Preventing fraud and identity theft
By SDPD Neighborhood Policing Resource Team
This column contains tips for preventing telemarketing and Internet fraud, identity theft, Wi-Fi hacking, and other scams.
Additional tips on personal safety and security, home and vehicle security, vacation safety and security, senior safety and security, preventing crimes against businesses, reporting crime and suspicious activities, reporting suspicious activities for terrorism prevention, reporting disorder and other problems, obtaining crime information, dealing with homeless people, and starting a Neighborhood Watch program are available in the Crime Prevention and Education section of the SDPD website at
Callers claiming to represent everyone from police officers to the disabled take advantage of the public’s sympathy and generosity to the tune of billions of dollars each year. They also offer chances to earn enormous profits from no-risk, high-yield business and investment opportunities, miracle cures for everything from baldness to cancer, vacation homes, sweepstakes prizes, etc.
Be suspicious of all solicitors, especially if the caller:
- Says you have won a prize but asks you to send money first or provide bank account information.
- Says you have to act right away. Remember, if it’s a good deal today it will still be a good deal tomorrow. Don’t let anyone rush you into signing anything.
- Fails to identify the sponsor, uses a variation of an official or nationally-recognized name, e.g., Salvation League instead of Salvation Army.
- Offers to have someone pick up a cash payment from your home.
- Says he or she is a law enforcement officer who will help you for a fee.
- Requires you to attend a sales meeting.
- Directs you to dial a pay-per-call 900 number.
- Delays the delivery or a product or prize, etc.
- Says he or she is calling from the Security and Fraud Department of your credit card company and asks you for the 3-digit security number on the back of your credit card to verify your possession of the card to aid it in a fraud investigation.
- Says that Medicare now requires a National ID Card and offers to provide one for a fee.
- Says he or she is a U.S. Food and Drug Administration (FDA) agent or official and that you must pay a fine because you have bought or attempted to buy discounted prescription drugs from a foreign pharmacy. Report such calls to the FDA Office of Criminal Investigations at (800) 521-5783.
The following tips will help you resist these criminal appeals.
- Never give your credit card, checking account, Social Security or Medicare number, or any personal information to an unknown caller. Just say “no” and hang up on anyone who asks for personal information.
- Don’t ever assume a friendly voice belongs to a friend. Never give out the 3-digit security number on the back of your credit card unless you have initiated a credit card purchase and the seller asks for it to verify your possession of the card.
- Ask a charity to send written information about its finances and programs before making any commitments.
- Call the Better Business Bureau of San Diego County at (858) 496-2131 to check on any unsolicited offers.
- Or visit its website at
for general consumer information and tips on avoiding various types of fraud.
- For additional information contact the Federal Trade Commission (FTC) Consumer Response Center at (877) 382-4357 and
, Federal Communications Commission Consumer Center at (888) 225-5322 and
, and California Department of Consumer Affairs Consumer Information Center at (800) 952-5210 and
- Call the Health Insurance Counseling and Advocacy Program’s Senior Medicare Patrol (HICAP/SMP) at (800) 434-0222 to check on any solicitations regarding Medicare.
And be sure to list your home and mobile phone numbers free on the National Do Not Call Registry to reduce pre- approved credit offers and telemarketing calls. Call (888) 382-1222 or register online at
- Telemarketers check the registry every 31 days so it may take that long before your numbers are removed from their call lists. This should stop all but exempt calls from nonprofit groups, charities, political organizations, survey companies, and companies you have dealt with recently or signed a contract with that includes permission to call you. If telemarketers ignore the fact that your numbers are on the registry you can report them at the above number or website and sue them for violating your rights. For this you’ll need to keep a record of their names and the dates of the calls. If you receive non-exempt recorded telemarketing solicitations known as robocalls, now banned by the FTC, you can file a complaint with the commission online at
or by phone at (877) 382-4357.
In a relatively new scam criminals use Voice Over Internet Protocol (VOIP) technology to make telephone calls from anywhere in the world pretending to be a legitimate business, often using a fraudulent called ID matching the identity of the misrepresented company. This scam called “vishing” or “voice phishing,” directs recipients to call an illegitimate telephone number where they are tricked into giving up personal information. They might receive an urgent recorded message telling them that their credit card number has been compromised and directing them to call the following telephone number immediately and punch in their 16-digit account number to verify their identity. The best defense against vishing is to treat any unsolicited telephone message with suspicion and only give your personal information out when you have initiated the call and are sure the other party is legitimate.
In 2007 the Internet Crime Complaint Center (IC3), which acts in partnership with the National White Collar Crime Center and the FBI, received more than 206,000 complaints on its website and referred about 90,000 to law enforcement agencies for further consideration. The total loss from all of these cases was about $239 million. You may be at risk if you answer “yes” to any of the following questions:
- Do you visit websites by clicking on links within an e-mail?
- Do you reply to e-mails from persons or businesses you are not familiar with?
- Have you received packages to hold or ship to someone you met on the Internet?
- Have you been asked to cash checks and wire funds to someone you met on the Internet?
- Would you cash checks or money orders received through an Internet transaction without first confirming their legitimacy?
- Would you provide your personal banking information in response to an e-mail notification?
For more information on Internet fraud visit
If you become a victim of Internet fraud or receive any suspicious e-mails you should file a complaint with the IC3 at
- Its website also includes tips to assist you avoiding a variety of Internet frauds. Some of these are presented below.
