Trend Micro Media Advisory : Have You Been Invited to the Meeting

Trend Micro Warns against New Type of Spam.

Cupertino, CA – March 19, 2008 – Trend Micro Incorporated (TSE: 4704), a global leader in Internet content security today warned of a new type of spam, Meeting Invite spam.

During the past 12 months, Trend Micro has tracked spam in numerous formats but this is the first time the Google Calendaring system has been used as a mechanism. Spam filters may be designed to automatically filter out attachment spam or image spam, however they are less likely to be set up to track for this new delivery mechanism.

In this latest attack, Nigerian scam spammers are using meeting invites to bypass anti-spam engines. The e-mail invites are personalized with a different link sent to each recipient and may be configured to send meeting alerts in order to draw increased attention to the spam message.

“We will most likely see this spam delivery method used for other types of spam—pump and dump, links to web threats, etc,” said Jamz Yaneza, research project manager at Trend Micro. “It is likely that on the back of this first attack, we can expect to see such tools like Google calendar, further abused to contain malicious links and try to steal sensitive information.”

Trend Micro encourages all businesses and end users to demonstrate extra caution when receiving unexpected meeting invitations and other unexpected mail. On execution such attacks pose risks to recipients including the possibility of executing malicious code or other malware.

Already, Trend Micro has added this new type of spam to its spam blocking databases. For non-Trend Micro customers, the Company advises users to delete any similar meeting invite messages that might arrive in their inbox.

For further information please see the Trend Micro Malware Blog at: http://blog.trendmicro.com.

Source : Trend Micro

Spam ( Electronic )

Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, mobile phone messaging spam, Internet forum spam and junk fax transmissions.

Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in many jurisdictions.

The people that create electronic spam are called spammers.

E-mail Spam

E-mail spam, also known as unsolicited bulk email (UBE) or unsolicited commercial email (UCE), is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients.

Spam in e-mail started to become a problem when the Internet was opened up to the general public in the mid-1990s. It grew exponentially over the following years, and today comprises some 80 to 85% of all the email in the world, by conservative estimate; some sources go as high as 95%.

Pressure to make e-mail spam illegal has been successful in some jurisdictions, but less so in others. Spammers take advantage of this fact, and frequently outsource parts of their operations to countries where spamming will not get them into legal trouble.

Increasingly, e-mail spam today is sent via "zombie networks", networks of virus- or worm-infected personal computers in homes and offices around the globe; many modern worms install a backdoor which allows the spammer access to the computer. At the same time, it is becoming clear that malware authors, spammers, and phishers are learning from each other, and possibly forming various kinds of partnerships.

E-mail is an extremely cheap mass medium, and professional spammers have automated their processes to a high extent. Thus, spamming can be very profitable even at what would otherwise be considered extremely low response rates.

An industry of e-mail address harvesting is dedicated to collecting email addresses and selling compiled databases. Millions of email addresses can be cheaply purchased.

Instant Messaging and Chat Room spam

Instant Messaging spam, sometimes termed spim (a portmanteau of spam and IM, short for instant messenger), makes use of instant messaging systems, such as AOL Instant Messenger, ICQ or Windows Live Messenger. Many IM systems offer a user directory, including demographic information that allows an advertiser to gather the information, sign on to the system, and send unsolicited messages. To send instant messages to millions of users requires scriptable software and the recipients' IM usernames. Spammers have similarly targeted Internet Relay Chat channels, using IRC bots that join channels and bombard them with advertising.

Messenger service spam has lent itself to spammer use in a particularly circular scheme. In many cases, messenger spammers send messages to vulnerable machines consisting of text like "Annoyed by these messages? Visit this site." The link leads to a Web site where, for a fee, users are told how to disable the Windows messenger service. Though the messenger service is easily disabled for free, the scam works because it creates a perceived need and offers a solution. Often the only "annoying messages" the user receives through Messenger are ads to disable Messenger itself. It is often using a false ID to get money or credit card numbers. Another place where people spam or get spammed is on Online Social Networks such as Myspace and Bebo.

Chat spam

Chat spam can occur in any live chat environment like IRC and in-game multiplayer chat of online games, and in any other form of chat the masses are able to view. It consists of repeating the same word or sentence many times to get attention or to interfere with normal operations. It is generally considered very rude and may lead to swift exclusion of the user from the used chat service by the owners or moderators.

