Dumpster-Diving for Your Identity 344
The NYT magazine has a story titled Dumpster-Diving for Your Identity - the author interviews two convicted identity thieves talking about their methods and successes.
He has not acquired a fortune; the fortune has acquired him. -- Bion
Shredding doesn't offer much protection either... (Score:5, Interesting)
But seriously, we use a shredding company here at my office for our important papers. They're supposed to do all the shredding "on site" in their truck. Yesterday they were here to empty our shred bins, and they brought in a big trash bin to haul our stuff out to the truck. One of these bins was sitting in the hallway, and no one was around, so I took a peek inside. It was papers from an accounting firm down the street! I mean, we're supposed to be paying these guys to keep our info secure, but here they are waiting until their bin is full before they shred anything?! Needless to say, I had a long conversation with our facilities manager after this...
If you want something done right, better do it yourself! I'm now using a $30 shredder BEFORE I dump anything in our shred bins! Who knows where our important documents have been travelling to before they actually got shredded?!
This is why I burn all my important docs, credit card offers, old checks, etc... at home, who knows who is going through your trash? All they need is an account number, and a shredded document can be taped back together with enough motivation and time... (although with some people being easy marks, I guess the harder you can make it, the better!)
avoid recycling bins for financial mail (Score:5, Interesting)
My local police department recently published a blurb asking residents to dispose of identity theft-related materials (e.g., financial statements, anything with a SSN, etc.) in the ordinary garbage, instead of the "mixed paper" recycling bins as we've been asked by the rest of the city government.
It seems that identity thieves are very happy about the shared, clean, and portable "mixed paper" recycling containers found throughout my (rather affluent) city, and they tend to pick them up, quickly sort through the cereal and microwave dinner boxes for the good stuff, and have the container back before anyone notices.
Presumably today's dumpster divers have the luxury of avoiding coffee grounds, so you can go a long way towards protecting yourself by dumping the financial correspondence in with the smelly stuff.
TV ads... (Score:1, Interesting)
I'm not as worried... (Score:4, Interesting)
The solution is easy (Score:5, Interesting)
I knew someone who got screwed big time by a gas station who would keep the carbons, and double bill her every time she filled up, the cash going straight into the owners pocket. She was a dope for letting it go on so long, as she never bothered scrutinizing her Visa bills. Turned out the station was owned by a Russian mobster. This was long before the world wide weeb.
Just don't toss your sensitive data into the dumpster where any bum can get your CC number.
Anonymous FTP (Score:5, Interesting)
Somewhat popular among the consulting types, they upload client data to an FTP server, then fly off to the client's office, and download it from there...or maybe use it as a means to "share" data among themselves. Some forget to password-protect it, relying instead on security through obscurity.
How is this related to dumpster diving? Well, if you look hard enough, those servers are just like public-access trash bins fit for people to...um...recycle data.
If you're a consulting group, make sure you treat your client data with absolute confidentiality. If you're a business working with consultants, make sure they don't leak your info to the world.
Just do what my parents do... (Score:2, Interesting)
Re:a little while back (Score:3, Interesting)
The dumb bit? They were useless to deal with. Despite the fact a male had been paying his utility with her card (her name's Katie, it's not like that could be mistaken
The fourth call to them slipped up, and she got the name of the guy whose account it was paying. He was arrested soon after (and yes, her card was cancelled)
Despite her protestations, the utility co didn't immediately believe there could be an identity theft problem, but presumed it was a girlfriend/wife trying to meddle in her partner's affairs... despite the card belonging to her.
This happened in the early 1990s, I don't know of it would happen today, but it seemed to be institutionalized by the number of calls she made with the same result.
Re:The solution is easy (Score:5, Interesting)
How does that protect you from the information theft that occurs with others that you have to deal with? If you have to see the doctor, and had it billed to insurance, most likely you're Social Security Number was seen by many people. Anyone of them could copy the number name and start opening accounts. I guess you could avoid the doctor offices too.
