:

  • a wife’s or child’s SSN could end up with father’s name
  • a parent’s SSN could show up with a child
  • the subject bought something with someone else and the SSNs could end up with each other’s name
  • the database producer is relating several SSN’s to one address
  • an error by whoever entered the data

Susan Daniels of Daniels and Associates Investigations, Inc. (9754 Thwing Road Chardon, OH 44024, Tel.:440.286.4072) has been a Private Investigator for 15 years.

Identity-theft Protection for Canadians

Published
by
Richard McEachin
on July 1, 2008
in Canada, Identity Fraud and Identity Theft
. Comments

You don’t have to spend $100 to $200 a year to defend yourself from identity theft at the level of protection that a paid service offers. You can do almost everything the services do, for free.

DIY Identity-theft Protection: A 12-step Program

Tombstoning Still Works

Published
by
Richard McEachin
on June 18, 2008
in Identity Fraud and Identity Theft
. Comments

B. C. man uses stolen identity to amass $1M

Went By ‘Zino’; Police uncover his crimes when ‘man purse’ stolen
Rob Shaw, Canwest News Service Published: Thursday, June 12, 2008

VICTORIA - For the past 17 years, “Zino” has lived a seemingly ordinary life in Saskatchewan and B. C. By the age of 40, he had bought houses, opened bank accounts and collected credit cards. His real estate holdings across B. C., and more than 14 credit and bank cards, gave him assets and credit in excess of $1-million.

The only problem — “Zino” does not exist…

Mr. Nardi’s real name contained a long history of contacts with police. And so the identity of “Zino” gave him a clean slate from which to travel and accumulate assets unnoticed

Business Identity Theft

Published
by
Richard McEachin
on March 11, 2008
in Company Research, Competitive Intelligence, Dirty Tricks, Fraud, Identity Fraud, Identity Theft, Methods and Private Investigator
. Comments

Infamous hacker Kevin Poulson paid the defaulted Yellow Page accounts of escort services to get their defunct telephone numbers reactivated. He collected the profits and when the police became interested, only the original advertiser was on record with the telephone company. I once saw this done in a home renovation scam.

In Cynthia Hetherington’s excellent book, Business Background Investigations: Tools and Techniques for Solution Driven Due Diligence, she tells of a group of crooks who moved into an office recently vacated by an insurance company. They took-up the old phone number and began selling insurance.

When new policy holders complained about bad service to the insurance company’s head office, the scam was revealed, but the crooks had moved on.

It’s not just people who have their identity stolen.

Faked-Death & Impersonation-of-the-Dead Fraud

Published
by
Richard McEachin
on February 6, 2008
in Canada, Forgery, Fraud, Identity Fraud, Identity Theft, Private Investigator, Sources, U.S.A. and United Kingdom
. Comment

We have all heard of the faked-death scams to defraud insurance companies, escape prosecution, or to start over. The latter always happens in the aftermath of mass-casualty events like train wrecks, fires, and terrorist attacks. But what about the reverse — pretending to be somebody who has died?

This is not uncommon simply because it is so difficult to uncover the truth of someone’s identity and it has been so throughout my thirty years of Canadian experience.

In Canada, registering deaths is a provincial responsibility. The national vital statistics death registration system run by Statistics Canada does not include the deceased’s name or date of birth. There are no public search facilities for determining if the identity that you are presented with is that of a dead person.

In the U.S.A., the Social Security Administration Death Master file includes 98% of deaths of persons who participated in the Social Security program. This is may be searched at several internet sites.

In the UK, Smee & Ford Limited created a database called Mortascreen, which was used to screen direct mail lists for deceased people. This data was augmented and is now used as the foundation for Halo, a database that covers 85% of the deaths occurring annually in the UK. It is updated monthly and includes historical data to make it useful for verifying a person’s identity.

According to the UK’s Fraud Prevention Service, CIFAS, since 2001, impersonation of the dead is Britain’s fastest growing identity theft crime. The latest research suggests the problem has been under-stated by 3.5 times and revised statistics now indicate that 70,000 families experienced the pain of discovering their loved one had been impersonated after their death, to open accounts such as credit cards and loans.

According to the Home Office figures on crime in England and Wales in Jan 2003, “Between April 2000 and March 2001, the passport agency detected 1,484 fraudulent applications of which 301 used the identities of the deceased.”

I suspect that Canada may have a problem with this type of identity theft, but there is no way of knowing the extent of the the problem.

Private Investigators Indicted for Pretext

Published
by
Richard McEachin
on December 21, 2007
in Dirty Tricks, Ethics, Fraud, Identity Fraud, Identity Theft, Privacy and Private Investigator
. Comments

We wrote about this here in Ten Private Investigators Indicted on 7 Dec 07.

Wired Magazine has posted the Indictment of the accused who allegedly employed false pretenses to gain personal information. A related Wired article compares this type of pretexting to the HP mess.

The accused are from Washington, California, Oregon, Texas and New York:

Emilio Torrella, BNT Investigations, Washington State
Brandy Torella, BNT Investigations, Washington State
Steve Berwick, BNT Investigations, Washington State
Victoria Tade, C.I., Inc., California
Megan Ososke, P.I. and Information Services, Oregon
Robert Grieve, Robert Greive International, Texas
Ziad Sakhleh, Robert Greive International, Texas
Darci Templeton, sole proprietor, Texas
Patrick Bombino, AAA Allstate Investigations, New York
Esau Pinto, AAA Allstate Investigations, New York

The Indictment alleges that BNT supplied the improperly obtained personal information to the PI’s for a fee. BNT was not identified as a private investigation firm in the Indictment, but was identified as a company that sold its pretexting services to PI firms. Some of the PI firms even advertised for sale to other PI’s what they were obtaining from BNT.

