http://pleasantonweekly.com/print/story/print/2012/03/02/identity-theft


Pleasanton Weekly

Cover Story - March 2, 2012

Identity theft

Thieves are using new technologies to steal from consumers

by Glenn Wohltmann

Any given week, Pleasanton police respond to between five and 15 reports of identity theft. On Feb. 27, for example, two people were arrested at Motel 6 with items linked to identity theft -- document-making equipment, credit cards not in their names, fictitious drivers licenses, fictitious registration tags, computer equipment and computer disks (see police bulletin, page 14).

During the week of Feb. 14-21 alone, there were five reports of theft or attempted theft of information or fraudulent charges on an account.

Pleasanton public safety Officer Archie Chu said identity theft -- using someone else's name and account information to buy items for themselves -- has been on the rise in the last few years.

"There are more people who shop online, that's part of it. People go onto a website that isn't really well known and they don't know what kind of security that's on the site. That's one way they can get your identification," Chu said.

One reason for the spike, according to Pleasanton Detective Michael Rossillon, is that the California Penal Code was expanded by Gov. Schwarzenegger to include a wider range of crimes.

"We're quite inundated with the 530.5 section, which covers all identity theft," Rossillon said. "It's pretty lucrative and it's hard to catch these criminals."

He said another reason the crime is so popular is the low penalty involved: California's code allows for a sentence of up to a year in a county jail and fines.

But a large part of the ongoing increase is that thieves are becoming more and more devious in obtaining information and making charges. Javelin Strategy and Research, a Pleasanton-based company that provides information for banks and others, just released a report that outlines some of the new ways thieves are getting stolen information.

Phil Blank, Javelin's managing director of security risk and fraud, who also serves on the Pleasanton Planning Commission, said new technology is giving fraudsters more ways of getting and using personal information.

"What we're seeing is a redirection of identity theft and identity fraud," Blank said. "Fraudsters go where the money is, and with the proliferation of mobile devices we're seeing increased risk of fraud."

He said people with smart phones are more likely to be victims, because users are lax about security on their phones.

"In fact, smart phone users experience a fraud rate of 6.6% compared to 4.9% for all consumers; 4.9% of all consumers were victims of identity theft -- that's one in 20. The fraudsters are seeing smart phone users as a new, fertile landscape," Blank said.

"Many smart phone owners don't have password protection on their screen. Many smart phone owners don't have what we call 'remote wipe' software installed on their phone. What this does -- if I were to lose my phone, I could log on online and erase everything on my phone, even though I don't have it in my possession."

In addition, he said, many people keep personal information that makes it easy for thieves.

"It depends on the phone," Blank said. "Some people do banking on their phone. Some phones cache information."

That means some phones keep data in their memory to make it easier to access information in the future.

"Lots of times, in that cached information is secure information," Blank said. Even innocuous information like the name and phone number or email address of a person's mother can help out a potential thief.

Javelin's report shows smart phone owners have higher incidents of fraud and more money is stolen than average. It notes that "smart phone owners who suffered from fraud had a mean fraud amount of $1,547 and a mean consumer cost of $329, compared to $1,513 and $354 respectively of all fraud victims."

Beyond that, the report says smart phone owners who are fraud victims are 25% less likely to know how their information was stolen. The report indicates that may be due to owners' "affinity for technology."

Smart phone users who click on new applications may open themselves up to thieves. Those who install apps on their phones have a fraud rate of 6.8%, and people who frequently install new apps are 14.9% more likely to be fraud victims, the report said.

Blank described a scam in China, where smart phone users installed what was supposed to be a security application. Instead, he said, it installed a program that would wake up at 2 a.m. when most people are asleep and dial premium SMS numbers -- similar to a 900 number -- multiple times.

"It would hang up your phone and then it would erase the log of those phone numbers," he said. "You didn't realize it until you got your bill."

People who use Facebook or LinkedIn are also at higher risk. Blank explained that a clever fraudster can use those sites to learn date of birth, where someone went to high school, and through checking out a person's friends, can learn the name of an uncle -- leading to the maiden name of his or her mother. That's all information a bank would want if a thief wants to transfer money.

Blank said an "astonishing" number of people accept Facebook invites from people they don't know, opening themselves up to fraud.

Hackers have been downloading bulk files from sites that, over the last year, included CitiBank and Lucky, to name just two. People whose information is stolen usually get what Blank called a breach letter. Those letters generally tell a consumer that they have nothing to worry about.

Not so, Blank said.

As of 2011, he said, "you are nine-and-a-half times more likely to be a fraud victim than anyone who has never received a letter."

That's up from six times more likely in 2010; four times more likely in 2009; and three times more likely in 2008.

"These are very, very, very important items in the industry," Blank said. "Consumers believe these letters. They think everything is going to be fine."

Account takeovers -- in which a thief will get personal information and change a password blocking the owner from accessing her or his account -- have seen a 12.6% increase since 2010.