Delete any suspicious e-mail without replying, especially the following:
- Business opportunities to make money with little effort or cash outlay Offers to sell lists of e-mail addresses or software Chain letters involving money Work-at-home schemes
- Health and diet claims of scientific breakthroughs, miraculous cures, etc. Get-rich-quick schemes Free goods offered to fee-paying group members
- Investments promising high rates of return with no risk Kits to unscramble cable TV signals
- Guaranteed loans or credit on easy terms Credit repair schemes
- Vacation prize promotions
Online shopping frauds
Do not use a debit card when shopping online, especially on an unfamiliar website. If something goes wrong your account can be emptied quickly without your knowledge. This can result in overdrafts, fees, and an inability to pay your bills. Even if your bank offers a fraud guarantee it is not obligated to restore your funds for at least two weeks while it investigates. If you use a credit card the federal Fair Credit Billing Act limits your liability to $50 for any unauthorized or fraudulent charges made before you report the billing error.
To protect yourself you need to do the following:
- Write to your credit card company within 60 days after the date of the statement with the error and tell it your name and account number, that your bill contains an error and why it is wrong, and the date and amount of the error.
- Pay all other charges.
- You do not need to pay the disputed amounts.
Consumers should be aware that if a deal looks too good to be true, it probably is. An example of such a scam occurred in December 2009 when the victim located a car on the Auto Trader website and contacted the seller directly by e-mail. He was told that the car would be shipped to him for inspection and approval if he wired the money to a bank account where it would be held in escrow. He wired the money but the car never arrived. To prevent this kind of scam consumers need to be diligent in verifying all the parties involved in the purchase by phone calls, face-to-face meetings, etc. In a similar case the consumer asked to see the car before wiring any money. The scammer ended all contacts at that point.
In an e-mail scam known as “phishing” identity thieves fish for personal information by sending realistic-looking e- mail that asks recipients to go to a bogus website and provide personal information such as credit card and Personal Identification Numbers (PINs). Legitimate banks and financial institutions don’t send e-mails asking you to verify your account information. They already have it. The following are examples of scammers posing as the IRS, FBI. FDIC, U. S. Census Bureau, and the CDC.
Each year during tax preparation time there is a surge in the number of frauds by criminals posing as IRS officials to obtain personal information for identity theft. The IRS never sends out unsolicited e-mails or asks for detailed personal and financial information. Any such e-mail is a fraud. So are telephone calls from someone stating they are from the IRS. Go to the IRS website at
Fraudulent e-mails have also been sent out by criminals posing as FBI agents and officials. They give the appearance of legitimacy by using the FBI seal, letterhead, and pictures of the FBI Director. They may also claim to come from the FBI’s domestic or overseas offices. Like the IRS, the FBI does not send out e-mails soliciting personal or financial information. For more information on this kind of fraud go to the FBI website at
and click on New E-Scams and Warnings under Be Crime Smart.
Another agency that has become aware of fraudulent e-mails in its name is the Federal Deposit Insurance Corporation (FDIC). These ask recipients to “visit the official FDIC website” by clicking on a hyperlink that directs them to a fraudulent website that includes hyperlinks that open a “personal FDIC insurance file” to check on their deposit insurance coverage. Clicking on these links will download a file that contains malicious software to collect personal and confidential information.
And with the 2010 U.S. Census underway do not click on any link or open any attachment in an e-mails appearing to come from the U.S. Census Bureau. They will be fraudulent. The Census Bureau may contact you by telephone, mail, or in person at home. It will not contact you by e-mail.
On Dec. 2, 2009 the Centers for Disease Control and Prevention (CDC) issued a health alert warning people not to respond to an e-mail referencing a CDC-sponsored state vaccination program for the H1N1 (Swine Flu) contagion that requires registration on “www.cdc.gov.” People that click on this embedded link risk having a malicious code installed on their computer. Examples of this and other hoaxes and rumors can be seen at
Use the following tips to counter phishing:
- Do not open any e-mail from an unknown sender.
- Do not open any unexpected e-mail attachments.
- Do not open any attachments that ask you to reset a password.
- Do not click on website addresses in e-mails you get even if they look real. Retype them into your browser.
- Do not click on links within e-mail messages purporting to come from your bank.
- Do not double click on an Internet pop-up offering a link or provide personal information in response to an e- mail or Internet pop-up offer.
- Use the latest versions of Internet browsers, e.g., Microsoft Internet Explorer 8, which is designed to prevent phishing attacks. Use Explorer in the “protected mode,” which restricts the installation of files without the user’s consent, and set the “Internet zone security” to high. That disables some of Explorer’s less-secure features. And set your operating system and browser software to automatically download and install security patches.
- Make sure the website page you are entering sensitive information on is secure. The address should begin with https:// rather than https://.
- Consider taking your business elsewhere if you don’t see, understand, or agree with the policy.
- Keep your computer up to date with the latest firewalls, and anti-virus and anti-spyware software. The latter counters programs that secretly record what you type and send the information to the thieves. They are often installed when you visit websites from links in e-mail. Use security software that updates automatically. Visit
for more information.
- Do not buy “anti-spyware” software in response to unexpected pop-ups or e-mails, especially ones that claim to have scanned your computer and detected viruses known as malware, i.e., malicious software.
- Do not respond in any way to a telephone or e-mail warning that your computer has a virus even if it appears to come from an anti-virus software provider like Microsoft, Norton, or McAfee. “Helpful hackers” use this ploy to get you to download their software to fix the virus or sell you computer monitoring or security services to give them remote access to your computer so they can steal your passwords, online accounts, and other personal information. If you already have anti-virus software on your computer you’ll receive a security update or warning directly on your computer.
- Contact your e-mail provider. Most keep track of scams. Send your provider the suspicious message header and complete text. Use caution when entering personal information online.
In another scam known as “whaling” fake e-mails have been sent to high-ranking executives to trick them into clicking on a link that takes them to a website that downloads software that secretly records keystrokes and sends data to a remote computer over the Internet. This lets the criminal capture passwords and other personal or corporate information, and gain control of the executive’s computer. In one case fake subpoenas have been sent to executives commanding them to appear before a grand jury in a civil case. The link that offers a copy of the entire subpoena downloads the malicious software.
