The Thieving Season

At the height of the holiday shopping season last year, someone started opening credit card accounts in Michelle McCambridge’s name. McCambridge didn’t discover that her identity was stolen until January, when she received thousands of dollars’ worth of bills for purchases she never made.

“I was kinda furious,” McCambridge, a retail clerk at a J.C. Penney store in the Seattle area, later told the Seattle Times.

One week after McCambridge discovered she’d been victimized, a woman walked into the women’s casual department where McCambridge works. The woman asked to open a J.C. Penney credit card. For identification, she gave a driver’s license with McCambridge’s name and address on it.

Of all the cash registers in all the stores in all the world (much less Seattle), this bumbling identity thief picked the one where her victim happened to work. McCambridge excused herself and asked other managers to point security cameras at her sales counter, capturing the video that eventually was used to indict five people for allegedly stealing 39 identities.

“Yes, no violence was done to me, but that’s my identity,” McCambridge said. “It’s a violation of your space and who you are.”

Many people will experience this sense of violation as a result of this holiday and Christmas shopping season. More than 9 million identities are stolen every year, according to the Federal Trade Commission, and a disproportionate number of those crimes happen during the holiday shopping rush.

One reason for the seasonal surge is need – many people push their finances to the limit during the holidays and use fraud to bail themselves out. Another reason is opportunity. With so many people buying so much stuff in so many different ways, the holidays are a prime time to commit identity fraud. And finding the perpetrator can be difficult.

“Identity-theft crimes are some of the most difficult criminal cases to investigate,” Social Security Administration Special Agent Joseph Velling told the Seattle Times. “It is not that law enforcement does not know what crime was committed. Rather, it is a simpler question — who did it?”

Unfortunately, a situation like McCambridge’s, where catching the thief is so easy, is all too rare.


‘Tis the season

For identity thieves, the holiday season is the season of taking: Taking purses and wallets, as more and more shoppers descend into retail stores. Taking credit card and debit card numbers swiped by keystroke-recording malware. Taking personal information obtained in phishing schemes and phone conversations in “vishing” schemes.

“We tend to be busiest during the fourth quarter of the year—October, November, December,” says Raul Vargas, certified fraud examiner with CyberScout. “I know that traditionally financial institutions take their biggest losses in January or February because fraud occurs around the holidays, but consumers don’t find out until these months.”

One consumer’s risk is a seasoned fraudster’s opportunity. As the shopping season approaches, it’s important to remember how to mitigate yours.

“The most common thing that goes up during the holiday-time is what’s considered account takeover fraud — the fraudulent use of existing open accounts,” Vargas explains.

“People are shopping more often, and credit cards are out of their possession more often,” Vargas says. In addition to the physical loss or theft of credit and debit card numbers, the season is ripe for card ‘skimming’— that is, the deployment of small devices that steal account information. “When you’re shopping, be careful about your cards — whom you are handing them to and what that person’s doing once you hand it to them. Make sure you get your cards and ID back if you hand them to someone.”

Indeed, one of the most important consumer tips of the holiday season is a familiar one worth repeating: Be mindful of your belongings — don’t leave wallets and purses unattended or within easy reach of a pickpocket. And only carry identification and credit cards you’ll need when you shop.

The Federal Reserve Board chairman Ben Bernanke’s wife, Anna, learned firsthand what happens if you don’t heed that advice. She was sitting in a Starbucks on Capitol Hill when someone stole her purse, Newsweek reported. Inside were her Social Security card, driver’s license, four credit cards, and a checkbook with the Fed chief’s bank account number, home address and telephone number printed across each check. Within days, the crooks raided the Bernanke’s personal bank account.

But even if she was alert, it might have been hard for Anna Bernanke to protect herself. That’s because the crook who stole her purse was a member of a sophisticated crime ring that called itself “Cannon to the Wiz” (“cannon” being a term for expert pickpockets).

A Secret Service investigation found that the crime ring stole $2.1 million from various victims. Her case reminds us that we’re vulnerable all year round; however, criminals thrive on shoppers’ heightened state of distraction during the holidays.

So this leads to the next piece of advice: Before you pay attention to your wallet or purse, pay attention to what you put in it. Only carry the identification and credit cards you’ll need when you shop. Likewise, NEVER carry your Social Security number with you. Criminals can use it to open up fraudulent credit accounts in your name (not to mention gain employment, obtain medical treatment, set up utility service and more).

