IDENTITY THEFT: What to do if it happens to you
Copyright © 1997-2003. Utility Consumers' Action Network / Privacy Rights Clearinghouse and CALPIRG Charitable Trust. Released Jan. 1997. Revised April 2003. A Joint Publication of the Privacy Rights Clearinghouse and CALPIRG
This guide provides victims of identity theft with the major resources to contact. Unfortunately, at this time victims themselves are burdened with resolving the problem. You must act quickly and assertively to minimize the damage.
In dealing with the authorities and financial institutions, keep a log of all conversations, including dates, names, and phone numbers. Note time spent and expenses incurred in case you are able to seek restitution in a later judgement or conviction against the thief, if you itemize tax deductions for theft-related expenses (consult your accountant). Confirm conversations in writing. Send
correspondence by certified mail, return receipt requested. Keep copies of all letters and documents.
1. Credit bureaus. Immediately report the situation to the fraud units of the of the three credit reporting companies—Experian (formerly TRW), Equifax and TransUnion. As of April 2003, if you notify one bureau that you are a victim of identity theft, it will notify the other two. Report that your identifying information is being used by another person to obtain credit fraudulently in your name. Ask that your file be flagged with a fraud alert. Add a victim's statement to your report. ("My ID has been used to apply for credit fraudulently. Contact me at [your phone number] to verify all applications.")
Each credit bureau will mail you a free credit report once you have called them to flag your file with a fraud alert. Fraud alerts are usually placed for 90-180 days. You will want to extend the time period to seven years. Do so in writing following the directions sent in the credit report you receive. You may cancel fraud alerts at any time. In all communications with the credit bureaus, you will want to refer to the unique number assigned to your credit report and use certified, return receipt mail. Be sure to save all credit reports as part of your fraud documentation.
Ask the credit bureaus for names and phone numbers of credit grantors with whom fraudulent accounts have been opened if this information is not included on the credit report. Ask the credit bureaus in writing to remove inquiries that have been generated due to the fraudulent access. You may also ask the credit bureaus to notify those who have received your credit report in the last six months in order to alert them to the disputed and erroneous information (two years for employers). Under California law, when you provide your police report to the credit bureaus, they must remove the fraudulent accounts from your credit report (Calif. Civil Code 1785.16(k). (see #3 below.) Be aware that these measures will not entirely stop new fraudulent accounts from being opened by the imposter. Credit issuers are not required by law to observe fraud alerts. Request a free copy of your credit report every few months so you can monitor for fraud. Under a new California law, victims are able to receive one free report each month for the first 12 months upon request. (California Civil Code 1785.15.3, effective July 1, 2003.) In other states, you may be charged after the first report. Still it is important to check your credit report about every three months during the active phase of the crime.
California law now enables individuals to place a "security freeze" on their credit reports. This essentially prevents anyone from accessing your credit file for any reason, until and unless you instruct the credit bureaus to unfreeze or "thaw" your report. It provides more protection than a fraud alert. If your identity thief is particularly aggressive and gives no indication of ceasing to use your identity to obtain credit, and if you live in California, you should consider using the security freeze to curtail access to your credit file. The security freeze is free to victims of identity theft. Non-victims who wish to use the security freeze for prevention purposes must pay a fee to activate the freeze.
2. Creditors.—New Accounts-Contact all creditors immediately with whom your name has been used fraudulently, by phone and in writing. You will see evidence of these accounts on your credit reports. Creditors will likely ask you to fill out fraud affidavits. The Federal Trade
Commission provides a uniform affidavit form that most creditors accept. (Web:www.consumer.gov/idtheft/affidavit.htm). No law requires
affidavits to be notarized at your own expense. You may choose to substitute witness signatures for notarization if creditors require verification of your signature.
Ask the credit grantors to furnish you and your investigating law enforcement agency copies of the documentation, such as the application and transaction records, showing the fraudulent transactions. In California, they are required by law to give you these copies (California Penal Code 530.8). The California Office of Privacy Protection provides instructions and sample letters on how to obtain documentation from credit grantors, www.privacy.ca.gov/fair.htm.
2a. Creditors.—Existing Accounts-If your existing credit accounts have been used fraudulently, get replacement cards with new account numbers. Ask that old accounts be processed as "account closed at consumer's request" (better than "card lost or stolen" because it can be
interpreted as blaming you.) Monitor your mail and bills for evidence of new fraudulent activity. Report it immediately to creditor grantors. Add passwords to all accounts. This should not be your mother's maiden name or a word that is easily guessed.
3. Debt collectors. If debt collectors attempt to require you to pay the unpaid bills on fraudulent credit accounts, ask for the name of the company, the name of the person contacting you, phone number, and address. Tell the collector that you are a victim of fraud and are not responsible for the account. Ask the collector for the name and contact information for the referring credit issuer, the amount of the debt, account number, and dates of the charges. Ask if they need you to complete their fraud affidavit form or if you can use the Federal Trade Commission form (see #2 above). Follow up in writing to the debt collector explaining your situation. Ask that they confirm in writing that you do not owe the debt and that the account has been closed. (For additional information on dealing with debt collectors, read Fact Sheet No. 116 of the Identity Theft Resource Center, www.idtheftcenter.org under "Victim Resources.")
4. Law enforcement. Report the crime to your local police or sheriff's department. You might also need to report it to police departments where the crime occurred. Give them as much documented evidence as possible. Make sure the police report lists the fraud accounts.Get a copy of the report. Keep the phone number of your investigator handy and give it to creditors and others who require verification of your case. Credit card companies and banks may require you to show the report in order to verify the crime. It is a violation of federal law (18 USC 1028) and the laws of many states (such as Calif. Penal Code 530.5) to assume someone's identity for fraudulent purposes. (Web site for state laws: www.consumer.gov/idtheft/statelaw.htm). Some police departments don't write reports on such crimes, so be persistent! Also report to the Federal Trade Commission (see end of guide).
5. Stolen checks. If you have had checks stolen or bank accounts set up fraudulently, report it to the appropriate check verification companies (see end). Your bank branch should be able to provide you with a fraud affidavit. Put stop payments on any outstanding checks that you are unsure of. Cancel your checking and savings accounts and obtain new account numbers. Give the bank a secret password for your account (not mother's maiden name). If your own checks are rejected at stores where you shop, contact the check verification company that the merchant uses (see end of guide).