Social networking dangers
Virus creators, identity thieves, and spammers are increasingly targeting users of social networking sites in an effort to steal personal data and account passwords. One of the tactics they use to gain access to this information involves sending social networking users e-mails that appear to come from online friends. For example, some Facebook users have been receiving e-mails from their “friends” that claim to contain a video of them. When they click on it they download a virus that goes through their hard drives and installs malicious programs. The virus, known as Koobface, then sends itself to all the friends on the victim’s Facebook profile. A new version of the virus also is affecting users of MySpace and other social networking sites. Cyber-criminals are tricking social networking users into downloading malicious software by creating fake profiles of friends, celebrities, and others. Security experts say that such attacks, which became widespread in 2008, are increasingly successful because more and more people are becoming comfortable with putting all kinds of personal information about themselves on social networking sites. They warn that users need to be very careful about what information they post because it can be used to steal their identities. Facebook users should become a fan of its security page at
, which has posts related to all sorts of security issues, tips, resources, and other information.
To avoid problems on social networks or anywhere in the Internet, users should:
- Not to click on any links, videos, programs, etc. provided in messages, even if a “friend” encourages you to click on them.
- Get program updates from the company’s website, not through a provided link.
- Make your account so private that only your friends can see the details.
- Scan your computer regularly with an updated anti-virus program.
- Be suspicious of anyone, even a “friend,” who asks for money over the Internet.
Cybercriminals are now creating fraudulent websites that will receive high search-engine rankings and thus attract the attention of persons searching for information on a particular subject. Persons just visiting those sites risk having their computers infected with viruses. And if they click on any links in those sites they risk becoming a victim of identity theft and various scams, e.g., ones that claim you can make a lot of money for a small initial investment.
To avoid these problems users should:
- Keep your computer’s anti-virus system up to date with the latest firewalls and software.
- Use caution clicking on links that claim to provide videos or information on hot topics in the current news, e.g., the earthquakes in Haiti and Chile. And be aware that the bad guys are now tricking Google into telling you that the link is a PDF file, which makes it look more authentic.
- Not click on links to other websites.
- Look up the address elsewhere and retype it into your browser. Use the tips provided above to counter phishing.
You receive an e-mail saying “A friend has sent you an e-card.” The e-mail appears to be from a legitimate card company, but malware or a virus is downloaded into your computer when you click the link to see the card. You should delete the e-mail if you don’t recognize the sender or if you are instructed to download an executable program to view the e–card. And make sure your computer has adequate anti-virus protection.
Information on various Internet frauds is available at no cost to the public on Websense’s website at
- Click on Security Labs and then on Most Recent Alerts to see warnings of malicious Internet events by date. For example, on December 2, 2008 there was a warning on malicious holiday coupons and promotions purportedly from McDonald’s and Coca-Cola. Opening the attachments would infect your computer with a virus. You can also sign up to receive Websense security alerts regarding phishing, malicious websites, etc. by e-mail by clicking in the Quick Links box on the Security Labs page.
Even if your computer has up-to-date firewalls, and anti-virus and anti-spyware software, one should be very cautious in visiting unfamiliar websites. Websense Security Labs identified a 233 percent growth in the number of malicious sites in the first half of 2009. It also found the following:
- 77 percent of websites with malicious codes were legitimate sites that have been compromised.
- Web 2.0 sites allowing user-generated content are a top target for cybercriminals and spammers. 95 percent of all comments to blogs, chat rooms, and message boards were spam or malicious.
- 69 percent of all Web pages with “objectionable” content, i.e., sex, adult content, gambling, and drugs, had at least one malicious link.
- 37 percent of malicious Web attacks included data-stealing code.
- 85 percent of all unwanted emails in circulation contained links to spam or malicious websites. In June alone, the total number of emails detected as containing viruses increased 600 percent over the previous month.
Another security alert on September 24, 2009 warned of rogue anti-virus sites returned by Google searches on a person in the news. These sites claim that your computer requires an immediate anti-virus scan and prompts you to download a malicious file.
Every person who willfully obtains personal identifying information, e.g., name, address, date of birth, Social Security Number (SSN), mother’s maiden name, etc. as defined in Cal. Penal Code Sec. 530.5(b), and uses that information for any unlawful purpose is guilty of a public offense. Identity theft is the fastest growing crime in the United States. Every year about 15 million people become victims. Everyone is vulnerable. Skilled identity thieves use a variety of methods to steal your personal information.
These include the following:
- Dumpster diving. They rummage through trash looking for bills and other paper with your personal information on it.
- Skimming. They steal credit/debit card numbers with a special storage device when processing your card.
- Phishing and Whaling. See preceding section on Internet Fraud.
- Changing your address. They divert your billing statements to another location by completing a change-of- address form.
- Stealing. They steal wallets, purses, mail (credit card statements, pre-approved credit offers, new checks, tax information, etc.), employee personnel records, etc.
Tips for minimizing risk
Some of the things you can do to minimize your risk of identity theft are listed below.
Protecting personal information:
- Give out credit card, bank account, or other personal information only when you have initiated the contact or know and trust the person you are dealing with. Beware of e-mail or telephone promotions designed to obtain personal information.
- Put strong passwords on your credit card, bank, computer, and online accounts. Avoid using easily remembered numbers or available information like mother’s maiden name, date of birth, phone number, or the last four digits of your SSN. Passwords should be more than eight characters in length, and contain both capital letters and at least one numeric character. Use of non-dictionary words is also recommended. Other advice on creating strong passwords can be found at
- Select password reset questions whose answers cannot be found online or from other research tools. Don’t compromise a strong password with an easily answered reset question like: What is your mother’s maiden name?