The application of the name "Spam" to unwanted communication originates in Chat-room spam. Specifically, it was developed in the chat-rooms of People-Link in the early 1980s as a technique for getting rid of unwelcome newcomers. When someone would enter a chat-room full of friends who were in mid-conversation, and when the newcomer tried to turn the conversation in an unwelcome direction, two veteran members of the room would begin typing in the Monty Python “Spam” routine at high speed. They would fill the screen with “Spam Spam Spam eggs Spam Spam and Spam” etc, and make all other communication impossible. The other members of the room would just wait quietly until the newcomer got disgusted and moved on to a different room.

Mobile phone spam

Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to customers not only for the inconvenience but also because of the fee they may be charged per text message received in some markets. The term "SpaSMS" was coined at the adnews website Adland in 2000 to describe spam SMS.

Spam targeting search engines ( spamdexing )

Spamdexing (a portmanteau of spamming and indexing) refers to the practice on the World Wide Web of modifying HTML pages to increase the chances of them being placed high on search engine relevancy lists. These sites use "black hat search engine optimization techniques" to unfairly increase their rank in search engines. Many modern search engines modified their search algorithms to try to exclude web pages utilizing spamdexing tactics.

Blog, wiki, and guestbook spam

Blog spam, or "blam" for short, is spamming on weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site.[5] Similar attacks are often performed against wikis and guestbooks, both of which accept user contributions.

Spam targeting video sharing sites

Video sharing sites, such as YouTube, are now being frequently targeted by spammers. The most common technique involves people (or spambots) posting links to sites, most likely pornographic or dealing with online dating, on the comments section of random videos or people's profiles.

Another frequently used technique is using bots to post messages on random users' profiles to a spam account's channel page, along with enticing text and images, usually of a suggestive nature. These pages may include their own or other users' videos, again often suggestive. The main purpose of these accounts is to draw people to their link in the home page section of their profile.

YouTube has blocked the posting of links but people can still manage to get their message across by replacing all instances of a period with the word "dot." For instance, typing out example dot com instead of example.com bypasses the filter set in place. An exploit also exists to bypass the filter. In addition, YouTube has implemented a CAPTCHA system that makes rapid posting of repeated comments much more difficult than before, due to abuse in the past by mass-spammers who would flood people's profiles with thousands of repetitive comments.

Another form of such spam is posting a message which claims to elicit an occurrence, such as an easter egg, the loss of a loved one, or being haunted by a ghost, unless a demand is met by copying and pasting the message a certain number of times within a time limit. A prime example is as follows: "Post this in 5 videos in an hour or you shall die." Such posts target the gullible, but those who are more familiar with them usually respond with derision. Some sites include a feature that allows users to mark certain comments as spam or rate unwelcome comments with a low score, with the intent that spam posts will receive a negative rating.

Yet another kind is actual video spam, giving the uploaded movie a name and description with a popular figure or event which is likely to draw attention, or within the video has a certain image timed to come up as the video's thumbnail image to mislead the viewer. The actual content of the video ends up being totally unrelated, sometimes offensive, or just features on-screen text of a link to the site being promoted.

Others may upload videos presented in an infomercial-like format selling their product which feature actors and paid testimonials, though the promoted product or service is of dubious quality and would likely not pass the scrutiny of a standards and practices department at a television station or cable network.

Source : Wikipedia

Fine Art Forgeries - Global Counterfeiting Scams Uncovered

FBI : Fine Art Forgeries - Global Counterfeiting Scams Uncovered.

For lovers of fine art, it was a veritable field day.

In art shows and galleries across the nation and around the world and over eBay, a trove of limited edition prints by master artists started going up for sale as early as the summer of 1999.

There were two 1968 Pablo Picasso etchings signed in pencil by the artist and numbered from an edition of only 50 prints.

There was a signed print of the “Eiffel Tower” by Marc Chagall, just one of 90.

There was another Picasso print—a drawing called “Francoise Gilot”—that had been obtained from the legendary artist’s daughter.

There were thousands of prints by Calder, Dali, Warhol, Miro, Lichtenstein, and other noted artists, often signed and numbered, complete with certificates of authenticity.