6. ATM cards. If your ATM or debit card has been stolen or compromised, report it immediately. Contact your bank branch and request a fraud affidavit. Get a new card, account number, and password. Do not use your old password. When creating a password, don't use common numbers like the last four digits of your Social Security Number (SSN) or your birth date. Monitor your account statement. You may be liable if fraud is not reported quickly. Be sure to read the debit card contract for liability. Some cards are better protected in cases of fraud than others.
7. Fraudulent change of address.Notify the local Postal Inspector if you suspect an identity thief has filed a change of your address with the post office or has used the mail to commit fraud. (Call the U.S. Post Office to obtain the phone number, (800) 275-8777.) Find out where fraudulent credit cards were sent. Notify the local Postmaster for that address to forward all mail in your name to your own address. You may also need to talk with the mail carrier. (Web: www.usps.gov/websites/depart/inspect)
8. Secret Service jurisdiction. The Secret Service has jurisdiction over financial fraud. But, based on U.S. Attorney guidelines, it usually does not investigate individual cases unless the dollar amount is high or you are one of many victims of a fraud ring. To interest the Secret Service in your case, you may want to ask the fraud department of the credit card companies and/or banks, as well as the police investigator, to notify the Secret Service agent they work with. (Web: www.treas.gov/usss)
9. Social Security Number (SSN) misuse. Contact the Social Security Administration (SSA) to report fraudulent use of your SSN such as welfare or Social Security benefit fraud. They do not handle cases of financial or criminal identity theft. (See contact information at the end of this guide.) As a last resort, you might try to change your number, although we don't recommend it except for very serious cases. The SSA will only change the number if you fit their fraud victim criteria. See Fact Sheet 113 ("Victim Resources") at www.idtheftcenter.org for more information on this topic. (Web: www.ssa.gov)
10. Passports. Whether you have a passport or not, write the passport office to alert them to anyone ordering a passport fraudulently (see address at end). (Web: www.travel.state.gov/passport_services.html)
11. Phone service. Provide a password which must be used any time your local, cell, and long distance accounts are changed. In California, SBC/Pacific Bell's fraud hotline is (877) 202-4558. If your calling card has been stolen or there are fraudulent charges, cancel it and open a new account.
12. Driver's license number misuse. You may need to change your driver's license number if someone is using yours as ID on bad checks or for other types of fraud. Call the state office of the Department of Motor Vehicles (DMV) to see if another license was issued in your name. Put a fraud alert on your license if your state's DMV provides a fraud alert process. Go to your local DMV to request a new number. Fill out the
DMV's complaint form to begin the investigation process. Send supporting documents with the completed form to the nearest DMV
investigation office. Web: www.aamva.org/links/mnu_linkJurisdictions.asp.
13. Victim statements. If the imposter is apprehended by law enforcement and stands trial, write a victim impact letter to the judge handling the case. Contact the victim-witness assistance program in your area for further information on how to make your voice heard in the legal
proceedings. (Read Fact Sheet 111 on victim impact statements at www.idtheftcenter.org under "Victim Resources.")
14. False civil and criminal judgments. Sometimes victims of identity theft are wrongfully accused of crimes committed by the imposter. If a civil judgment is entered in your name for your imposter's actions, contact the court where the judgment was entered and report that you are a victim of identity theft. If you are wrongfully arrested or prosecuted for criminal charges, contact the police department and the court in the jurisdiction of the arrest. Also contact the state Department of Justice and the FBI. Ask how to clear your name. See PRC Fact Sheet 17g, www.privacyrights.org/fs/fs17g-CrimIdTheft.htm.
15. Legal help. You may want to consult an attorney to determine legal action to take against creditors and/or credit bureaus if they are not cooperative in removing fraudulent entries from your credit report or if negligence is a factor. Call the local Bar Association, or Legal Aid office in your area (for low-income households), or the National Association of Consumer Advocates (www.naca.net/resources.htm) to find an attorney who specializes in consumer law, the Fair Credit Reporting Act and the Fair Credit Billing Act. If you are a senior citizen or take care of a dependent adult, be sure to look under Elder Law or Aging and Independent Services for referral centers.
16. Other forms of identity theft. If a deceased relative's information is being used to perpetrate identity theft, or if you personally know the thief, additional information about how to address these situations is available in other fact sheets. See www.idtheftcenter.org/vguides.shtml
17. Dealing with emotional stress. Psychological counseling may help you deal with the stress and anxiety commonly experienced by victims. Know that you are not alone. Contact the Identity Theft Resource Center for information on how to network with other victims and deal with the impact of this crime. Web: www.idtheftcenter.org (Fact Sheet 108, "Victim Resources")
18. Making change. Write to your state and federal legislators. Demand stronger privacy protection and prevention efforts by creditors and credit bureaus.
19. Don't give in. Do not pay any bill or portion of a bill that is a result of fraud. Do not cover any checks that were written or cashed fraudulently. Do not file for bankruptcy. Your credit rating should not be permanently affected. No legal action should be taken against you. If any merchant, financial company or collection agency suggests otherwise, restate your willingness to cooperate, but don't allow yourself to be coerced into paying fraudulent bills. Report such attempts to government regulators immediately.
Credit Reporting Bureaus Equifax:
P.O. Box 105069, Atlanta, GA 30348 www.equifax.com
Report fraud: Call (800) 525-6285 and write to the address above. Order credit report: (800) 685-1111
TDD: (800) 255-0056
Web: www.equifax.com
Experian (formerly TRW):
P.O. Box 9532, Allen, Texas 75013
Report fraud: Call (888) EXPERIAN (888-397-3742) and write to address above. Order credit report: (888) EXPERIAN
To report fraud: 888-397-3742 TDD: Use relay to fraud number above
Web: www.experian.com
TransUnion:
P.O. Box 6790, Fullerton, CA 92834.
Report fraud: (800)-680-7289 and write to address above. Order credit report: (800) 888-4213
E-mail (fraud victims only): fvd@transunion.com
Web: www.transunion.com
• To opt out of pre-approved offers of credit for all three bureaus, call (888) 5OPTOUT (888-567-8688). You may choose a two-year opt-out period or permanent opt-out status.
• Remember, you are entitled to a free credit report if you are a victim of identity theft, if you have been denied credit, if you receive welfare benefits, or if you are unemployed.
Social Security Administration
• Order Earnings & Benefits Statement: (800) 772-1213. The SSA automatically mails it to individuals three months before the birthday.
Web: www.ssa.gov/online/ssa-7004.html
• Report fraud: (800) 269-0271. Web: www.ssa.gov/oig/public_fraud_reporting/index.htm
Or write to: Social Security Administration, Office of the Inspector General,:P.O. Box 17768, Baltimore, MD 21355.
