March 10, 2010 by Terry.

Story by Wired:

• By Kim Zetter
• June 27, 2008  |
• 11:52 am  |
• Categories: Crime

LifeLock is in the news again.

The identity theft protection firm whose CEO lists his Social Security number in ads for the company is being sued by Namesafe, a competitor in the identity theft protection market, for allegedly stealing the company’s corporate identity and deceptive trade practices.

According to papers filed in Tennessee, Namesafe claims that LifeLock stole its trademark and deceptively diverted traffic meant for Namesafe’s web site to LifeLock’s own web site.

The suit claims that LifeLock purchased sponsored ads on major search engines and portals such as Google, Yahoo, MSN and Hotbot that tricked users into landing on its site. Namesafe says the ads have disappeared since they were discovered, but it provided screen shots of the search results pages in its complaint. The company doesn’t know for sure if the ads disappeared after it filed its suit but believes that is what occurred.

The company says that when users did a search on the word “Namesafe,” sponsored ads appeared at the top of search result pages, which included a link for “Namesafe” and “Namesafe.com.” But when users clicked the link, it took them to LifeLock’s web site instead. The name LifeLock appeared in the ads next to or beneath “Namesafe” and “Namesafe.com,” but Namesafe says the ads were clearly designed to fool Namesafe customers.

“It’s like me taking out a newpaper ad for LifeLock.com and putting my phone number in it,” said Namesafe founder and CEO David Ridings. “It’s the same thing but on the internet scale. The purchasing of an ad that says Namesafe.com is deceptive and confuses consumers.”

Namesafe launched its web site on February 25th and said it discovered the problem about a month ago in Google search results. Ridings says his company filed an informal online complaint with Google asking it to investigate. Google responded by saying it would not get into issues over the legalities of who can purchase brand name ads. Ridings says Google did not, in its response, confirm that LifeLock had purchased such ads.

Namesafe spokesman Dick Marsh said the company decided to file the lawsuit after he discovered recently that the problem was occurring on other search sites as well. Marsh sent a press release to reporters after the company filed the suit.

I asked Ridings if his company sent a cease-and-desist letter to LifeLock before filing the suit or sent the company any inquiry asking it to explain the ads. He said Namesafe did not and defended the company’s decision to file suit instead.

“This was not an honest mistake,” he said. “We made a decision to do what we needed to do to get them to come down. We have a lot of television and radio ads and with every passing moment there’s more potential for a consumer to be confused.”

LifeLock released a statement denying that it purchased ads using Namesafe’s brand name:

“Following notice of a pending lawsuit from WSMV in Nashville, TN on Thursday, we immediately began an investigation and determined that LifeLock Corporation has never purchased any competitive branded search terms. To be clear, LifeLock Corporation has never used the ‘NameSafe’ name in LifeLock ad copy,” the statement reads.

Google has not yet responded to requests asking about the ads. I’ll update this post if I hear back from the company.

This is not the first lawsuit against LifeLock. The company has been the target of class-action lawsuits from customers questioning its protection claims as well as a suit from credit reporting agency Experian for acting on consumers’ behalf to place alerts on their credit accounts.

The company was also the target of much controversy last year after a reporter uncovered information about the background of one of LifeLock’s founders, who has since resigned.

LifeLock Sued for Corporate Identity Theft

Posted in IDT - Businesses, News Alerts | Print | No Comments »

March 10, 2010 by Terry.

Here is Press Release from Federal Trade Commission (FTC) about Lifelock:

For Release: 03/09/2010

LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States That Identity Theft Prevention and Data Security Claims Were False

LifeLock, Inc. has agreed to pay $11 million to the Federal Trade Commission and $1 million to a group of 35 state attorneys general to settle charges that the company used false claims to promote its identity theft protection services, which it widely advertised by displaying the CEO’s Social Security number on the side of a truck.

In one of the largest FTC-state coordinated settlements on record, LifeLock and its principals will be barred from making deceptive claims and required to take more stringent measures to safeguard the personal information they collect from customers.