Although most fraudsters prefer to go online or use a phone, some still brave surveillance videos and store security to make their illegal purchases in person. Pleasanton saw at least three such arrests in 2011. In one, Jennifer Rose Marie Shewmake, 23, tried to use a forged credit card at Fred Meyer Jewelers in the Stoneridge Shopping Center around 2:13 p.m. July 20. She was charged with two counts of forgery, theft and identity theft.

A woman was caught in the Walmart parking lot on May 23 with 67 forged Visa debit cards, along with paraphernalia needed to create more, and a false driver's license. Leona Charmaine Savoy, 36, was booked on charges of forgery in connection with the false driver's license, identity theft, counterfeiting of debit cards and modifying the magnetic strips on the cards.

The biggest local case took place last March 9 when an employee at the Apple store at Stoneridge Shopping Center got suspicious and called police on three men. Three Mexican nationals -- Oscar Romero, 34, Jose Avalos Romero, 35, and Victor Carillo Vasquez, 36 -- were charged with forgery, possession of stolen property and burglary. Police said the men were buying products with forged credit cards, then shipping them to Mexico to be resold.

That investigation led Pleasanton police to a hotel room in Alameda, where detectives turned up about 75 counterfeit credit cards and a "vast amount" of merchandise purchased in Pleasanton, Hayward, Emeryville, San Francisco, Daly City and Sacramento.

There is some good news. Although the number of identity thefts is up by about 11%, according to the report, the amount stolen has trended steadily downward to $1,513 in 2011, from just over $3,000 in 2014. Police are catching fraudsters more quickly, too, resolving cases in about 12 hours in 2011 as opposed to 18 hours in 2004.

See the suggestions on how to protect yourself on identity theft so you don't because another statistic with the Pleasanton Police Department.

Protect yourself from identity fraud

With identity theft cases on the rise in Pleasanton, police and fraud expert Phil Blank say there are some simple things to do to cut the odds of being a victim.

Crime Prevention Officer Archie Chu said to be sure of anyone who emails or calls.

"Never give out personal information unless you initiate the contact or you know the person or company with whom you are dealing. That includes everything, like credit card numbers and Social Security card numbers," he said, adding, "It's very important to shred all of your documents before you throw them away. Basically, I would shred anything that has any personal information on it."

Chu said large amounts of data stolen by hackers could wind up overseas and in other countries.

"It could be months before that information is used," he said, urging people to check their credit regularly and to "be vigilant."

So many elderly people have become targets, the Pleasanton Police Department did a public safety announcement on a local radio station, according to Detective Michael Rossillon. He said one common scam is to call an older person saying a relative is in trouble and needs money, and asking for a wire transfer.

"We unfortunately are seeing a rise in that," Rossillon said.

He also suggested that people cut back on the number of credit cards and bank accounts they have, so they have fewer statements to monitor.

Blank suggested some ways to protect electronic information, including making sure there's a password needed to unlock a cell phone.

"Probably the easiest thing is to set account 'alerts,'" he said. Blank was a target of a credit fraud himself, and said an account alert blocked a charge attempted when he personally wasn't there, although thieves tried twice more to use the information they stole.

"When people get credit card numbers, they are traded quickly," he said, explaining that those numbers are often sold on the Internet. "You can set alerts on your account so that whenever there's a 'card not present' (meaning someone is trying to charge something over the phone or online) on your account, it tells you."

Rossillon suggested that people put a security freeze on their credit report, which would require a pin number from anyone trying to access that information.

Blank said to "turn off the paper," by using electronic statements whenever possible.

"A lot of this is free for consumers. They don't need to be security geeks, they just need to be educated," he said. "Learn the basics. What we don't want to have happen is for people to go online and not do it safely."

Other tips are:

* Use an up-to-date operating system and have all of the updates and patches applied.

* Use the latest version of your preferred browser and make sure that your browser plug-ins are also up-to-date.

* Do not jail break your iPhone -- illegal but commonly done to get around the restrictions that Apple puts in place.

* Use an anti-virus protection package on your Android phone.

The Pleasanton Police Department has a complete list of tips, and Chu has offered to help people who have security questions and concerns. Call 931-5100.

Comments

Posted by Pro-Law, a resident of Another Pleasanton neighborhood
on Mar 2, 2012 at 1:45 am

"Do not jail break your iPhone -- illegal but commonly done to get around the restrictions that Apple puts in place."

Reallllly? Did the police department come up with that or did the Weekly? What penal code section is being violated there? Who has gone to jail for that one?

I think the proper term would be "voids the warranty".


Posted by steve, a resident of Parkside
on Mar 2, 2012 at 7:59 am

I think the editor had our annoying PW troll (slippers, faye, unions and teachers are very bad, etc.) in mind while crafting this article.


Posted by Cholo, a resident of Livermore
on Mar 3, 2012 at 8:26 am

steal my identity and you're gonna be in serious trouble and get you butt kicked...