U.S. State Department, Passport Office
• U.S. Dept. of State, Passport Services, Consular Lost/Stolen Passport Section, 1111 19th St., NW, Suite 500, Washington, DC
20036
To remove your name from mail and phone marketing lists • Direct Marketing Association
Mail Preference Service, P.O. Box 643, Carmel, NY 10512.
Web: www.dmaconsumers.org. Online opt-out program costs $5.00. It is free by mail.
• FTC's telemarketing Do Not call registry (888) 382-1222
Online registration: www.donotcall.gov
See PRC Fact Sheets No. 4 and No. 5 on reducing junk mail and telemarketing calls
Web: www.privacyrights.org/fs/fs4-junk.htm and www.privacyrights.org/fs/fs5-tmkt.htm
To report fraudulent use of your checks
• CheckRite: (800) 766-2748
• Chexsystems:(800) 428-9623
• CheckCenter/CrossCheck: (800) 843-0760
• Certigy/Equifax: (800) 437-5120
• International Check Services: (800) 526-5380
• SCAN: (800) 262-7771
• TeleCheck: (800) 710-9898
Other useful resources
• Federal Trade Commission (FTC). The FTC offers information for victims. File your case with the FTC Consumer Response Center. Include your police report number. Use the FTC uniform affidavit form. (877) IDTHEFT Web:
www.consumer.gov/idtheft
• Privacy Rights Clearinghouse (PRC), 3100 - 5th Ave., Suite B, San Diego, CA 92103. Phone: (619) 298-3396. E-mail: prc@privacyrights.org. Web: www.privacyrights.org.
• Identity Theft Resource Center, P.O. Box 26833, San Diego, CA 92196. Lists regional victim support groups on its web site. Offers many guides for victims. (858) 693-7935 Web: www.idtheftcenter.org. E-mail: itrc@idtheftcenter.org
• FBI Internet Fraud Complaint Center, Web: www.ifccfbi.gov
• Identity Theft Survival Kit. Phone: (800) 725-0807. Web: www.identitytheft.org
This guide is a project of the Privacy Rights Clearinghouse and CALPIRG, nonprofit consumer advocacy organizations. We thank Linda Foley of the Identity Theft Resource Center and Mari Frank, Esq. for their assistance.
IDENTITY THEFT: Online Shopping Tips
! " # ! $ !"
% #
&
' !" $ $ ( ) *+++$ ,-*++* *-*++.$
With just a click of the mouse, shoppers can buy nearly any product online - from groceries to cars, from insurance policies to home loans. The world of electronic commerce, also known as e-commerce, enables consumers to shop at thousands of online stores and pay for their purchases without leaving the comfort of home. For many, the Internet has taken the place of Saturday afternoon window shopping at the mall. The same things can go wrong shopping in cyberspace as in the real world. Sometimes it is simply a case of a computer glitch or poor customer service. Other times, shoppers are cheated by clever cybercrooks. This guide offers advice on how to make your online shopping experiences enjoyable and safe.
1. Shop at Secure Web Sites
How can you tell if a web site is secure? It uses encryption technology to transfer information from your computer to the online merchant's computer. Encryption scrambles the information you send, such as your credit card number, in order to prevent computer hackers from obtaining it en route. The only people who can unscramble the code are those with legitimate access privileges. You can tell when you are dealing with a secure web site in several ways.
• First, if you look at the top of your screen where the web site address is displayed, you should see https://. The "s" that is displayed after "http" indicates that web site is secure. Often, you do not see the "s" until you actually move to the order page on the web site. • Another way to determine if a web site is secure is to look for a closed padlock displayed at the bottom of your screen. If that lock is
open, you should assume it is not a secure site.
• The third symbol that indicates you are on a secure site is an unbroken key.
Of course, transmitting your data over secure channels is of little value to you if the merchant stores the data unscrambled. You should try to find out if the merchant stores the data in encrypted form. If a hacker is able to intrude, it cannot obtain your credit data and other personal information. Be sure to read the merchant's privacy and security policies to learn how it safeguards your personal data on its computers. (See tip 3 below.)
2. Research the Web Site before You Order
Do business with companies you already know. If the company is unfamiliar, do your homework before buying their products. If you decide to buy something from an unknown company, start out with an inexpensive order to learn if the company is trustworthy. Reliable companies should advertise their physical business address and at least one phone number, either customer service or an order line. Call the phone number and ask questions to determine if the business is legitimate. Even if you call after hours, many companies have a "live" answering service, especially if they don't want to miss orders. Ask how the merchant handles returned merchandise and complaints. Find out if it offers
full refunds or only store credits.
You can also research a company in Internet yellow pages, through the Better Business Bureau (see listing below), or a government consumer protection agency like the district attorney's office or the Attorney General. Perhaps friends or family members who live in the city listed can verify the validity of the company. Remember, anyone can create a web site.
3. Read the Web Site's Privacy and Security Policies
Every reputable e-commerce web site offers information about how it processes your order. It is usually listed in the section entitled Privacy Policy. You can find out if they intend to share your information with a third party or affiliate company. Do they require these companies to refrain from marketing to their customers? If not, you can expect to receive "spam" (unsolicited e-mail) and even mail or phone solicitations
from these companies.
You can also learn what type of information is gathered by the web site, and how it is, or is not, shared with others. The online merchant's data security practices are also often explained in the Privacy Policy, or perhaps a separate Security Policy. Look for online merchants who are members of a seal-of-approval program that sets voluntary guidelines for privacy-related practices. TRUSTe (www.truste.org) and BBBonline (www.bbbonline.org) are two such programs.
Be aware that a strong privacy policy and membership in a web seal program do not guarantee that the web merchant will protect your privacy for all of time. Policies can change. The company can file for bankruptcy and sell its customer database. The web merchant might be
purchased by another company with a weaker privacy policy. And the company's data can be subpoenaed for law enforcement investigations or civil cases. You have little control over the use of your customer data in such matters.
Given all of these uncertainties, you will want to think about the sensitivity of the data that is being compiled about you when you shop online. We cannot prescribe the best approach to take. Each consumer has a different interpretation of what is considered "sensitive."