“While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it,” said FTC Chairman Jon Leibowitz.

“This agreement effectively prevents LifeLock from misrepresenting that its services offer absolute prevention against identity theft because there is unfortunately no foolproof way to avoid ID theft,” Illinois Attorney General Lisa Madigan said. “Consumers can take definitive steps to minimize the chances of having their personal information stolen, and this settlement will help them make more informed decisions about whether to enroll in ID theft protection services.”

Since 2006, LifeLock’s ads have claimed that it could prevent identity theft for consumers willing to sign up for its $10-a-month service.

According to the FTC’s complaint, LifeLock has claimed:

• “By now you’ve heard about individuals whose identities have been stolen by identity thieves . . . LifeLock protects against this ever happening to you. Guaranteed.”
• “Please know that we are the first company to prevent identity theft from occurring.”
• “Do you ever worry about identity theft? If so, it’s time you got to know LifeLock. We work to stop identity theft before it happens.”

The FTC’s complaint charged that the fraud alerts that LifeLock placed on customers’ credit files protected only against certain forms of identity theft and gave them no protection against the misuse of existing accounts, the most common type of identity theft. It also allegedly provided no protection against medical identity theft or employment identity theft, in which thieves use personal information to get medical care or apply for jobs. And even for types of identity theft for which fraud alerts are most effective, they do not provide absolute protection. They alert creditors opening new accounts to take reasonable measures to verify that the individual applying for credit actually is who he or she claims to be, but in some instances, identity thieves can thwart even reasonable precautions.

New account fraud, the type of identity theft for which fraud alerts are most effective, comprised only 17 percent of identity theft incidents, according to an FTC survey released in 2007.

The FTC’s complaint further alleged that LifeLock also claimed that it would prevent unauthorized changes to customers’ address information, that it constantly monitored activity on customer credit reports, and that it would ensure that a customer always would receive a telephone call from a potential creditor before a new account was opened. The FTC charged that those claims were false.

In addition to its deceptive identity theft protection claims, LifeLock allegedly made claims about its own data security that were not true. According to the FTC, LifeLock routinely collected sensitive information from its customers, including their social security numbers and credit card numbers. The company claimed:

• “Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
• “All stored personal data is electronically encrypted.”
• “LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”

The FTC charged that LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a “need to know” basis. In fact, the agency charged, the company’s data system was vulnerable and could have been exploited by those seeking access to customer information.

The FTC and state settlements with LifeLock bar deceptive claims, and prohibit the company from misrepresenting the “means, methods, procedures, effects, effectiveness, coverage, or scope of any identity theft protection service.” They also bar misrepresentations about the risk of identity theft, and the manner and extent to which LifeLock protects consumers’ personal information. In addition, the settlements require LifeLock to establish a comprehensive data security program and obtain biennial independent third-party assessments of that program for twenty years.

The Attorneys General of Alaska, Arizona, California, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kentucky, Maine, Maryland, Massachusetts, Michigan, Missouri, Mississippi, Montana, Nebraska, Nevada, New Mexico, New York, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Vermont, Virginia, Washington, and West Virginia participated in this settlement.

In addition to LifeLock, the FTC complaint named co-founders Richard Todd Davis and Robert J. Maynard, Jr., who will be barred from the same misrepresentations as LifeLock.

The Commission vote to authorize staff to file the complaint and the settlement with LifeLock and Richard Todd Davis was 4-0. The Commission vote to authorize staff to file the settlement with Robert J. Maynard, Jr. was 3-1, with Commissioner J. Thomas Rosch dissenting. The documents were filed in the U.S. District Court for the District of Arizona.

The FTC will use the $11 million it receives from the settlements to provide refunds to consumers. It will be sending letters to the current and former customers of LifeLock who may be eligible for refunds under the settlement, along with instructions for applying. Customers do not have to contact the FTC to be eligible for refunds. Up-to-date information about the redress program can be found at 202-326-3757 and at www.ftc.gov/lifelock.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law. Stipulated judgements are for settlement purposes only and do not constitute an admission by the defendant of a law violation. Consent judgments have the force of law when signed by the judge.

