This is one strategy that attorney's charge $1,500 or more for. It is the technique that removes any public record from your credit report, in a legal fashion.
As with any form of credit restoration, there is the process of challenging the listing for validity and requesting documentation that the debt exists. The way to remove public records is to challenge individual items, such as date discharged, amount, date of last activity etc. Dispute the individual information contained in the public record as being incomplete.
If there is nothing missing, first dispute the entire listing. If the report comes back as verified, then request the "method of verification".
As stated in the Fair Credit Reporting Act:
15 U.S.C section 1681 (i)(7): "Description of reinvestigative procedure. A consumer reporting agency shall provide to a consumer a description referred to in paragraph (6)(B)(iii)by not later than 15 days after receiving a request from a consumer for that description."
(6)(B)(iii)"...a description of the procedure used to determine accuracy and completeness of the information shall be provided to the consumer by the agency, including the business name and address of the furnisher of information contacted in connection with such information and the telephone number of such furnisher
The credit bureaus rarely provide the furnishers contact information because they don't want the consumer to realize that in most cases all they're doing is a computer verification and not a verbal one. When this information is not given in a resonable and timely manner, pressure can then be put on the credit reporting agency to delete the account.
The main thing to point out here is PROCEDURE. The CRA must follow procedure as set forth in the law.
15 U.S.C. section 168 (e): Accuracy of report. Whenever a consumer reporting agency prepares a consumer report it shall follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates
Friday, December 12, 2008
Sunday, December 7, 2008
Why I stopped Shopping at Amazon.com
Why I stopped shopping at Amazon.com:
A reading expert sounds off...
I've shopped at Amazon.com for several years. But I decided to quit shopping there because of:
1) Their new privacy notice. The revised notice (not a "policy") states that they gather information about consumers every time they search for a product. That means to me that they've developed a profile on me based not only on what I buy, but what I'm looking for. I don't want them to know that much about me.
It may only be a matter of semantics, but according to the Merriam-Webster Collegiate Dictionary (2000) a "policy" is a procedure based on material interest, or a course of action used to guide decisions, while a "notice" is more of a warning or announcement. What does it mean for consumers to be protected by a privacy notice instead of a privacy policy?
2) Difficulty in canceling my account. How do you cancel your online account at Amazon.com? You can enter your account to make any changes, but I didn't see any way to cancel an account. When I e-mailed them about canceling my account, here's the response I received:
Customer privacy is an issue we take very seriously. Please rest assured that Amazon.com is *not* in the business of selling customer information.
We have developed, and may continue to develop, business relationships and co-branded sites with other online companies (such as Greenlight and toysrus.com). We will make it clear when an affiliated merchant is involved in any transaction you may make via our web site.
If you would prefer not to share your personal information with an affiliated merchant, you may always choose not to shop with that merchant. In either event, because the customer information shared with these jointly owned or co-branded businesses is limited to information regarding your transactions with those merchants, information about your other purchases at Amazon.com (such as books and music) will never be shared with any jointly owned or co-branded business without your consent.
Please note that it is fairly easy to tell when you are dealing with an affiliated merchant, and we do not share your information with non-affiliated third parties (i.e., direct marketers and spammers).
In the unlikely event that Amazon.com Inc., or substantially all of its assets are acquired, customer information may be one of the transferred assets, just as with a bank or other physical store that keeps customer records.
I hope this has addressed your concerns about our Privacy Notice. If you wish to close your account, however, please write back to us at account-close@amazon.com and we will do so.
Please note that we cannot totally remove account information from our system, as it is part of our business transaction records. (Italics added.)
Please feel free to write back to us if you have any further questions or concerns. Thank you for shopping at Amazon.com.
Best regards,
Nathan H.
Amazon.com
Earth's Biggest Selection
http://www.amazon.com
So they own my account information--forever. Note that the web page does not tell you how to cancel your account. I only found out from their e-mail. They make it easy to become customer, but almost impossible to become an ex-customer.
3) Dynamic pricing. Amazon.com recently got caught charging different customers different amounts for the same product. They claimed it was a marketing experiment (which would not be repeated) but I'm not sure I believe them. How do you know if the price you're being charged is the only price for the product you're buying? Maybe some consumers pay more, some less. There's no way for you to know.
4) Conditions of use. According to Amazon.com's "Conditions of Use" --
Confirming Price and Availability
We cannot confirm the price of an item until you order, but please note that we do NOT charge your credit card until the date we ship your order to you.
Despite our best efforts, a small number of the more than 4.7 million items in our catalog are mispriced. Rest assured, however, that we verify prices as part of our shipping procedures.
If an item's correct price is lower than our stated price, we charge the lower amount and ship you the item.
If an item's correct price is higher than our stated price, we contact you for instructions before shipping.
After we have received your order, we will also inform you by e-mail if any items in your order prove to be unavailable.
Given their experiment with dynamic pricing, just what is their "correct price?" How does dynamic pricing (which they say they're not doing any more) fit with their conditions of use?
With all the articles written about Amazon.com's privacy notice, nothing has been written about their "Conditions of Use"--which is written at a 3rd-4th year college reading level. Based on 1998 census data, about 24% of adults have a bachelor's degree or more. Since literacy researchers know that people often read several grades lower than their highest level of educational attainment, it is clear that most consumers will have a hard time understanding those "Conditions."
As unreadable as many privacy policies are, I suspect that Terms of Use/Conditions of Use are even more complicated and legalistic. Maybe that's why columnists and privacy advocates haven't taken as close a look at them as they have privacy policies. Yet the two are linked.
My "readability analysis" of Amazon.com's "Conditions of Use" shows that it's a hard document to understand because it has too many long and complicated sentences, and too many big and unfamiliar words. The writing style is weak, and does not meet plain English criteria.
Readability Statistics Amazon.com's
Conditions of Use
Based on 57 sentences
I. DOCUMENT STYLE ANALYSIS
a) Reading Ease Difficult
b) Human Interest Interesting
c) Reading Grade Level
[24% of adults have a college degree]
Grade 15-16 (3rd-4th year college)
d) Overall Writing Style Weak
e) Plain English Grade D (62%)
II. SENTENCE ANALYSIS
a) Words per sentence 28 [15-20 is best]
b) Active voice sentences 52% [60% is best]
c) % Simple & Normal Sentences 53% [80% is best]
d) % Wordy, pompous & complicated sentences 47% [20% is best]
e) Sentences written at grade 16-20
47% [5% is best]
III. WORD ANALYSIS
a) Syllables per word 1.7 [1.5 is best]
b) Big words (more than 2 syllables) 21% [10% is best]
c) Text Statistics
< 1450 = common words
1450 = normal words
> 1450 = uncommon words 3,652
5) Privacy certification. Many online sites have TRUSTe certification, although Amazon.com is not one of them. In fact, Amazon.com does not have any privacy certification on their web site at all!
As a general observation, the TRUSTe "Site Coordinator's Guide" identifies "Readability" as one of "Truste's Required Guidelines." That guideline states that "The privacy statement must be easy to read and understand. Use language that will not confuse or frustrate users. We suggest writing at an eighth grade level without any legal jargon."
I have not seen any privacy policies written at an eighth grade reading level, even those at web sites with TRUSTe certification. I emailed TRUSTe about this contradiction, but did not receive a reply. What good is a privacy policy if people can't understand it?
I don't like Amazon.com's privacy notice, the impossibility of truly canceling my account, a potentially contradictory pricing strategy, complicated and confusing "conditions of use" and a total lack of privacy certification.
I'm taking my business elsewhere.
A biography of the author:
Mark Hochhauser, Ph.D., researches, writes, and consults on the readability of written information.
The online version of the article does not contain the chart with that data; contact Mark for more information.
Mark Hochhauser, Ph.D.
Readability Consulting
3344 Scott Avenue North
Golden Valley, MN 55422
Phone: (763) 521-4672
Fax: (763) 521-5069
E-mail: MarkH38514@aol.com
A reading expert sounds off...
I've shopped at Amazon.com for several years. But I decided to quit shopping there because of:
1) Their new privacy notice. The revised notice (not a "policy") states that they gather information about consumers every time they search for a product. That means to me that they've developed a profile on me based not only on what I buy, but what I'm looking for. I don't want them to know that much about me.
It may only be a matter of semantics, but according to the Merriam-Webster Collegiate Dictionary (2000) a "policy" is a procedure based on material interest, or a course of action used to guide decisions, while a "notice" is more of a warning or announcement. What does it mean for consumers to be protected by a privacy notice instead of a privacy policy?
2) Difficulty in canceling my account. How do you cancel your online account at Amazon.com? You can enter your account to make any changes, but I didn't see any way to cancel an account. When I e-mailed them about canceling my account, here's the response I received:
Customer privacy is an issue we take very seriously. Please rest assured that Amazon.com is *not* in the business of selling customer information.
We have developed, and may continue to develop, business relationships and co-branded sites with other online companies (such as Greenlight and toysrus.com). We will make it clear when an affiliated merchant is involved in any transaction you may make via our web site.
If you would prefer not to share your personal information with an affiliated merchant, you may always choose not to shop with that merchant. In either event, because the customer information shared with these jointly owned or co-branded businesses is limited to information regarding your transactions with those merchants, information about your other purchases at Amazon.com (such as books and music) will never be shared with any jointly owned or co-branded business without your consent.
Please note that it is fairly easy to tell when you are dealing with an affiliated merchant, and we do not share your information with non-affiliated third parties (i.e., direct marketers and spammers).
In the unlikely event that Amazon.com Inc., or substantially all of its assets are acquired, customer information may be one of the transferred assets, just as with a bank or other physical store that keeps customer records.
I hope this has addressed your concerns about our Privacy Notice. If you wish to close your account, however, please write back to us at account-close@amazon.com and we will do so.
Please note that we cannot totally remove account information from our system, as it is part of our business transaction records. (Italics added.)
Please feel free to write back to us if you have any further questions or concerns. Thank you for shopping at Amazon.com.
Best regards,
Nathan H.
Amazon.com
Earth's Biggest Selection
http://www.amazon.com
So they own my account information--forever. Note that the web page does not tell you how to cancel your account. I only found out from their e-mail. They make it easy to become customer, but almost impossible to become an ex-customer.
3) Dynamic pricing. Amazon.com recently got caught charging different customers different amounts for the same product. They claimed it was a marketing experiment (which would not be repeated) but I'm not sure I believe them. How do you know if the price you're being charged is the only price for the product you're buying? Maybe some consumers pay more, some less. There's no way for you to know.
4) Conditions of use. According to Amazon.com's "Conditions of Use" --
Confirming Price and Availability
We cannot confirm the price of an item until you order, but please note that we do NOT charge your credit card until the date we ship your order to you.
Despite our best efforts, a small number of the more than 4.7 million items in our catalog are mispriced. Rest assured, however, that we verify prices as part of our shipping procedures.
If an item's correct price is lower than our stated price, we charge the lower amount and ship you the item.
If an item's correct price is higher than our stated price, we contact you for instructions before shipping.
After we have received your order, we will also inform you by e-mail if any items in your order prove to be unavailable.
Given their experiment with dynamic pricing, just what is their "correct price?" How does dynamic pricing (which they say they're not doing any more) fit with their conditions of use?
With all the articles written about Amazon.com's privacy notice, nothing has been written about their "Conditions of Use"--which is written at a 3rd-4th year college reading level. Based on 1998 census data, about 24% of adults have a bachelor's degree or more. Since literacy researchers know that people often read several grades lower than their highest level of educational attainment, it is clear that most consumers will have a hard time understanding those "Conditions."
As unreadable as many privacy policies are, I suspect that Terms of Use/Conditions of Use are even more complicated and legalistic. Maybe that's why columnists and privacy advocates haven't taken as close a look at them as they have privacy policies. Yet the two are linked.
My "readability analysis" of Amazon.com's "Conditions of Use" shows that it's a hard document to understand because it has too many long and complicated sentences, and too many big and unfamiliar words. The writing style is weak, and does not meet plain English criteria.
Readability Statistics Amazon.com's
Conditions of Use
Based on 57 sentences
I. DOCUMENT STYLE ANALYSIS
a) Reading Ease Difficult
b) Human Interest Interesting
c) Reading Grade Level
[24% of adults have a college degree]
Grade 15-16 (3rd-4th year college)
d) Overall Writing Style Weak
e) Plain English Grade D (62%)
II. SENTENCE ANALYSIS
a) Words per sentence 28 [15-20 is best]
b) Active voice sentences 52% [60% is best]
c) % Simple & Normal Sentences 53% [80% is best]
d) % Wordy, pompous & complicated sentences 47% [20% is best]
e) Sentences written at grade 16-20
47% [5% is best]
III. WORD ANALYSIS
a) Syllables per word 1.7 [1.5 is best]
b) Big words (more than 2 syllables) 21% [10% is best]
c) Text Statistics
< 1450 = common words
1450 = normal words
> 1450 = uncommon words 3,652
5) Privacy certification. Many online sites have TRUSTe certification, although Amazon.com is not one of them. In fact, Amazon.com does not have any privacy certification on their web site at all!
As a general observation, the TRUSTe "Site Coordinator's Guide" identifies "Readability" as one of "Truste's Required Guidelines." That guideline states that "The privacy statement must be easy to read and understand. Use language that will not confuse or frustrate users. We suggest writing at an eighth grade level without any legal jargon."
I have not seen any privacy policies written at an eighth grade reading level, even those at web sites with TRUSTe certification. I emailed TRUSTe about this contradiction, but did not receive a reply. What good is a privacy policy if people can't understand it?
I don't like Amazon.com's privacy notice, the impossibility of truly canceling my account, a potentially contradictory pricing strategy, complicated and confusing "conditions of use" and a total lack of privacy certification.
I'm taking my business elsewhere.
A biography of the author:
Mark Hochhauser, Ph.D., researches, writes, and consults on the readability of written information.
The online version of the article does not contain the chart with that data; contact Mark for more information.
Mark Hochhauser, Ph.D.