4. What's Safest: Credit Cards, Debit Cards, Cash, or Checks?
The safest way to shop on the Internet is with a credit card. In the event something goes wrong, you are protected under the federal Fair Credit Billing Act. You have the right to dispute charges on your credit card, and you can withhold payments during a creditor investigation. When it has been determined that your credit was used without authorization, you are only responsible for the first $50 in charges. You are rarely asked to pay this charge. We recommend that you obtain one credit card that you use only for online payments to make it easier to detect wrongful credit charges.
E-commerce shopping by check leaves you vulnerable to bank fraud. And sending a cashier's check or money order doesn't give you any protection if you have problems with the purchase. Make sure your credit card is a true credit card and not a debit card, a check card, or an ATM card. As with checks, a debit card exposes your bank account to thieves. Your checking account could be wiped out in minutes. Further, debit and ATM cards are not protected by federal law to the extent that credit cards are.
5. Never Give Out Your Social Security Number
Providing your Social Security number is not a requirement for placing an order at an e-commerce web site. There is no need for the merchant to ask for it. Giving out your Social Security number could lead to having your identity stolen. (See PRC Fact Sheet 17, "Coping with Identity Theft," www.privacyrights.org/fs/fs17-it.htm.)
6. Disclose Only the Bare Facts When You Order
When placing an order, there is certain information that you must provide to the web merchant such as your name and address. Often, a merchant will try to obtain more information about you. They may ask questions about your leisure lifestyle or annual income. This information is used to target you for marketing purposes. It can lead to "spam" or even direct mail and telephone solicitations.
Don't answer any question you feel is not required to process your order. Often, the web site will mark which questions need to be answered with an asterisk (*). Should a company require information you are not comfortable sharing, leave the site and find a different company for the product you seek.
7. Keep Your Password Private
Most reputable e-commerce web sites require the shopper to log-in before placing or viewing an order. The shopper is usually required to provide a username and a password. Never reveal your password to anyone. When selecting a password, do not use commonly known information, such as your birthdate, mother's maiden name, or numbers from your driver's license or Social Security number. Do not reuse the same password for other sites. The best password has at least eight characters and includes numbers and letters.
8. Check the Web Site Address
Above the web site at the top of your screen is a rectangular window that contains the web site address (also called the URL, or Uniform Resource Locator). By checking that address, you can make sure that you are dealing with the correct company.
Cyber-thieves have created web sites that look convincingly like the web sites of well-known companies. These sites capture the credit card numbers of unwary shoppers. The thieves then use the stolen credit card numbers to make fraudulent purchases in the shopper's name. If these shoppers had checked the URL at the top of the screen, they would have noticed that it was not the same address as the real company. 9. Always Print Copies of Your Orders
After placing an order online, you should receive a confirmation page that reviews your entire order. It should include the costs of the order, your customer information, product information, and the confirmation number. We recommend you print out at least one copy of the web page(s) describing the item you ordered as well as the page showing company name, postal address, phone number, and legal terms, including return policy. Keep it for your own records for at least the period covered by the return/warranty policy. Often you will also receive a confirmation message that is e-mailed to you by the merchant. Be sure to save and/or print this message as well as any other e-mail correspondence with the company.
10. Shop with Companies Located in the United States
When you shop within the U.S., you are protected by state and federal consumer laws. You might not get the same protection if you place an order with a company located in another country.
11. Pay Attention to Shipping Facts
Under the law, a company must ship your order within the time stated in its ad. If no time frame is stated, the merchant must ship the product in 30 days or give you an "Option Notice." This gives you an opportunity to cancel the order and receive a prompt refund, or agree to the delay.
Here are key shipping questions to ask:
• Does the site tell you if there are geographic or other restrictions for delivery? • Are there choices for shipping?
• Who pays the shipping cost?
• What does the site say about shipping insurance?
• What are the shipping and handling fees, and are they reasonable?
12. Learn the Merchant's Cancellation, Return and Complaint-Handling Policies
Even under the best of circumstances, shoppers sometimes need to return merchandise. Check the web site for cancellation and return policies.
• Who pays for shipping?
• Is there a time limit or other restrictions to the return or cancellation? • Is there a restocking charge if you need to cancel or return the order?
• Do you get a store credit, or will the company fully refund your charges to your credit card? If the merchant only offers store credits, find out the time restriction for using this credit.
Don't expect less customer service just because a company operates over the Internet. This is especially important if you are buying something that may need to be cleaned or serviced on occasion.
• Does the merchant post a phone number and/or e-mail address for complaints? • How long has the company been in business?
• Will they still be around when you need them?
• Is there an easy, local way for you to get repairs or service? • Is there a warranty on the product, and who honors that guarantee?
• What are the limits, and under what circumstances can you exercise your warranty rights? 13. Use Shopper's Intuition
Look at the site with a critical eye. And heed the old adage, "If it looks too good to be true, it probably is." • Are there extraordinary claims that you question?
• Do the company's prices seem unusually low? • Does it look like the merchant is an amateur? • Are there a lot of spelling or grammar errors? • Does the company's phone go unanswered?
The use of a post office box might not send up a red flag, but a merchant who does not also provide the company's physical address might be cause for concern. If any of these questions trigger a warning bell in your head, you will be wise to find another online merchant.
14. Be Wary of Identity Theft
As e-commerce becomes more common, there will be more cases of identity theft committed over the Internet. Imposters are likely to obtain their victims' identifying information using low-tech means like dumpster diving, mail theft, or workplace access to SSNs. But they are increasingly using the web to apply for new credit cards and to purchase goods and services in their victims' names.
The same advice for avoiding low-tech identity theft applies to shopping on the Internet. Many are mentioned in the above tips. Most important: Be aware of who you are buying from. And use true credit cards for purchases, not debit cards. We recommend that you check your credit card bills carefully for several months after purchasing on the Internet. Look for purchases you did not make. If you find some, immediately contact the credit card company and file a dispute claim. Order your credit reports at least once a year and check for accounts
that have been opened without your permission. (See PRC Fact Sheet 17a , "Identity Theft: What to Do if It Happens to You,"
www.privacyrights.org/fs/fs17a.htm .) 15. Be Cautious with "Electronic Signatures"
A recent federal law enables shoppers to verify online purchases with merchants using an "electronic signature." Usually, this process is nothing more than clicking on a box that says you accept the terms of the order. The Electronic Signatures in Global and National Commerce Act, also known as the E-Sign Act, is a complex law. It states that electronic signatures and electronic records used in interstate and foreign commerce will not be denied validity just because they are in electronic form. Further, the law says that online purchases do not need to be accompanied by the more traditional handwritten signature on a paper document.