All sold for top dollar.

And all total fakes.

The prints sold by select dealers, it turns out, were counterfeits. The signatures had been forged, the certificates fabricated, the prices driven to inflated levels by “shill bids” on eBay and by other marketing trickery.

Now, seven individuals allegedly behind two separate but overlapping counterfeit art rings—including art dealers in Illinois, Florida, and New York and distributors in Spain and Italy—have been charged in two indictments announced on Wednesday. Together, the scheme is said to have cost victims in Australia, Canada, Europe, Japan, and the U.S. more than $5 million.

The case, code-named "Operation Dealer no Deal," was launched two-and-a-half years ago by the U.S. Postal Inspection Service and the Chicago Division of the FBI after eBay stepped forward with information about fake artwork being sold through its Internet auction website.

“EBay was a great partner in this case,” said Chicago Special Agent Brian Brusokas, a member of the FBI’s Art Crime Team who worked on the investigation. “They identified sellers for us, gave us bidding histories, and shut down accounts used by con artists.”

Postal inspectors played a key role by going undercover in online transactions and in face-to-face meetings. Also contributing to the investigation were Los Mossos d'Esquadra (the Catalan police force) in Barcelona, Spain; U.S. Immigration and Customs Enforcement agents; and the Northbrook Police Department in Illinois.

Don’t let it happen to you. Special Agent Brusokas has a few words of advice when it comes to buying high-dollar art:

“Get a complete provenance or chain of custody on each piece to find out where the art came from originally. Was it obtained directly from an estate, for example? This information provides a way to double-check the piece’s history instead of just relying on the certificate of authenticity.”

“Research the dealer carefully. Check the Better Business Bureau for possible complaints. Find out if they sell only online or if they have a gallery.”
“For pieces of art you already own, you can go back to the gallery and ask for provenance on your print. You can also contact artists’ foundations which will do side-by-side comparisons with originals for a fee.”

“And remember, when you’re trying to find that one treasure from someone’s garage, that’s when you’re more likely to let your guard down.”
Think you’ve been victimized by fraudulent art sales? Then report it to law enforcement by visiting the Northern District of Illinois U.S. Attorney website or by calling its toll-free number at (866) 364-2621.

The FBI’s Art Crime Team, launched in 2004, includes 13 special agents and three Department of Justice attorneys. To date, the team has recovered 850 cultural objects valued at more than $134 million.

Source : FBI

PandaLabs discovers a new vulnerability in Access now being used to infect computers

PandaLabs, Panda Security’s malware detection and analysis laboratory, has discovered a new vulnerability in Microsoft Access. This is a similar security problem to the one discovered a few months back, categorized as CVE-2007-6026. The newly discovered flaw also affects the msjet40.dll library, albeit at a different point.

The problem is exacerbated by the fact that cyber criminals are already actively using this security hole to install malware silently on computers. Specifically, PandaLabs has detected that it is being used to distribute the dangerous Keylogger.DB Trojan, designed to steal confidential data by logging users’ keystrokes.

This security hole is exploited through maliciously-crafted Access files(.mdb), embedded with malicious code.

According to Luis Corrons, technical director of PandaLabs: “Whenever a vulnerability of this type appears, cyber-crooks will try to take full advantage of it. We can therefore expect to see more malicious Access files in circulation that contain not only this Trojan, but also other types of threats”.

To avoid falling victim to this security problem, PandaLabs advises users not to open suspicious files received or downloaded from the Internet, and to keep their security solutions up-to-date, especially since there is currently no patch available to resolve this vulnerability.

For more information about this story, go to the PandaLabs blog at: http://pandalabs.pandasecurity.com/

Source : Panda Security

Trojans - the most active malware type in February 2008

Trojans - the most active malware type in February 2008.

Infections caused by worms continued to rise last month (17% of all infections). The appearance of worms capable of stealing confidential data seems to be behind this, explains PandaLabs.

Trojans accounted for 23.70% of infections registered by ActiveScan, Panda Security’s online scanner, in February. However, the infections caused by this type of malicious code seem to have stalled over the last few months, compared to the constant growth witnessed in 2007.