Readability Consulting
3344 Scott Avenue North
Golden Valley, MN 55422
Phone: (763) 521-4672
Fax: (763) 521-5069
E-mail: MarkH38514@aol.com
Private Internet Searches
Keep Your Internet Searches Private
Internet users were shocked to learn that the search queries of over 600,000 individuals were exposed online by AOL recently. Although the personal names of AOL users had been replaced with numbers, apparently for a research project, reporters and others were able to determine the identities of several people. Search terms revealed medical conditions, illegal activities, illicit interests, financial information, even Social Security numbers.
The retention of search logs is a common practice of search engine companies, not only AOL, but also the other major services such as Google, MSN, Ask, and Yahoo. But a little-known search engine has made a name for itself by bucking the trend.
Ixquick, a search engine based in the Netherlands, promises it will permanently delete all users’ personal search details from its log files. With this privacy policy, established in June 2006, Ixquick stands heads taller than its peers. www.ixquick.com
To date, the other search engines store users’ search details for at least some time. Google, which is preferred by just under half of all users, stores search data indefinitely. Other popular search engines, including MSN, Ask, and Yahoo also have policies indicating that they store user data for an undefined period of time.
When AOL released Internet search histories, the public realized that the search terms entered could tell a lot about the searcher. At least two user’s identities were revealed through search terms alone. The Washington Post reports that at least 190 users had entered their Social Security number into AOL’s search engine.
Ixquick will delete a user’s IP address and has designed a cookie that will not identify an individual user. It says deletes all personal information within 48 hours.
Switching to Ixquick does not mean you have to give up the other search engines. Ixquick is a metasearch engine, which means that it returns the top-ten results from multiple other search engines. It uses a star system to rank its results -- by awarding one star for every result that has been returned from another search engine. Thereby, the top search results are the ones that have been returned from the maximum number of search engines.
The AOL situation is just the latest example of why data retention policies are a privacy risk for consumers. In December 2005, the U.S. government wanted data to support its proposed child pornography law. To get the necessary data, the government issued subpoenas to Google, Microsoft, Yahoo, and AOL asking for search histories and IP addresses. Google fought the subpoena, but eventually had to turn over Web site addresses that were returned by searches.
At the time, the other search engines, which complied with the subpoena, claimed that no personal information was released by handing over the search histories to the government. The recent AOL incident shows how empty those statements were.
What’s the lesson to be learned from this privacy meltdown? Relying on a search engine’s promise not to reveal your information may not protect your personal information. The best solution is to use online services that minimize data retention. If a search engine has no data, then a subpoena for personal search information is useless.
You can search the Internet in private at www.ixquick.com
At least two complaints have been filed with the Federal Trade Commission about AOL’s disclosure of search terms:
1. Complaint of the World Privacy Forum (WPF), www.worldprivacyforum.org/pdf/WPF_FTCcomplaint8162006fswp.pdf
2. Complaint of the Electronic Frontier Foundation, www.eff.org/Privacy/AOL/aol_ftc_complaint_final.pdf
For tips on search engine privacy, read the WPF’s guide: www.worldprivacyforum.org/searchengineprivacytips.html.
Internet users were shocked to learn that the search queries of over 600,000 individuals were exposed online by AOL recently. Although the personal names of AOL users had been replaced with numbers, apparently for a research project, reporters and others were able to determine the identities of several people. Search terms revealed medical conditions, illegal activities, illicit interests, financial information, even Social Security numbers.
The retention of search logs is a common practice of search engine companies, not only AOL, but also the other major services such as Google, MSN, Ask, and Yahoo. But a little-known search engine has made a name for itself by bucking the trend.
Ixquick, a search engine based in the Netherlands, promises it will permanently delete all users’ personal search details from its log files. With this privacy policy, established in June 2006, Ixquick stands heads taller than its peers. www.ixquick.com
To date, the other search engines store users’ search details for at least some time. Google, which is preferred by just under half of all users, stores search data indefinitely. Other popular search engines, including MSN, Ask, and Yahoo also have policies indicating that they store user data for an undefined period of time.
When AOL released Internet search histories, the public realized that the search terms entered could tell a lot about the searcher. At least two user’s identities were revealed through search terms alone. The Washington Post reports that at least 190 users had entered their Social Security number into AOL’s search engine.
Ixquick will delete a user’s IP address and has designed a cookie that will not identify an individual user. It says deletes all personal information within 48 hours.
Switching to Ixquick does not mean you have to give up the other search engines. Ixquick is a metasearch engine, which means that it returns the top-ten results from multiple other search engines. It uses a star system to rank its results -- by awarding one star for every result that has been returned from another search engine. Thereby, the top search results are the ones that have been returned from the maximum number of search engines.
The AOL situation is just the latest example of why data retention policies are a privacy risk for consumers. In December 2005, the U.S. government wanted data to support its proposed child pornography law. To get the necessary data, the government issued subpoenas to Google, Microsoft, Yahoo, and AOL asking for search histories and IP addresses. Google fought the subpoena, but eventually had to turn over Web site addresses that were returned by searches.
At the time, the other search engines, which complied with the subpoena, claimed that no personal information was released by handing over the search histories to the government. The recent AOL incident shows how empty those statements were.
What’s the lesson to be learned from this privacy meltdown? Relying on a search engine’s promise not to reveal your information may not protect your personal information. The best solution is to use online services that minimize data retention. If a search engine has no data, then a subpoena for personal search information is useless.
You can search the Internet in private at www.ixquick.com
At least two complaints have been filed with the Federal Trade Commission about AOL’s disclosure of search terms:
1. Complaint of the World Privacy Forum (WPF), www.worldprivacyforum.org/pdf/WPF_FTCcomplaint8162006fswp.pdf
2. Complaint of the Electronic Frontier Foundation, www.eff.org/Privacy/AOL/aol_ftc_complaint_final.pdf
For tips on search engine privacy, read the WPF’s guide: www.worldprivacyforum.org/searchengineprivacytips.html.
Friday, November 28, 2008
Highway Radar Jamming
Highway Radar Jamming
Most drivers wanting to make better time on the open road will
invest in one of those expensive radar detectors. However, this
device will not work against a gun type radar unit in which the
radar signal is not present until the cop has your car in his
sights and pulls the trigger. Then it is TOO LATE for you to slow
down. A better method is to continuously jam any signal with a
radar signal of your own. I have tested this idea with the
cooperation of a local cop and found that his unit reads random
numbers when my car approached him. It is surprisingly easy to make
a low power radar transmitter. A nifty little semi-conductor called
a Gunn Diode will generate microwaves when supplied with the 5 to
10 volt DC and enclosed in the correct size cavity (resonator). An
8 to 3 terminal regulator can be used to get this voltage from a
car's 12v system. However, the correct construction and tuning of
the cavity is difficult without good microwave measurement
equipment. Police radars commonly operate on the K band at 22 ghz.
Or more often on the X band at 10.525 ghz. most microwave intruder
alarms and motion detectors (mounted over automatic doors in
supermarkets & banks, etc.) contain a Gunn type
transmitter/receiver combination that transmits about 10 kilowatts
at 10.525 ghz. These units work perfectly as jammers. If you
cannot get one locally, write to Microwave Associates in
Burlington, Massachusettes and ask them for info on 'Gunnplexers'
for ham radio use. When you get the unit it may be mounted in a
plastic box on the dash or in a weather-proff enclosure behind the
PLASTIC grille. Switch on the power when on an open highway. The
unit will not jam radar to the side or behind the car so don't go
speeding past the radar trap. An interesting phenomena you will
notice is that the drivers who are in front of you who are using
detectors will hit their brakes as you approach large metal signs
and bridges. Your signal is bouncing off of these objects and
triggering their radar detectors! HAVE FUN!
P.S. If you are interested in this sort of thing, get a copy of
POPULAR COMMUNICATIONS. The ads in there tell you where you can
get all kinds of info on all kinds of neat equipment for all kinds
of neat things!
Most drivers wanting to make better time on the open road will
invest in one of those expensive radar detectors. However, this
device will not work against a gun type radar unit in which the
radar signal is not present until the cop has your car in his
sights and pulls the trigger. Then it is TOO LATE for you to slow
down. A better method is to continuously jam any signal with a
radar signal of your own. I have tested this idea with the
cooperation of a local cop and found that his unit reads random
numbers when my car approached him. It is surprisingly easy to make
a low power radar transmitter. A nifty little semi-conductor called
a Gunn Diode will generate microwaves when supplied with the 5 to
10 volt DC and enclosed in the correct size cavity (resonator). An
8 to 3 terminal regulator can be used to get this voltage from a
car's 12v system. However, the correct construction and tuning of
the cavity is difficult without good microwave measurement
equipment. Police radars commonly operate on the K band at 22 ghz.
Or more often on the X band at 10.525 ghz. most microwave intruder
alarms and motion detectors (mounted over automatic doors in
supermarkets & banks, etc.) contain a Gunn type
transmitter/receiver combination that transmits about 10 kilowatts
at 10.525 ghz. These units work perfectly as jammers. If you
cannot get one locally, write to Microwave Associates in
Burlington, Massachusettes and ask them for info on 'Gunnplexers'
for ham radio use. When you get the unit it may be mounted in a
plastic box on the dash or in a weather-proff enclosure behind the
PLASTIC grille. Switch on the power when on an open highway. The
unit will not jam radar to the side or behind the car so don't go
speeding past the radar trap. An interesting phenomena you will
notice is that the drivers who are in front of you who are using
detectors will hit their brakes as you approach large metal signs
and bridges. Your signal is bouncing off of these objects and
triggering their radar detectors! HAVE FUN!
P.S. If you are interested in this sort of thing, get a copy of
POPULAR COMMUNICATIONS. The ads in there tell you where you can
get all kinds of info on all kinds of neat equipment for all kinds
of neat things!
50 Ways To Take Control of Your Personal Data
50 Ways to Take Back Control of Your Personal Data
Use these tips to avoid identity theft, financial loss and other crimes.
Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit card, manage an online bank account or carry your Social Security card. There is hope, however, for fighting these threats, and you can start by taking back control of all of your personal data. The 50 tips and tools in this list will help you understand how these scams originate, how to protect yourself online and offline, and how to track down your personal data on the Internet.
Web Privacy
Protect yourself and your data online by choosing a secure Web browser, understanding the dos and dont's of wireless security, and correctly managing passwords.
1. Use a secure Web browser. Using a secure Web browser can hide your Internet activity, prevent Spyware attacks, and alert you when a Web site asks you to install extra software or doesn't have an official certificate, all of which can leave you vulnerable to an attack.
2. Set up a private wireless connection. If you use a wireless connection to get on the Internet, set up a secure account so that other users can't log on to your account and access saved passwords or ISP information — either by accident or on purpose. You can back up a good wifi account with a VPN (virtual private network).
3. Use different passwords. If you use the same password for every online account you have, you're putting yourself in a very vulnerable position. All it takes is for someone to crack the password on one unsecure site, and they'll be able to access your banking information and a lot more.
4. Don't save email settings or password settings. Online banking sites, social-media Web sites and shopping sites let users save their passwords and log-in information to save them time. Saving this information makes it easy for someone to jump on your account and access your information if they're working on your system. If you share a computer with someone at work or school, you can disable your browser's "remember password" settings.
5. Log out of your email account. If you're checking your email at a library or any other place where you are using a public computer, make sure that you log out of your account when you're finished. The next person who visits that Web site may be directed to your inbox if you don't.
6. Use anti-virus protection. One of the easiest and most basic things you can do to reclaim control of your personal data is to use anti-virus software on your computer.
7. Circumvent keystroke loggers. This tip is especially important when you're using a public computer at an Internet cafe or a library. This article explains how you can type "in a bunch of random characters" in a text editor and "then [copy] the letters and numbers that make up your password." That way, no one will be able to make sense of the letters or numbers you typed in if they're checking the computer's keystroke history.
8. Install pop-up-blocking software. Pop-ups "can be used to install hackers' software on your computer," according to MSN Money, so get rid of this threat altogether by installing a pop-up blocker.
9. Employ off-the-record Messaging. Whether you need to send files or chat at an Internet cafe, or you just feel like someone might be spying on your home computer, consider using an IM (instant-messaging) client that encrypts your messages and ensures your chatting buddy that "the messages he sees are authentic and unmodified."
10. Never store passwords on a public computer. If the computer prompts you to save the password, click "No."
Credit and Finance
Guard your finances with these tips, which can prevent identity theft and save you money.
11. Freeze your credit report. According to The Consumerist, "a freeze means no one can access your credit report unless you 'thaw' your report," so no one can secretly contact your credit bureau and ask for a copy of your report, apply for a credit card or loan, or in any way steal your account information and hurt your credit score.
12. Track your Social Security number. Find out if someone has stolen your Social Security number and published it on the Web by enlisting the services of a company like TrustedID. Just make sure that you thoroughly research the company you use to make sure that they aren't a scamming group either.
13. Check your credit report. This well-known tip can protect you against identity theft by alerting you of incorrect information, atypical credit history, and public-record information that is incorrect or doesn't need to appear on your report.
14. Make sure that charities are legitimate before you make a donation. Before you make a donation to a charity, do a little background check on the organization to make sure that they're a legitimate nonprofit and not a scamming group. You can easily do this by looking up their Web site or calling a reference number for more literature. The IRS (Internal Revenue Service) also publishes this list of registered organizations that are eligible to receive tax-deductible donations.
15. Don't save credit-card shopping profiles online. Some online retailers try to make shopping easier for their customers by giving them the option of creating a saved profile that features their billing information, credit- card numbers and home address. Make sure that an e-commerce site is secure before you save your information. Better yet, take the extra time to manually enter information each time you shop.
16. Never use your Social Security number as a PIN number or password. Some banks automatically use your Social Security number as your PIN number or password but give you the option to reset it. Do so immediately — especially if you plan to manage your account online.