In addition to announcing the LifeLock case, the FTC’s Northeast Regional Office sponsored an event to kick off National Consumer Protection week. The goal was to alert consumers to the top complaint categories in the Northeast Region and to arm consumers with the tools to recognize and protect themselves against all types of fraud. Also participating were the Better Business Bureau serving Metropolitan New York, the New York Attorney General’s Office, the New York City Department of Consumer Affairs, and AARP.

The Federal Trade Commission works for the consumer to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, click http://www.ftccomplaintassistant.gov or call 1-877-382-4357. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to more than 1,700 civil and criminal law enforcement agencies in the U.S. and abroad. For free information on a variety of consumer topics, click http://www.ftc.gov/bcp/consumer.shtm.

MEDIA CONTACT: Claudia Bourne Farrell
Office of Public Affairs
202-326-2181STAFF CONTACT:Maneesha Mithal or David Lincicum
Bureau of Consumer Protection
202-326-2771 or 202-326 2773

(FTC File No. 072-3069)
(Lifelock)

Posted in News Alerts | Print | No Comments »

March 10, 2010 by Terry.

I couldn’t say it any better than Wired.com, so here is their story:

Lifelock Dinged 12 Million

Lifelock Dinged $12 Million for Deceptive Business Practices (Wired.com)

By Kim Zetter, March 9, 2010

The CEO of Lifelock, Todd Davis, became famous for advertising his Social Security number on television ads and billboards promising his $10 monthly service would protect consumers from identity theft.

The company also offered a $1 million guarantee to compensate customers for losses incurred if they became a victim of identity theft after signing up for the service.

But the Federal Trade Commission said Tuesday that the claims were bogus (.pdf) and accused Lifelock, based in Arizona, of operating a scam and con operation. The commission announced, along with 35 state attorneys general, that it had levied a fine of $12 million against the company for deceptive business practices and for failing to secure sensitive customer data. Of that amount, $11 million will go to refund customers who subscribed to the service. Consumers will receive a letter from the FTC and their attorney general explaining how to take part in the settlement.

The FTC said that Lifelock, which advertises itself as “#1 In Identity Theft Protection,” engaged in false advertising by promising customers that if they signed up with its service their personal information would become useless to thieves.

“In truth, the protection they provided left such a large hole … that you could drive that truck through it,” said FTC Chairman Jon Leibowitz, referring to a Lifelock TV ad showing a truck painted with the CEO’s Social Security number driving around city streets.

The company, he said, used scare tactics to convince potential customers they would be unprotected from identity theft without its service, and of warning them in letters that they were at a high risk of identity theft.

“I was a recipient of one letter,” Illinois Attorney General Lisa Madigan said.

For the annual subscription fee, Lifelock promised customers that it would place fraud alerts on their credit accounts with the three credit reporting agencies. As a result, the company said, thieves would not be able to open unauthorized credit or bank accounts in their name.

But Leibowitz said the promises were deceptive because thieves could still rack up unauthorized charges on existing accounts — the most common type of identity theft. It also couldn’t protect thieves from obtaining a loan in a Lifelock customer’s name.

In fact, Lifelock CEO Davis was the victim of identity theft in 2007 when a thief used his widely advertised Social Security number to obtain a $500 loan in Davis’ name.

Lifelock also promised customers that sensitive data they provided the company to perform its protection services — such as their Social Security number, name and address and bank card information — would be encrypted and protected in other ways on Lifelock’s servers and accessed only by authorized employees on a need-to-know basis.

“Your documents, while in our care, will be treated as if they were cash,” the company promised.

In truth, the FTC said, until at least September 2007, the company failed to provide “reasonable and appropriate security to prevent unauthorized access to personal information stored on its corporate network” either in transit through the network, stored in a database or transmitted over the internet.