- Use different passwords for banking, e-commerce, e-mail, and other accounts.
- Memorize your passwords. Don’t carry them in your purse or wallet.
- Keep personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your home.
- Make sure that the copying machines used by you and others who have your personal data, e.g., tax preparers, have data security measures installed to prevent unauthorized access to data on the copier’s disk.
- Protect you health insurance cards like you would your credit cards. If asked for your policy numbers or any other personal information in a doctor’s office make sure no one else is near enough to hear or see them. And protect your Medicare card number as you would your SSN.
- Shred or tear up any documents with personal or financial information before throwing them in the trash. Use a cross-cut shredder.
- U.S. Census workers will knock on your door from April to July 2010 if you did not send in a completed form by April 1. They will ask you to answer the 10 questions on the form and record your answers. The workers will have an official U.S. Census Bureau badge with their name and an expiration date, and may have a Census Bureau bag. Ask to see the person’s identification and badge. Do not invite the person into your home. And do not give out any personal financial information. Any person asking for such information or asking for donations is not a U.S. Census worker. Nor is any person from another organization who says he or she is working for the Census Bureau. If you are unsure of the person’s identity you should call the Regional Census Center at (800) 796-3748.
Using credit cards:
- Never loan your card to anyone.
- Pay attention to billing cycles.
- Check with the credit card company if you miss a bill to make sure that your address has not been changed without your knowledge.
- Only put the last four digits of your account number on checks you write to your credit card company. It knows the whole number and anyone who handles your check as it is processed won’t have access to the number.
- Notify your credit card companies and financial institutions in advance of any address or phone number changes.
- Bring home all credit card receipts and match them against your monthly statements. Look for charges you didn’t make. Dispose of them at home. Never toss your receipts in a public trash container.
- Call the credit card company or bank involved if a new credit card you applied for hasn’t arrived in a timely manner.
- Monitor the expiration dates of your credit cards and contact the card issuer if new cards are not received before your card expires.
- Report all lost or stolen credit cards immediately and request new cards. In this case the federal Truth in Lending Act limits your liability to $50 of any charges made before you report your card lost or stolen. Contact the issuer if replacement cards are not received in a reasonable time.
- Sign and activate new credit cards promptly on receipt. Or write “See ID” on the back of the card. Then a thief won’t have your signature.
- Never put your credit card number on a post card or on the outside of a mailing envelope.
- Make sure only the last four digits of your credit card number show up on your receipts. A 2001 state law banned the use of full credit card numbers on electronically printed receipts and gave businesses three years to comply. (Note that the merchant copy can show the full credit card number.) Report non-complying businesses to the Methamphetamine Strike Force hotline at (877) 662-6384.
- Cancel accounts you don’t use or need. Carry only the cards and identification you need when you go out.
- Tear into small pieces or shred any pre-approved credit card offers. They can be used by thieves to order cards in your name.
- Ask your credit card company to stop sending blank checks. Call (888) 567-8688, the Consumer Credit Reporting Industry Opt-In and Opt-Out toll-free number, to stop pre-approved credit offers.
Protecting your SSN
- Examine your Social Security Personal Earnings and Benefits Estimate Statement for possible fraud. You will receive it about three months before your birthday each year.
- Provide your SSN only when it is required by a government agency, employer, or financial institution. In a recent case a man received a call from a person who claimed to be a jury coordinator and said that a warrant has been issued for his arrest because he failed to report for jury duty. When he protested that he never received a summons he was asked for his SSN and date of birth to verify the records. Caught off guard he provided this information. Instead he should have hung up realizing that court workers would never ask for a SSN or other personal information. An exception would be if he had recently received a mailing from the court and the call referred to it. But even then he should have taken the caller’s name and contacted the court to verify that the person worked there.
- Never use your SSN for identification. Don’t carry it or your Social Security card in your purse or wallet.
- Do not have your SSN or driver’s license number printed on your checks. And never write your SSN on a check.
Managing your accounts
- Keep a record in a secure place of all your credit card, and bank and investment account and phone numbers for quick reference if identity theft occurs.
- Review your bank statements carefully. Match your checkbook entries against paid checks. Look for checks you didn’t write.
- Never leave transaction receipts at bank machines or counters, trashcans, gasoline pumps, etc.
Carrying personal information in a purse or wallet:
- Carry only a driver’s license, cash, and one credit card. Don’t carry blank checks or a checkbook. Don’t carry anything with a PIN written on it.
- Keep a record of its contents. Photocopy both sides of your credit cards and driver’s license and keep them in a safe place at home.
- Don’t carry your Social Security card or anything with your SSN on it. Persons with Medicare cards should carry photocopies of the cards with the last four digits of their SSN removed. Keep the card is a safe place at home.
- If you carry a wallet in a purse, keep credit cards in separate compartment and not in your wallet.
- Don’t carry personal information of your family members.
- Don’t carry any account or computer passwords.
- Take the measures listed below for victims of identity theft if your wallet is lost or stolen. Don’t wait for someone to find and return it. These include filing a police report, reporting your credit and debit cards missing, closing checking accounts, having a fraud alert placed on your credit reports, notifying your medical insurance companies, reporting a missing driver’s license, etc.
Using the mail:
- Deposit mail in boxes or slots inside a post office. Use an outside box only if there is another pickup that day.
- It is not safe to leave mail in a box overnight. Also, do not leave mail for pickups from personal curbside boxes or cluster box units.
- Pick up your mail as soon as possible after it arrives in your personal curbside box or cluster box unit. If this is not possible, have a trusted friend or neighbor collect your mail, especially if you are expecting a check or credit card.
- Consider having new checks mailed to your bank for collection to avoid possible theft from your mailbox.
- Use a locked mailbox and make sure the lock works.