Consumer advocates opposed the law because it lacks important safeguard against fraud. For example, the law does not require online merchants to comply with such standards as message integrity (security and accuracy in transmission), privacy of customer data, and authentication of sender.
The faults of the E-Sign Act require you the customer to shop cautiously on the Internet. The tips offered in this guide will help you make sure the online companies you choose are secure and honest.
IDENTITY THEFT: Identity Theft & Children
Written by: Linda Foley, Identity Theft Resource Center Executive Director and Charles Nelson, Ph.D., Family Treatment Institute, San Diego CA Resource Material of: www.idtheftcenter.org
Email: itrc@idtheftcenter.org
Copyright: Identity Theft Resource Center, Inc., August 2003 All rights reserved.
The text of this copyrighted document may not be altered without express authorization of the Identity Theft Resource Center. This fact sheet should not be used in place of psychological or legal advice.
Child Identity Theft occurs when a child's identity is used by another person for the imposter's personal gain. The perpetrator may be a family member or someone known by the family. It could also be a stranger who purposely targets children because of the lengthy time between the theft of the information and the discovery of the crime.
There are some cases that appear to be identity theft but are not. Receiving a pre-approved credit card offer in your child's name might upset you as a parent. However, it might only be an innocent marketing tool sent by an affiliate of your bank because you opened a college fund for your child. A quick check of credit reports will help you sort out the truth. Currently, all three reporting agencies are automated systems. You should call them (numbers at end) and request a credit report for your child. If you are told that there is no credit report, this is probably not a case of financial identity theft.
Please be aware that this guide is a work-in-progress, as this specific crime has not yet been well documented. Additionally, as with most identity theft cases, each situation is unique and each person faces a slightly different set of circumstances. Many of the choices you will make will depend on your personal preferences and needs. Each case that ITRC works on also helps us to clarify this misunderstood and relatively underreported crime.
In some of the topic areas we will be dividing the discussion by victim types. They are: • Adults who found out that their identity was stolen as a child (adult/child victims) • Children who have a relative who finds out about the crime (child victims) ABOUT THIS CRIME:
Typically identity theft falls into three categories:
• Financial identity theft: This most commonly occurs when the Social Security number (SSN) and name is used to establish new lines of credit. What most people do not understand is that credit issuers may not have a way to verify the age of the applicant. The information on the application is typically taken at face value. This is particularly true in telephone and Internet applications. In person, few credit issuers request proof of identity, a driver's license for instance. Even then, many clerks have not been trained on how to recognize counterfeited or altered licenses. For these reasons and others, issuers often will not know the true age of the
applicant. This is a fault within our system that needs to be rectified.
A second mistaken concept is that the credit reporting agencies (CRAs) know that this application must be fraudulent because the applicant is a minor. Unfortunately, there is little, if any, sharing of information about the age of a person with Equifax, TransUnion and Experian. The age of the applicant becomes "official" with the first credit application. Therefore, if the first application indicates that the applicant is 24, the credit agencies believe that person is 24 until a dispute is filed and proven. • Criminal identity theft: This typically occurs when a person "borrows" the information of the minor to get a driver's license. This
person may be an illegal immigrant who bought the information or a relative who has had a license suspended or revoked. • Identity Cloning: Most frequently, profilers have people in positions where they are able to collect information about minors and then
sell it on the black market. The most frequent purchasers of this information, in our experience, are illegal immigrants or people who are trying to "restart" their lives and avoid arrest. It is also an open door to terrorists. Clones might also take advantage of the death of an infant or child. They go back into old newspaper records or death certificates (often found on the Internet) and find a person who would match the current imposter's age. Then either counterfeit documents are made up or legitimate birth certificates are purchased through normal channels. Unfortunately, when a person dies, few, if any, county recorders then mark birth certificates as "deceased." This allows thieves to purchase birth certificates of a person who has died and use it for identity theft. The ease in purchasing birth certificates depends on state laws. You should make sure your state is a "closed access" state, meaning that a limited number of people are allowed access to this information. For details on "Identity Theft and the Deceased" please go to the ITRC information guide on that topic.
MOMENT OF DISCOVERY:
Adult/Child Victims: These victims typically find out in the same manner as adult victims of identity theft. They: • Are denied credit, mortgage or loan for a vehicle or college tuition
• Are unable to open a bank or checking account • Receive collection notices in the mail or by telephone • Are denied tenancy, utility or phone service
• Are denied driver's license renewal
• Are discharged from a job or continually and unexplainably denied employment • Are quoted higher than normal insurance rates
• Have been receiving bills or credit cards they never requested, perhaps for years
• Are notified by a law enforcement agency investigating a large case in which they happen to be a part of • Are arrested for an activity they never committed
• Are denied SSI or welfare services
Child Victims: Parents or relatives are usually the first to notice something is not quite right. Some of these cases involve split families (one of the parents is the perpetrator and the crime is exposed by the other, unoffending parent). Discovery often comes:
• When attempting to open a savings account or college fund for the child. In this scenario, an unoffending parent discovers that there is already an account with that SSN or that the new account is denied due to a bad check record
• When numerous pre-approved credit card offers come in the mail in the name of the child
• When credit cards, checks, bills or bank statements (not opened by a unoffending parent as a joint holder) are sent in the name of the child
• When collection agencies call or send letters about accounts not opened by the child
• When a teen is denied the right to get a driver's license because another person has a license with that SSN as ID. The imposter may even have accumulated tickets or citations in the child's name
• While going through papers during a divorce or while straightening up the house (Parental identity theft) • When law enforcement comes to the door with a warrant for an arrest of the child
POTENTIAL IMPACT:
Perhaps these examples will help to explain the problem more clearly. Situation One: Adult/Child Victim
In this case, the perpetrator may be a relative or a stranger. The former seven-year old doesn't find out until he or she eventually applies for a college loan, a driver's license, an apartment, a job or credit after reaching adulthood. It may be 10 -15 years from the time the information is stolen until the crime is discovered. By that point, the crime trail is cold and the devastation to this child's credit record is great. Almost all accounts have gone to collection. The original account may have gone through several hands with company mergers and sell-outs. It is difficult to track down original application and transaction records, so that this now adult/child can find out what happened and how.
Usually the criminal will have used the information until the credit history is destroyed and he/she can no longer get credit or drive using that identity. The child has not checked his/her credit report because he/she didn't even know one existed. The reality is that a credit report should not have existed until that child's first usage as an adult.
The potential impact: The inability to get a college loan, driver's license, apartment, car, house, credit card or even several nights spent in jail while trying to prove one's innocence.