Worms, however, have increased for the second month in a row, going from 15% to 17.60% Adware stayed at its usual level (20.71% of infections in February).

“The worm boom is caused by an increase in their capabilities. Until recently, most worms were solely designed to spread from one computer to another. Over the last few months, however, there has been an increase in the number of worm strains capable of stealing data, something that, in the past only Trojans and spyware were capable of. This hybridization process is making it increasingly difficult to classify malware specimens into one category or another”, explains Luis Corrons, Technical Director of PandaLabs.

As for the most active malicious code in February, the list is headed by the Downloader.MDW Trojan, designed to drop other malware strains onto the infected computer.

Type : Name

Trojan : Downloader.MDW

Worm : Bagle.RC.

Worm : Lineage.GXD.

Worm : Bagle.RP.

Worm : Lineage.HJT.

Worm : Perlovga.A.

Worm : Bagle.HX.

Worm : Lineage.HIC.

Worm : Puce.E.

Worm : Lineage.HJB.

The Bagle.RC worm takes second place, whereas the Lineage.GXD worm, designed to affect users of the Lineage online game is third. Type Name Trojan Downloader.MDW Worm Bagle.RC. Worm Lineage.GXD. Worm Bagle.RP. Worm Lineage.HJT. Worm Perlovga.A. Worm Bagle.HX. Worm Lineage.HIC. Worm Puce.E. Worm Lineage.HJB.

“As you can see, the majority of this month’s most active malware strains have been worms, which confirms the rise of infections caused by this type of malware”, says Corrons.

About PandaLabs

Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients safe. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPrevent® Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users. More information is available in the PandaLabs blog.

For more information: http://www.pandasecurity.com/homeusers/security-info/

Source : Panda Security

New version of AVG 8.0 attracted plenty of interest at CeBIT

New version of AVG 8.0 attracted plenty of interest at CeBIT.

AVG Technologies exhibit also introduced the company’s new line of security cocktails.

Czech Republic, March 10, 2008 – AVG Technologies, a leading provider of Internet Security software, demonstrated the latest version of its award-winning product range at CeBIT last week. AVG 8.0 was officially release at the end of February and offers users an extensive range of new and improved protection capabilities, including real-time protection against web-borne threats.

AVG 8.0 is designed to protect users against current and future threats without impacting system performance, a task made significantly easier by the completely redesigned user interface and inclusion of the handy AVG Security Toolbar. “The new AVG Active Surf-Shield and Search-Shield, acquired through the purchase of Exploit Prevention Labs last year, proved particularly interesting for show visitors,” says Miloslav Korenko, marketing director of AVG Technologies. “Getting a definitive safety report about every website they plan to visit is very appealing to people.”

Hundreds of CeBIT visitors were also entertained by the unusual bartender’s show at the company’s stand. Cocktails named after AVG products were prepared right in front of show visitors and available for sampling on site. “The fresh taste of AVG cocktails was as good as the quality of AVG brand,” adds Korenko. “This year, CeBIT was exceptionally successful for AVG, and the excitement of bartender’s show matched the excitement surrounding the launch of AVG 8.0.”

AVG Technologies products now protect more than 70 million computer users around the world. Download provider CNet reports that AVG is one of the top 20 most downloaded programs of all time. AVG Technologies also recently won the Ruban d’Honneur award, which recognizes the company as one of Europe’s most innovative organizations. The company is also a finalist in this year’s European Business Awards.

About AVG Technologies:
www.avg.com
Founded in 1991 and headquartered in the Czech Republic, AVG is a leading international developer of Internet threat protection solutions for consumers, SMBs and small enterprises. AVG protects more than 70 million computer users around the world. The company has regional offices in North America and the United Kingdom, and employs some of the world’s leading experts in Internet security, specifically in the areas of threat research, analysis and detection. AVG’s award-winning products are distributed globally through resellers and over the Internet as well as via third parties through Software Developer’s Kits (SDK).

Source : Avg

Indentity Theft : Minimize Your Risk

Indentity Theft : Minimize Your Risk.

While nothing can guarantee that you won't become a victim of identity theft, you can minimize your risk, and minimize the damage if a problem develops, by making it more difficult for identity thieves to access your personal information.