None of the data was encrypted, said the FTC, either in storage or in transit. The company also had poor password management practices for employees and vendors who accessed the information. Lifelock also failed to limit access to sensitive data to only those people who needed access.

What’s more, the company failed to apply critical security patches and updates to its network and “failed to employ sufficient measures” to detect and prevent unauthorized access to its network, “such as by installing antivirus or antispyware programs on computers used by employees to remotely access the network or regularly recording and reviewing activity on the network,” the complaint said.

The latter is particularly ironic. Lifelock often promoted its services to companies that experienced data breaches, convincing them to offer a complimentary Lifelock subscription to people whose data was compromised in a breach. All the while, the FTC claims, Lifelock was making its own customer information vulnerable to a breach.

“As a result of these practices, an unauthorized person could obtain access to personal information stored on defendants’ corporate network, in transit through defendants’ corporate network or over the internet, or maintained in defendants’ offices,” according to the complaint.

According to the terms of an FTC settlement agreement with Lifelock to settle the allegations, the company must inform consumers about the limitations of its service. The company will also have to implement a data security program to protect the customer data it handles.

“As long as the company is honest and up front and lets consumers know what they’re getting and has adequate security safeguards for customer information, we wish them well,” said Leibowitz.

Lifelock said in a statement that, in October, it “rolled out the next generation of identity theft protection services that provide even better and broader protection to its valued members.” The company added that its new-and-improved service, which was not the subject of the FCC inquiry, has prevented more than 5,000 fraudulent credit applications.

The company and its owners have been at the center of controversy for a number of years. According to an investigative report by the Phoenix New Times in 2007, Lifelock co-founder Robert Maynard Jr., was suspected at one time of being an identity thief himself and stealing his father’s identity to obtain an American Express card. He had also been the target of another FTC investigation involving a previous business venture unrelated to Lifelock. Maynard resigned from the company after news of his past was published, but he continued to work for the firm as a contractor.

See also:

• Lifelock Sued for Corproate Identity Theft
• Police Say Lifelock Founder Coerced Unusable Confession From Identity Theif
• Lifelock Founder a Shady Identity Thief?
• Lifelock Founder Resigns Amid Controversy

Posted in News Alerts | Print | No Comments »

October 14, 2009 by Terry.

WARNING: 2010 Census begins phase 1 and so does the IDentity Thieves

Scam Alert: Be Cautious About Giving Info to Census Workers

With the U.S. Census process beginning, as citizens we need to be cooperative, but very cautious.  Talk with EVERYONE in your home who may answer the door and even your neighbors who may respond to door-to-door census takers, if your door isn’t answered.  This may help in not becoming a victim of fraud or identity theft. The first phase of the 2010 U.S. Census is under way, as workers have begun verifying the addresses of households across the country.

Eventually, more than 140,000 U.S. Census workers will count every [used very loosely] person in the United States and will gather information about every person living at each address including name, age, gender, race, and other relevant data.

A very concerning question is - how do you tell the difference between a U.S. Census worker and a con artist?

If a U.S. Census worker knocks on your door, they will have a badge, a handheld device, a Census Bureau canvas bag, and a confidentiality notice.  Ask to see their identification and their badge before answering their questions.  However, you should never invite anyone you don’t know into your home.

Census workers are currently only knocking on doors to verify address information.  Do not give your Social Security number, credit card or banking information to anyone, even if they claim they need it for the U.S. Census.

REMEMBER, NO MATTER WHAT THEY ASK, YOU REALLY ONLY NEED TO TELL THEM HOW MANY PEOPLE LIVE AT YOUR ADDRESS.

While the Census Bureau might ask for basic financial information, such as a salary range, YOU DON’T HAVE TO ANSWER ANYTHING AT ALL ABOUT YOUR FINANCIAL SITUATION.  The Census Bureau will not ask for Social Security, bank account, or credit card numbers, nor will employees solicit donations.  Any one asking for that information is NOT with the Census Bureau. 