Situation Two: Parental Identity Theft- the Child Victim
The parent has destroyed his/her own credit or driving record. Instead of repairing the damage done to his or her own records, this parent begins to use the information of the child he or she should be protecting. This person may even convince himself/herself that the all the bills will be paid on time and that this action will not impact the child. Rarely does this happen. Not only do these imposters not clean up their own records, but they usually fall behind on the bills under the "new" information.
Both the eventual financial burden and the emotional impact on this child are great. Unfortunately, most law enforcement agencies hesitate to get involved, believing that this type of case falls into the jurisdiction of "family law." It does not.
We will discuss the emotional impact of a case like this later in this guide. Situation Three: Profiler and the Child Victim
The parent finds out about the problem and is faced with the tedious task of proving that his or her child did not open the accounts. In fact, they may often have to prove that the child is a child. They are placed in the position of being the primary investigator in the case and find out where the breach occurred while cleaning up the mess.
RECORD CLEARANCE AND DO I NEED THE HELP OF AN ATTORNEY? Adult/child Victims:
1. Follow the procedures found on Victim Guide 17A (in the victim guide section) which includes contacting the three credit reporting agencies, reporting the crime to the police (see #11 below) and notifying the credit issuers so you can clear your records.
2. Only speak with fraud investigators when contacting credit issuers or collection agencies.
3. Keep a detailed log. This log should the name, phone number, and title of each person with whom you speak and summary of the conversation. You may want to use ITRC's "Organizing Your Case" victim guide to help you.
4. For accounts that have gone to collection, use the ITRC guide designed to help you in that situation.
5. Point out that you were a minor at the time the account was opened, and by law were not permitted to enter into a contract. In many situations, you will need to submit a copy of your birth certificate; so if you don't have a copy of it, get one now.
6. Ask to have all accounts, application inquiries and collection notices removed (or blocked) immediately from your credit report. You can do this via the credit issuer or through a dispute process with the credit reporting agencies. ITRC recommends that you make the request of both groups. In the end, the credit issuer is the final decision maker as to whether or not to accept your claim of fraud. 7. Request copies of all application and transaction records still available. Make copies and provide those to the police investigating the
case. You may find out how this crime occurred. Some states now require businesses to provide this information (as of Aug. 2003- CA, WA, LA). Even if your state does not, it never hurts to ask.
8. If this is a case of criminal identity theft, please use the ITRC victim guide specifically written for that purpose.
9. Do you need an attorney? Each case is unique and the situation will dictate the need for an attorney. However, in many cases an attorney is not able to do anything you cannot do for yourself. There are always exceptions to this rule, so please feel free to contact us with any of your questions. We will let you know if, in our opinion, an attorney might help.
10. Try to get the support of other family members, emotionally and physically. They may help you fill in some of the gaps and provide a shoulder to lean on. They must also be notified that their information may also be in jeopardy.
11. * Regarding contacting the police: If the imposter is a stranger, don't hesitate to contact the police. However, we do understand that calling the police is a sensitive topic if the imposter is someone you know. Please read through our information in Guide #115. If you wish to discuss how this will impact you, the imposter, and your family, please do not hesitate to contact ITRC. We will answer all your questions so that you can make the decision that is appropriate for you.
Child Victims: Parents will have to act on their behalf.
1. Follow the procedures on Victim Guide 17A, which includes contacting the three credit reporting agencies, reporting the crime to the police and contacting the credit issuers to clear your child's records. When you contact the credit reporting agencies, if there is no report, you will be told that no report if available. That is good news. That means that there is a possibility that nothing has happened. However, some companies do not report applications or accounts, only collection actions - so even a "no report" may change six months later.
2. If you don't have a copy handy, get a copy of that child's birth certificate. You will need to send a copy of it out with most investigation or fraud statements.
3. Only speak with fraud investigators when contacting credit issuers or collection agencies.
4. Keep a detailed log. This log should the name, phone number, and title of each person with whom you speak and summary of the conversation. You may want to use ITRC's "Organizing Your Case" victim guide to help you.
5. For accounts that have gone to collection, use the ITRC guide designed to help you in that situation. 6. Point out that the child is a minor and that by law is not permitted to enter into a contract.
7. Ask to have all accounts, application inquiries and collection notices removed immediately from your child's credit report. You can do this via the credit issuer or through a dispute process with the credit reporting agencies. ITRC recommends that you make the request of both groups. In the end, the credit issuer is the final decision maker as to whether to accept the claim of fraud or not. 8. Request copies of all application and transaction records still available. Make copies and provide those to the police investigating the
case. The may help you discover how this crime occurred.
9. In the area of criminal identity theft, please use the ITRC victim guide specifically written for that purpose. Again, pointing out that the person they are investigating is a minor will be strong ammunition, especially if the child is very young. You may have to provide an alibi for the child i.e., school attendance records, doctor's appointments.
10. Do you need an attorney? That depends on the offender or person who is using the information. If the offender is a parent or relative or if this is a case that could be tied into a custody or divorce issue, it may be necessary to involve a family law attorney. This is especially true in joint custody cases. If you have joint custody of the child, timing is critical. If you fear that the offending parent might
run off with the child, seek the advice of your attorney as to timing, legal actions that might assist you in protecting the safety of the child or the need to involve child protective services.
11. If the offender is a relative, you might find that law enforcement is reluctant to get involved. You will have to convince them that you will stand up for your child's rights. It is essential that a case of child identity theft is not passed to the family law courts, but is recognized as the criminal crime it is: identity theft and financial fraud.
12. * Regarding contacting the police: If the imposter is a stranger, don't hesitate to contact the police. However, we do understand that calling the police is a sensitive topic if the imposter is someone you know. Please read through our information in Guide #115. If you wish to discuss how this will impact you, the imposter, your child and your family, please do not hesitate to contact ITRC. We will answer all your questions so that you can make the decision that is appropriate for you.
13. Each case of child id theft is different, so please feel free to contact us with any of your questions. SHOULD I CHANGE MY SSN OR MY CHILD'S SSN?
The Social Security Administration has very strict standards about granting new a SSN. We recommend that you read our guide "Should I Change My Social Security Number?" in which many of the specifics are detailed. You will note that in changing one's SSN, you literally separate yourself from any credit or college records attached to that number unless you know how to transfer them without breaching the new number's security. Please contact ITRC if you decide to proceed.
In most circumstances, ITRC does not recommend that victims should apply for a new SSN. However, some child identity theft victims can benefit from such an action.