Protect your Social Security number

Don't carry your Social Security card in your wallet or write your Social Security number on a check. Give your Social Security number only when absolutely necessary, and ask to use other types of identifiers. If your state uses your Social Security number as your driver's license number, ask to substitute another number. Do the same if your health insurance company uses your Social Security number as your policy number.

Your employer and financial institutions will need your Social Security number for wage and tax reporting purposes. Other businesses may ask you for your Social Security number to do a credit check if you are applying for a loan, renting an apartment, or signing up for utilities. Sometimes, however, they simply want your Social Security number for general record keeping.

If someone asks for your Social Security number, ask:

Why do you need my Social Security number?

How will my Social Security number be used?

How do you protect my Social Security number from being stolen?

What will happen if I don't give you my Social Security number?

If you don't provide your Social Security number, some businesses may not provide you with the service or benefit you want. Getting satisfactory answers to these questions will help you decide whether you want to share your Social Security number with the business. The decision to share is yours.

Treat your trash and mail carefully

To thwart an identity thief who may pick through your trash or recycling bins to capture your personal information, always shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you're discarding, and credit offers you get in the mail.

To opt out of receiving prescreened offers of credit in the mail, call: 1-888-5-OPT-OUT (1-888-567-8688). Note: You will be asked to provide your Social Security number which the consumer reporting companies need to match you with your file.

Deposit your outgoing mail containing personally identifying information in post office collection boxes or at your local post office, rather than in an unsecured mailbox. Promptly remove mail from your mailbox. If you're planning to be away from home and can't pick up your mail, contact the U.S. Postal Service at 1-800-275-8777 or online at http://www.usps.gov/, to request a vacation hold. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it.

Be on guard when using the Internet

The Internet can give you access to information, entertainment, financial offers, and countless other services but at the same time, it can leave you vulnerable to online scammers, identity thieves and more. For practical tips to help you be on guard against Internet fraud, secure your computer, and protect your personal information, visit http://www.onguardonline.gov/.

Select intricate passwords

Place passwords on your credit card, bank, and phone accounts. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your Social Security number or your phone number, a series of consecutive numbers, or a single word that would appear in a dictionary. Combinations of letters, numbers, and special characters make the strongest passwords. When opening new accounts, you may find that many businesses still ask for your mother's maiden name. Find out if you can use a password instead.

Verify a source before sharing information

Don't give out personal information on the phone, through the mail, or on the Internet unless you've initiated the contact and are sure you know who you're dealing with. Identity thieves are clever, and may pose as representatives of banks, Internet service providers (ISPs), and even government agencies to get people to reveal their Social Security number, mother's maiden name, account numbers, and other identifying information.

Before you share any personal information, confirm that you are dealing with a legitimate organization. Check an organization's website by typing its URL in the address line, rather than cutting and pasting it. Many companies post scam alerts when their name is used improperly. Or call customer service using the number listed on your account statement or in the telephone book.

Safeguard your purse and wallet

Protect your purse and wallet at all times. Don't carry your Social Security number or card; leave it in a secure place. Carry only the identification information and the credit and debit cards that you'll actually need when you go out.

Store information in secure locations

Keep your personal information in a secure place at home, especially if you have roommates, employ outside help, or are having work done in your house. Share your personal information only with those family members who have a legitimate need for it. Keep your purse or wallet in a safe place at work; do the same with copies of administrative forms that have your sensitive personal information.

Ask about information security procedures in your workplace or at businesses, doctor's offices or other institutions that collect your personally identifying information. Find out who has access to your personal information and verify that it is handled securely. Ask about the disposal procedures for those records as well. Find out if your information will be shared with anyone else. If so, ask how your information can be kept confidential.

What is a credit freeze?

Many states have laws that let consumers “freeze” their credit – in other words, letting a consumer restrict access to his or her credit report. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. This means that it’s unlikely that an identity thief would be able to open a new account in your name. Placing a credit freeze does not affect your credit score – nor does it keep you from getting your free annual credit report, or from buying your credit report or score.

Credit freeze laws vary from state to state. In some states, anyone can freeze their credit file, while in other states, only identity theft victims can. The cost of placing, temporarily lifting, and removing a credit freeze also varies. Many states make credit freezes free for identity theft victims, while other consumers pay a fee – typically $10. It’s also important to know that these costs are for each of the credit reporting agencies. If you want to freeze your credit, it would mean placing the freeze with each of three credit reporting agencies, and paying the fee to each one.