- Investigate immediately if bills do not arrive when expected, you receive unexpected credit cards or account statements, you are denied credit for no apparent reason, and you receive call or letters about purchases you did not make.
- Report the non-receipt of expected valuable mail by calling the sender and the Postal Inspection Service as soon as possible.
Using an ATM
- Use ATMs that are under video surveillance, or in a store or bank. They are less likely to have been tampered with.
- Check that there is nothing in the slot when you insert your ATM card. Thieves can use a small, hard-to-detect skimming device that’s placed in the card slot to steal your PIN and other bank account information.
- Check for a false keypad that has been installed over the built-in one.
- Shield the keypad when entering your PIN so it can’t be seen by anyone near you or by a hidden camera.
- Memorize your PIN and keep it secret. Don’t write it down or keep it in your wallet or purse.
- Call the bank immediately if the ATM keeps your card.
- Monitor your bank statements and report any unauthorized activity immediately.
Buying identity theft protection
- You cannot buy absolute protection against identity theft. Beware of any such claims, especially regarding prevention of misuse of existing credit-card accounts, theft of medical records, and theft of personal information from employer’s personnel files.
- Before signing up for protection, be sure to understand what services are provided, what protections they afford, and how the personal information you provide is protected.
- Fraud alerts, which provide some protection against new-account fraud, do not provide absolute protection and only deal with about 17 percent of identity theft incidents according to a FTC survey released in 2007.
Checking for possible identity theft:
- Obtain free copies of your credit reports from the three nationwide consumer reporting companies — Equifax, Experian, and TransUnion — by visiting
or calling (877) 322-8228. This is the ONLY source of free reports authorized under Federal law. You can get one free report annually from each company. Stagger your requests to obtain one every four months. That way you can monitor your credit during the year. Check these reports for errors, fraudulent activities, e.g., accounts opened without your knowledge or consent, and persons or businesses checking on your credit. Contact the reporting company immediately if you see any inaccuracies. These companies may also try to sell you credit monitoring products or services for a fee. Starting April 1, 2010 the FTC requires that any advertising for such products or services be delayed until after you get your free credit reports.
- Be aware that if you order a free credit report from an unauthorized website such as freecreditreport.com you will be given a free limited-time trial membership in its credit monitoring service that will provide daily monitoring of your credit reports, alert notices of key changes, bi-monthly credit scores, etc. If you don’t cancel this membership you will be charged a fee for each month that you remain a member. Before becoming a member you need to understand exactly what protection and services it will and will not provide, and whether you need the additional protection. Some services you will pay for you can do yourself at no cost, e.g., ordering credit reports and placing fraud alerts.
- Starting April 1, 2010 these websites will be required to print a disclosure that states the following at the top of each page that mentions free credit reports: “THIS NOTICE IS REQUIRED BY LAW. Read more at
- You have the right to a free credit report from
or (877) 322- 8228, the ONLY authorized source under federal law.” They will also have to include a clickable button to “Take me to the authorized source” and clickable links to
- Place a security freeze on your credit reports. This will protect you against fraud in new accounts by prohibiting the credit bureaus from releasing your credit reports to a potential creditor without your express permission. Go to their websites for the procedures and fees for placing and lifting freezes. Their addresses are:
- Check your medical bills and health insurance statements to make sure the dates and types of services match your records. Read every letter you get from your insurer, including those that say “this is not a bill.” If you see a doctor’s name or date of service that isn’t familiar, call the doctor and your insurer.
- Once a year request a list of all benefits paid in your name by your health insurer. If the thief has changed your billing address you would not be receiving any bills or statements.
Protecting your child’s identity:
- Provide your child’s SSN only when it is required by a government agency or financial institution. Never provide it for identification.
- Carry your child’s SSN or card in your purse or wallet only when you know you will need it.
- Teach your child never to give out personal information over the phone or on the Internet.
- Check to see if your child has a credit report. There should not be one unless someone has applied for credit using your child’s SSN number. No minor should have a credit report.
- Watch you child’s mail for credit card applications, bills, or bank statements. They are signs that someone has started a credit history in your child’s name.
- Request that banks in which your child has an account remove his or her name from marketing lists.
- Report any suspected identity theft to the three nationwide consumer reporting companies and obtain copies of any credit reports in your child’s name and SSN. If your child does have a credit report ask to have all accounts, application inquiries, and collection notices removed immediately. Tell the credit issuer that the account is in the name of your minor child who by law isn’t permitted to enter into contracts.
If you become a victim
File a police report as soon as possible if you become or may become a victim of identity theft. Call the SDPD non-emergency number, (619) 531-2000 or (858) 484-3154.
Then do the following:
- Set up a folder where you can keep a log of all your contacts and documents.
- Contact the FTC to report the theft. Its Identity Theft Hotline is (877) 438-4338. Or visit its website at
- The FTC is the federal clearinghouse of complaints of victims of identity theft. It helps victims by providing information to resolve financial and other problems that could result from identity theft. Its booklet entitled Take Charge: Fighting Back Against Identity Theft deals with bank accounts and fraudulent withdrawals, bankruptcy fraud, investment fraud, phone fraud, and other specific problems. It also describes the immediate steps victims should take and ways to minimize recurrences.
- Report the theft to the fraud units of Equifax at (800) 525-6285, Experian at (888) 397-3742, and TransUnion at (800) 680-7289. Ask to have a fraud alert placed on your credit reports. It will tell creditors to follow certain procedures before they open new accounts in your name or make changes to you existing accounts. In placing a fraud alert you will be entitled to free copies of your credit reports. Review them carefully. Look for inquiries from companies you haven’t contacted, accounts you didn’t open, and debts on your accounts that you can’t explain. Fraud alerts are good for 90 days and can be renewed. They are free.