17. Log out of your bank account. Just like it's a good idea to log out of your email account each time you're finished sending and reading messages, logging out of your bank account is also important. It's not enough to simply leave the page or close your browser: Your account information is still available online. As an added incentive, Brian Krebs of The Washington Post reports that you may not be reimbursed for the money stolen through an online account if you do not have anti-virus or anti-hacking software installed on your computer.
18. Never write your PIN number on yourATM card. MSN writer Liz Pulliam Weston warns against this bad habit in case your wallet gets stolen.
19. Use a credit card for online purchases. This method is safer than using a debit card when shopping over the Internet.
20. Drop off checks and sensitive packages at the post office. Use the post office or an official mailbox to send out checks and credit-card information instead of letting the envelopes sit in your mailbox unattended.
General Privacy
Even if you don't maintain a conspicuous online presence, there are other threats and scams that you should be wary of. Learn how to protecting your Social Security number and other personal data.
21. Understand the dangers of pretexting. The FTC (Federal Trade Commission) explains that "pretexting is the practice of getting your personal information under false pretenses." If you get a suspicious, unsolicited email or phone call asking for personal information, ignore it. If you think the communication may have been sent by your bank or other valid organization, call that company's customer-service line to double-check.
22. Get on the National Do Not Call Registry: You can protect yourself against unsolicited calls and telemarketing calls by getting on this official list. Besides relieving you of annoying calls, "telemarketers will be required to get your express informed consent to be charged — and to charge to a specific account," eliminating unauthorized billing.
23. Ask your bank or loaning office how they dispose of their files. Make sure that your personal data won't be sitting out in a dumpster for several nights; no one would ever know it was missing.
24. Don't use your Social Security number as an employee-identification number. PrivacyRights.org reveals that the Social Security Administration "discourages employers from displaying SSNs on documents that are viewed by other people such as badges, parking permits, or on lists distributed to employees." If your boss gives you a choice, ask to have a separate personal-identification number just for your job.
25. Don't put your Social Security number on checks. While some merchants may ask you for your Social Security number so that they can write it on your check, it's generally not a good idea to agree to this practice. Ask to see a manager to discuss the situation if it becomes problematic.
26. Don't share your driver's-license number. Yahoo! Tech writer Lincoln Spector notes that only your state's DMV Web site should request your driver's-license number. Don't write it on checks or any other documents that you aren't sure about.
27. Write checks with gel pens. Bruce Schneier, of the blog Schneier on Security, maintains that "only one type of ink, the kind in gel pens, has been found to be counterfeit-proof to acetone or any other chemical used in check washing."
28. Don't use your mother's maiden name as a password. Some businesses, credit bureaus or other organizations ask you to verify your mother's maiden name as a security measure. Don't use this information as a general password, because if it is stolen, it can grant a thief a lot of access.
Cell Phones and Online Phone Services
Keep your cell-phone conversations and numbers private with the help of these rules and tips.
29. Keep your cell-phone number private. This cuts down on identity theft and will keep you more immune from scam phone calls and telemarketers.
30. Understand your carrier's privacy policy. Before you sign a contract, understand the carrier's privacy policy, since some cell-phone companies have been accused of selling records that can be used to track down sensitive information, including your bank-account details.
31. Get Internet and Bluetooth security for your cell phone. Mobile devices that also have Internet access and Bluetooth need protection, too.
32. Beef up VoIP (Voice over Internet Protocol) security. This article details how Internet communications, including VoIP calls, are vulnerable to identity theft and surveillance groups. Don't neglect to beef up security on these systems to avoid being hacked.
33. Password-protect your cell phone. Set up passwords for your contacts list and other folders or files on your cell phone in case it is lost or stolen.
Rules to Follow to Protect Your Privacy
Practice these rules to protect your privacy and identity.
34. Don't carry all of your important documents with you. If your wallet, purse or car is stolen and you keep your Social Security card and other identification cards in one of those spots, you're completely vulnerable to a major identity-theft attack.
35. Don't put your Social Security number on your driver's license. Some states still give you the option of putting your Social Security number on your driver's license, but it's a bad idea. Again, if you lose your wallet or forget your driver's license in a bar, you never know who might find it.
36. Keep your Social Security card in a safe place. Don't put your Social Security card in your wallet or glove compartment; instead, keep it in a locked box or safe in your house or at a bank.
37. Clear your Google history. This habit will protect you from any personal searches that you don't want others to know about, including those dealing with health and legal information.
38. Shred important papers before trashing them. If you do a lot of business with high-profile clients or if you frequently throw out old bills and bank statements, your trash could be a target for a smart thief. Shred important papers before you toss them.
39. Don't use numbers from your birthday in your email or IM handle. Many people use numbers from their birthday in their email address or IM name to personalize the pseudonym, but this habit publicly reveals personal information, especially if you also use a part of your birthday in a password.
40. Clear your browser's cache. Online Tech Tips recommends erasing "your browser's cache after an online transaction" to get rid of stored information that may be extra sensitive.
41. Clean up your computer before you discard it. Whether you're donating your computer, giving it to a friend or simply throwing it away, it's important to completely wipe it clean, reformat the hard drive or destroy the drive.
42. Look for HTTPS. Online Tech Tips also notes that the "s" at the end of "https" means that the connection your computer shares with that site is "secure and encrypted." A regular "http" URL isn't.
Tools and Tips
To prevent identity theft and online spying, use these tools to keep your personal information safe and private.
43. SpyNot: Visit this site to find out what kind of personal information your browser gives to every site that you visit.
44. Aderes Internet Security: This email system and browser encrypts your messages and passwords so that your credit-card information and personal data remain private.
45. BitWise IM: Chat freely and feel safe sending files over IM with this system, which encrypts messages, files, voice chat and more for Mac OS X, Linux and Windows operating systems.
46. Tor: This system keeps JavaScript from displaying your IP address and uses "a distributed network of relays" to keep hackers and surveillance systems from tracking your activity online.
47. Secure your VoIP system. This article explains how to make your VoIP system more secure, minimizing or even eliminating the risk of someone stealing your sensitive information by hacking into your call or stealing your account information.
48. Get a password-protection system. A password-protection system like the VaultletSuite 2 Go can safely store your passwords on your USB device.
49. Use database-encryption tools. Certain database-encryption tools can encrypt data stored in systems like Oracle so that companies and individuals can safely keep sensitive information on their computers.
50. Get RSA DLP. This data-loss-prevention suite helps companies identify where sensitive information is on their systems, making it easier for them to protect it.
Use these tips to avoid identity theft, financial loss and other crimes.
Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit card, manage an online bank account or carry your Social Security card. There is hope, however, for fighting these threats, and you can start by taking back control of all of your personal data. The 50 tips and tools in this list will help you understand how these scams originate, how to protect yourself online and offline, and how to track down your personal data on the Internet.
Web Privacy
Protect yourself and your data online by choosing a secure Web browser, understanding the dos and dont's of wireless security, and correctly managing passwords.
1. Use a secure Web browser. Using a secure Web browser can hide your Internet activity, prevent Spyware attacks, and alert you when a Web site asks you to install extra software or doesn't have an official certificate, all of which can leave you vulnerable to an attack.
2. Set up a private wireless connection. If you use a wireless connection to get on the Internet, set up a secure account so that other users can't log on to your account and access saved passwords or ISP information — either by accident or on purpose. You can back up a good wifi account with a VPN (virtual private network).
3. Use different passwords. If you use the same password for every online account you have, you're putting yourself in a very vulnerable position. All it takes is for someone to crack the password on one unsecure site, and they'll be able to access your banking information and a lot more.
4. Don't save email settings or password settings. Online banking sites, social-media Web sites and shopping sites let users save their passwords and log-in information to save them time. Saving this information makes it easy for someone to jump on your account and access your information if they're working on your system. If you share a computer with someone at work or school, you can disable your browser's "remember password" settings.
5. Log out of your email account. If you're checking your email at a library or any other place where you are using a public computer, make sure that you log out of your account when you're finished. The next person who visits that Web site may be directed to your inbox if you don't.
6. Use anti-virus protection. One of the easiest and most basic things you can do to reclaim control of your personal data is to use anti-virus software on your computer.
7. Circumvent keystroke loggers. This tip is especially important when you're using a public computer at an Internet cafe or a library. This article explains how you can type "in a bunch of random characters" in a text editor and "then [copy] the letters and numbers that make up your password." That way, no one will be able to make sense of the letters or numbers you typed in if they're checking the computer's keystroke history.
8. Install pop-up-blocking software. Pop-ups "can be used to install hackers' software on your computer," according to MSN Money, so get rid of this threat altogether by installing a pop-up blocker.
9. Employ off-the-record Messaging. Whether you need to send files or chat at an Internet cafe, or you just feel like someone might be spying on your home computer, consider using an IM (instant-messaging) client that encrypts your messages and ensures your chatting buddy that "the messages he sees are authentic and unmodified."
10. Never store passwords on a public computer. If the computer prompts you to save the password, click "No."
Credit and Finance
Guard your finances with these tips, which can prevent identity theft and save you money.
11. Freeze your credit report. According to The Consumerist, "a freeze means no one can access your credit report unless you 'thaw' your report," so no one can secretly contact your credit bureau and ask for a copy of your report, apply for a credit card or loan, or in any way steal your account information and hurt your credit score.
12. Track your Social Security number. Find out if someone has stolen your Social Security number and published it on the Web by enlisting the services of a company like TrustedID. Just make sure that you thoroughly research the company you use to make sure that they aren't a scamming group either.
13. Check your credit report. This well-known tip can protect you against identity theft by alerting you of incorrect information, atypical credit history, and public-record information that is incorrect or doesn't need to appear on your report.
14. Make sure that charities are legitimate before you make a donation. Before you make a donation to a charity, do a little background check on the organization to make sure that they're a legitimate nonprofit and not a scamming group. You can easily do this by looking up their Web site or calling a reference number for more literature. The IRS (Internal Revenue Service) also publishes this list of registered organizations that are eligible to receive tax-deductible donations.
15. Don't save credit-card shopping profiles online. Some online retailers try to make shopping easier for their customers by giving them the option of creating a saved profile that features their billing information, credit- card numbers and home address. Make sure that an e-commerce site is secure before you save your information. Better yet, take the extra time to manually enter information each time you shop.
16. Never use your Social Security number as a PIN number or password. Some banks automatically use your Social Security number as your PIN number or password but give you the option to reset it. Do so immediately — especially if you plan to manage your account online.
17. Log out of your bank account. Just like it's a good idea to log out of your email account each time you're finished sending and reading messages, logging out of your bank account is also important. It's not enough to simply leave the page or close your browser: Your account information is still available online. As an added incentive, Brian Krebs of The Washington Post reports that you may not be reimbursed for the money stolen through an online account if you do not have anti-virus or anti-hacking software installed on your computer.
18. Never write your PIN number on yourATM card. MSN writer Liz Pulliam Weston warns against this bad habit in case your wallet gets stolen.
19. Use a credit card for online purchases. This method is safer than using a debit card when shopping over the Internet.
20. Drop off checks and sensitive packages at the post office. Use the post office or an official mailbox to send out checks and credit-card information instead of letting the envelopes sit in your mailbox unattended.
General Privacy
Even if you don't maintain a conspicuous online presence, there are other threats and scams that you should be wary of. Learn how to protecting your Social Security number and other personal data.
21. Understand the dangers of pretexting. The FTC (Federal Trade Commission) explains that "pretexting is the practice of getting your personal information under false pretenses." If you get a suspicious, unsolicited email or phone call asking for personal information, ignore it. If you think the communication may have been sent by your bank or other valid organization, call that company's customer-service line to double-check.
22. Get on the National Do Not Call Registry: You can protect yourself against unsolicited calls and telemarketing calls by getting on this official list. Besides relieving you of annoying calls, "telemarketers will be required to get your express informed consent to be charged — and to charge to a specific account," eliminating unauthorized billing.
23. Ask your bank or loaning office how they dispose of their files. Make sure that your personal data won't be sitting out in a dumpster for several nights; no one would ever know it was missing.
24. Don't use your Social Security number as an employee-identification number. PrivacyRights.org reveals that the Social Security Administration "discourages employers from displaying SSNs on documents that are viewed by other people such as badges, parking permits, or on lists distributed to employees." If your boss gives you a choice, ask to have a separate personal-identification number just for your job.
25. Don't put your Social Security number on checks. While some merchants may ask you for your Social Security number so that they can write it on your check, it's generally not a good idea to agree to this practice. Ask to see a manager to discuss the situation if it becomes problematic.
26. Don't share your driver's-license number. Yahoo! Tech writer Lincoln Spector notes that only your state's DMV Web site should request your driver's-license number. Don't write it on checks or any other documents that you aren't sure about.
27. Write checks with gel pens. Bruce Schneier, of the blog Schneier on Security, maintains that "only one type of ink, the kind in gel pens, has been found to be counterfeit-proof to acetone or any other chemical used in check washing."
28. Don't use your mother's maiden name as a password. Some businesses, credit bureaus or other organizations ask you to verify your mother's maiden name as a security measure. Don't use this information as a general password, because if it is stolen, it can grant a thief a lot of access.
Cell Phones and Online Phone Services
Keep your cell-phone conversations and numbers private with the help of these rules and tips.
29. Keep your cell-phone number private. This cuts down on identity theft and will keep you more immune from scam phone calls and telemarketers.
30. Understand your carrier's privacy policy. Before you sign a contract, understand the carrier's privacy policy, since some cell-phone companies have been accused of selling records that can be used to track down sensitive information, including your bank-account details.
31. Get Internet and Bluetooth security for your cell phone. Mobile devices that also have Internet access and Bluetooth need protection, too.
32. Beef up VoIP (Voice over Internet Protocol) security. This article details how Internet communications, including VoIP calls, are vulnerable to identity theft and surveillance groups. Don't neglect to beef up security on these systems to avoid being hacked.
33. Password-protect your cell phone. Set up passwords for your contacts list and other folders or files on your cell phone in case it is lost or stolen.
Rules to Follow to Protect Your Privacy
Practice these rules to protect your privacy and identity.