Having gone through this a few years back, it not as simple as you state. They didn't have any personal Credit Card numbers, just the SS # and they opened new accounts with that. Luckily one of the companies actually took time and flag the application for inconsistencies... Credit Report showed working at a computer company, yet the application said I cut hair... not many people make that kind of job change. The lady actually track me down, and I was able to clean it up relatively easy. If I had to wait for the next review of my credit report (which is recommended every year) with could be upto 12 months before this is detected, would make it much harder to clean up.
When a few companies was questioning me, as if I was involved in the scheme: "How did you find out about this if you weren't involved", it was quite satisfying to respond: "Mrs. X at company Y actually inspected the credit application and contacted me to verify that I didn't sign-up. She was the first to notify me and you can reach her at: xxx-xxxx. Don't blame me for your companies lack of verification."
I don't know if he was kidding... (Score:2, Interesting)
Compost them, don't burn them! (Score:5, Interesting)
I doubt that many id theives would want to rummage through your compost bin, if they even thought to look there in the first place.
For added security, add a couple of large dogs to your backyard. They will help deter personal property thieves in addition to compost-diving identity thieves!
A friend used to do "self identity theft". (Score:1, Interesting)
Re:I don't know if he was kidding... (Score:4, Interesting)
Comment removed (Score:5, Interesting)
Recycling.... (Score:3, Interesting)
Properly rolled and bound newpaper "logs" burn for a long time, and give up some nice heat.
I use the cheap single cut shredder to shred everything with personal info, this is good enough for starting the fire.
I cut the address from my old trade periodicals before I drop them off at the waiting room at my Doctor's office. Better computer magazines than Women's Day.
Now before all of you green geeks flame me, the county stopped collecting paper, ever since the price dropped. They had a scandal when it was exposed that they were dumping sorted recycle paper in the landfill with regular garbage.
As far as I know they still properly recycle glass, plastic and metals.
What I wonder when I read these (Score:5, Interesting)
I keep wondering if for every guy like this they catch, there must be like 3 guys who are really careful and "normal people" (i.e. professionally minded, don't take drugs or hang around prostitutes, etc.) who do these type of crimes to build up some large amount of money, then move someplace and live off the interest. Those would be the guys that would be real hard to catch.
I wonder if those kind of criminals exist and in what numbers?
Solution: Max Your Credit (Score:-1, Interesting)
same goes for Kazaa (Score:2, Interesting)
In just a few hours he found documents related to national security and bussiness. Mostly because careless employers of crucial national institutions carelessly install Kazaa just to download junk, and don't even know (or understand) that they share C:\My Documents\ directory. This is outrageous.
The journalist said that not all national-importancy institutes suffer this sick employers behaviour, but some of them do. Which is proven by simple Kazaa search.
Re:Punishment != Harm Caused (Score:1, Interesting)
It should be up to the financial services companies to either design a system that is hard to game or to absorb all of the ill effects of identify theft. That the consumer is forced to prove that they did not perform the actions of the identity thief is an outrage.
Re:Important add-on (Score:1, Interesting)
Re:Get a locking mailbox too. (Score:5, Interesting)
Most neighbourhoods here have a bank of mailboxes, each with a lock (small door, but deep enough to hold a standard letter envelope). Walk (or drive, if lazy) down the street to your mailbox. I guess Canada Post likes that system because they can deliver our mail much easier this way - essentially in bulk. Each bank has a pair of larger parcel boxes, in case you get a deliver that doesn't fit in your letter-size box. The nice man leaves you a key for 'compartment A or B', you take your package out, and deposit the key in the mail slot so the mailman can retrieve it with tomorrow's mail.
My only annoyance is some neighbours, who don't like receiving junk mail, leave it on top of the cabinet, leaving the garbage for everyone else to see. Why they can't just take it home and stick it in their recycling box is beyond me.
Re:The solution is easy (Score:5, Interesting)
And those people don't necessarily work for your doctor or your insurance agency. I worked as a temp for a few weeks at a medical imaging billing company. Since a doctor that works in medical imaging processes a *ton* of patients, the billing becomes a large portion of their office's work. This is (I suspect) almost always outsourced.
