Tag: identity theft

Who’s got the spam: MySpace or Facebook?

And what about the app providers themselves

Kristen Nicole asked: “When Did Facebook Get More Spammy than MySpace?” It’s all the buzz since the BBC reported that a widget third-party application can be used to gather personal data on its users – Facebook security.

Why there is an expectation that social network abuse wouldn’t grow inline with network expansion itself I cannot answer. Maybe it’s the morass of privacy settings available to the user – kind of like a security blanket even if you don’t have the time or the inclination to work through them all. Could it be the consistent public relations byline coming out of the organizations themselves? Or maybe it’s the constant buzz from the blogosphere and media. Personally, I expected the spam.

Nonetheless, I’m first to point fingers at the buzz. Quick and dirty searches for the two kings, associated with the word “spam,” produced the following results:

Not really much of a winner here. While even my own search results show Facebook in the lead, 10 hits to 2 hits, those figures are statistically insignificant. As is, I believe, the concept of spammers doing measurable damage inside the networks.

What I’d be more concerned about is this…

Facebook (and I’m sure MySpace) has the resources to put the kibosh on these issues (and Facebook is already claiming they pay careful attention to potential problems, although some of effort is aligned with natural attrition). But what about the application providers themselves?

The prevalent business model for the apps seems to be new media targeted marketing (i.e. internet advertising) – the apps/providers are collecting data…right? How good is their security? And how long before malcreants start mugging them instead of chasing their tails inside the fortresses?

Identities stolen – IRS about to bill the victims

From the Citizen Tribune:

For Lora and Jamey Costner, a $7,854 federal income tax bill is the painful indigestion that followed two unsatisfying servings of identity theft cooked up by two former Koch Foods employees, records indicate.

The criminal cases involving the Newport married couple and the two illegal immigrants, who IRS records indicate worked for Koch Foods, have been resolved in the court system.

The bitter aftertaste that remains is the unpalatable possibility of having their wages garnished to pay tax bills on income they never earned at the Morristown chicken-processing plant.

Read the whole thing. It’s happened before, and the company in the middle continually plays ignorant.

This just doesn’t pass the smell test – it seems an investigation of Koch Foods is in order.

There is no more Monster under the bed

Once “the” job site, Monster has taken a back seat, progress-wise, to virtually everyone including the blogosphere. Now their CEO is out, and the company is facing a potential disaster in the form of a trojan horse identity thief.

I think this ship can be righted with a few simple maneuvers (and a bit of business model massaging), but I’m going to keep my mouth shut since someone else probably had the ideas first.

UPDATE: Monster shut down the server “hubbing” for the trojans. Now they just have a PR mess. Personally, I don’t think five days is an unreasonable time, considering the circumstances. They targeted the root of the issue (the server), which may have mitigated even more lost data – I view it as a customer-centric move. Second, this business of personal information being exposed is somewhat overblown – people stick their resumes online, and businesses pay to see them – the personal data and financial data are from two different constituents, as far as I can tell.

UPDATE 2: From Yahoo News

As previously reported, the information contained on this server was limited to names, addresses, phone numbers and email addresses. Based on Monster’s thorough review, no other details, including bank account numbers, were uploaded.

Sounds like businesses are safe – maybe the talk there will now end.

On a side note, I had a Monster account sitting inactive. I used a different email address and phone number than usual with it – I think everyone should practice the same, just like the internet birthday.

Further explanation not required

It’s going to be a hot one, so I got up pretty early.

Went out front just to make sure my lawn wasn’t littered with a free newspaper, then made some coffee and turned on the tube for the first time in almost two weeks. Since my programming guide is pretty much limited to SciFi and Discovery Channel, I was disappointed to find that Comcast has now moved the latter into the premium category – I’m not as happy with them as I thought I was last week now that half the value of my meager $14 price tag has disappeared.

Off to the net, where I found these tidbits:

No fun. Aw, Sunday is “fight the crowds at Home Depot” day anyway.

Identity theft, hit jobs, gossip, and class acts

I checked out this Lifelock hit job story with the initial intent of commenting on the company’s worthiness in the old Spamroll way, so I’ll follow that path first…

Lifelock provides credit services under the identity theft protection moniker. I discussed some of the methodologies for protecting your identity way back when, but failed to note that some of the ideas did require a lot of time and effort. Being that time is something a lot of people don’t have, that’s where Lifelock comes in. There is no secret sauce here, IMHO. But engineering fraud alerts etc. is a pain in the ass and getting your credit reports will cost you around $40 bucks, so if Lifelock is asking ten bucks a month and you are comfortable turning your personal information over to a third party, it is probably not a bad deal. Even if you cancel after you receive your reports, those fraud alerts remain in your file for seven years – it then becomes a really good deal. However, keep in mind that if you are an everyday Jane or Joe without a personal banker, using these tactics WILL make credit harder to come by even for yourself. Be prepared for hassles.

