Tag Archives: government agencies

ID Theft: A Danger Even After Death

Take your driver’s license out of your wallet. Flip it over. Now look carefully at the back of it. There’s no box to check for “identity donor.” Yet when it comes to identity-related crimes, one of the greatest times of vulnerability is immediately after you die.

You can do everything right. You can use long and strong passwords and account-unique user names. You can check your financial accounts and monitor your credit on a regular basis, you can set up transaction alerts on your credit cards – even order a credit freeze – and then you die. Well, not entirely…

Include Identity in Your Estate Planning

A good identity thief can undo all your fraud precautions with a few phone calls. Most people don’t think about this, because it’s a wee bit late to refinance the family homestead – much less worry about interest rates – when you’re dead. Regardless, the recently deceased continue to exist on paper, and this may be the case for some time. Meanwhile, many bankable facts – key among them your Social Security number and personally identifiable information – are just sort of there in the form of “zombie” purchasing power. An identity thief can use that purchasing power to drain your bank accounts, open new credit in your name and perpetrate all sorts of fraud that can harm your family and heirs.

Think of your post-mortem identity as a would-be extra on “The Shopping Dead.” Now that you have that image in your head, take the time to arrange for the deactivation of your identity by making it part of your estate planning. This will mostly take the form of a to-do list for whomever will be handling your affairs, because nothing can be done till…well, you know, after the fact. There are many good resources, including this list from IDT911.

There are many different scams out there, ranging from the misappropriation of Social Security payments to the more old-fashioned practice of ghosting, whereby a person of approximately the same age assumes the identity of the deceased. In keeping with the proliferation of possible crimes, there are plenty of criminals out there who make a living in this post-mortem niche. They scan death notices in the local paper, read obituaries, even attend funerals and, make no mistake about it, can get a lot of shopping done with your available credit before the three credit reporting agencies and your current and future potential creditors are notified of your demise. Those same bad guys may also use your Social Security number to grab a big fat tax refund (if you’re lucky enough to pass away during tax filing season).

How will they get the information needed to commit fraud? Sometimes the perpetrator is a family member, so he already has access. But more often, family members are distracted and distraught. There are visitors who come and go, unchecked, and of course the numerous demands of making final arrangements and dealing with matters of the estate. If there was a long illness, unsupervised healthcare workers may have had the run of the deceased’s domicile – including the owner’s most sensitive information. Maybe the wake was at the deceased’s home, or people sat shiva there. The opportunities for fraud abound. Funerals, of course, provide a thief with a precise time to get what he or she wants. But instead of grabbing the television or the silver (too easy to miss), an envelope containing a financial statement or a copy of last year’s tax return might go walkabout. From there, it’s a race to apply for as much credit and buy as many pricy things for resale as possible before the money spigot coughs credit dust.

The Bigger Picture

Government agencies are famously slow to get the news of a person’s undoing.

An audit of the Social Security Administration conducted by the Office of the Inspector General found approximately 6.5 million Social Security numbers belonging to people aged 112 or older whose death information wasn’t in the system. Of those numberholders, only 13 people were still receiving payments; the rest consisted of “numberholders who exceeded maximum reasonable life expectancies and were likely deceased.” The fact that their deaths were not recorded in Numident (the SSA’s numerical identification system), and thus are also missing on the Master Death List, leaves plenty of runway for misconduct. According to the audit report, the “SSA received 4,024 E-Verify inquiries using the SSNs of 3,873 numberholders born before June 16, 1901.”

On the off chance you missed the memo while diving for sunken treasure at the bottom of Loon Lake: Identity theft is now the third certainty in life, right behind death and taxes. When a loved one passes, there is a trifecta, which is why it’s trebly important to protect against the threat of a different kind of life everlasting.

Ransomware: Your Money or Your Data!

Your client, ABC Corp. is going about its business and then gets this message:

police

The above is a typical ransomware message, according to a recent Symantec Security Response report. What’s next? Pay the “ransom” and move on? Ransomware is a type of malware or malicious software that is designed to block access to a computer or computer system until a sum of money is paid. After executing ransomware, cyber criminals will lock down a specific computer or an entire system and then demand a ransom to unlock the system or release the data. This type of cyber crime is becoming more and more common for two reasons:

1. Cyber criminals are become increasingly organized and well-funded.

2. A novice hacker can easily purchase ransomware on the black market.

According to the FBI, this type of cyber crime is increasingly targeting companies and government agencies, as well as individuals. The most common way that criminals execute their evil mission is by sending attachments to an individual or various personnel at a company. The busy executive opens the file, sees nothing and continues with his work day. However, once the file has been opened, the malware has been executed, and Pandora has been unleashed from the box!

Now that the malware has been unleashed, a hacker can take over the company’s computer system or decide to steal or lock up key information. The criminals then make a “ransom”demand on the company. The ransom is usually requested in bitcoins, a digital currency also referred to as crypto-currency that is not backed by any bank or government but can be used on the Internet to trade for goods or services worldwide. One bitcoin is worth about $298 at the moment. Surprisingly, the amounts are generally not exorbitant (sometimes as nominal as $500 to $5,000 dollars). The company then has the choice to pay the sum or to hire a forensics expert to attempt to unlock the system.

The best way companies can attempt to guard against such cyber crime attacks is by educating employees on the prevalence and purpose of malware and the danger of opening suspicious attachments. Employees should be advised not to click on unfamiliar attachments and to advise IT in the event they have opened something that they suspect could have contained malware. Organizations should also consider backing up their data OFF the main network so that, if critical data is held hostage, they have a way to access most of what was kidnapped. Best practices also dictate that company systems (as well as individual personal devices) be patched and updated as soon as upgrades are available.

Finally, in the event you are a victim of a ransom attack, you would need to evaluate it constitutes a data breach incident. If the data hijacked is encrypted, notification is likely not necessary (as the data would be unreadable by the hacker). However, if the data was not encrypted, or you cannot prove to the authorities that it was, notification to clients or individuals is likely necessary.

Takeaway

Cyber extortion is more prevalent than most people realize because such events are not generally publicly reported. To protect against this risk, we recommend that companies employ best practices with respect to cyber security and that they consider purchasing a well-tailored cyber policy that contains cyber extortion coverage. Such coverage would provide assistance in the event a cyber extortion threat is made against the company, as well as finance the ransom amount in the event a payment is made.