If you’re traveling for the holidays, make sure that someone is picking up your mail for you. That way they can gather up all those unsolicited credit card offers, which offer open invitations for fraud.

And like always, be sure to shred your credit card and financial statements and other financial documents.


Online shopping safety

In this age of growing Internet commerce, fraud doesn’t wait for you to go to a retail store, handle a Social Security card or write an actual check. Many more crimes are happening online, says CyberScout Information Security Officer Ondrej Krehel.

The first step is to protect your personal computer. That starts with choosing the right Web browser. The most popular ones are Internet Explorer, Firefox or Safari. Before you use them, be sure you have the latest, most-secure version. Newer versions include phishing filters, pop-up blockers and malware protection, among other improved security features. Make sure that your operating system and Internet browser have downloaded the latest security patches.

Next comes the process of buying and installing antivirus, anti-malware and personal firewall protection. These programs have become the bare minimum steps required to protect yourself online, Krehel says. Make sure that your security software is up-to-date and updated regularly. Because simply having security software on your computer without properly updating it is like becoming a member of a gym but never going.

Personal firewalls should stop unwanted applications by displaying a warning message, and then you can decide if that application should be allowed to open, Krehel says. “Tweaking” and managing your own firewall protection can be challenging for a basic user, but firewalls usually come pre-configured, and technical support is included. Tips and tricks for personal firewall improvement can be found on various vendor and technical Web sites.

There are many antivirus vendors, and some of them provide all of the above in one program. If you’re unsure whether your computer is “clean,” you can use free online scans from major antivirus vendors, such as Kaspersky, Eset, McAfee and Symantec.

If you use a laptop to shop, be aware of where you go for Internet access. Shared wireless access points, like those WiFi found at coffee shops and other public places, are not secure places to disclose your private financial data. Depending on an access point’s security configuration, an attacker may be able to eavesdrop and record whatever is being transmitted over the network.

It’s true, there are seemingly countless points of entry for criminals to exploit your identity, and the distractions of the holiday only give them an easier way in. And while there is no way to fully guarantee the protection of your identity, you can always increase your chances of staying safe, mitigate the risks, and – if you do become a victim – hopefully discover the crime before too much damage is done.


Tips to Keep in Mind While Shopping This Holiday Season

• Make sure you have installed and updated antivirus, anti-malware and personal firewall software on your computer. Your operating system and Internet browser should be updated with the latest security patches.

• Only shop on secure sites. To see if a Web site is secure, look for “https” in the address bar. Also, there’s usually a small yellow padlock logo at the right of your Web browser address bar. If you double-click on the lock, a digital certificate of the Web site will appear. It’s a good idea to review these certificates on the sites that you are not familiar with.

• Make sure that you enter the correct URL. There are cases where hackers have purchased misspelled domains.  

• Shopping Web sites have no reason to ask for your Social Security number, or passwords to your e-mail or bank accounts as part of the buying process. Never provide them.

• If you suspect a Web site is not what it claims, leave it immediately. Do not click any buttons on the site, run any content or download any software. Use different “strong” passwords (those that are more secure) for online retailers and your personal e-mail accounts. A strong password is composed of numbers, upper- and lower-case letters and symbols. For example, a password like “_Dogz$$!” is a better option than “1006.” The longer and more unique the password the better, but make sure it’s also something you can remember.  

• Before purchasing anything on a Web site, read site reviews or blog comments by other people. Use sites such as or (Google shopping) for comparing prices and to read users’ reviews of the retail Web site.

• Retailers may try to lure you into saving your personal information on their Web site in return for more convenience or better deals. Don’t do it. So many Web sites have had their customer databases breached by identity thieves lately that it’s just not worth the risk.

• Read each Web site’s return and privacy policy before making your purchase.

• Be aware of phishing e-mail scams that include Web site links advertising incredible deals. Rather than clicking on them, type the link of known sites by hand into your browser.

• Use credit cards for online purchases, not debit cards. That’s because debit cards automatically deduct money from your bank account. Try to use cards with low credit limits to minimize the damage in case someone steals your information to take over the account. Or, use a “one-time” credit card number from payment processors such as PayPal.

• Do not send your payment information via regular e-mail; these communications are not secure.

• As a general rule, uncheck boxes advertising “additional offers.” These services are sometimes offered for a low initial fee that later increases to a high, recurring charge on your credit card.

• Save records of all your purchases either in an electronic document or on paper.

• Don’t forget to power off your computer completely when you are finished using it.


Additional sources