AND REMEMBER, THE CENSUS BUREAU HAS DECIDED NOT TO WORK WITH ACORN ON GATHERING THIS INFORMATION..  No Acorn worker should approach you saying he/she is with the Census Bureau.  [yahoooooo]

Eventually, Census workers may contact you by telephone, mail, or in person at home. However, the Census Bureau will not contact you by Email, so be on the lookout for Email scams impersonating the Census.

Never click on a link or open any attachments in an Email that are supposedly from the U.S. Census Bureau.

For more advice on avoiding identity theft and fraud, visit any of these web sites:

http://TalkSolutionsToday.com – IDentity Theft information site, for businesses

http://WebDataBreachAlert.org – subscribe to a monthly service that could alert you to data breaches at businesses, schools, medical facilities, etc, which you frequent.

http://privacyrights.org – Nonprofit Consumer Information and Advocay Organization

http://ftc.gov/idtheft – Federal Trade Commission’s IDentity Theft info web site

http://WhoElseHasYourName.info – this blog

PLEASE SHARE THIS INFO WITH FAMILY AND FRIENDS.

Posted in News Alerts, IDentity Theft | Print | No Comments »

September 21, 2009 by Terry.

Like Americans, citizens of Germany have concerns for where they work, play, shop, with their private information.

from http://www.net-security.org/secworld.php?id=8117

“PGP Corporation announced the results from The Ponemon Institute’s third annual study on encryption usage in the enterprise - The 2009 Annual Study: German Enterprise Encryption Trends.

This year’s study surveyed 490 IT and security practitioners, 27 percent of whom hold positions at managerial level or higher, and identifies the trends in enterprise encryption planning strategies, budgeting and spending, deployment methodologies and impact on data breach incidents.

The fundamental conclusion on the basis of study participants’ responses is that data protection is a significant problem in Germany. Fifty-three

percent of all companies and organisations suffered at least one instance of data loss during the past twelve months, representing an increase of

over 55 percent on the figure for 2008 (34 percent).”

Posted in News Alerts | Print | No Comments »

July 6, 2009 by Terry.

News from New York State Insurance Department

07/06/2009

Acting Insurance Superintendent Kermitt Brooks today warned New York State licensed insurance agents and brokers to be aware of an identity theft scam involving telephone calls used to target insurance professionals in at least a half dozen states.

The scam involves individuals who telephone agents and brokers and pretend to be state insurance department representatives. The callers tell potential victims that their licenses to sell insurance will be cancelled because of outstanding paperwork or fines unless they provide credit card numbers and other personal information to pay fines.

“It’s important for agents and brokers in New York State to be aware of this because these types of scams typically travel across the country. The scam has already been reported in a half dozen states from California to Ohio,” Brooks said.

“It is not the policy, practice or procedure of the New York State Insurance Department to solicit any personal information over the phone. Agents or brokers who receive phone calls like this should immediately contact local law enforcement authorities and the Insurance Department’s Frauds Bureau,” Brooks said.

The Frauds Bureau can be reached toll-free at 1-888-FRAUDNY.

Posted in IDT - Scams, News Alerts | Print | No Comments »

May 28, 2009 by Terry.

“…LifeLock has been breaking California law for years by placing fraud alerts on its customer’s credit profiles.” from THREAT LEVEL at Wired.com

And charging you for it.  Folks, we can do that for FREE!  See the 2003 Fair and Accurate Credit Transactions Act, or FACTA, rules and other legislation.

Read the full story at the link above - THEY ALL TALK ABOUT FRAUD RELATED IDENTITY THEFT ~~~ WHY AREN’T THEY TALKING ABOUT ALL AREAS OF IDENTITY THEFT? Like the ones that can land you in jail, in handcuffs in front of your kids, slammed to the ground when you ARE innocent, or the one that CAN kill you.