- Alert your banks to close your accounts and open new accounts with new checks, ATM cards, PINs, and passwords. Also replace outstanding checks with new ones.
- Contact all your creditors by phone and in writing to inform them of the theft.
- Call the security or fraud departments of each company to close any accounts that have been tampered with or established fraudulently. Follow up the request in writing and ask for written verification that the accounts have been closed and any fraudulent debts discharged. Keep copies of all documents and records of all conversations about the theft.
- Contact the Social Security Administration’s Fraud Hotline at (800) 269-0271 or by e-mail to the Office of the Inspector General at
- Contact the California DMV Fraud Hotline at (866) 658-5758 to report the theft and see if another driver’s license has been issued in your name.
- Notify the U.S. Postal Inspector if your mail has been stolen or tampered with. Its number is (626) 405-1200. In the case of medical identity theft request a copy of your current medical files from each health care provider, and request that all false information be removed from your medical and insurance files. Enclose a copy of the police report with your requests. For more information things to do if you are a victim of medical identity theft or concerned about it go the World Privacy Forum’s website at
- Call the Health Insurance Counseling and Advocacy Program’s Senior Medicare Patrol (HICAP/SMP) at (800) 434-0222 to report any fraud involving Medicare.
Additional tips on avoiding and resolving identity theft problems are available on the State of California Office of Information Privacy Protection website at
- Another useful website is that of the Identity Theft Resource Center (ITRC) at
- It contains information ranging from advice for people who have had a wallet stolen to tips for reducing the risks of identify theft. It also contains fact sheets, solutions to various identity theft problems, letter forms, scam alerts, a “Help, I’m a Victim of Identity Theft” button, and answers to frequently asked questions. Its toll-free victim-assistance number is (888) 400-5530.
If you are notified of a security breach involving personal information
Most states now have security breach laws under which a person whose personal information is compromised must be notified of the breach and the specific information involved. The California Breach Notice Law is in Civil Code Secs. 1798.29, 1798.82, and 1798.84. The first applies to state government agencies; the other two apply to any person or business doing business in the state.
The notice requirement is triggered if the breach involves a person’s name in combination with any of the following:
- SSN. Put a fraud alert on your credit files and order copies of your credit reports. Review them carefully and file a police report if you find anything suspicious. If you don’t find anything suspicious at first, renew the fraud alert and check your credit reports periodically.
- Driver’s License or California Identification Card number. Call the DMV Fraud Hotline to report the incident. Financial account numbers. Call the institution to close your accounts. Request new PINs or passwords. Medical or health insurance information. Review your explanation of benefits statements and contact your insurer if you see any services you did not receive.
For additional information on this and other privacy issues visit the Privacy Rights Clearinghouse’s website at
Use of public Wi-Fi poses major security risks. Unsecure laptops and smart phones make it easy for a hacker to intercept information to and from the web, including passwords and credit card numbers. They are also vulnerable to virus and spyware infections, and to having their contents stolen or destroyed. A hacked laptop or smart phone can also create a security risk for the user’s workplace if it contains a password to the corporate network.
Wi-Fi users should take the following steps to reduce these risks:
- Turn the Wi-Fi on your laptop, PDA, and smart phone off when you aren’t using the network. Otherwise your Wi-Fi card will broadcast your Service Set Identifier (SSID) looking for all networks it was previously connected to. This enables hackers to figure out the key that unscrambles the network password.
- Use a known service instead of Free Public Wi-Fi or similar risky, unknown signals called ad hoc networks. Check the Wi-Fi security policies of your service provider and install the protections they offer to ensure it’s a known network and not an “evil twin” hacker site pretending to be the legitimate one.
- Pay attention to warnings that a Secure Sockets Layer (SSL) certificate is not valid. Never accept an invalid certificate on a public wireless network. Log off and look for a trustworthy network. Look for the padlock indicating an SSL connection. Keep your firewall on. And keep your operating system updated.
- Find out if your company offers a Virtual Private Network (VPN) and learn how to use it. Encrypted VPN sessions offer the highest security for public wireless use.
- Upgrade your Wi-Fi cards. The older Wired Equivalent Privacy (WEP) security is easily hacked. The new Wi- Fi Protected Access (WPA and WPA2) are much more resistant to attack.
- Learn to connect securely. Even the vulnerable WEP offers more privacy and protection than an unsecured public connection. It’s not something the average hacker can crack.
- Remove all passwords and browsing history after using a shared computer. Disable file-sharing on your laptop.
- Don’t send any sensitive personal or business information while in a hotspot.
This section contains tips on dealing with bankruptcy foreclosure rescue, property tax relief, high-pressure sales of financial products at free-meal seminars, predatory insurance sales practices, health insurance fraud, check washing, unscrupulous contractors, credit repair companies, prize notification by mail, green energy, reverse mortgage, charity, cash-back, third-party telephone bill charges, appeals for help, landlord impersonation, and various check scams.
Information on preventing these and many other scams is available at no cost from the California Department of Consumer Affairs. A complete list of its publications is online at href="https://www.dca.ca.gov/publications/index"www.dca.ca.gov/publications/index
- Publications can be viewed online or ordered by calling (866) 320-8652.
Also, any San Diego resident over the age of 60 can obtain free legal advice on recouping money lost to scams by calling Elder Law Advocacy at (858) 565-1392. This state- and county-funded nonprofit corporation provides no-cost routine legal services to seniors and caregivers of seniors.
Bankruptcy foreclosure rescue
Bankruptcy foreclosure scams target people whose home mortgages are in trouble. Scam operators advertise over the Internet and in local publications, distribute flyers, or contact people whose homes are listed in foreclosure notices. They may promise to take care of your problems with your mortgage lender or to obtain refinancing for you. Sometimes they ask you to make your mortgage payments. But instead of contacting your lender or refinancing your loan they pocket the money you paid and then file a bankruptcy case in your name, often without your knowledge. If this happens you could also lose your home.