34. Don't carry all of your important documents with you. If your wallet, purse or car is stolen and you keep your Social Security card and other identification cards in one of those spots, you're completely vulnerable to a major identity-theft attack.
35. Don't put your Social Security number on your driver's license. Some states still give you the option of putting your Social Security number on your driver's license, but it's a bad idea. Again, if you lose your wallet or forget your driver's license in a bar, you never know who might find it.
36. Keep your Social Security card in a safe place. Don't put your Social Security card in your wallet or glove compartment; instead, keep it in a locked box or safe in your house or at a bank.
37. Clear your Google history. This habit will protect you from any personal searches that you don't want others to know about, including those dealing with health and legal information.
38. Shred important papers before trashing them. If you do a lot of business with high-profile clients or if you frequently throw out old bills and bank statements, your trash could be a target for a smart thief. Shred important papers before you toss them.
39. Don't use numbers from your birthday in your email or IM handle. Many people use numbers from their birthday in their email address or IM name to personalize the pseudonym, but this habit publicly reveals personal information, especially if you also use a part of your birthday in a password.
40. Clear your browser's cache. Online Tech Tips recommends erasing "your browser's cache after an online transaction" to get rid of stored information that may be extra sensitive.
41. Clean up your computer before you discard it. Whether you're donating your computer, giving it to a friend or simply throwing it away, it's important to completely wipe it clean, reformat the hard drive or destroy the drive.
42. Look for HTTPS. Online Tech Tips also notes that the "s" at the end of "https" means that the connection your computer shares with that site is "secure and encrypted." A regular "http" URL isn't.
Tools and Tips
To prevent identity theft and online spying, use these tools to keep your personal information safe and private.
43. SpyNot: Visit this site to find out what kind of personal information your browser gives to every site that you visit.
44. Aderes Internet Security: This email system and browser encrypts your messages and passwords so that your credit-card information and personal data remain private.
45. BitWise IM: Chat freely and feel safe sending files over IM with this system, which encrypts messages, files, voice chat and more for Mac OS X, Linux and Windows operating systems.
46. Tor: This system keeps JavaScript from displaying your IP address and uses "a distributed network of relays" to keep hackers and surveillance systems from tracking your activity online.
47. Secure your VoIP system. This article explains how to make your VoIP system more secure, minimizing or even eliminating the risk of someone stealing your sensitive information by hacking into your call or stealing your account information.
48. Get a password-protection system. A password-protection system like the VaultletSuite 2 Go can safely store your passwords on your USB device.
49. Use database-encryption tools. Certain database-encryption tools can encrypt data stored in systems like Oracle so that companies and individuals can safely keep sensitive information on their computers.
50. Get RSA DLP. This data-loss-prevention suite helps companies identify where sensitive information is on their systems, making it easier for them to protect it.
Spam Fighters Handbook
The Spam Fighter's Handbook
If you're online, you're getting spammed. It's only a question of how much. Today, over two thirds of all email is spam, and a good deal of it is deceptive, offensive, even dangerous. There's good news though: smart strategies you can start using today to dramatically reduce the amount of spam clogging your inbox. I last wrote about this topic nearly two and a half years ago... so this update is long overdue. I have new tips to share and can recommend new spam-fighting resources I've "battle tested" over the past 32 months. I don't want to jinx my luck by saying this, but I can tell you that I now live a relatively spam-free life. You can too.
You may be wondering just who's sending spam. Some spammers are just small-time "entrepreneurs" who've received bad advice about how to promote their businesses. However, the majority are evil people who are exploiting and destroying one of the greatest communication tools ever invented. Humorist Dave Barry of the Miami Herald calls spammers, "The mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class mail industry."
Here are seven smart things you can do to shield yourself from the continuing onslaught of spam:
Strategy #1: Protect your work email address
If you've been assigned a work email address like "somebody@companyname.com" it belongs on your business card and very few other places. Since that corporate email address usually follows some standard format based on your name (john.smith@company.com, jsmith@company.com, etc.) you're going to have a hard time changing it later on to escape from spam. Never use your work email address in "public" on the web – in an online discussion forum, on a "registration" form, etc. There are automated harvesting programs ("bots") that scour the web sucking up random email addresses and adding them to spam lists. For this reason, if your work email address is listed on your company web site, talk to your web administrator to have it "coded" so it's readable/clickable by a human being but not by a scourbot. Any competent webmaster should be able to do this for you. Here's a link to a nifty javascript encoder in case you want to roll your own "invisible" web-based email addresses.
Please know that the #1 source of spam is machine readable email addresses on web pages. A comprehensive study from the Center for Democracy & Technology, using "baited" email addresses reported that 97% of spam received was from was from web posting. The more popular the web page, the more unsolicited mail received. Now that blogging is becoming more popular, be sure that your email doesn't appear in somebody's web blog. Google your own email address to be sure. Also, if your ISP maintains a "member" directory, opt out of it.
Strategy #2: Have more than one email address
Even if spam didn't exist, it would still make very good sense to have – at a minimum – a separate personal email address for yourself. You can get a web-based email account you can access anywhere from Gmail, Yahoo, Mail.com, Hotmail, and others. [Added motivation: remember that the work email account provided to you by your employer belongs to that employer – and your company has the full legal right to not only read your email messages but also take action against you based on what they see.] One very good spam-related reason for using multiple email addresses is to have "throw-aways." Keep at least your work email and one personal email address very clean (by limiting its distribution to your "inner circle") and use others for buying things online, "registering" for web services and publications, and for posting to online forums.
I recommend against using most webmail services, even their paid versions. Because no payment is required, Yahoo and Hotmail attract people who want to remain anonymous, and are therefore sometimes used to pull scams or make fraudulent purchases. Web merchants are starting to refuse sales to people with yahoo.com or hotmail.com or other no-charge webmail addresses. You're better off paying the nominal fees (about $20 per year or less) most paid services charge. Consider registering your own name as a domain. Once you own jones.com, you can make up email addresses based on it: barney@jones.com, mary@jones.com, etc. You may need some techie help getting this set up, but it's worth it. If you don't want to bother getting your own domain, a paid email service (with good blocking technology), worth checking out is AT&T Lab's ZoEmail.
Strategy #3: Use an email forwarding service
Even better than having multiple personal email accounts is using a free "mail forwarding" service. There are about half a dozen no-charge forwarding services available, including one called Spam Motel (spam checks in… it doesn't check out). Here's how it works (text from the Spam Motel documentation): Whenever you are online and about to give out your e-mail address – STOP! Do you really want to do this? Spam Motel has a better way. Simply type a short reminder memo to yourself, including why and to whom the e-mail address is being given. Spam Motel records this memo, and the date and time, and quickly sends you a special "disposable" address to use instead of your real one. The new address is automatically placed into the "clipboard" memory of Windows, where it can be pasted into any online form that you are filling out. E-mails sent to this special address are forwarded to your regular e-mail account, along with your reminder memo, which appears at the top of the e-mail message. From now on, you'll know exactly when and where the sender or spammer got your e-mail address. But just knowing this information is not enough. So we give you the power to stop spam sent to any of these special addresses. This is done through the Log Page – your online control and information page – where you can delete any of the addresses you've given out. You can also suspend and resume forwarding for each address at any time. Your real e-mail address is never given out, just the special ones you create using Spam Motel. Other forwarding services similar to Spam Motel are Spamex, Sneakemail, and Despammed. Take your pick. They're all good. My personal preference is Spamex, even though it's a paid service ($20/year).
Strategy #4: Use an "odd" email address
If you make up a new email address with some non-alpha characters like "xyz#321@domain.com" you'll get less random spam. That's because of a new insidious spammer tactic called "dictionary spamming." Since it costs next to nothing for these lowlifes to blitz out tens of millions of messages overnight, they just make up addresses with the hope that one in a thousand will be "real" and get through. They'll often try first name initials plus last names (e.g. jjones@something.com). They'll also mix-n-match different popular domains (a domain is the part of your email address after the "@"). If you had an old account like "fredflintstone@aol.com" but cancelled it because it was overrun by unsolicited email (AOL users especially get a lot of spam), and opened a new account at Earthlink: "fredflintstone@earthlink.net" you'll probably get spammed even if you never give out that new address. It therefore makes sense to start completely fresh as "fredflintstone3000BC@earthlink.net" – you're going to have to notify everybody about your new email address anyway. Also, the longer the address you choose, the less dictionary spam you'll get. They start with single letters, then two letter/number combinations, then three, etc. Most spammers get shut down at some point before their full blast is delivered during these "brute force" alphabet attacks, so zzz's get less mail server spam than aaa's.
Strategy #5: Use adjustable spam filters
Many Internet service providers (ISP's) offer different levels of filtering for your inbound email. However, don't expect miracles. At their more liberal settings, most spam will still leak through. At their tightest, most of your legitimate emails will get caught, mixed in with the spam, and possibly lost. You sure don't want to throw the baby out with the bathwater – so experiment a little and see which middle setting works best for you. For many people, an alternative approach that works well is to autosort incoming email into different inbox folders based on a "whitelist" (a list of friendly email senders whom you wish to continue communicating with). Microsoft Outlook, Outlook Express, and most other email programs make this easy to do. A whitelist approach is also better than a personal blacklist. It rarely pays to add people to a "junk senders list." The "from" address in most spam emails is forged so you'll rarely get spam from the same "sender" twice.
Unfortunately, server-level blocking and filtering has gotten out of hand. Much of it is done without your consent or knowledge. Many company IT departments have tightened down the screws so tightly that virtually no HTML mail can get through; not even the newsletters and bulletins you've requested. As you can imagine, legitimate publishers like me are having an increasingly hard time getting our HTML mail delivered to subscribers. Even my own mail host, Verio (now my ex-host) blocked me from getting my own copy of the Urbach Letter. Sheesh. No alert that the trapped mail was being discarded. No option to change it. When I complained, they said there was nothing they could do. But there *was* something *I* could do: find a new mail host... who understands that I want to maintain control over which messages I receive or not. Hasta la vista Verio. I won't be back. Since I'm still on the rant, you should know that after I'm done writing each issue, I still have to spend an hour or more running it through "Spam Assassin" test filters and editing out "bad" words. I can't even tell you what those words are. Listing them here would ensure you'd never get this issue.
Strategy #6: Napsterize your email.
I started off this article by bragging about how little spam I get. That's largely because of a program called MailFrontier (now part of Zone Labs's Zone Alarm Security Suite), based on "peer-to-peer" technology like the original Napster. When you get a spam message, you highlight it and click a button. The message is instantly analyzed and added to a centralized database. Meanwhile, all your incoming messages are scanned to see if they match the profile of spam caught by somebody else on the MailFrontier peer-to-peer network. If it matches, it's filtered out and placed in a spam folder in your inbox. Very cool. By the way, I used to use a competitive program, Cloudmark's SpamNet, but found it had some minor operational problems. But both MainFrontier and SpamNet are very effective weapons in the war against spam. Millions of strangers cooperating anonymously to eliminate spam from their lives. Got to love that concept.
A word about Challenge/Response. MailFrontier has an additional spam-fighting option I recommend you ignore... unless you're totally overrun by spam and are willing to inconvenience all the friends and businesspeople who send you emails. You can set the program to send out a "challenge" message to everyone not already in your address book or on your whitelist. They'll have to respond to your challenge in order to have their original message delivered. Can you see why I'm recommending against this, other than as a last resort? Many people just won't be bothered to play the challenge/response game with you. Life is short enough as it is. Oh, the technology is clever. It requires a real, live human being to confirm the messages, either by presenting a graphic: "How many puppies are in this picture?" or by the more business-like option of showing a scrambled letter/number image and asking the recipient to type it in a box. In theory, people should only have to jump through this hoop once, and then their emails will get recognized from then on.
Besides the anti-spam programs I've mentioned so far, there are others that have received good reviews and are worth considering (although I can't endorse them myself). I've heard that the latest versions of McAfee Internet Security Suite ($40) and Symantec Norton 360 ($60) are quite good -- and provide the all-in-one solution many folks seek (antispam + antivirus + firewall).
Strategy #7 Fight back!
Topping the "dangerous spam" list are phishing scams. From an FTC Consumer Alert: "Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go 'phishing.' Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name."
The bulletin goes on to list some tips to avoid getting hooked by a phishing scam. Think you're too smart to fall for this? Think again. Why don't you take this Phishing IQ Test? It's a quick 10-question quiz to see how well you recognize bogus messages. Not so easy, is it? There's another reason I like MailFrontier. Part of its peer-to-peer analysis tracks phishing scams, and provides and optional taskbar icon that operates similarly to WeatherBug. But instead of a tornado warning, you'll get immediate notification of a fast-spreading phishing or fraud outbreak. By the way, if you do receive a questionable email, forward it on to uce@ftc.gov.
Avoid signing up for freebies or online contests. These often exist solely to collect and resell email addresses. Besides, your chances of wining anything worthwhile are infinitesimal.
A note on spyware and virus spam
Right now, 4 out of 5 computers are infested with spyware. One is five has a virus infection. That's according to the National Cyber Security Alliance in a recent study. While most spyware comes from installing file-sharing programs and "ad sponsored" utilities, and from visiting dodgy web sites, address book spam is responsible for most virus infections. The NCSA study showed that most people (85%) have a virus scanner installed, but only a small number keep their virus definitions up to date. Hopefully, you're smarter than that.
Final words...
Everything in this letter has been a suggestion, except this last thing, which is an ORDER: Never, Never, Never buy anything from a spam message, no matter how attractive it seems. These tapeworm spammers work on very small numbers – if only one person out of several thousand responds, they consider it a big success – so you're actually doing a lot of damage to others if you buy something (plus you're probably going to get ripped off). Don't even click on any links in the spam – especially not on the "remove me from your list" link or button. All that does is confirm that your email address is connected to a live human being, ensuring that you'll be spammed even more in the future.