Kroll, the world’s leading risk consulting company, with more than 30-years experience, says it best on their website.  They also appoached the leading nationwide network of lawfirms [what if IDentity Theft happens against you, by someone in ANOTHER state] and partnered with Pre-Paid Legal Services to offer the better answer.  Get the answers in short 4-minute videos at each link on Talk Today

As mentioned in the article these companies that popped up in the last 5 years to offer a fraud alert placement service will need to stop doing that.  WHY?  Better yet, WHY NOT? - YOU can place the alert yourself - FOR FREE.

The IDENTITY THEFT SHIELD[tm] is the better answer and their licensed investigaters place the alert, on your behalf, ONLY when necessary, and they don’t charge you extra.

Recommended reading to help you understand this crisis: The Silent Crime: What You Need To Know About Identity Theft, authored by Steffen Schmidt and Mike McCoy

Terry Kohler
Certified IDentity Theft Risk Management Specialist
Talk Solutions Today

Posted in News Alerts, IDentity Theft | Print | No Comments »

May 25, 2009 by Terry.

Did you see this article on the New York Times back in January - or hear about it since then?

From that article the authors stated:

“Heartland, based in Princeton, N.J., works with about 175,000 small merchants and processes about 100 million transactions a month. It has created a Web site, 2008breach.com, to provide information about the incident. Cardholders are not responsible for unauthorized fraudulent charges.”

Not according to the Federal Trade Commission and legislation:

Page 19 of the free booklet IDTheft Victims receive when they file a complaint with the FTC “Take Charge: Fighting Back Against Identity Theft” [available at http://ftc.gov/idtheft] indicates you are responsible in this way - that can be very costly:

“…If an identity thief changed the address on your account and you didn’t receive the bill, your dispute letter still must reach the creditor within 60 days of when the creditor would have mailed the bill. This is one reason it’s essential to keep track of your billing statements, and follow up quickly if your bills don’t arrive on time.”

Terry Kohler
Certified IDentity Theft Risk Management Specialist
Talk Solutions Today

Posted in IDT - Businesses, IDT - SSAN, IDT - Financial, News Alerts, IDentity Theft Victims | Print | No Comments »

April 27, 2009 by Terry.

I am no doctor, but common sense applies.  Might I suggest you consider these as a minimum:

• Stay home from work or school if you have flu symptoms, and don’t return until two days after your symptoms are gone.
• Wash your hands often. And cover your mouth/nose when you cough or sneeze.
• Go to the hospital only if you have severe symptoms, such as difficulty breathing. Stay home if your symptoms are mild because you risk spreading the virus to other people.   If you have insurance through your employer that offers a 24-hour nurses line, have it handy and call them while in the ‘mild’ stages, before it becomes severe.
• Masks, as seen in hospitals worn by doctors and staff, are probably a good idea for health care professionals and family members who come in close contact with flu patients. Though health officials said there is no need for the general public to wear them, I personally have them for my family just to be safe.  As the old saying goes, ‘Better safe, than Sorry’
• Officials said it’s safe to eat pork, but they stressed the need to cook it properly. That means cooking pork to at least 160 degrees. (Source: AP)
• If these steps are practiced by as many citizens as possible the spread of disease can be slowed.
• If people also take steps up front to reduce identity theft issues against themselves, they can also help that epidemic be slowed from reaching pandemic stages.
• The better answer is Pre-Paid, vs. Post-Paid - see if you agree: www.whoelsehasyourname.com/html/justiceforall

Italics added by Terry Kohler - Certified IDentity Theft Risk Management Specialist

Posted in News Alerts | Print | No Comments »

April 23, 2009 by Terry.

Readiness for May 1, 2009 deadline - Knowledge of these Federal Red Flag Rules - mostly relating to IDentity Theft and Data Breaches

http://polls.linkedin.com/p/34409/pfbyu

If you are a business, be aware, your customers, B2B, and vendors, will be concerned about YOUR readiness and if you are up to speed with them.

Free gift for you - PDF file ”

Offered by Talk Solutions Today

[deadline was extended from original November 1, 2008 deadline, because too many businesses weren’t aware]

Terry Kohler

Posted in IDT - Businesses, News Alerts, IDentity Theft | Print | 1 Comment »