So proceed with care in dealing with an individual or company that:
- Makes an unsolicited contact and uses high-pressure sales techniques.
- Calls itself a mortgage consultant, foreclosure service, or similar name
- Contacts people whose homes are listed for foreclosure, Asks for a fee before performing a service.
- Asks you to make your home mortgage payments directly to them, or
- Asks you transfer you property deed or title to them.
Some ways to avoid becoming a victim of a loan-modification scam are listed below:
- Do not transfer ownership of your home to someone who promises to save it.
- Do not pay advance loan-modification fees to anyone, including a real estate licensee or an attorney. Advance fees are now prohibited by California Senate Bill No. 94, which took effect on Oct. 11, 2009. Be careful in selecting an attorney. Do not rely on ads that claim the attorney is a member of the State Bar of California. All attorneys are members of the Bar and not all have special knowledge, experience, or expertise in loan modifications. In fact, it appears that many attorneys offering these services have little or no prior experience in loan modifications.
- Read all documents carefully before signing them.
- Do not make your mortgage payments to anyone other than your lender.
- Do not work with anyone who tells you not to contact your attorney, lender, or a credit or housing counselor.
- If you deal with a foreclosure consultant as defined in California Civil Code Sec. 2945.1 who is not an attorney or a real estate broker, make sure that person has obtained a Certificate of Registration as a Mortgage Foreclosure Consultant from the California Department of Justice. This requirement went into effect on July 1, 2009.
- Before hiring a consultant check the California Attorney General’s website at
for tips to avoid being scammed and other information.
If you can’t pay your mortgage, call your lender as soon as possible for help. The further behind you fall the more likely you are to lose your home. There are also many non-profit agencies that can help you with loan modification without a fee. You can get a list of housing counselors approved by the U.S. Department of Housing and Urban Development on its website at www.hud.gov on the page entitled Foreclosure Avoidance Counseling. Their services are provided free of charge. There is no need to pay a private company for these services. Notice of this is now required under Senate Bill 94 as a separate statement prior to entering into any fee agreement with the borrower. Remember, if you do engage a real estate broker or attorney, pay their fee only after they have completed their work.
Other sources of assistance are the San Diego Housing Opportunities Collaborative and the Homeowner’s HOPE Hotline. The former provides free clinics and counseling. It can be contacted at (619) 283-2200 or online at
- The latter partners with mortgage companies, local government, and others to reduce foreclosures. It can be contacted 24/7 at (888) 995-4673.
If you suspect a scam call the Real Estate Fraud Subdivision of the San Diego County District Attorney’s Office at (619) 531-3552. If bankruptcy proceedings are involved, call the United States Trustee at (619) 557-5013. The Trustee is a U.S. Justice Department official who monitors the bankruptcy system.
If you paid a licensed attorney for assistance in obtaining foreclosure relief and the attorney failed to perform legal services with competence, you should file a complaint with the State Bar by calling the Attorney Complaint Hotline at (800) 843-9053 or by filing a written complaint. Information on filing a complaint and the complaint form are available on the State Bar website at
- The grounds for ethics violations in dealing with foreclosures can be found at
- Note that attorneys are prohibited from contacting you in person or by telephone based on a referral from a foreclosure consultant or someone else unless the attorney has a family or prior professional relationship with you.
Property tax relief
Some companies have been offering to help homeowners reduce their property taxes for an up-front fee and not performing any reassessment or reassessment-appeal services. Their mailers featured official-looking logos and warned homeowners that their files would by ineligible for tax reassessments if they did not respond by a certain date. Homeowners should be wary of such solicitations and consider filing for property tax themselves. There is no cost for this. The procedure is explained on the website of the County Assessor/Recorder/County Clerk at
- Click on Reassessment/Ownership under Assessor Services, then on Proposition 13, and then on Application for Review of Assessment in the answer to the question: Can the assessed value of my property be decreased? You will get a page entitled “Property Tax Relief” and an Application for Review of Assessment. For additional information you can call the County Tax Assessor at (858) 505-6262.
High-pressure sales of financial products at free-meal seminars
Many financial services firms sponsor sales seminars and offer a free meal to entice attendees. While these seminars are advertised as educational workshops at which “nothing will be sold,” they are actually held to get attendees to open accounts and buy investment products, if not at the seminar itself, then in follow-up contacts. In a 2006-2007 study of these seminars by the U.S. Security and Exchange Commission, the Financial Industry Regulatory Authority, and state securities regulators, it was found that about half featured exaggerated or misleading advertising claims and about one-quarter involved unsuitable investment recommendations. Attendees need to understand that these seminars are primarily sales events and that all claims and recommendations should be evaluated with great care before taking any actions.
Predatory insurance sales practices
These practices involve insurance agents holding informational meetings or seminars about finances, living trusts as a way to avoid probate, or insurance investments that guarantee you will not outlive your retirement savings. These sessions are often held in senior centers, religious institutions, and restaurants. Attendees are required to sign in and give the agent their names, addresses, and phone numbers. Some time after the session the agent, who may claim to be a “specialist” or “advisor,” will contact the attendees to set up a meeting in their homes. It is in these one-on-one meetings that attendees can get pressured into buying an insurance product that is completely inappropriate for their needs. If you attend one of these information sessions you should not give any personal information to the agent. And you should talk to a trusted advisor before making any changes in your investments and insurance. Beware of limited-time offers and other tactics used to force you into a quick decision.
Although the vast majority of life insurance agents are honest, there are some who take advantage of persons whose trust they have gained, especially seniors, and take money from them to buy unnecessary insurance or annuities with promises of high returns. In some cases these financial predators convert the money to their own use.