My first day on the job, they handed me a stack of several hundred people's names, addresses, phone numbers, SOCIAL SECURITY NUMBERS AND MEDICAL RECORDS. This is pre-HIPAA. Dunno how it works now.
Let alone identity theft, one of the records they handed me that week was a well known elected politician's totally routine mammogram. Her results were clear. Imagine what that kind of leak could do to an election if it were not.
Obviously their entire business process needed to be completely redesigned if they wanted to provide some semblance of privacy. And you don't know if this company handles your bill or not. And such a redesign would raise their costs astronomically. It might even make them non-competitive with in-house billing. This doesn't mean it's ok, it just means it's not going to happen unless they're forced.
Obviously, I could go on and on.
Re:Solution: Max Your Credit (Score:5, Interesting)
Re:a little while back (Score:1, Interesting)
This was all too common in the late 1960s at least, when my mother supported myself and my 3 brothers as a single woman, through working 2 jobs. The amount of times banks, electricity, gas or other suppliers would ask for her husband's signature when doing anything related to finance was offensive.
"I'm sorry ma'am, we'll need your husband's signature before we can release a sum of cash this large"
"Don't be so stupid. my husband died 12 years ago, this is my account"
"That's fine then, your current partner's signature will do"
ick.
Re:Punishment != Harm Caused (Score:3, Interesting)
I'd be willing to bet that most Americans would choose to put away criminals like those in this article for much longer sentences than they would choose to put away marijuana pushers, if ever give na direct choice.
Regrettably, most of our politicians, DAs, and judges don't have the backbone to rethink our drug policies.
I'm getting off-topic, clearly, but the point is that if they had locked these guys up for 20 years, it wouldn't have seemed like too long to me.
Trust no one with a fax... (Score:5, Interesting)
If it is not bad intention, it is just stupidity. For a while, I had a fax number, which was the same as that of some medical lab (or insurance company) -- except for the area code.
Twice a week a fax would arrive from a doctor's office in my area -- thanks to an absent minded "office manager" or some such. Due to the nature of the business, all faxes contained not only the patients' names, SS#, but also diagnoses, health histories -- the works! I called them back every time -- boy, were the morons surprised... They never even bothered to check the fax ID string, which I had configured to my company's name.
Not to give any ideas, but how difficult is it for a scumbag to get a phone number similar to that of a claims department of an insurance company?.. Or a mortgage department of a bank? You can guess the other steps she/he will need to make. Mind you, completely passive and impossible to detect. No dumpster diving involved either -- totally white-collar job...
We can moan about the need to use encryption and authentication, but faxes don't have this feature at all. As long as this sort of information passes over telephone lines unencrypted, your info is not safe.
Re:TV ads... (Score:2, Interesting)
Re:Shredding doesn't offer much protection either. (Score:5, Interesting)
On the other hand, good commercial shredders litterall demolish the paper, turning it into sawdust like material that would be impossible (virtually) to reconstruct.
I have the second-cheapest cross-shredder I could buy from WallyWorld (Yeah, I know, evil, but show me a Mom&Pop that carries cross-shredders). For USD$25, I end up with 0.25" by 1.5" confetti. Good luck putting that back together.
And for a teensy bit extra security, when I empty the bin, I dump a cup of water on it for good measure. 15 minutes later I have paper mache - Even if you could still recognize a word here and there, how do you scoop it out of the wet blob to reassemble without obliterating it?. I suppose I could go a step further and burn it as well, but really, why bother? Anyone wanting my personal data that badly can get it a lot easier than searching my garbage for paper mush.
Attacking the actual problem (Score:4, Interesting)
The FTC website says that if you're the victim of identity theft, you can contact the credit bureaus to put a FRAUD WARNING on the top of your credit card report. This makes me wonder whether we should all just do this anyway.
I have read that in Europe, getting a credit card is difficult and not instantaneous, and that identity theft (at least, on the credit card side) is less of a problem.
