Want To Win Free Debix Identity Theft Protection For A Year?

[...] the contest since I think there are a couple of you out there that may have a story that qualifies.  Rich’s rather cool contest… at least I think [...]

Oh, how I love a contest with a challenge element! In this case, it’s even better, because I’‘m theoretically not eligible. But that never stopped me before. And it might be fun to see how Rich handles the exceptions (sometimes I can be a pain, EH?). In any case, I think my story may be able to educate some people about how to avoid fraud or reduce its frustrating effects.

Many years ago I opened a bank account and they offered to give me a credit card with a modest limit. That was a nice touch. However, the card had no sex-appeal… no points or rewards that I cared about. At that time, identity theft to most people was when somebody made a copy of your passport and put their picture on it, so they could get into the country illegally.

In my case, I longed for a TD GM Visa card so I could save up points toward my next Oldsmobuick. So, I got one and promptly forgot about the old one, never closing it. About 5 years later (after buying a nice Olds Intrigue!), I started out on my own as a consultant and was looking for ways to finance expenses temporarily. I thought of the old card, which by then had been the happy recipient of a credit limit increase of up to $20K.

Once my short term financing needs were satisfied, I paid off the card and forgot about it again. However, by a stroke of luck I had started importing my banking statement information into Quicken so I could keep track of my personal spending by category.

One day, Quicken pops up a dialog saying "There is a new account. Would you like Quicken to import it?". I was dumb-founded. I hadn’‘t opened an account recently. So, I clicked on YES to see what came in. It was my old credit card with two transactions on it in the past month. It hadn’‘t been imported before because it had a zero balance. But I had not used it in over a year.

So, I called up my bank and sure enough, there were two internet purchases in Europe for a hardware store and an airline ticket. They initiated the process of cancellation, and all was back to normal in a month.

Thanks Quicken. Even if I hadn’‘t been alerted by the new account, just the action of categorizing all transactions would have led me to discover the fraud in a short period of time. I thought this was a good case for using a program like Quicken.

Anyway, as I said above I’‘m not eligible, by 30 miles, it turns out… unless the UPS Store in upstate NY where I have purchases that are also "only shippable to US addresses" counts as "within the US" for the purposes of this contest.

Best of luck to the other contestants, privileged enough to live in the US of A! (boo hoo)

I seem to recall that the credit report companies have recently sued another company (the one with the boss and his SS# exposure) for using the same technique of pretending to be the customer and placing automatic fraud alerts. Seems that those activities are not really allowed by the credit report company’s policies.

And the other company uses up your free credit reports (people get one free/year from each of the three companies), so you can’‘t get them yourself.

And you should really look at the terms of service; you might be giving away some financial power of attorney (IANAL) if you subscribe.

It is true that individuals can do the same thing themselves (place a fraud alert, get credit reports, etc) all free with a bit of effort. Depends on whether you think the cost and risk is worth it.

Myself: I monitor my debit/credit cards daily, grab a free credit report one a quarter. My bank protects me from fraudulent debit/credit card use.  Have had no problems. Saves me the $40+/year.

YMMV

The company that you refer to as being "sordid," Lifelock, is getting sued for putting fraud alerts on peoples credit reports. It sounds like Debix does the same exact thing! Are they next?

It’s the same approach- the fraud alerts- and you have to authorize them to place them. While I have concerns about Lifelock, it has nothing to do with this lawsuit. That’s just Experian trying to stifle any potential competition. Basically, Experian is claiming that since the law states "an individual" that represents you has to maintain the alert, Lifelock is in violation as a company. I highly doubt Experian will succeed.

If Experian succeeds they’‘ll go after everyone. My guess is they won’‘t.

My employer’s outsourced HR company lost records that apparently included mine. So they gave me a freebee credit monitoring service.  My guess is that folks are on to these methods of "getting out of trouble" and all the theives have to do is wait it out for a year before they attempt to steal the ID.

So far nothing has happened but its always something that is looming.

Fraud you say? I have some childhood trauma related to that…..

There I was ….all of 10 years old, a kid in the height of merriment taking over the known universe in the ASCII heaven of CompuServe’s Megawars (SciFi conquest/strategy). I had built a veritable empire, cultivated my planets and built a fleet a respected by all. Then the great Malcontent of 3360, as I like to call it, happened. In English, some ass swindled my Compuserve login and proceeded to jack my bill higher than Timothy Leary (this is back when it was charge by bps + hourly…2400bps was something like $6/hr) and destroy my beloved empire. Since the account and bill were under my father’s credit card, I invite you to imagine the interrogation I received when the bill rang in at $1000+. Fortunately CompuServe reversed the majority of the charges after my father called in….I’m pretty sure my pleading for my life in the background helped.

[...] We’re both at home this week, so we had a pretty good show tonight.  Martin will be on the road for the next few weeks and Rich will be in Boston at the SOURCE conference, so we’ll be recording a day or two early for a change.  We’ll probably still release the podcast on Tuesday, so there won’t be much of a difference as far as your concerned.  Rich will be presenting at SOURCE with Christofer Hoff, which may be one of the signs of the Apocolypse.  There’s been a few interesting developments in hacking into systems, so make sure you keep a hand on your laptop when you’re out at the coffee shop.  Visit Securosis.com and tell your identity theft stories to win a chance for a year’s worth of protection from Debix. [...]

[...] Finally, remember that you can win a free Debix account by commenting on this post. [...]

There I was minding my own business when I noticed an opportunity to win a free debix account simply by commenting "I thought cool, I will read, the post and then just say "the post sucks - where’s my free debix account?"

Turns out it is all a scam to get individuals to divulge intimate, and in some cases embarrassing, aspects of personal fraud. Total scam

For the record, I know Amrit’s information was lost when the auditor to his employer left it on a CD in the seat pocket on the back of an airplane seat.