By the way, you may have noticed I haven't said a word about CAN-SPAM, the U.S. law supposedly regulating spam that's been in place since January 1, 2004. Have you noticed any reduction in the amount of spam you receive because of this law? Me neither. So far, all it's done is make life a little more difficult for legitimate publishers. However, it does open the door for prosecution of black hat spammers, and that's happened to a limited extent.
If you're online, you're getting spammed. It's only a question of how much. Today, over two thirds of all email is spam, and a good deal of it is deceptive, offensive, even dangerous. There's good news though: smart strategies you can start using today to dramatically reduce the amount of spam clogging your inbox. I last wrote about this topic nearly two and a half years ago... so this update is long overdue. I have new tips to share and can recommend new spam-fighting resources I've "battle tested" over the past 32 months. I don't want to jinx my luck by saying this, but I can tell you that I now live a relatively spam-free life. You can too.
You may be wondering just who's sending spam. Some spammers are just small-time "entrepreneurs" who've received bad advice about how to promote their businesses. However, the majority are evil people who are exploiting and destroying one of the greatest communication tools ever invented. Humorist Dave Barry of the Miami Herald calls spammers, "The mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class mail industry."
Here are seven smart things you can do to shield yourself from the continuing onslaught of spam:
Strategy #1: Protect your work email address
If you've been assigned a work email address like "somebody@companyname.com" it belongs on your business card and very few other places. Since that corporate email address usually follows some standard format based on your name (john.smith@company.com, jsmith@company.com, etc.) you're going to have a hard time changing it later on to escape from spam. Never use your work email address in "public" on the web – in an online discussion forum, on a "registration" form, etc. There are automated harvesting programs ("bots") that scour the web sucking up random email addresses and adding them to spam lists. For this reason, if your work email address is listed on your company web site, talk to your web administrator to have it "coded" so it's readable/clickable by a human being but not by a scourbot. Any competent webmaster should be able to do this for you. Here's a link to a nifty javascript encoder in case you want to roll your own "invisible" web-based email addresses.
Please know that the #1 source of spam is machine readable email addresses on web pages. A comprehensive study from the Center for Democracy & Technology, using "baited" email addresses reported that 97% of spam received was from was from web posting. The more popular the web page, the more unsolicited mail received. Now that blogging is becoming more popular, be sure that your email doesn't appear in somebody's web blog. Google your own email address to be sure. Also, if your ISP maintains a "member" directory, opt out of it.
Strategy #2: Have more than one email address
Even if spam didn't exist, it would still make very good sense to have – at a minimum – a separate personal email address for yourself. You can get a web-based email account you can access anywhere from Gmail, Yahoo, Mail.com, Hotmail, and others. [Added motivation: remember that the work email account provided to you by your employer belongs to that employer – and your company has the full legal right to not only read your email messages but also take action against you based on what they see.] One very good spam-related reason for using multiple email addresses is to have "throw-aways." Keep at least your work email and one personal email address very clean (by limiting its distribution to your "inner circle") and use others for buying things online, "registering" for web services and publications, and for posting to online forums.
I recommend against using most webmail services, even their paid versions. Because no payment is required, Yahoo and Hotmail attract people who want to remain anonymous, and are therefore sometimes used to pull scams or make fraudulent purchases. Web merchants are starting to refuse sales to people with yahoo.com or hotmail.com or other no-charge webmail addresses. You're better off paying the nominal fees (about $20 per year or less) most paid services charge. Consider registering your own name as a domain. Once you own jones.com, you can make up email addresses based on it: barney@jones.com, mary@jones.com, etc. You may need some techie help getting this set up, but it's worth it. If you don't want to bother getting your own domain, a paid email service (with good blocking technology), worth checking out is AT&T Lab's ZoEmail.
Strategy #3: Use an email forwarding service
Even better than having multiple personal email accounts is using a free "mail forwarding" service. There are about half a dozen no-charge forwarding services available, including one called Spam Motel (spam checks in… it doesn't check out). Here's how it works (text from the Spam Motel documentation): Whenever you are online and about to give out your e-mail address – STOP! Do you really want to do this? Spam Motel has a better way. Simply type a short reminder memo to yourself, including why and to whom the e-mail address is being given. Spam Motel records this memo, and the date and time, and quickly sends you a special "disposable" address to use instead of your real one. The new address is automatically placed into the "clipboard" memory of Windows, where it can be pasted into any online form that you are filling out. E-mails sent to this special address are forwarded to your regular e-mail account, along with your reminder memo, which appears at the top of the e-mail message. From now on, you'll know exactly when and where the sender or spammer got your e-mail address. But just knowing this information is not enough. So we give you the power to stop spam sent to any of these special addresses. This is done through the Log Page – your online control and information page – where you can delete any of the addresses you've given out. You can also suspend and resume forwarding for each address at any time. Your real e-mail address is never given out, just the special ones you create using Spam Motel. Other forwarding services similar to Spam Motel are Spamex, Sneakemail, and Despammed. Take your pick. They're all good. My personal preference is Spamex, even though it's a paid service ($20/year).
Strategy #4: Use an "odd" email address
If you make up a new email address with some non-alpha characters like "xyz#321@domain.com" you'll get less random spam. That's because of a new insidious spammer tactic called "dictionary spamming." Since it costs next to nothing for these lowlifes to blitz out tens of millions of messages overnight, they just make up addresses with the hope that one in a thousand will be "real" and get through. They'll often try first name initials plus last names (e.g. jjones@something.com). They'll also mix-n-match different popular domains (a domain is the part of your email address after the "@"). If you had an old account like "fredflintstone@aol.com" but cancelled it because it was overrun by unsolicited email (AOL users especially get a lot of spam), and opened a new account at Earthlink: "fredflintstone@earthlink.net" you'll probably get spammed even if you never give out that new address. It therefore makes sense to start completely fresh as "fredflintstone3000BC@earthlink.net" – you're going to have to notify everybody about your new email address anyway. Also, the longer the address you choose, the less dictionary spam you'll get. They start with single letters, then two letter/number combinations, then three, etc. Most spammers get shut down at some point before their full blast is delivered during these "brute force" alphabet attacks, so zzz's get less mail server spam than aaa's.
Strategy #5: Use adjustable spam filters
Many Internet service providers (ISP's) offer different levels of filtering for your inbound email. However, don't expect miracles. At their more liberal settings, most spam will still leak through. At their tightest, most of your legitimate emails will get caught, mixed in with the spam, and possibly lost. You sure don't want to throw the baby out with the bathwater – so experiment a little and see which middle setting works best for you. For many people, an alternative approach that works well is to autosort incoming email into different inbox folders based on a "whitelist" (a list of friendly email senders whom you wish to continue communicating with). Microsoft Outlook, Outlook Express, and most other email programs make this easy to do. A whitelist approach is also better than a personal blacklist. It rarely pays to add people to a "junk senders list." The "from" address in most spam emails is forged so you'll rarely get spam from the same "sender" twice.
Strategy #6: Napsterize your email.
I started off this article by bragging about how little spam I get. That's largely because of a program called MailFrontier (now part of Zone Labs's Zone Alarm Security Suite), based on "peer-to-peer" technology like the original Napster. When you get a spam message, you highlight it and click a button. The message is instantly analyzed and added to a centralized database. Meanwhile, all your incoming messages are scanned to see if they match the profile of spam caught by somebody else on the MailFrontier peer-to-peer network. If it matches, it's filtered out and placed in a spam folder in your inbox. Very cool. By the way, I used to use a competitive program, Cloudmark's SpamNet, but found it had some minor operational problems. But both MainFrontier and SpamNet are very effective weapons in the war against spam. Millions of strangers cooperating anonymously to eliminate spam from their lives. Got to love that concept.
A word about Challenge/Response. MailFrontier has an additional spam-fighting option I recommend you ignore... unless you're totally overrun by spam and are willing to inconvenience all the friends and businesspeople who send you emails. You can set the program to send out a "challenge" message to everyone not already in your address book or on your whitelist. They'll have to respond to your challenge in order to have their original message delivered. Can you see why I'm recommending against this, other than as a last resort? Many people just won't be bothered to play the challenge/response game with you. Life is short enough as it is. Oh, the technology is clever. It requires a real, live human being to confirm the messages, either by presenting a graphic: "How many puppies are in this picture?" or by the more business-like option of showing a scrambled letter/number image and asking the recipient to type it in a box. In theory, people should only have to jump through this hoop once, and then their emails will get recognized from then on.
Besides the anti-spam programs I've mentioned so far, there are others that have received good reviews and are worth considering (although I can't endorse them myself). I've heard that the latest versions of McAfee Internet Security Suite ($40) and Symantec Norton 360 ($60) are quite good -- and provide the all-in-one solution many folks seek (antispam + antivirus + firewall).
Strategy #7 Fight back!
Topping the "dangerous spam" list are phishing scams. From an FTC Consumer Alert: "Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go 'phishing.' Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name."
The bulletin goes on to list some tips to avoid getting hooked by a phishing scam. Think you're too smart to fall for this? Think again. Why don't you take this Phishing IQ Test? It's a quick 10-question quiz to see how well you recognize bogus messages. Not so easy, is it? There's another reason I like MailFrontier. Part of its peer-to-peer analysis tracks phishing scams, and provides and optional taskbar icon that operates similarly to WeatherBug. But instead of a tornado warning, you'll get immediate notification of a fast-spreading phishing or fraud outbreak. By the way, if you do receive a questionable email, forward it on to uce@ftc.gov.
Avoid signing up for freebies or online contests. These often exist solely to collect and resell email addresses. Besides, your chances of wining anything worthwhile are infinitesimal.
A note on spyware and virus spam
Right now, 4 out of 5 computers are infested with spyware. One is five has a virus infection. That's according to the National Cyber Security Alliance in a recent study. While most spyware comes from installing file-sharing programs and "ad sponsored" utilities, and from visiting dodgy web sites, address book spam is responsible for most virus infections. The NCSA study showed that most people (85%) have a virus scanner installed, but only a small number keep their virus definitions up to date. Hopefully, you're smarter than that.
Final words...
Everything in this letter has been a suggestion, except this last thing, which is an ORDER: Never, Never, Never buy anything from a spam message, no matter how attractive it seems. These tapeworm spammers work on very small numbers – if only one person out of several thousand responds, they consider it a big success – so you're actually doing a lot of damage to others if you buy something (plus you're probably going to get ripped off). Don't even click on any links in the spam – especially not on the "remove me from your list" link or button. All that does is confirm that your email address is connected to a live human being, ensuring that you'll be spammed even more in the future.
By the way, you may have noticed I haven't said a word about CAN-SPAM, the U.S. law supposedly regulating spam that's been in place since January 1, 2004. Have you noticed any reduction in the amount of spam you receive because of this law? Me neither. So far, all it's done is make life a little more difficult for legitimate publishers. However, it does open the door for prosecution of black hat spammers, and that's happened to a limited extent.
RFID's - What You Need to Know
RFID's – What You Need to Know
Do you value your privacy? I do. That's why I'm disturbed by the rapid proliferation of a new technology that can track my whereabouts and place a massive amount of personal information into searchable databases. The technology is RFID – Radio Frequency IDentification tags – tiny devices that may be hidden in many of the things you buy, from shaving razors to clothing to car tires.
You are probably already familiar with some RFID applications like E-Z Pass: the device on your windshield that allows you to pass through a toll booth without stopping to toss a token in the basket. Your probably don't give it much thought, but here's how it works. The tag "transmits" a unique ID number to the toll both receiver. This ID is matched to your account, and the toll is debited. Of course, the time and date is also recorded in a database so it can be listed on your monthly statement. E-Z Pass is very convenient. You probably enjoy zooming past all those chumps backed-up in the cash lanes. But… unless those cash-payers and their license plates are being photographed (possible), they are traveling anonymously. You're not. For sure, there's a permanent record of your passage, accessible to the police, government agencies, private investigators, divorce lawyers, and other unsavory characters. Most people never consider this. I have. But I use E-Z Pass anyway. I also love my Mobil SpeedPass (but keep it in the car ashtray instead of on my keyring – you'll see why in this article).
While I like to keep my private life private (you can read my last article on privacy here), I recognize there's a trade off when driving. I'm willing to give up a little bit of privacy in exchange for the convenience. But I do it with full awareness. Same thing with a cell phone. Even without one of the newer GPS-enabled phones, your whereabouts can be determined with a fair amount of precision by triangulating between cell towers. Any time your phone is on (even if you're not on a call), it's transmitting your ESN (Electronic Serial Number), which can be traced back to you. But you know this. You have the option to go into "stealth mode" by shielding the E-Z Pass tag, switching off your cell phone, paying with cash instead of plastic, using coins in the payphone instead of a calling card, etc. RFID's are different. You have no control over whether they're on or off. You probably don't even know they're there in the first place. An RFID has no on/off switch. Most have no batteries and as a totally "passive device," can "live" forever.
Quasimodo BellringerPassive device. What does that mean? Think of a church bell. Most of the time it just hangs there, silently. However if Quasimodo comes up and strikes the bell with a clanger, it will ring out. The peal is a vibration at the bell's natural frequency. A larger bell will have a lower pitch (frequency) and a smaller bell a higher one. This resonant frequency is a fundamental physical property of the bell. RFID's are the electronic equivalent. Most of the time, they just sit there. However, when "struck" by a radio signal, the RFID will "ring out" its own unique ID code. Clever, no? Manufacturers love high tech RFID's. They're cheap – about a dollar apiece now, although rapid advances in technology will bring them down to a penny or less shortly – and enable products to be tracked all the way through the supply chain. From factory to rail car to warehouse to truck to store, each individual inventory item could be monitored. I have no problem with this part of it. Think about how helpful this could have been during the Tylenol poisoning incident many years ago. Besides, I'm all for making businesses run more efficiently.