You can find more information about credit freeze laws specific to your state by clicking here, including information on how to place one.

Who can access my credit report if I place a credit freeze?

If you place a credit freeze, you will continue to have access to your free annual credit report. You’ll also be able to buy your credit report and credit score even after placing a credit freeze. Companies that you do business with will still have access to your credit report – for example, your mortgage, credit card, or cell phone company – as would collection agencies that are working for one of those companies. Companies will also still be able to offer you prescreened credit. Those are the credit offers you receive in the mail that you have not applied for. Additionally, in some states, potential employers, insurance companies, landlords, and other non-creditors can still get access to your credit report with a credit freeze in place.

Can I temporarily lift my credit freeze if I need to let someone check my credit report?

If you want to apply for a loan or credit card, or otherwise need to give someone access to your credit report and that person is not covered by an exception to the credit freeze law, you would need to temporarily lift the credit freeze. You would do that by using a PIN that each credit reporting agency would send once you placed the credit freeze. In most states, you’d have to pay a fee to lift the credit freeze. Most states currently give the credit reporting agencies three days to lift the credit freeze. This might keep you from getting “instant” credit, which may be something to weigh when considering a credit freeze.

What does a credit freeze not do?

While a credit freeze can help keep an identity thief from opening most new accounts in your name, it’s not a solution to all types of identity theft. It will not protect you, for example, from an identity thief who uses your existing credit cards or other accounts. There are also new accounts, such as telephone, wireless, and bank accounts, which an ID thief could open without a credit check. In addition, some creditors might open an account without first getting your credit report. And, if there’s identity theft already going on when you place the credit freeze, the freeze itself won’t be able to stop it. While a credit freeze may not protect you in these kinds of cases, it can protect you from the vast majority of identity theft that involves opening a new line of credit.

What’s the difference between a credit freeze and a fraud alert?

A fraud alert is another tool for people who’ve had their ID stolen – or who suspect it may have been stolen. With a fraud alert in place, businesses may still check your credit report. Depending on whether you place an initial 90-day fraud alert or an extended fraud alert, potential creditors must either contact you or use what the law refers to as “reasonable policies and procedures” to verify your identity before issuing credit in your name. However, the steps potential creditors take to verify your identity may not always alert them that the applicant is not you.

A credit freeze, on the other hand, will prevent potential creditors and other third parties from accessing your credit report at all, unless you lift the freeze or already have a relationship with the company. Some consumers use credit freezes because they feel they give more protection. As with credit freezes, fraud alerts are mainly effective against new credit accounts being opened in your name, but will likely not stop thieves from using your existing accounts, or opening new accounts such as new telephone or wireless accounts, where credit is often not checked. Also, only people who’ve had their ID stolen – or who suspect it may have been stolen, may place fraud alerts. In some states, anyone can place a credit freeze.

About identity theft insurance

Although identity theft insurance won't deter identity thieves, it can, in certain circumstances, minimize losses if an identity theft occurs. As with any product or service, as you consider whether to buy, be sure you understand what you'd be getting. Things to consider include: (1) the amount of coverage the policy provides; (2) whether it covers any lost wages (and, if so, whether there's a cap on the wages you can claim, or a separate deductible); (3) the amount of the deductible; (4) what might be excluded (for example, if the thief is a family member or if the thief made electronic withdrawals and transfers); (5) whether the policy provides a personal counselor to help you resolve the problems of identity theft; and (6) whether your existing homeowner's policy already contains some coverage. Be aware that one of the major "costs" of identity theft is the time you will spend to clear your name. Also be aware that many companies and law enforcement officers will only deal with you (as opposed to an insurance company representative). So, even if your policy provides you with a personal counselor, that counselor can often only guide you, as opposed to doing the work to clear your name. And, as you evaluate insurance products and services, you may also consider checking out the insurer with your local Better Business Bureau, consumer protection agency and state Attorney General.




Video
A 10-minute educational video that provides an overview of identity theft and outlines the steps consumers can take.

Source : FTC