[ad#trustedid]
Welcome to our debut show for 2009! Identity Theft Radio has returned after a several month hiatus. Our new show format will be only for 10 minutes. This will allow us to send the video version of this show to YouTube for syndication immediately following the end of the show each week. We will simulcast on video at http://www.newmediapro.tv and the recordings will be available there as well.

Tonight, we will cover the different types of Identity Theft and a breaking news story that just came about today! Let’s get started…

There are 6 different types of identity theft:
1. Credit/Financial
2. Medical
3. Driver’s License
4. Social Security Number
5. Character
6. Synthetic

We will go into more details over the next few weeks as we delve further into each type of identity theft.

First though, a breaking news story that hit the social media world today. Twitter, the popular microblogging platform, had a phishing scam hit many of it’s users today in the form of a direct message. If you aren’t familiar with Twitter, it allows you to send friends and followers an “instant message” in under 140 characters.

Chris Pirillo, best known from uStream.TV, reported this phishing scam via Twitter to alert his followers that this was happening. Many of his followers resent this message out to their followers, thus spreading the message very quickly to avert potential identity theft from happening.

Many received a direct message from one of their twitter followers:

hey! check out this funny blog about you… jannawalitax . blogspot . com

DO NOT VISIT the URL in question. It will redirect you immediately to a suspicious domain: twitter . access-logins . com – notice the subdomain?

This is NOT the Twitter login page, even though it looks like the real Twitter page, however the domain name gives way to believe it is a phishing site. Suggestion: do NOT log in to your Twitter account through any site other than Twitter.com. That may go without saying, but consider how many third-party Twitter services you use? Seems it’s about time for some kind of verification / validation for applications using the Twitter API – so you can be sure you’re passing your credentials to the right people. Many people have setup phony Twitter services sites promising all kinds of stats and status and will ask you for your username and password for your Twitter account.

This phishing domain appears to be registered in China:

Organization : zhang xiaohu
Name : zhang xiaohu
Address : changningzhonghuainanlu192hao
City : changning
Province/State : Hunan
Country : CN
Postal Code : 421500

Please, tell your Twitter followers to NOT VISIT or LOGIN THROUGH that site! Watch out for these direct messages. If you did happen to visit one of the offending URLs, you should be safe so long as you didn’t try to log into your Twitter account there.

Phishing is where someone is attempting to gain your information by using a phony site that looks like a real site, for example, your bank’s main site. Always look at the domain address that will show up in your address bar and make sure it is the actual site that you are visiting. Never take ANY e-mail at face value and when in doubt, DON’T click on ANY links without checking out the source of the message first!

Related articles by Zemanta

• What is Twitter and How Does it Work?
• How Social Media Networks Facilitate Identity Theft and Online Fraud
• FTC warns of increase in Internet scams
• U.S. Identity Theft Convictions Up 26 Percent, Feds Say

Popularity: 12% [?]

[ad#lifelock]
I received an email this morning saying that my PayPal account had just put into a limited access mode. At first I was thinking what is limited access anyway? I mean, I never expected anything wrong with my account that I would receive this email from PayPal. I was a bit worried about having limited access as most of the online business owner knows that this is the major payment processor we use online.

The ID Theft Risk Management Specialist part of me kicked in and started studying this new email that was “apparently” from PayPal. At first glance, all appeared to be in order until I noticed the following discrepancies:

1. The email is not sending out from actual PayPal email. In the sender information, it is service@paypail.com Vs service @ paypal . com.

2. It provides an fraud case ID. I checked in my account based on the ID provided and I can’t found the record.

3. Another fraud email provided in the email: security@paypalfraudcheck.com Vs security or service @ paypal.com. And attempting to go to this domain automatically redirects to PayPal properly.

4. The way to remove the limit access is simply unreasonable. The email said this: “completing all of the checklist items will automatically restore your account access”.

1) Personal identification – a copy of one photographic ID from the following list:
- Passport – Driving license – National Identification card

2) Address verification – a copy of one of the following (online statements not accepted):
- Utility bill – less than 3 months old
- Bank statement – less than 3 months old

5. Last but not least, he send to my primary email address instead of my paypal email address.

Think about it, if you account is being limited access, that means your account is being monitored by Paypal, there is no way it will restore automatically by simply by submitting these documents. I am sure Paypal will go through the manual verification process in order to remove that access.

6. To further confirm it is a phishing email, I went to do domain whois check on the domain names provided. This screenshot below confirms that this domain does not belong to PayPal.

I found out this appeared to be one of the phishing email that send out by a guy named Ryan Gunness (according to the whois record) and it sound like the following email screenshot. And I received an answer back from spoof@paypal.com within 30 minutes of submitting this email that it is indeed a phishing email.

AKPC_IDS += "618,";

Popularity: 5% [?]