The problem exists after the sale. If the RFID is not removed or deactivated at the point of sale, it will live on forever. If the purchase information was recorded, that ID code could easily be linked to your name, address, or even the other items you bought at the pharmacy that day. Does this bother you? It can get much worse in the near future. Luckily, serialized RFID's are not yet widespread (although non-uniquely identified RF devices have been used for years as anti-theft devices). I'm talking about the high-tech varieties in this article. Mass privacy-invading initiatives have not been widely deployed – so far. But all the technological bits and pieces are now in place. Tests are underway, and they're disturbing. The British supermarket chain Tesco has admitted using RFID's embedded in certain products to track customers through its stores. Anyone picking up a pack of Gillette Mach3 razors at the Tesco in Cambridge will have his or her picture taken. The RFID triggers a closed circuit TV camera when a package is removed from the shelf. At checkout, the RFID triggers a second camera. Security staff then compare the images, ostensibly as an anti-theft measure.
RFID DevicesCurrent miniature RFID's have limited "data storage," so they're mainly used like the UPC bar codes on a box of corn flakes. Like a model number rather than a unique serial number. However recent advances have upped this storage capability to enable each item to be individually identified.
One frightening aspect of these individualized RFID tags is that they can be read, silently, by almost "anyone" for any reason they choose. It's not like the original manufacturer has any special key to read the tags. They're in the open. A private investigator, for example, could place a detector in a doorway and covertly track people who revisit an area.
Surely, once large numbers of "live" (i.e. not deactivated/zeroed) RFID's escape into the wild, marketers and database compilers will start to capture and use our personal information – in ways we consumers wouldn't want – if we knew what was happening. Wearing my "marketing guy" hat now, I can tell you this prospect is very appealing, and we marketing-oriented folk are a crafty lot. We'll toe right up to the legal line (if you let us) seeking any competitive advantage available. Putting my consumer hat back on, I can tell you that strongly worded legislation is needed to protect us from potential abuse of this technology. RFID's must be permanently and irreversibly deactivated at the point of sale and/or they must be attached to removable warning tags.
The importance of irreversibility became clear in March of this year when apparel maker/retailer Benneton announced plans to attach millions of washable RFID's in their clothing line. Benneton's so called "Smart Labels" cannot be permanently disabled. While these Philips Electronics I.CODE devices can be "put to sleep" at point-of-sale, they can also be awakened at any time in the future. Due to public outcry, Benneton has backpedaled on this program, but have yet to definitively state they won't implement it.
This has been a different kind of article than I usually write for The Urbach Letter. Most of my stuff is how-to (six ways to do this, eight ways to do that…). In this one, I'm just warning you about something that may come to be (that is, widespread monitoring of personal tags without your knowledge), without giving you any great solutions…
I'm hoping this heads-up will raise your awareness of the issue, and possibly motivate you to boycott retailers who are willing to compromise your privacy this way. I also hope you'll support legislation to outlaw or strictly control the dissemination of live RFID devices past the cash register.
Do you value your privacy? I do. That's why I'm disturbed by the rapid proliferation of a new technology that can track my whereabouts and place a massive amount of personal information into searchable databases. The technology is RFID – Radio Frequency IDentification tags – tiny devices that may be hidden in many of the things you buy, from shaving razors to clothing to car tires.
You are probably already familiar with some RFID applications like E-Z Pass: the device on your windshield that allows you to pass through a toll booth without stopping to toss a token in the basket. Your probably don't give it much thought, but here's how it works. The tag "transmits" a unique ID number to the toll both receiver. This ID is matched to your account, and the toll is debited. Of course, the time and date is also recorded in a database so it can be listed on your monthly statement. E-Z Pass is very convenient. You probably enjoy zooming past all those chumps backed-up in the cash lanes. But… unless those cash-payers and their license plates are being photographed (possible), they are traveling anonymously. You're not. For sure, there's a permanent record of your passage, accessible to the police, government agencies, private investigators, divorce lawyers, and other unsavory characters. Most people never consider this. I have. But I use E-Z Pass anyway. I also love my Mobil SpeedPass (but keep it in the car ashtray instead of on my keyring – you'll see why in this article).
While I like to keep my private life private (you can read my last article on privacy here), I recognize there's a trade off when driving. I'm willing to give up a little bit of privacy in exchange for the convenience. But I do it with full awareness. Same thing with a cell phone. Even without one of the newer GPS-enabled phones, your whereabouts can be determined with a fair amount of precision by triangulating between cell towers. Any time your phone is on (even if you're not on a call), it's transmitting your ESN (Electronic Serial Number), which can be traced back to you. But you know this. You have the option to go into "stealth mode" by shielding the E-Z Pass tag, switching off your cell phone, paying with cash instead of plastic, using coins in the payphone instead of a calling card, etc. RFID's are different. You have no control over whether they're on or off. You probably don't even know they're there in the first place. An RFID has no on/off switch. Most have no batteries and as a totally "passive device," can "live" forever.
Quasimodo BellringerPassive device. What does that mean? Think of a church bell. Most of the time it just hangs there, silently. However if Quasimodo comes up and strikes the bell with a clanger, it will ring out. The peal is a vibration at the bell's natural frequency. A larger bell will have a lower pitch (frequency) and a smaller bell a higher one. This resonant frequency is a fundamental physical property of the bell. RFID's are the electronic equivalent. Most of the time, they just sit there. However, when "struck" by a radio signal, the RFID will "ring out" its own unique ID code. Clever, no? Manufacturers love high tech RFID's. They're cheap – about a dollar apiece now, although rapid advances in technology will bring them down to a penny or less shortly – and enable products to be tracked all the way through the supply chain. From factory to rail car to warehouse to truck to store, each individual inventory item could be monitored. I have no problem with this part of it. Think about how helpful this could have been during the Tylenol poisoning incident many years ago. Besides, I'm all for making businesses run more efficiently.
The problem exists after the sale. If the RFID is not removed or deactivated at the point of sale, it will live on forever. If the purchase information was recorded, that ID code could easily be linked to your name, address, or even the other items you bought at the pharmacy that day. Does this bother you? It can get much worse in the near future. Luckily, serialized RFID's are not yet widespread (although non-uniquely identified RF devices have been used for years as anti-theft devices). I'm talking about the high-tech varieties in this article. Mass privacy-invading initiatives have not been widely deployed – so far. But all the technological bits and pieces are now in place. Tests are underway, and they're disturbing. The British supermarket chain Tesco has admitted using RFID's embedded in certain products to track customers through its stores. Anyone picking up a pack of Gillette Mach3 razors at the Tesco in Cambridge will have his or her picture taken. The RFID triggers a closed circuit TV camera when a package is removed from the shelf. At checkout, the RFID triggers a second camera. Security staff then compare the images, ostensibly as an anti-theft measure.
RFID DevicesCurrent miniature RFID's have limited "data storage," so they're mainly used like the UPC bar codes on a box of corn flakes. Like a model number rather than a unique serial number. However recent advances have upped this storage capability to enable each item to be individually identified.
One frightening aspect of these individualized RFID tags is that they can be read, silently, by almost "anyone" for any reason they choose. It's not like the original manufacturer has any special key to read the tags. They're in the open. A private investigator, for example, could place a detector in a doorway and covertly track people who revisit an area.
Surely, once large numbers of "live" (i.e. not deactivated/zeroed) RFID's escape into the wild, marketers and database compilers will start to capture and use our personal information – in ways we consumers wouldn't want – if we knew what was happening. Wearing my "marketing guy" hat now, I can tell you this prospect is very appealing, and we marketing-oriented folk are a crafty lot. We'll toe right up to the legal line (if you let us) seeking any competitive advantage available. Putting my consumer hat back on, I can tell you that strongly worded legislation is needed to protect us from potential abuse of this technology. RFID's must be permanently and irreversibly deactivated at the point of sale and/or they must be attached to removable warning tags.
The importance of irreversibility became clear in March of this year when apparel maker/retailer Benneton announced plans to attach millions of washable RFID's in their clothing line. Benneton's so called "Smart Labels" cannot be permanently disabled. While these Philips Electronics I.CODE devices can be "put to sleep" at point-of-sale, they can also be awakened at any time in the future. Due to public outcry, Benneton has backpedaled on this program, but have yet to definitively state they won't implement it.
This has been a different kind of article than I usually write for The Urbach Letter. Most of my stuff is how-to (six ways to do this, eight ways to do that…). In this one, I'm just warning you about something that may come to be (that is, widespread monitoring of personal tags without your knowledge), without giving you any great solutions…
I'm hoping this heads-up will raise your awareness of the issue, and possibly motivate you to boycott retailers who are willing to compromise your privacy this way. I also hope you'll support legislation to outlaw or strictly control the dissemination of live RFID devices past the cash register.
Stop Telemarketing Calls
Stop Telemarketing Calls
Do you hate getting telemarketing calls as much as I do? Like me, I'm sure you resent having to drop everything and run to the phone… only to end up on the receiving end of a high-pressure sales pitch (or just as frequently these days, “dead air,” when the dialing computer can’t match you up with a live telemarketing drone in time). Well, there’s plenty you can do to fight back. Start with these five simple strategies:
1. Get on the “Do Not Call” list
Many states maintain centralized do not call lists. In New York it’s run by the Consumer Protection Board NYS Do Not Call List. Go there now and add yourself to the list, or register by telephone by calling 1-866-622-5569 (there’s no charge in New York, and it’s free or close to free elsewhere). Also, whenever a telemarketer calls, say this phrase: “Place this number on your do-not-call list.” There are exceptions for charities and some others, but most for-profit telemarketers are required to maintain do-not-call lists. If you’ve requested to be on their do-not-call list, they’re liable for a hefty fine (up to $5,000 in NY) if they ever call you again.
Now, the rules are different when I’m in the office, taking calls on my business phone; I’m a bit more tolerant of business-to-business phone solicitations. However, when I’m at home eating dinner and telemarketers attempt to invade my private time with my family, I have a zero-tolerance policy. No matter what the pitch, I have the same response: “I’m not interested.” Quickly followed by, “Put this number on your do-not-call list.” Click.
2. Never buy anything from an inbound telemarketing call
If you do, you’ll be placed on a “sucker list” which will usually be sold to other telemarketing firms, ensuring even more calls. Don’t engage in conversation with telemarketers. Although the majority of them are low-wage employees of huge telemarketing operations, there are some really bad apples out there – con artists with sophisticated ways to invade your privacy and take your money. Not long ago there was a company whose four-word name had the acronym H.O.L.D. During their telemarketing pitch, the phone solicitors would feign an interruption, and casually ask the homeowner, “Can I put you on hold?” By saying yes, the unsuspecting “mark” signed him or herself up for an expensive program offered by the HOLD company!
3. Get out of the phone book
At a bare minimum, call the phone company today and delete your street address from your directory listing. If you want people to still be able to look up your phone number, just list your first initial, last name, and city (women especially should use initials instead of a first name). This will also cut down on the amount of junk mail you’ll receive; if they don’t have your street address, they can’t send bulk mail to you. If you want to reduce calls by telemarketers, then you should get a “true” unlisted number. Unfortunately, this will definitely impair “old friends” from reconnecting with you – and the phone company will slap on an added monthly fee.
4. Get Caller ID with Anonymous Call Rejection (ACR)
If you have ACR on your phone line, you’ll definitely get fewer telemarketing calls. However, your friends who block the display of their phone numbers on caller ID will have to dial *82 before they can get through to you. A minor annoyance to be sure. Here’s info on Verizon’s ACR service. If you’re concerned about privacy (and you should be), then it’s a pretty good idea to block your name and number from being displayed on caller ID. It’s called “All Call Blocking.” Here’s info on ACB. Please note that if you call a toll-free number (800, 888, 877, etc.) or a 900 number, even with ACB, your ID info will still display.
5. Use Appropriate Technology
There are a lot of gadgets out there that claim to help cut down on telemarketing calls. Some are very good solutions to this vexing problem (like the “Easy Hang-up” described in the “Cool Thing of the Month” sidebar). However most are too draconian or disruptive to your normal way of life, requiring callers to enter security codes or leave messages before your phone will actually ring. There’s a new device called the “TeleZapper” (http://www.telezapper.com) that claims to work automatically, sending a signal which tells telemarketing call centers that your phone is disconnected. However, I’ve heard mixed reviews of its effectiveness and can’t endorse it to you yet.
Do you hate getting telemarketing calls as much as I do? Like me, I'm sure you resent having to drop everything and run to the phone… only to end up on the receiving end of a high-pressure sales pitch (or just as frequently these days, “dead air,” when the dialing computer can’t match you up with a live telemarketing drone in time). Well, there’s plenty you can do to fight back. Start with these five simple strategies:
1. Get on the “Do Not Call” list
Many states maintain centralized do not call lists. In New York it’s run by the Consumer Protection Board NYS Do Not Call List. Go there now and add yourself to the list, or register by telephone by calling 1-866-622-5569 (there’s no charge in New York, and it’s free or close to free elsewhere). Also, whenever a telemarketer calls, say this phrase: “Place this number on your do-not-call list.” There are exceptions for charities and some others, but most for-profit telemarketers are required to maintain do-not-call lists. If you’ve requested to be on their do-not-call list, they’re liable for a hefty fine (up to $5,000 in NY) if they ever call you again.
Now, the rules are different when I’m in the office, taking calls on my business phone; I’m a bit more tolerant of business-to-business phone solicitations. However, when I’m at home eating dinner and telemarketers attempt to invade my private time with my family, I have a zero-tolerance policy. No matter what the pitch, I have the same response: “I’m not interested.” Quickly followed by, “Put this number on your do-not-call list.” Click.
2. Never buy anything from an inbound telemarketing call
If you do, you’ll be placed on a “sucker list” which will usually be sold to other telemarketing firms, ensuring even more calls. Don’t engage in conversation with telemarketers. Although the majority of them are low-wage employees of huge telemarketing operations, there are some really bad apples out there – con artists with sophisticated ways to invade your privacy and take your money. Not long ago there was a company whose four-word name had the acronym H.O.L.D. During their telemarketing pitch, the phone solicitors would feign an interruption, and casually ask the homeowner, “Can I put you on hold?” By saying yes, the unsuspecting “mark” signed him or herself up for an expensive program offered by the HOLD company!