To prevent this fraud you should first check the agent’s license. It is required to be printed on all business cards, quotes, and advertisements. You can check it on the California Department of Insurance (CDI) website at
- Look under Agents Brokers for the page entitled Checking License Status. You can check by name or license number. You should also check out the insurance company. In the CDI website look under Seniors on the page entitled Before You Buy Insurance and click on Check out the Insurance Company to verify that it is authorized to conduct business in California. You can also get this information by calling the CDI at (800) 927-4357 between 8 a.m. and 5 p.m. Monday through Friday.
Then for the sale of a life insurance or annuity policy in your home, you must receive a written notice from the agent at least 24 hours before the meeting. The notice must include the reason for the meeting, and the names, license numbers, and phone numbers of all persons coming to your home. It must also state that: (1) others are invited to attend, e.g., family and friends, (2) you have the right to end the meeting at any time, (3) you have the right to contact the CDI for more information or to lodge a complaint, and (4) prior to purchase of a life or annuity policy you are entitled to a full disclosure of all surrender charges and related time frames in connection with the purchase. You must also be provided with all information relating to benefits and negative consequences regarding the replacement of an existing policy or annuity.
If you purchase a policy or annuity, you then have 30 days to review it, and it you return it by the 30th day after you receive it, you are entitled to a full refund of your premium in a timely manner. If you believe you’ve been the target of insurance fraud, call the CDI consumer hotline at (800) 927-4357 between 8 a.m. and 5 p.m. Monday through Friday.
Health insurance fraud
The passage of the 2010 health insurance reform bill has provided scam artists and criminals with an opportunity to confuse and defraud the public by selling phony insurance policies. Scammers are now going door to door in some areas urging consumers to obtain coverage in a non-existent “limited-enrollment” period that they falsely state was made possible by the new legislation. They are also setting up toll-free phone numbers to sell phony policies. Consumers need to inform themselves about the new legislation and the timing of availability of new options. They should also check the license of any person selling insurance, as suggested above in preventing predatory insurance sales practices. Also, any person selling door to door should be wearing a SDPD-issued photo-ID registration card. Solicitors without this card should be reported to the SDPD on its non-emergency number, (619) 531-2000 or (858) 484-3154.
People who steal mail are usually looking for envelopes containing personal checks that are made out to pay bills. They wash the check with chemicals to remove the payee’s name and amount. The result is a blank check signed by you. They can then fill in their names and an amount and cash it. You can prevent your checks from being stolen by depositing your mail in boxes or slots inside a post office. Or use an outside box only if there is another pickup that day. It is not safe to leave mail in a box overnight. Never leave mail for pickups from personal curbside boxes or cluster box units. And when making out checks use a pen with ink that is resistant to washing.
Unscrupulous contractor scams
These are characterized by the following:
- Door-to-door solicitations to do work at a reduced price. Once payment is made little or no work is done and the project is abandoned.
- High pressure for an immediate decision leaving no time to get competitive bids, check licenses, or contact references.
- Offer to perform a free inspection in which non-existent problems are found.
- Demand for immediate payment in cash. Unscrupulous contractors will take the money and run.
- Illegally large down payments. By law a down payment cannot exceed the lesser of 10 percent of the project price or $1,000.
- Verbal agreements instead of a written contract.
Any suspicious solicitations should be reported to the SDPD at (619) 531-2000 or (858) 484-3154 with a description of the person and his or her vehicle license plate number.
You can avoid scams in hiring a contractor by doing the following:
- Beware of persons going door-to-door in your neighborhood, having an “office” is his or her vehicle, or driving a vehicle with out-of-state license plates.
- Take your time in making a decision.
- Get a contract in writing and don’t sign anything until you understand the terms. The contract should include a specific description of the work to be done, materials to be used, total cost and payment schedule, and start and completion dates.
- Make sure a contract, if signed in your home, contains a three-day right to cancel provision with an attached notice of cancellation form that explains this right. If the contract is for the repair or restoration of residential premises damaged by a disaster, i.e., any sudden or catastrophic event for a state of emergency has been declared by the President of the United States or the Governor, or for which a local emergency has been declared by the executive officer or governing body of any city, county, or city, and county, you have a seven- day right to cancel. These rights are defined in California Civil Code Sec. 1689.7.
- Don’t pay cash and not more than the legal limit for a down payment. Beware of contractors who won’t accept a check or who wants the check made out to him or her instead of the company.
- Check with other lenders before allowing the contractor to arrange the financing for the job. Get at least three bids and check the contractor’s references.
- Hire only licensed contractors. Anyone performing home improvement work valued at $500 or more must be licensed by the Contractors State License Board (CSLB). Get the contractor’s license number and verify it online at
or by calling (800) 321-2752. Ask to see a second piece of identification with a photo.
- Go to the Guides and Pamphlets page of the CSLB website for more information about safe contracting.
If you encounter a credit service that promises to remove negative items from your credit reports is safe to assume it’s a scam. In exchange for a fee the service will promise to pester the credit reporting companies until they wipe out debts and bankruptcy records. They’ll string you along saying the process will take several months. By then you may be out hundreds or even thousands of dollars. In the meantime, debts can stay on your credit record for up to seven years, and a Chapter 7 bankruptcy can remain for up to 10 years. If you think you were duped by a credit- repair company you should call the FTC Consumer Response Center at (877) 382-4357.
To keep from being scammed you should avoid any company that does any of the following:
- Wants you to pay for credit repair before they provide any services
- Will not tell you your legal rights
- Will not tell you what you can do on your own at no cost
- Tells you not to contact a credit reporting company directly
- Advises you to dispute all negative items in your credit report, or Suggests you create a new credit identity, e.g., by applying for an Employer Identification Number to use instead of your SSN.
Here are some things yo