Child Victim: This is an individual that has not yet established a credit history and will not lose college or financial records. A child who has not yet reached 18 has nothing to lose by changing his/her SSN provided the original offender does not have access to the new number. That may mean court orders prohibiting the offender from gaining access to that number. Talk with your attorney about this procedure.
Adult/child Victim: A young adult that has just started out in life benefits most from a SSN change, if approved by SSA, because you are still in the process of getting college credits and starting a credit history. It is when you have a lengthy credit or work history that things become complicated. If you follow all the repair procedures and the problem continues, this may be the only answer, especially if criminal identity theft is also involved.
EMOTIONAL IMPACT
Adult/Child Victims: Please read ITRC's victim guides on "The Emotional Impact of Identity Theft" #108 and "What If I Know the Imposter" #115. These might give you a greater understanding of what you are experiencing.
1. If the offender is a parent or guardian: It is understandable for you to feel betrayed, violated, guilty and isolated. This is the person you should have been able to unconditionally trust. Hindsight is perfect and you probably saw signs of the problem long before you pieced together the puzzle.
a. YOU DID NOT CAUSE THIS TO HAPPEN. This person is ill or has significant problems. We understand that knowing this doesn't eliminate or help ease the pain you are feeling.
b. ITRC highly recommends that you seek counseling to help deal with the anger that may eventually boil up and with future trust issues. You have control over how this will ultimately affect your life, and therapy will help you in the healing process. 2. If the offender is a stranger: It is common for you to feel distrustful and wonder about how this happened. Unless you uncover
evidence that helps to reveal the offender, trying to reason out how this happened is a waste of time.
3. Each person finds a different way to deal with this crime. Unfortunately, you will need to mature quickly. How this ultimately affects you depends on you, your support team and your ability to understand that one person does not represent the rest of the people you will ultimately meet in your life. To allow this one stranger to affect the rest of your life would be the tragedy- not the crime itself. Child Victims: A few words of support to the courageous parents who will face the battle for their child's financial future.
Stranger Theft: This crime can affect the way that your child sees the world. It is up to you to help him or her understand that criminals exist in this world, but that they don't have to control the way we live our lives completely.
1. Don't feel the need to involve the child in the activities of clearing records. They don't need this type of education unless they are very mature and old enough.
2. Familial ID Theft- Now is not the time or the way to get back at your ex. Your child will have a difficult enough time with this emotionally. Don't add to his or her burden. You may want to seek therapy, especially in cases of child ID theft done by the other parent or a relative. This can affect the child's ability to trust or develop lasting relationships. Even adults struggle with this issue.
3. The child needs to know that he or she did nothing to cause this. They need to understand that the parent made a mistake or is ill. If you consider how you talked with your children about a divorce or separation, and remember the reactions to that discussion, the right words will come.
4. Keep any discussion age specific. Clearly, an older child may want more information and be able to handle it. As with any adult discussion, let the child's questions guide your responses and keep it age appropriate. Do not embellish your answers. Keep them simple and to the point. The child will ask more if he or she wants to know more.
5. Your emotions should not enter the conversation. Children often tune into your body language and your tone of voice more than what you say. Be aware of that and how it might taint the discussion. Try to help them understand that stealing is a symptom of a bigger problem.
6. Finally, if the imposter is arrested and is also your child's other parent, clearly that issue will need to be discussed with older children. Let them guide you.
7. Expect rage, denial, embarrassment, fear and misplaced anger. Children act out their feelings more often than they express them. Keep telling them they are loved and that it is okay to express their feelings appropriately. Obviously, kicking walls is not acceptable. Drawing is another way some children express emotions. Allow them an opportunity to share their drawing if they wish, but don't push it. Let them lead the way; you are there to be available if and when they want you.
Explain that identity thieves will not come and take them away, will not break into the house or hurt them physically. Reassure them that they are safe and that you will not let anyone hurt them. Other behaviors to watch for include nightmares and things they had outgrown such as bedwetting or the fear of sleeping with the lights off. These are indicators of emotional trauma. Keep reassuring them. AND---
Find resources to help you. Consider a good children's therapist who works with crime victims. See the list at the end of this guide for possible leads.
PEARLS OF WISDOM: (We invite you to submit a paragraph for possible addition to this worksheet. Please submit to Linda at
itrc@idtheftcenter.org and include a release to print. Let us know if we may include your name or if you wish for us to change it.) Advice from one parent to another:
From "Lisa"-- " I have yet to have a heart to heart with my children as the situation of their biological father amplifies. However, my new husband and I have slowly started to talk to them about similar situations and are starting to get a sense of how they would feel and react. We have talked with several child psychologists that recommend waiting until they can fully understand the ramifications of the occurrence as well as waiting until the laws take effect and actions against their father can be taken. My son is approaching high school this year and is interested in obtaining a checking account. So something will have to be done soon as his father has an account in his name. Explain that to a 13 year old. I myself have a wonderful support group of friends and family, who keep me grounded and supported throughout this mess."
PREVENTION RECOMMENDATIONS
Be aware that consumers cannot prevent most cases of identity theft. However, there are some steps you can take that can limit the opportunities a thief may take advantage of. There are more tips elsewhere on the ITRC website, including Scam Alerts and Prevention Tips.
Parents: Parents are often asked to show a copy of a birth certificate and/or Social Security card in order for their children to participate in after school sports. Coaches often ask for photocopies of these papers. ITRC does not believe that this is a good security measure and that safer information handling practices should become policy. We recommend the following:
o Ask if the coach has had a criminal and financial background check done by an independent or hiring source. If not, will one be done? This should be an automatic practice due to the amount of child molestation and child information theft.
o Show the papers to the coach and then put them in a sealed envelope. Write your name across the sealed flap in colored ink so that you can tell if it has been opened.
o Initial the back of each page in colored ink that you place in the envelope. At the end of the season you will know if you got the original back.
o Ask where the papers will be stored during the season. Parents need to make sure that the envelopes will be stored in a locked box and returned unopened after the season has ended, unless you have been notified that there is a need to show them to other people.