Dead but not retired (Score:1, Interesting)
Re:Get a locking mailbox too. (Score:3, Interesting)
Shredder Chair (Score:3, Interesting)
1. Buy a personal cheapo shredder with a small wastebasket and shred stuff until the basket is full.
2. Buy a beanbag chair.
3. Remove the styrofoam packing peanuts from the beanbag chair, they'll be mashed flat and useless in a week anyway.
4. Place the shredded documents into the beanbag chair.
5. Repeat until the beanbag chair reaches the desired firmness.
Instant furniture, very comfy when playing games.
Re:I don't know if he was kidding... (Score:4, Interesting)
Even "Confidential" requires a cross cut shredder built to certain standards to destroy. The most common reason for confidential classification is the document contains personal information, such as SSNs. It's common for military units to read a briefing statement that explains what a SSN is being asked for each and every time it is mentioned, and to warn service members when it is optional to provide one.
"It is your option not to provide your SSN for this insurance document. The Department of the Army may have difficulty tracking the issued policy, and it may delay your designated heirs receiving benifits if you elect not to do so".
Can you imagine if the average doctor's office took it this seriously?
Dumpster Diving Deterrents (Score:3, Interesting)
This should point the searchers in a different direction, causing them to move on to a more attractive find, much as car alarms doo.
Re:avoid recycling bins for financial mail (Score:1, Interesting)
Re:College Anyone? (Score:4, Interesting)
If you're concerned about the use of your SSN, and your school does something that blantently stupid (especially if they print your SSN on all your documents and on your ID card), you should go to a meeting of the governing body of the University (Regents, etc.) and present your case. Bring some examples of policy from other schools. It's kind of pointless to argue with the desk staff who ask for your SSN, as they are just doing what they are told and can't do much to help your privacy concerns. It might be hard to change the system, but it's worth a try.
Re:Shredding doesn't offer much protection either. (Score:3, Interesting)
Its simple, you dump the stuff out on a scaner, do a boundry scan and then run length encode each end and then sort thouse. The result is a map of how to put it all back together. No big deal and there is shareware that will do it.
That size of paper is good for running through a blender with a bit of water.
This is where you should be worried... (Score:5, Interesting)
Also, per our regulations, if you don't run it through the shredder, you have to manually tear up the piece of paper 6 times. This is social security numbers, addresses, medical information, etc.
I have often wondered how wrong this is, but my boss never seems concerned when I bring it up.Re:Shredding doesn't offer much protection either. (Score:2, Interesting)
Before my illustrative career in IT, I worked in the Facilities dept. of a bank (S&L to be exact). We were responsible for all sorts of things, one of which was transporting cancled checks to storage after microfilming, and after 1 yr retention, we would remove them and hand them over to a recycling company. Potential problems with the path the check took:
After microfilming, they were bundled into archive boxes and handed over to us. We hated that duty. At the time when I was there, we transported the boxes either in the back of a pickup truck or in a van. More than once, a cover blew off and scattered canceled checks down the highway. Yes, we stopped and tried to pick up the ones that got loose...but you know they were'nt all retrieved. Also, more than once after reaching the storage facility, the boxes would sometimes get stacked to high on the carts and I saw at least twice bundles of checks scattered in the snow-ladden street. Those were all retrieved, but God help the poor sucker that needed the original check for court or something. Hope that microfilm was of good quality.
During storage, access was restriced to Records dept. or Facilities...but if anyone in either dept wanted to go into the storage room, there was no checkin/checkout. Anyone that had a key had total unrestriced access to every box in there and the millions of canceled checks, account numbers, addresses, names, phone numbers, signature samples...you get the picture.
Probably the most troublesome to me was after the year was up, we would turn the checks over to some very scary individuals that worked for the recycling company. More than once I saw checks fall out of the barrels and be left in the street for anyone to pickup.
:-)
Now, before you all give me shit for not complaining...I did. I also tried my best to not let any of those things described above happen, but there's only so much I can do.
Eventually, I got out of there, the S&L was bought out and security was tightned up.
Don't EVEN ask about the executive area shredding we did (that we weren't supposed to do but the secretary was too lazy so she had us do it). I had access to the board of directors meetings as well as the hand written notes of the members. And I didn't even have to get dirty in a dumpster.
No, I never used that info for stock trading, never disclosed that to anyone other than my wife, and I destroyed everything I was asked to....mostly.