Cobblestone Capital Advisors Identity Theft: What You Should Know
WHAT YOU SHOULD KNOW: Identity theft the stealing and fraudulent use of a person s personal or financial information has been a hot topic in the media of late. The attention it has received is not without justification. Indeed, according to recent surveys, identity theft is now the fastest-growing financial crime. A September 2003 report by the Federal Trade Commission found that 4.6% of survey participants reported discovering misuse of their personal information in the previous year alone. The costs are significant. Depending on whether the type of fraud was limited to misuse of existing credit cards or included the opening of new accounts and other fraud, victims reported losing an average of $160-$1,180 and spending 15-60 hours to resolve their problems. That translates to 9.9 million victims losing $5.0 billion over the 12 month period. In short, identity theft is a real and growing threat. Cobblestone takes the threat seriously. We have in place a wide array of physical, electronic, and procedural safeguards to protect sensitive client information. In addition to the steps we take, we recommend that all of our clients follow the practices outlined in the enclosed guidelines. The general ID Theft Risk Reduction Checklist (pages 3-4) is designed for everyone. E-mail and Internet users should also consult the more specific ID Theft and the Internet (page 5), and be alert to e-mail ploys such as phishing scams (pages 6-7). Lastly, if you come to suspect your personal or financial information is being abused, we provide ID Theft Victim Guidelines (page 8) for your use. Our hope is that by making the risk-reduction practices part of our daily routine, we will never need to rely on the resources available to identity theft victims. While it is probably unrealistic to expect anyone to follow all of the practices all of the time, the more you actively employ, the less likely it is that you will become a victim. As always, if you have any questions or comments, please do not hesitate to contact us. Cobblestone Capital Advisors, LLC. January 2005 2
ID Theft Risk Reduction Checklist: Order a copy of your credit report from each of the three major credit bureaus at least once a year. We suggest staggering your order so that you receive one report every 4 months. If you have dependent children, review their credit reports too. The 2003 Fair and Accurate Credit Transactions Act phases in a rule allowing U.S. residents to receive one free credit report per year from each of the three major credit bureaus. Western states become eligible on December 1, 2004, Midwestern states on March 1, 2005, Southern states on June 1, 2005, and Eastern states & all U.S. territories on September 1, 2005. If you use on-line or telephone banking, use strong passwords. Avoid easily available information like your mother s maiden name, your birth date, or the last four digits of your SSN. Strong passwords are at least 6 characters long and contain a combination of letters (uppercase and lowercase) and numbers or symbols. Experts recommend changing passwords and PINs every 30-60 days. Secure personal information in your home, especially if you employ outside help or are having service work done in your home. Secure personal information on your computer. Before you dispose of your computer, delete personal information and use a wipe utility program to overwrite the entire hard drive, or remove and destroy it. Thieves can recover information that has been deleted but not overwritten. (E-mail and Internet users see also page 5) Guard your mail and trash from theft. Don t allow outgoing or incoming mail to sit in your mailbox for a long period of time; if you are going away on vacation, have your mail held. Shred statements and other private information with a crosscut shredder before throwing them away. Give out your SSN only when absolutely necessary. Ask to use other types of identifiers when possible. Cobblestone Capital Advisors, LLC. January 2005 3
Don t carry your Social Security card in your wallet or purse; leave it in a secure place. Empty your wallet or purse of any IDs, credit cards, or debit cards you don t need. Keep your purse or wallet in a safe place at work. Don t give out your personal information unless you initiated contact or are sure you know who you are dealing with. If you have any doubt, call customer service using the number listed on your account statement or in the telephone book to verify that the request is legitimate. Opt out of mail, telephone, and e-mail solicitations. (see pages 9-10) If you do have to reveal personally identifying information, find out how it will be used and secured, and whether it will be shared with others. Ask if you have a choice about the use of your information. Can you choose to have it kept confidential? Be alert for eavesdroppers when giving sensitive information over the telephone in public. Also be careful using your credit card if individuals with cell phones are standing near you. Newer cell phones are able to take pictures of your credit card and license. Watch for warning signs such as bills not arriving on time, being turned down for a loan, or getting calls from bill collectors about accounts you did not open. Cobblestone Capital Advisors, LLC. January 2005 4