3. Get out of the phone book
At a bare minimum, call the phone company today and delete your street address from your directory listing. If you want people to still be able to look up your phone number, just list your first initial, last name, and city (women especially should use initials instead of a first name). This will also cut down on the amount of junk mail you’ll receive; if they don’t have your street address, they can’t send bulk mail to you. If you want to reduce calls by telemarketers, then you should get a “true” unlisted number. Unfortunately, this will definitely impair “old friends” from reconnecting with you – and the phone company will slap on an added monthly fee.
4. Get Caller ID with Anonymous Call Rejection (ACR)
If you have ACR on your phone line, you’ll definitely get fewer telemarketing calls. However, your friends who block the display of their phone numbers on caller ID will have to dial *82 before they can get through to you. A minor annoyance to be sure. Here’s info on Verizon’s ACR service. If you’re concerned about privacy (and you should be), then it’s a pretty good idea to block your name and number from being displayed on caller ID. It’s called “All Call Blocking.” Here’s info on ACB. Please note that if you call a toll-free number (800, 888, 877, etc.) or a 900 number, even with ACB, your ID info will still display.
5. Use Appropriate Technology
There are a lot of gadgets out there that claim to help cut down on telemarketing calls. Some are very good solutions to this vexing problem (like the “Easy Hang-up” described in the “Cool Thing of the Month” sidebar). However most are too draconian or disruptive to your normal way of life, requiring callers to enter security codes or leave messages before your phone will actually ring. There’s a new device called the “TeleZapper” (http://www.telezapper.com) that claims to work automatically, sending a signal which tells telemarketing call centers that your phone is disconnected. However, I’ve heard mixed reviews of its effectiveness and can’t endorse it to you yet.
Identity Theft
Identity Theft
Do you know anyone who’s been the victim of identity theft? It can be a devastating experience, both financially and emotionally. If you’re unlucky enough to have your identity stolen, expect your life to be turned upside-down for months or even years as you attempt to undo the damage inflicted by “the other you.” Your bank and brokerage accounts can be cleaned out, your credit rating trashed, and worse… Identity thieves usually open a new credit card or charge card account using your name, your date of birth, and your Social Security Number (SSN). Or they’ll call your card issuer and, impersonating you, change the mailing address on your account. After requesting a replacement card, the thief goes on a shopping spree, running up charges on “your” account. Because the statements get sent to the new address, you may not realize there’s a problem… until the account becomes seriously delinquent and the collection agencies start to call. Thieves commonly establish cell phone service in your name and run up huge charges. They often open a bank account in your name and write bad checks. All this negative activity is posted on your credit report. Here are nine ways to protect yourself:
1. Keep your Social Security Number on a strict “need to know” basis. Once an identity thief has your SSN, he or she can use it to obtain other ID’s and open accounts in your name. Some doctor’s offices, schools, and other institutions ask you for your SSN for their forms. I politely refuse to comply unless they can show me a good reason for needing it. Never write your SSN on a check. As your check is processed, it’s seen by many eyes… along with your legal name, address, etc. Never supply any personal information (especially not your credit card number, PIN numbers or SSN) to anyone who calls *you*. Legitimate companies *never* call customers asking for info like this. If you’re compelled to respond, get their number, check it against a web site or directory, and call them back.
2. Subscribe to a credit monitoring service. I use Privacy Guard. For only $80 a year, they send me notices of any inquiries or postings to my file in all three major credit reporting agencies, and provide access to full credit reports, DMV record, SSN record, MIB (Medical Information Bureau) record, and more. Well worth it.
3. Buy a shredder. Thanks to Arthur Anderson, paper shredders have gotten a bad name. That’s a shame. There are a lot of things you shouldn’t just throw into the trash: charge card receipts, expired cards, credit application forms, insurance forms, bank/brokerage statements, cancelled checks, and anything with your SSN or account numbers. Shred instead. And, if yours is like most households, you get several “pre-approved” credit card offers in the mail every week. Don’t just toss them in the trash… you’ll make things way too easy for the identity thieves.
4. Know what's on you. Go over to the copy machine right now. Take everything out of your wallet and lay it on the glass: credit cards, license, insurance cards, ID cards, etc. Make a copy. Flip everything over and copy the reverse. (Tip #1: if you put a coin on the glass in one corner, it’ll help you match the front and back of your cards on the copies. Tip #2: if the raised card numbers don’t copy well, run a magic marker over them lightly.) Make sure the customer service phone numbers are legible, then file your copies in a secure place (but one you can still get to quickly if your wallet is ever lost or stolen). Don’t just stuff everything back in your wallet. Take this opportunity to review and remove anything nonessential. DO NOT carry your social security card in your wallet.
5. Secure your incoming and outgoing mail. Consider installing a mail slot or a security mailbox by the curb like this one from Steel Mailbox Co. Don’t leave mail sitting out anywhere if you can avoid it.
6. Be smart about managing your passwords. Many people get lazy and use the same password for everything. Bad idea. Almost as bad as carrying around a card or having a post-it on your computer monitor with all your passwords. Don’t use publicly known info like your birth date, phone number, kid’s name, etc.
7. Buy a file safe. (Preferably a fireproof one.) Bolt it to the floor or have it professionally installed. Next best is a securely locked file cabinet or desk file drawer. Keep your personal information away from maids, service people, and contractors working in your home.
8. Know your cycles. Be aware of your credit card and store charge card billing cycles. Make a call if your bills don’t arrive on time. Contact your cell phone company and other firms where you have credit accounts. Put a password lock on your accounts. This way, changes can’t be made without your knowledge and approval.
9. Secure your computer. Put a firewall on your home computer. Best is a hardware router/firewall *and* a software firewall like ZoneAlarm. Make sure your web browser supports strong (128 bit) encryption. Of course you should also run an antivirus program like Norton or McAfee, and an anti-spyware program like PestPatrol. You should know that password protecting Microsoft Office documents and Quicken files provides very little security. They’re very easily compromised by commonly available “lost password” cracking tools. Take special care to physically secure your laptop computer. Use a Kensington lock in the office and at home.
A missing wallet or purse is more than an inconvenience. It’s a goldmine of information for an identity thief. Therefore, you must do ALL of the following things if your wallet is lost or stolen (especially if it’s stolen):
File a report with your local police precinct. Do this immediately, and be sure to get a copy of the police report – in case you need proof of the loss for your credit card company or bank.
Cancel ALL your credit cards and store charge cards. Then order new cards with *new* account numbers.
Contact the fraud departments at all three of the major credit-reporting agencies: Experian 888-397-3742, Trans-Union 800-680-7289, and Equifax 800-525-6285. Request placement of a “fraud alert” on your account and also include a “victim’s statement.” Also request a copy of your credit reports and review them carefully. Order new copies in two or three months to verify your corrections or changes, and to watch for unauthorized activity (better yet, use a service like Privacy Guard).
Contact your department of motor vehicles, report your driver’s license as missing, and request a new one. If your state uses your SSN as your license ID, see if an alternate ID is available (same thing goes for your college ID or medical card).
If you carry any bank account information or blank checks in your wallet (and you shouldn’t), report the loss to your bank. Cancel your checking and savings accounts. Get new accounts with new numbers, a new ATM/debit card, new checks, and a new Personal Identification Number (PIN). It’s a pain, I know, but nothing compared to the grief of having your identity stolen and your accounts cleaned out!
If you think you’ve been the victim of identity theft, contact the Federal Trade Commission at 877-ID-THEFT (877-438-4338) or use the online ID Theft Affidavit Form.
Do you know anyone who’s been the victim of identity theft? It can be a devastating experience, both financially and emotionally. If you’re unlucky enough to have your identity stolen, expect your life to be turned upside-down for months or even years as you attempt to undo the damage inflicted by “the other you.” Your bank and brokerage accounts can be cleaned out, your credit rating trashed, and worse… Identity thieves usually open a new credit card or charge card account using your name, your date of birth, and your Social Security Number (SSN). Or they’ll call your card issuer and, impersonating you, change the mailing address on your account. After requesting a replacement card, the thief goes on a shopping spree, running up charges on “your” account. Because the statements get sent to the new address, you may not realize there’s a problem… until the account becomes seriously delinquent and the collection agencies start to call. Thieves commonly establish cell phone service in your name and run up huge charges. They often open a bank account in your name and write bad checks. All this negative activity is posted on your credit report. Here are nine ways to protect yourself:
1. Keep your Social Security Number on a strict “need to know” basis. Once an identity thief has your SSN, he or she can use it to obtain other ID’s and open accounts in your name. Some doctor’s offices, schools, and other institutions ask you for your SSN for their forms. I politely refuse to comply unless they can show me a good reason for needing it. Never write your SSN on a check. As your check is processed, it’s seen by many eyes… along with your legal name, address, etc. Never supply any personal information (especially not your credit card number, PIN numbers or SSN) to anyone who calls *you*. Legitimate companies *never* call customers asking for info like this. If you’re compelled to respond, get their number, check it against a web site or directory, and call them back.
2. Subscribe to a credit monitoring service. I use Privacy Guard. For only $80 a year, they send me notices of any inquiries or postings to my file in all three major credit reporting agencies, and provide access to full credit reports, DMV record, SSN record, MIB (Medical Information Bureau) record, and more. Well worth it.
3. Buy a shredder. Thanks to Arthur Anderson, paper shredders have gotten a bad name. That’s a shame. There are a lot of things you shouldn’t just throw into the trash: charge card receipts, expired cards, credit application forms, insurance forms, bank/brokerage statements, cancelled checks, and anything with your SSN or account numbers. Shred instead. And, if yours is like most households, you get several “pre-approved” credit card offers in the mail every week. Don’t just toss them in the trash… you’ll make things way too easy for the identity thieves.
4. Know what's on you. Go over to the copy machine right now. Take everything out of your wallet and lay it on the glass: credit cards, license, insurance cards, ID cards, etc. Make a copy. Flip everything over and copy the reverse. (Tip #1: if you put a coin on the glass in one corner, it’ll help you match the front and back of your cards on the copies. Tip #2: if the raised card numbers don’t copy well, run a magic marker over them lightly.) Make sure the customer service phone numbers are legible, then file your copies in a secure place (but one you can still get to quickly if your wallet is ever lost or stolen). Don’t just stuff everything back in your wallet. Take this opportunity to review and remove anything nonessential. DO NOT carry your social security card in your wallet.
5. Secure your incoming and outgoing mail. Consider installing a mail slot or a security mailbox by the curb like this one from Steel Mailbox Co. Don’t leave mail sitting out anywhere if you can avoid it.
6. Be smart about managing your passwords. Many people get lazy and use the same password for everything. Bad idea. Almost as bad as carrying around a card or having a post-it on your computer monitor with all your passwords. Don’t use publicly known info like your birth date, phone number, kid’s name, etc.
7. Buy a file safe. (Preferably a fireproof one.) Bolt it to the floor or have it professionally installed. Next best is a securely locked file cabinet or desk file drawer. Keep your personal information away from maids, service people, and contractors working in your home.
8. Know your cycles. Be aware of your credit card and store charge card billing cycles. Make a call if your bills don’t arrive on time. Contact your cell phone company and other firms where you have credit accounts. Put a password lock on your accounts. This way, changes can’t be made without your knowledge and approval.
9. Secure your computer. Put a firewall on your home computer. Best is a hardware router/firewall *and* a software firewall like ZoneAlarm. Make sure your web browser supports strong (128 bit) encryption. Of course you should also run an antivirus program like Norton or McAfee, and an anti-spyware program like PestPatrol. You should know that password protecting Microsoft Office documents and Quicken files provides very little security. They’re very easily compromised by commonly available “lost password” cracking tools. Take special care to physically secure your laptop computer. Use a Kensington lock in the office and at home.
A missing wallet or purse is more than an inconvenience. It’s a goldmine of information for an identity thief. Therefore, you must do ALL of the following things if your wallet is lost or stolen (especially if it’s stolen):
File a report with your local police precinct. Do this immediately, and be sure to get a copy of the police report – in case you need proof of the loss for your credit card company or bank.
Cancel ALL your credit cards and store charge cards. Then order new cards with *new* account numbers.
Contact the fraud departments at all three of the major credit-reporting agencies: Experian 888-397-3742, Trans-Union 800-680-7289, and Equifax 800-525-6285. Request placement of a “fraud alert” on your account and also include a “victim’s statement.” Also request a copy of your credit reports and review them carefully. Order new copies in two or three months to verify your corrections or changes, and to watch for unauthorized activity (better yet, use a service like Privacy Guard).
Contact your department of motor vehicles, report your driver’s license as missing, and request a new one. If your state uses your SSN as your license ID, see if an alternate ID is available (same thing goes for your college ID or medical card).
If you carry any bank account information or blank checks in your wallet (and you shouldn’t), report the loss to your bank. Cancel your checking and savings accounts. Get new accounts with new numbers, a new ATM/debit card, new checks, and a new Personal Identification Number (PIN). It’s a pain, I know, but nothing compared to the grief of having your identity stolen and your accounts cleaned out!
If you think you’ve been the victim of identity theft, contact the Federal Trade Commission at 877-ID-THEFT (877-438-4338) or use the online ID Theft Affidavit Form.
How to Keep Your Life Private
How to Keep Your Private Life Private
Not that long ago, it was possible for a person like you to lead a nice, quiet, private life. Once outside a small town, you could go about your business and pursue your personal affairs without leaving “tracks” – permanent records of where you’ve been, who you’ve talked to, and what you own. No longer. Privacy is dead. Now, nearly every detail of our lives is open to discovery, inspection, or in many cases, exploitation by people and organizations with criminal intent. A frighteningly large database of information about you has already been compiled by governmental agencies and private companies – and they’re adding more info to your file every single day. Despite advertisements that proclaim how much they "care" about you, your "friendly" bank, broker, and insurance company do not have your best interests at heart. Information is power; they will use it to derive maximum profitability from their dealings with you... while remaining within some narrow definition of the law. Even worse, there are many opportunities for criminals to access this information in order to cheat and victimize you. Last month I wrote about the rapidly-growing crime of identity theft – which can only occur when your personal information falls into the wrong hands. You have good reason to be concerned. Fortunately, there are steps you can take to radically lower your risk of being exploited.