Accusations #17 and #21 allege that BNT obtained medical information by pretext, much in the same way as was revealed by he Royal Commission of Inquiry into the Confidentiality of Health Records in Ontario, Canada, by Mr. Justice Horace Krever.

Reckless Vulnerability?

Published
by
Richard McEachin
on December 14, 2007
in Canada, Espionage, Identity Theft, Legislation, Privacy and Security
. Comments

Rapid7 announced that an attacker with a directional antenna and a laptop can eavesdrop on wireless keyboards manufactured by Microsoft, Logitech, and other vendors, capturing every keystroke from a distance of over 30 feet away. This leaves corporate networks open to illicit intrusion and data theft that will probably look like a data breach originating from within the company.

For a look at the hacker will get, go to this interesting presentation.

Would this be Reckless Personal Information Handling if this vulnerability was exploited at your company?

Reckless Personal Information Handling

Published
by
Richard McEachin
on November 29, 2007
in Canada, Fraud, Identity Fraud, Identity Theft, Legislation, Privacy and Security
. Comments

If Bill C-27 (2nd Session, 39th Parliament with first reading on 21 Nov 07) will make it an offence to recklessly make available or sell personal information knowing it will be used to commit fraud.

The wording that concerns me:

Everyone commits an offence who transmits, makes available, distributes, sells or offers for sale another person’s identity information, or has it in their possession for any of those purposes, knowing or believing that or being reckless as to whether the information will be used to commit an indictable offence that includes fraud, deceit or falsehood as an element of the offence

How will the term “reckless” be defined and measured? The people writing this law need to take into consideration what has happened with the requirement to safely store firearms.

In the case of the law requiring the safe storage of firearms, a group of street gang members rappeled down the side of an apartment building and broke into an apartment, and for four days, they continuously used industrial power tools to open a huge money safe and steal some handguns. Without a clear definition in law of what constitutes “safe storage”, the gun owner was charged with unsafe storage of the firearms. This type of malicious misuse will surely follow if Bill-C27 is passed without a clear definition of what constitutes being reckless.

Spammers pose as private eyes to spread malware

Published
by
Richard McEachin
on November 25, 2007
in Dirty Tricks, Fraud, Identity Fraud, Identity Theft, Privacy, Private Investigator and Security
. Comments

Commtouch, an Israeli security firm that specializes in protecting e-mail integrity, says that it has detected a new malware outbreak that is spread through e-mails claiming to be from private investigators. According to Commtouch, the e-mails tell recipients that a private investigator has been recording the recipients’ phone calls and that an audio file of one of the calls is attached to the message. When unwitting recipients download the “call” to their hard drives, their computers become infected with malware…

Some common subject headings for the malware e-mails include “I’m monitoring you,” “You’re being watched” and “The tape of your conversation.” Commtouch says that the malware is sent in the form of a password-protected, compressed file that appears to be an MP3 sound file.

Profile of Identity Theives

Published
by
Richard McEachin
on November 2, 2007
in Fraud, Identity Fraud and Identity Theft
. Comments

A recent study by the Center for Identity Management and Information Protection suggests that less than one fifth of criminals get their data from the internet. In most cases it they get their data by re-routing mail, dumpster diving and intercepting mail.

The study is available at the Center for Identity management and Information Protection (CIMIP) but unfortunately they what identifying personal information before you access the study.

A summary of the study may be found on Yahoo! and at CIMIP.

Title Fraud in Ontario

Published
by
Richard McEachin
on October 25, 2007
in Fraud, Identity Fraud and Identity Theft
. Comments

If you want to learn the current state of Title Fraud, Title Insurance, and our land registry system, then you should read Title fraud and title insurance in Ontario: impact of recent changes by Bruce McKenna at Lang Michener LLP.

World’s Most Secure Hard Drive

Published
by
Richard McEachin
on March 12, 2007
in Encryption, Identity Theft, Privacy, Security and The Investigator's Computer
. Comments

Two years after Seagate announced the world’s most secure hard drive, the 2.5 inch Momentus 5400 FDE.2 (full disk encryption) hard drive will go on sale at the end of March in a laptop from ASI Computer Technologies. The on-the-fly encryption is integrated into the drive.

Four Months Jail for Spyware

Published
by
Richard McEachin
on March 7, 2007
in Courts, Espionage, Identity Theft, Industrial Espionage, Privacy, Private Investigator, Security and Surveillance
. Comments

In the R v Waters [2007], the UK Court of Appeal upheld the sentence of four months imprisonment for a man who had conspired to install spyware software on his wife’s computer. The Court of Appeal ruling stated:

Computers are an established part of modern life. An increasing amount of personal and private information is kept on computers, not only by the State and large organisations but also by individuals. The privacy of that information must be protected and it is vulnerable to the kind of unauthorised interference and intrusion that occurred in this case. The judge correctly identified deterrence as an element of sentencing in this case. In our judgment, a sentence of imprisonment for offences such as this was not wrong in principle.

I Was a Cybercrook for the FBI

Published
by
Richard McEachin
on February 25, 2007
in Fraud, Identity Fraud, Identity Theft, Privacy and The Investigator's Computer
. Comments

For 18 tense months, a computer-savvy grifter named David Thomas runs a thriving online crime hub for bank heists, identity theft and counterfeiting, with the FBI paying the bills. Part one of a three-part series by Kim Zetter.

This is an excellent look into how Internet savy crooks go about their business.

LINK