I’‘ll count this as your entry

Ah yes, Ernst and Young lost all McAfee stock transaction information, including personal records, when they left a CD on a plane…ok fair enough that is my entry

http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2006/02/25/BUG2IHEGCC1.DTL

Lets say one day you purchased a $20 keyboard and mouse from a 3rd party, amazon.com reseller. Then lets say, the unit arrives with a $600 piece of boxed Adobe software.  "This is strange, maybe I’‘ve made out on this deal."  The next day another box of gear shows up and the next day a $2,500 projector is delivered (all items shipped directly from manufacturer (Dell, Amazon.com wharehouse, etc). Okay this is weird. Emails come in from the 3rd party vendor claiming that a mistake was made and you were shipped thousands of dollars of merchandise.  These emails come from a @live.com email address.  Huh?  Your invoice is correct but the packing slip consists of mangled information which is partly your name and partly "wrong" or fake information.  Now you are contacted by the 3rd party reseller daily with the same email over and over.  Poor grammar, spelling and capitalization abound but no additional charges on your credit card appear for any of these goods.  Here is what I think happened or is supposed to happen.

- User purchases product from the reseller website
- Fraudulent vendor/hacker/evil do-er purchases goods w/some other form of fake/stolen payment method and ships them to the "good customer"
- Good customer recieves fradulently purchased goods with request to "Ship them to the following address because we made a mistake"
- Good customer ships the items back to the fradulent purchaser. Done.

It’s either this, or a bad database script was run which must have totally hosed everything.

Thoughts?

I’m okay with divulging not-so-intimate, slightly embarrassing aspects of fraud at the chance for a free iPod, err, lunch, err, credit protection.

The year was 2001 or so.  I offered to help a friend and his wife buy a laptop.  Money was tight for them, so we shopped all over and decided to snipe off of Ebay.  The seller asked that we send a cashiers check to Indiana (His address was in Washington D.C. and I’m in Minneapolis… this matters later).  I wanted to believe that most people were good so we sent it and we waited.  I got antsy and tracked down the guy on the Ebay account, who ended up being an average joe who’s identity had been stolen.  They used his name and address on the ebay account. He told me various Ebay transactions and accounts had been attributed to him and his credit card.  I got on the phone to every authority figure I could find.  The police in Indiana said I had to file a report with my local department.  My local department said the crime was committed in Indiana and that I had to file with them.  I naively tried calling the FBI, but of course a laptop is a far cry from the $150k or-so minimum they had for fraud cases at the time. 
Now the seller’s email address was a hotmail account (I know, how many signs did I miss?), and I figured if it’s a hotmail account they are using a web browser to read it.  So I sent an email with a 1x1 transparent gif image linked to my web server in the email.  Sure enough, I got a hit.  The IP address was from Georgia, the authorities in Georgia thought I was insane when I called.  I continued to send bait emails to the hotmail account with uniquely named images in them and then I finally caught them online.  I called the ISP (I think it was uu-net), told them the person connected *right now* on *this IP* had ripped me off.  Of course they couldn’t tell me anything, but they put the record into a ticket and gave me the ticket number.  They said they would release it if they had a subpoena.  I called the Georgia police back with this information and they still thought I was crazy.
The whole time I was communicating with the guy in D.C. whose identity was used on the ebay account.  Once I tracked them to Georgia (and the general region) he had recalled he had credit card transactions sent to an address there.  I converted the address to a phone number and this guy called down.  Turned out there was a teenager at the address whose father was very interested in our tales.  The father was able to correlate the appearance of items with the D.C.-guy’s previous fraud activity.  Long story short, we got our money back since they didn’t cash the cashier’s check (I think we waited 6 months), the kid’s electricity was parentally removed and the police in Georgia still thought I was nuts.

@myemailisvalid, that’s definitely a weird one. Did you report it to Amazon?

Jay,

I am seriously impressed by your ability track that down. If you’‘d ever like to write that up for a full blog entry, let me know.

Yea…we’‘ll see what happens.

Don’‘t you find it interesting that in order for us to "secure our trusted information" we have to hand over our trusted information to a company like Debix?

I’‘m sure they’‘ll need my SSN and some other info about me, probably then holding a large repository of valuable, personal information. In our line of work, we’‘ve all seen websites and firms claiming that they are secure.  As a consultant we then see our customer’s get compromised for any reason under the sun.  Hell, we hosted a site that was "hacker safe certified" when we found out that the wrong IP was being scanned/certified. Just last Friday I glanced at a web admin interface of one of our managed services customers.  Full name, addy, CC num and CVC/CVV number stored in their admin interface. Great job PCI. Where is Martin when we need him?

Thus my story, of purchasing from a 3rd party company instead of Amazon in order to save 5 bucks.  Lets assume that this firm had a database import screwup. Sure, it can happen to anyone but could it have been easily prevented?  I bet that mickey mouse shop is running on a razors edge to get a margin on a keyboard sale to make some bucks considering they don’‘t even have their own domain-based email.  It’s all about trusted vs the un-trusted. Do I trust Debix?

[...] part of our Debix contest (which is open for a few more days, if you want to enter) one reader relayed a great story on how [...]

[...] to close it out on Friday, and David Mortman and I will be announcing the (anonymous) winners. So head over to this thread and add your story before [...]

[...] thanks to me being totally swamped post-surgery until now, but let’s congratulate our winners of a free year of Debix identity theft protection: myemailisvalid, Jay, and [...]

[...] (have I killed that analogy yet? Really? Even with the unicorns?). As many of you know, since they sponsored a contest here at Securosis, Debix is an identity theft prevention company. They place credit locks with the credit agencies [...]’,