Skip to main content

Identity Theft with a happy ending, sorta.

The San Francisco Chronicle has an interesting tale describing how identity theft victim Karen Lodrick recognized a woman who had been using her stolen identity in line at a Starbucks. She called 911 and pursued the woman, who was arrested, tried, convicted, and sentenced to time already served (44 days) plus probation. I'm curious about one of the details, however. Ms. Lodrick and apparently the police believe that her identity was stolen when the perpetrator stole unsolicited bank cards which "she had not requested". Were these unsolicited accounts? Probably not. They are described as "debit/credit cards" and other details of the story indicate that the cards were used to extract cash (or equivalent) from her accounts. Banks routinely send renewal cards to account holders. The term "unsolicited" in this context is typically not used to describe this situation. If the bank sent her a debit/credit card for an account that she didn't want such a card for, then the bank needs to evaluate its policies.

Technorati Tags: , , , , , ,

Comments

Anonymous said…
The bank (Wells Fargo) did in fact mail to me two (2) credit/debit cards I had NOT requested and knew nothing about. I was stunned when I found out these cards had wiped-out my Wells Fargo bank account and they were telling me it was my fault and/or someone had broken into my home. The fact is the bank mailed those unrequested cards to me and then authorized them to the criminal, Maria Nelson, when she called from an unauthorized phone number! Within days thousands of dollars was stolen from my bank account.
Tuesday, December 25, 2007 11:56:00 PM
Post a Comment

Popular posts from this blog

Verified by Visa (Veriphied Phishing?)

If you have used a Visa card to make a purchase online lately you may have encountered a relatively new program, Verified by Visa . I've encountered it twice. The system is an interesting attempt by Visa to reduce online fraud and identity theft. It's a noble effort, but the user experience is unsettling, and the security implications are not exactly crystal clear. Here's what happened to me, both times the Verified by Visa system was activated. I was redirected away from the domain at which I was shopping, to a URL which was: not the domain where I was shopping, not the domain of the bank that issued my card not visa.com I've been telling people for years that if anything like that happens to you, close your web browser immediately and do not under any circumstances enter any personal information into the form, because this is a sure sign of a man in the middle or phishing scam. (Never mind that all the best phishing scams now-a-days look like the actual dom...
20 comments
Read more

SQL Injection - So Easy, Your Server is Already Cracked

In a simple demonstration, a hapless team discovers the truth. "Your server is vulnerable. It's already been cracked. Oh, and by the way, it's already distributing malware for a botnet." A Big Case of Oops! Attitude of management in many organizations is one of the biggest barriers to improved security on the internet. People simply don't want to believe that their systems are vulnerable. Denial is pervasive, and affects organizations from the biggest of the Fortune 500 or Federal government agencies, down to modestly sized companies, local governments, and non-profit corporations. The attitude of the unnamed client described at the "Following the White Rabbit" blog (link above) is all too common. I suspect that an underlying cause is that people want to believe several things that worked pretty well from an evolutionary perspective, but don't work very well on the internet. When everybody around is a bunch of cave dwellers, consumed entirely with...
1 comment
Read more

Splunk acquires Phantom Cyber

I hope it doesn't come across as too cynical, the observation that most acquisitions in the tech domain fail to produce anything useful and often as not wind up killing a promising upstart technology, even if only by accident. I have hope for this one, though. Splunk strikes me as a likely exception. This acquisition of fresh ideas and talent might breathe new life into a solid, if somewhat staid, security company. Splunk’s data analytics gets a security boost with $350 million acquisition of Phantom Cyber
Post a Comment
Read more