Nevertheless, I’ll give Lifelock a tentative thumbs up for those wanting for resources measured by the clock.

Mike Arrington is likely right – the email floated to him was a hit piece. The sale of personal information is big business, and the resulting opportunities are shrinking. Credit providers know that there are only two types of credit consumers left in the world – those that are tapped out and won’t get approval for more credit, and those that use credit so wisely (i.e. pay their balances in full almost every month) that they are for the most part unprofitable. Credit providers already know the secret of what to do with unprofitable customers (although their notion is to fee them to death until they just walk away). Either way, it is market for which truly qualified leads are drying up, and the automation of credit protection tactics reduces another link in the value chain.

That should have been the end of it, but the story continued.

On ValleyWag’s grave dancing…well I didn’t see the stuff as I don’t visit ValleyWag. Gossip is for Paris Hilton followers.

When all was said and done, Bessemer Ventures partner David Cowan showed everyone how to be a class act. He came to the defense of his investment’s founder with openess and conviction. VC’s have been known to make bets on the “eccentric” so there is the obvious need to cover one’s own behind too. Nonetheless, it was a sign of integrity and forthrightness rarely seen nowadays. If nothing else, kudos to Cowan…for having some balls.

UPDATE: What was Lifelock thinking? Maybe I gave them more credit than they deserved.

Phishers target MySpace

I wish I had a catchy headline like the one the Associated Press pushed: MySpace Users Big Targets for ID Thieves – unfortunately I don’t really consider stealing someone’s MySpace account a form of ID theft.

Unless MySpace users are posting their credit card and banking information, their SSN, or other such details on their MySpace page, this is more of a hassle than a threat, and one that MySpace could easily warn users about. Then again, users post just about everything else, so maybe I’m way off base here.

At least MySpace users have strong passwords – let’s hope they keep it that way when they have to repeatedly change them.

UPDATE: Slashdot notes that social networking users have already ruined their privacy. I concur.

New reason to hate your boss

The CEO of hosting software provider Compulinx, was charged and arrested for identity theft. No big deal, except for the fact that the victims of said ID theft were the company’s own employees.

Terrence Chalk and his cohorts applied for and obtained credit under the names of their employees, and used the money to fund company operations. Guess things weren’t going too well, and/or they’d already pissed off all the VCs.

Everyone’s in real estate, including ID thieves

houseforsale.jpegRemember the shock when you looked at your credit card bill and found that fraudulent charge? Eh, you called the card company and it was swiftly removed – no biggie. Now, imagine you wake up one morning and there is a moving truck in front of your home. Your house was sold a month ago; you just didn’t know it.

That scenario is very close to reality for Paul Reviczky, who fled Eastern Europe for Canada in the 50’s to “escape the lawlessness.” His rental property has been sold out from under him – he’s a victim of title fraud.

All this was done with the help of Mr. Reviczky’s “tenants” and a “lawyer” he never hired. The transaction documents were “properly” notarized by “someone” attesting to driver’s license presentation. There is no telling how far the scammers really went to become Mr. Reviczky, or whether some fraudulently drafted paperwork was enough to get a mortgage on a house, within a system that is obviously very very broken.

With mortgage brokers shoveling money into real estate brokers’ pockets, on the backs of appraisals performed in five minutes, this is none too surprising. Oh, the real estate craze.

eBay confronted by privacy squad

eBay has a lot of purchasing preference data on a whole lot of people. If you are a scammer, tired of spamming people with useless pharmaceutical offers and stock reports, you might be interested in such information. I think people are also starting to get a clue about all the data they leave online – some have the inclination to get it off.

If you are an eBayer, it seems that is a bit difficult. Now eBay is being investigated over that purportedly painful process, based on a complaint filed by Privacy International under the UK’s Data Protection Act.

I suspect this is just a bunch of bitching, and eBay will comply with whatever modifications to their practices are suggested (at least I hope they do, as alternative action would be just plain stupid). But, I am now wondering…where the hell is the US’s version of the “data protection act?” All I keep hearing is how politicians are screaming more for data retention!

Hoosiers just a bit safer from data breaches

A law which went into effect in Indiana requires companies to notify citizens when data breaches occur.

Public Law 125 excludes companies cover by federal laws, including the Patriot Act, the Federal Driver’s Protection Act, the Fair Credit Reporting Act, the Federal Financial Modernization Act, and HIPAA, meaning all companies are exempt. If the breach affects more than a half-million, or the notification process is expected to cost more that $250,000, the company in question can have a $15/hour junior webmaster post a “conspicuous notice” on their website, and they can make fifteen $0.02 calls to local media outlets – all companies will be taking this option.

But the mandate does ensure that when more than a thousand people are affected, the company must notify credit reporting agencies. No word if the cost containment measures apply to this halfway decent portion of the measure, or how long the company has to wait before they actually opt-out of the law based on the federal exemption and/or make that “conspicuous” web post sans RSS feed.