ID Theft and the Internet: Update your virus protection software regularly. Among other things, computer viruses can cause your computer to send out files or other stored information. Run anti-spyware software regularly, updating it each time you run it. Ad-aware (www.lavasoftusa.com) and Spybot (www.safer-networking.org/en/index.html) are two popular antispyware programs. Keep your operating system up-to-date. Download security repairs or patches as they become available from your operating system s website. Don t download files sent to you by strangers or click on hyperlinks from people you don t know. Doing so can expose your system to a virus or spyware. (see pages 6-7) Use a firewall program. Without it, hackers can exploit your internet connection to access your personal information or take over your computer and use it to commit crimes. Use an up-to-date Web browser. When submitting information on-line, look for the lock icon on the browser s status bar to be sure your information is secure during transmission. Don t use automatic log-in features, and always log off when you re finished. Password protect sensitive information you wish to send by e-mail, or communicate it by fax, regular mail, or telephone instead. E-mail and cell phones are less secure than other forms of communication. Pay attention to websites privacy policies. If they are missing or unsatisfactory, consider surfing elsewhere. Cobblestone Capital Advisors, LLC. January 2005 5
Phishing Scams: It was only a matter of time before identity thieves hopped on the spam bandwagon. When they did, the phishing scam was born. Like a wolf in sheep s clothing, a phishing e-mail appears to come from a bank, retailer, or Internet Service Provider with whom you may do business, such as Citibank, SunTrust, ebay, PayPal, or AOL, directing you to verify your account information, change your password, or provide them with confidential personal data. As you can see from the example on the next page, the requests (and the websites to which they may direct you) are cleverly designed to look legitimate. One of the clues that a message is fraudulent may be that the English is stilted or just does not sound right. (Often the messages originate from non-english speaking countries.) Fluent English, however, is no guarantee that the message is legitimate. Nor are you guaranteed to be safe if you never give them the information they request: simply clicking the link could subject you to installation of keystroke logging software or a virus on your computer, allowing an identity thief to record any User IDs, Passwords, or other sensitive information you may later type. What to do if you receive a request for sensitive information over e- mail: 1. Never provide personal or financial information in response to an unsolicited e-mail, phone, or pop-up request. Call the institution using the number on your account statement if you have questions, not the number in the fraudulent e-mail. 2. Do not click links in the e-mail. Only go to the company s site by typing the company s address into your browser manually or searching for it using a search engine. 3. Make a habit of following the ID Theft and the Internet checklist (page 5). Uh-oh, I already responded to an e-mail or clicked a link like that! What now? 1. Immediately contact the institution. Use the phone number on your account statements or in the phone book. Explain what happened and alert them that someone may have stolen your account information. 2. Scan your computer for viruses and spyware. 3. Change your on-line password. Type in the institution or company s website address manually or go to it from a search engine. 4. Monitor your account and credit history for suspicious activity. If any appears, follow the ID Theft Victim Guidelines on page 8. Cobblestone Capital Advisors, LLC. January 2005 6
Example Phishing Scam E-mail: Example Spoof Website: Cobblestone Capital Advisors, LLC. January 2005 7