o Do not carry your or your child's SSN in your wallet, including SS cards. If necessary (i.e. health insurance cards) make a photocopy of the card, cut off the last 4 numbers of the SSN and carry that photocopy with you on a daily basis. Only carry original cards on days you know you will need them. Then if your wallet is lost or stolen, this information will not be stolen. Students- when possible, ask your college not to use your SSN as your college ID number. If they insist on doing so, only carry your original card on the days you need it. Ask to not include the number on rosters that others may see and insist that it not be posted in public display areas. Lock your information away. Roommates may seem friendly and end up as good friends, but too many victims have found out that an unscrupulous roommate or friend has stolen their information. Watch your backpacks or any briefcases where you carry your wallets or important papers at all times (including in class, at lunch and in the library).
o Use a locked mailbox to send and receive all mail. Do not leave mail unattended for pickup in an "out" box.
o Resist giving out your driver's license number or SSN (or child's SSN) unless they have a good reason for needing it. A doctor's office is a great place for a child profiler to collect information. Make sure that the physician is aware of that and that his or her staff is taking proper precautions with your child's information. Watch for people who may try to eavesdrop and overhear the information you give out orally.
o Scams- Please read our scam alert. Parents- Teach children not to give out personal information over the phone and do not give out any of your or your child's information on the Internet unless you are absolutely sure that you are dealing with a legitimate company. When in doubt, don't. You can check out companies with the Better Business Bureau, the FBI or your State Attorney General if you have any concerns. Think first- don't give out information and then later regret it.
RESOURCES
Victim assistance professionals have long recognized the value of support groups and counseling for victims of crime. Both you and your child (in the case of child victims) are victims of crime, whether your police department recognizes it as such or not. In some cases, you can seek restitution for the services of a professional therapist should your case go to court.
The following is a partial resource list for those who may not be financially able to afford a private therapist themselves or who may need the name of a good therapy program. We also recommend you look in the front of your local phonebook under Crisis Intervention; Psychologists; Marriage and Family Counseling; Clinical Social Workers; and Mental Health Professionals/Clinics.
o Local religious leader- your pastor, rabbi or minister o Family Service Association
o Ask for a low-cost referral from your family physician o School counselors, psychologists or principals o YMCA Family Stress Counseling Services o Your county Mental Health Association
o Many counties have Victim/Witness Assistance programs affiliated with your local district attorney or police departments. You might also look up a Victim Assistance unit of your state attorney general's office.
o Many professional counseling associations refer clients to free or reduced cost programs.
o Local hospitals often maintain lists of both governmental and non-profit assistance programs. Some sponsor clinics and support programs. Talk with the mental health department.
o Many businesses have an Employee Assistance Program (EAP). You may want to talk with your HR representative to find out about its availability.
o 12-step programs have been of value for some victims. Ones to consider include Al-anon, Ala-teen and Ala-tot. o Older supportive family members or family friends
IDENTITY THEFT: Firewalls & Computer Safety
! " #$$% " " "
&'(' #)*%% !+#,+)
*-*.)+%./+%-0 1 0
DIRECT CONNECTIONS TO THE INTERNET: Protecting Yourself Against Intruders
Today people use the Internet to see what movie is playing at a nearby cinema, shop, do homework, pay bills and even for banking. For many of us, email has not only taken the place of postal mail, but also telephone calls. There is an increasing group who has direct connections to the Web through cable modem or DSL, which means you may be hooked up 24 hours a day, 365 days a year.
There is one major drawback to being hooked up to the Internet that many of us have either overlooked or are not aware of. Some Internet Service Providers (ISPs) are neglecting to tell you just how vulnerable you are to being hacked.
The Internet is like the rest of the world. It is populated with the same kind of people society deals with on a daily basis, including criminals and those who wish to create havoc and chaos. It used to be people would get a kick out of hacking a company's homepage or Website in order to change some graphics. The object was to simply to prove you had the skill to "break into" another computer. Today, computer and database breaches have become more criminally focused.
Leaving your computer hooked up to a direct connection without firewall protection software is like leaving your house unlocked all the time. Worse yet, you have a sign hanging out front saying, "Come on in!" When you are connected to the Internet, you literally have access to the world. What some people forget is that this is not a one-way mirror. If you can see out, that means anyone on the Internet, with the right program, can see into your computer as well. Not only that, but they can plant a program into your computer so that they can access it not only at that very moment, but in the future as well.
Once a thief gains access to your computer, they can gather all the personal or sensitive information you have stored on the hard drive unless your information is securely encrypted. Social Security Numbers, credit card numbers, bank account information, your budget, and your electronic tax returns - any and all are up for grabs. Identity theft is on the rise, and these pieces of information are the keys that imposters seek. Leaving your computer openly connected to the web without firewall protection, be it via software or hardware, is just asking for trouble. DEFINITIONS:
Virus: A virus is a program that reproduces itself by infecting other programs on the same computer. Viruses can do serious damage, including erasing files or an entire hard drive. Others may just do silly or annoying things such as popping up in a window that says, "Ha, ha, you are infected!" Viruses are transferred by electronic contact and usually are attached to a data file. You send it to a friend or coworker by sending a file or an email that contains the virus. Typically you need to open an infected file to activate the virus.
Worm: Like a virus, a worm is also a program that reproduces itself. Unlike a virus, however, a worm can spread itself automatically over the network from one computer to the next without attaching itself to another file. Typically worms do not destroy a computer or files. They just take advantage of automatic file sending and receiving features found on many computers. However, a worm can send a virus through your computer to others using this auto-send feature.
Trojan horse: Trojan horse attacks pose a serious threat to computer security. The name comes from the hollow, wooden horse the Greeks used to smuggled soldiers into the fortified city of Troy. In today's computer world, a Trojan horse is a malicious, security-breaking program that is disguised as something benign, such as a screen saver, game or joke. It might send itself to everybody on your email address book or IRC channel, erase or modify your files or download another Trojan horse program designed to steal your passwords. Many Trojan horses also allow hackers to take over your computer and "remote control" it. Trojan horses have become more sophisticated in recent years, as hackers use them to scan your system for vital information (credit card numbers, SSNs, bank account numbers), and use the retrieved information to open accounts, run up huge credit card debt, or drain the bank accounts of unsuspecting victims.
Trojans can be spread in the guise of literally anything people find desirable, such as a free game, nude picture, MP3 song, etc. You might have downloaded the Trojan from a website or file transfer without even knowing it. That is why it is important to always know what you are downloading and who is sponsoring the program.
Hacker/Cracker: When used properly, this term refers to an elite breed of "good guys" who are talented computer programmers. They enjoy solving challenging problems or exploring the capabilities of computers. Like a carpenter wielding an axe to make furniture, the hacker does good things with his skills. True hackers subscribe to a code of ethics and look down upon the illegal and immoral activity of crackers (defined