ID Theft Victim Guidelines: Place a fraud alert with each credit bureau and request a credit report. Call the three major credit bureaus and place a fraud alert on your file (see page 10); once a fraud alert is placed, the bureaus will mail out a credit report for review free of charge. Review the reports for new accounts or any other inaccuracies and report them to the bureaus promptly. Call the institution where fraudulent activity occurs. Close any accounts that show signs of tampering or that have been opened fraudulently. If fraudulent activity is suspected on checks, notify the major check verification companies (see page 11). File a report with your local police or the police in the community where the identity theft took place. Try to obtain a report specific to identity theft, not just theft or fraud. Get a copy of the report to validate your claims to creditors. If you can t get a copy, at least get the report number. File a complaint with the FTC. Call the FTC s Identity Theft Hotline: toll free 1-877-IDTHEFT (438-4338). Document your actions. Keep detailed notes of every step. Contact CCA at any stage in the process. We can provide help and additional resources. Cobblestone Capital Advisors, LLC. January 2005 8
Contacts: The opt-out numbers and addresses below may be used to limit the sharing of your personal information by the three major credit bureaus and other companies. Also listed below are private and public agencies to contact if you have reason to believe you are the victim of fraud. Begin with the credit bureaus, and ask them to put a fraud alert on your credit file to slow down anyone trying to open more credit in your name. Opt-Outs Pre-screened Credit Offers: The following toll-free number can be used to let all three major credit bureaus know you wish not to receive pre-screened credit offers: 1-888- OPTOUT (1-888-567-8688) Marketing Lists: To notify the three major credit bureaus that you do not want your personal information shared for promotional purposes, write to the following addresses. Tell them that you want to opt-out of having your name or other personal information shared, lent, or sold to any companies for credit or non-credit-related marketing purposes. Request that they send you any forms necessary to make your opt-out permanent. Be sure to include your name, address, and phone number in your letter. In addition to the three credit bureaus, you may also wish to write directly to specific organizations from whom you already receive unwanted promotional mailings and ask them kindly to remove your name from their mailing list. Experian Consumer Opt-Out 701 Experian Parkway Allen, TX 75013 Equifax, Inc. Options PO Box 740123 Atlanta, GA 30374-0123 TransUnion Marketing List Opt Out PO Box 97328 Jackson, MS 39288-7328 Cobblestone Capital Advisors, LLC. January 2005 9
Telemarketing: The federal government maintains the National Do Not Call Registry. Visit www.donotcall.gov or call 1-888-382-1222 from the phone you want to register. Direct Mail Marketing: Registering with the Direct Marketing Association s Mail Preference Service will reduce the amount of direct mail marketing you receive from national companies. You can register on-line at www.the-dma.org/ consumers/offmailinglist.html or write to: Direct Marketing Association Mail Preference Service PO Box 643 Carmel, NY 10512 Credit Reports Equifax: To order your credit report, call: 800-685-1111 Experian: To order your report, call: 888-EXPERIAN (397-3742) TransUnion: To order your report, call: 800-888-4213 Credit Bureau Fraud Departments Experian Experian's National Consumer Assistance Phone: 888-397-3742 P.O. Box 2104 Allen, TX 75013 TransUnion Fraud Victim Assistance Department Phone: 800-680-7289 Fax: 714-447-6034 P.O. Box 6790 Fullerton, CA 92634-6790 Equifax Consumer Fraud Division Phone: 800-525-6285 or: 404-885-8000 Fax: 770-375-2821 P.O. Box 740241 Atlanta, GA 30374-0241 Cobblestone Capital Advisors, LLC. January 2005 10
Government agencies Federal Trade Commission Phone: 877-438-4338 U.S. Postal Inspection Service www.usps.com/postalinspectors Social Security Administration Phone: 800-772-1213 Check Fraud Contacts To report the fraudulent use of your checks: Check Rite Phone: 800-766-2748 CrossCheck Phone: 800 552-1900 NPC Phone: 800-526-5380 Chex Systems Phone: 800-328-5121 Equifax-Telecredit Phone: 800-437-5120 SCAN Phone: 800-262-7771 Tele-Check Phone: 800 366-2425 Cobblestone Capital Advisors, LLC. January 2005 11
References: ------------. ID Theft: When Bad Things Happen To Your Good Name. Federal Trade Commission, November 2003. Available at www.consumer.gov/idtheft ------------. Federal Trade Commission Identity Theft Survey Report, Federal Trade Commission, September 2003. Available at www.consumer.gov/idtheft/stats.html ------------. Stop thieves from stealing you. Consumer Reports, October 2003. Borzo, Jeanette. Something s Phishy. The Wall Street Journal, November 15, 2004; Page R8. Coombes, Andrea. Navigating the online land mines: Latest scams, hidden viruses make Net more treacherous. CBS MarketWatch, July 21, 2004. Federal Trade Commission. ID Theft Website: www.consumer.gov/idtheft Martin, Ray. Somebody being you: ID theft often an inside job; how to protect yourself. CBS MarketWatch, October 27, 2004. Nielsen, David. Fight Identity Theft Website: www.fightidentitytheft.com A copy of this publication is also available on our website: www.cobblestonecap.com 140 Allens Creek Road, Rochester, New York 14618 Phone: 585-473-3333 Fax: 585-473-1662