Many of the strategies for preventing identity theft and for avoiding telemarketing calls I’ve written about in past issues of The Urbach Letter are also appropriate for protecting your personal privacy. These include:
*
Get on “Do Not Call” lists.
*
Alter your phone directory listing.
*
Restrict access to your Social Security Number.
*
Subscribe to a credit monitoring service.
*
Buy a shredder (cross-cut are best).
*
Limit access to your inbound and outbound postal mail.
*
Physically and electronically secure your computer (very important).
Here are a dozen additional things you can do to protect your privacy. I realize that not all of them will be appropriate for your personal situation, but each one will help lower your profile, and many will have side benefits, like reducing the amount of junk mail clogging your mailbox:
1. Check the online directories. Visit the major online phone directories (SuperPages, Bigfoot Whitepages, etc.) and do a search for yourself. Even if you’re unlisted in the current paper white pages, you’ll often show up in the online directories from prior years’ listings – and you’ll probably be disturbed to see your full address, plus a map with driving directions to your house. Use this link for instructions on how to get yourself unlisted from the online directories: Unlisting Instructions.
2. Opt out whenever you are given the chance. By now you’ve received a privacy statement in all your bank and brokerage statements, insurance premium notices, department store charge card bills, Visa, MasterCard, Amex, Discover bills, etc. They’re all required by law to notify you of their privacy policies and give you the option to restrict how the information they’ve collected about you can be used. But… they don’t have to make it easy! It should just be a checkbox on the reply slip in the payment envelope or an 800 number to call. Instead, in the fine print, you are often instructed to write to a different address, list account numbers, etc. Even though it’s somewhat of a pain, opt out whenever you’re given the opportunity. You’re not being compensated by these companies – who are exploiting your private information – so why in the world would you want to participate in the violation of your personal privacy?
3. Never fill in warranty cards. There is absolutely no reason to fill in the demographic (age, sex, income) or lifestyle fields (preferences, hobbies, interests, pets, etc.). In the vast majority of cases, you do not need to send in the card at all. Your purchase receipt is all that’s needed to make a warranty claim. While it’s true that returning the card with basic “name, rank, and serial number” information will enable the company to notify you about a product recall, this occurs so rarely, it’s ordinarily not an issue. (There are important exceptions like cribs, strollers, bicycles, etc.) However – and I guarantee this – if you supply demographic/lifestyle info, it’s going to be sold to a mailing list company.
4. Look yourself up on the web. Start with Google (http://www.google.com) and type your full name into the search field (in quotes, e.g.: “John Jacobsen.”) Please note, if you have a somewhat common name, you’re going to get thousands of matches – and you’ll need to do a more sophisticated search (in combination with other identifying terms like your hometown). If your name is somewhat uncommon (like “Victor Urbach”) you may find a surprising number of “hits” that refer specifically to you. Some people call this exercise a “vanity search” but you may uncover some links that reveal disturbing personal data. You may or may not be able to get these links deleted (and nearly everything on the web is archived to some extent), however, you can still make things more difficult for the bad guys.
5. Avoid "Preferred Customer" clubs. I don't register for any of these "discount programs" at my supermarket, pharmacy, office supply store, etc. It's not so much that I'm concerned my brand preference for laundry detergent or copy paper is being tracked and compiled, I just object on principle – and fear the data gathered will be aggregated with other databases in the future, with unknown consequences. Besides, I find the supposed "specials" not so special, and the "discounts" still available just by saying "no" when the clerk asks, "Do you have a CVS card?" However, please be aware that your purchases can still be tracked if you pay by check or credit card. As usual, for maximum anonymity, pay with cash.
6. Secure your medical records. Negative information in your medical records can have problematic effects beyond what you'd expect. Aside being denied health insurance coverage or payment of claims, your employer and other non-medical organizations can sometimes access your file. Here are several things you should know:
* Get a copy of your MIB report. No, this has nothing to do with "Men In Black." MIB is the Medical Information Bureau, a central database accessed by many insurance companies. Write to: MIB, Box 105, Essex Station, Boston, MA, 02112 or call 617-426-3660.
* Review your HMO and Medicare/Medicaid files yearly. If you find incorrect, embarrassing, or outdated entries, petition to have them removed or corrected.
* Send a letter to your physician. Ask that your doctor and/or staff only give out the minimum amount of information that's requested by an insurance company or other third party. Without this instruction, many medical offices will hand over your entire file, without considering the potential consequences.
* Never sign a "Blanket Waiver." If you do, it'll authorize the release of ALL information regarding your lifetime medical history, symptoms, findings, and exam results. If you need to sign a release, be sure to edit the wording to restrict its scope and duration (that is, limit it to records from a specific doctor or hospital, and put an expiration date on the release).
* If you need treatment for a sensitive condition, like depression, alcoholism, drug abuse, sexually-transmitted disease, etc., seek treatment at a non-employer-sponsored program. While there is *supposed* to be confidentiality, plenty of abuses occur. If you still wish to be treated at a company-sponsored facility, get written confirmation of confidentiality *before* discussing anything with a counselor.
7. Be aware of how you are monitored at work. Your employer has the legal right to monitor your inbound and outbound email, voice mail, hard-drive contents, and (non-personal) telephone calls. Find out what's actively being monitored at your company and adjust your at-work behavior accordingly. See if you can check your personnel file every six months or so. Most of us still remember the grade school fear that one of our misdeeds would be recorded for perpetuity on our "Permanent Record." The not so funny part is that disciplinary actions and negative/sensitive information are commonly recorded in your real permanent record: your personnel file. If you can determine that it's tainted by these entries, negotiate to have them removed after a reasonable period of time.
8. Not everybody needs to know your birthday. You might think this is a minor point. It's not. While (I hope) you know to restrict access to your Social Security Number, many people give out their birth date to anyone who asks. Here's why you shouldn't. Even though your full name is already listed in thousands of databases, often it's just a name, and doesn't mean much. There are likely thousands of other people who share your name. If you ever find yourself in a position where you need to markedly lower your profile, a person seeking you with only knowledge of your name will have a hard time tracking you down. However, armed with both your name and birth date, any competent private investigator will find you in less than a day. Your friends and family already know your birthday. Very few other people need to know it. While you should be honest on insurance or loan applications, or on government forms, consider making an "honest mistake" everywhere else. Privacy expert J.J. "Jack" Luna recommends transposing the month and day when writing your birth date. For example, if your birth date is June 12, 1951, write it as 12/6/51. While this only works if you were born on one of the first twelve days of the month, it's easy to claim you made an innocent mistake if challenged. (Outside of the US and Canada, dates are commonly written day first, month second.) Another approach is to "swap" birthdates with a family member.
9. Guard your driver's license. Your driver's license shows your home address, and it's better for strangers not to know that bit of information. Especially when you're traveling. Don't put your license in that plastic window in your wallet. One private eye found out a target's address by asking him to break a $10 bill. When he opened his wallet, the PI spotted the information he needed. (It goes without saying that your luggage tags shouldn't have an externally visible address on them. Get the kind that hides it inside the tag.) Consider using a P.O. Box or office address on your license if your state's DMV allows it.
10. Choose the right telephone for secure calls. If you need to have a truly private conversation with someone, do not use your home, office, or regular cell phone. Use a prepaid phone card at a payphone if your call requires extra security. Or consider getting a prepaid cell phone. Even though the cell phone call could be intercepted and recorded, prepaid cell phone calls can't be traced to you. By the way, I learned this from watching an episode of the Sopranos (and verified it afterwards). But I sure hope you'll have a more benevolent reason than Tony for wanting to have a private talk with someone! By the way, even though wiretaps on your landline phone are rare, and require a court order, your phone company records are not legally protected. So while your conversation might be private, it's not that hard to find out to whom you've been talking.
11. Keep your email and web surfing private. I hope you already know that ordinary emails sent from either your home or workplace are not secure at all. If you want email privacy, sign up with Lok.Mail. You'll get military-strength crypto with 1024 bit PGP encryption; however both you and your recipient will need to use Lok.Mail addresses. Your web surfing behavior is easily tracked by anyone with the right technical smarts. If you're concerned about this, consider using Anonymizer.com. for just thirty bucks a year, you'll be become invisible to the web sites you visit, and nothing you see or download can be tracked back to you. It's the best way to surf at work without being monitored. Ad blocking and pop-up stopping are built-in to the service, as is cookie control. However, If you don't want to use Anonymizer, it's a good idea to clear your browser's Internet history on a regular basis. Otherwise, anyone with access to your PC can just click the "history" button and find all the sites you've visited recently. For a higher level of scrubbing, use Internet Trace Destructor. It comes with an electronic "shredder" that destroys all traces of deleted files, according to U.S. Department of Defense standards.
12. Lower your car's profile. You can't hide your license plate number, and that presents a problem. Let's say your car is parked in an airport long-term parking lot while you're out of town. It's very easy to "run" your plate number and get your home address from the DMV registration – another good reason to use a P.O. Box or office address on your vehicle's registration. Also, you should be aware that bumper stickers proclaiming affiliation to specific groups or schools, and parking stickers listing specific organizations can provide an "evil doer" with information that he or she really shouldn't have. This is all the more important if you drive a high-end vehicle, and are therefore a more likely target for both criminal attack and frivolous lawsuits.
So... you have a lot of ways to protect yourself. However before you start employing these strategies, it's important to recognize that achieving privacy entails trade-offs. Most of us lead two separate lives: our public life (associated with our business, the organizations we participate in, our avocations, and our communities), and our private home life with our families. For many people, there are good reasons to maintain a relatively high public profile. Being well-known in our communities and industries has many benefits. Woody Allen once said, “80% of success is just showing up.” While I disagree with the 80% part, Woody’s law largely holds. When you’re a high-profile individual within your “community” (business/industry or town), many interesting opportunities spontaneously open up to you. You become “magnetized,” and attract people who can help you achieve the things you want out of life. The challenge is to lower your private profile without disappearing altogether. You’ll have to decide, for example, whether to have an unlisted home telephone number.
Remember, it’s your right to keep your personal information on a “need to know” basis. Your private information has substantial value – that’s why so many people are trying to collect it. You are under no obligation to provide them with the details of your life.
Not that long ago, it was possible for a person like you to lead a nice, quiet, private life. Once outside a small town, you could go about your business and pursue your personal affairs without leaving “tracks” – permanent records of where you’ve been, who you’ve talked to, and what you own. No longer. Privacy is dead. Now, nearly every detail of our lives is open to discovery, inspection, or in many cases, exploitation by people and organizations with criminal intent. A frighteningly large database of information about you has already been compiled by governmental agencies and private companies – and they’re adding more info to your file every single day. Despite advertisements that proclaim how much they "care" about you, your "friendly" bank, broker, and insurance company do not have your best interests at heart. Information is power; they will use it to derive maximum profitability from their dealings with you... while remaining within some narrow definition of the law. Even worse, there are many opportunities for criminals to access this information in order to cheat and victimize you. Last month I wrote about the rapidly-growing crime of identity theft – which can only occur when your personal information falls into the wrong hands. You have good reason to be concerned. Fortunately, there are steps you can take to radically lower your risk of being exploited.
Many of the strategies for preventing identity theft and for avoiding telemarketing calls I’ve written about in past issues of The Urbach Letter are also appropriate for protecting your personal privacy. These include:
*
Get on “Do Not Call” lists.
*
Alter your phone directory listing.
*
Restrict access to your Social Security Number.
*
Subscribe to a credit monitoring service.
*
Buy a shredder (cross-cut are best).
*
Limit access to your inbound and outbound postal mail.
*
Physically and electronically secure your computer (very important).
Here are a dozen additional things you can do to protect your privacy. I realize that not all of them will be appropriate for your personal situation, but each one will help lower your profile, and many will have side benefits, like reducing the amount of junk mail clogging your mailbox:
1. Check the online directories. Visit the major online phone directories (SuperPages, Bigfoot Whitepages, etc.) and do a search for yourself. Even if you’re unlisted in the current paper white pages, you’ll often show up in the online directories from prior years’ listings – and you’ll probably be disturbed to see your full address, plus a map with driving directions to your house. Use this link for instructions on how to get yourself unlisted from the online directories: Unlisting Instructions.
2. Opt out whenever you are given the chance. By now you’ve received a privacy statement in all your bank and brokerage statements, insurance premium notices, department store charge card bills, Visa, MasterCard, Amex, Discover bills, etc. They’re all required by law to notify you of their privacy policies and give you the option to restrict how the information they’ve collected about you can be used. But… they don’t have to make it easy! It should just be a checkbox on the reply slip in the payment envelope or an 800 number to call. Instead, in the fine print, you are often instructed to write to a different address, list account numbers, etc. Even though it’s somewhat of a pain, opt out whenever you’re given the opportunity. You’re not being compensated by these companies – who are exploiting your private information – so why in the world would you want to participate in the violation of your personal privacy?
3. Never fill in warranty cards. There is absolutely no reason to fill in the demographic (age, sex, income) or lifestyle fields (preferences, hobbies, interests, pets, etc.). In the vast majority of cases, you do not need to send in the card at all. Your purchase receipt is all that’s needed to make a warranty claim. While it’s true that returning the card with basic “name, rank, and serial number” information will enable the company to notify you about a product recall, this occurs so rarely, it’s ordinarily not an issue. (There are important exceptions like cribs, strollers, bicycles, etc.) However – and I guarantee this – if you supply demographic/lifestyle info, it’s going to be sold to a mailing list company.
4. Look yourself up on the web. Start with Google (http://www.google.com) and type your full name into the search field (in quotes, e.g.: “John Jacobsen.”) Please note, if you have a somewhat common name, you’re going to get thousands of matches – and you’ll need to do a more sophisticated search (in combination with other identifying terms like your hometown). If your name is somewhat uncommon (like “Victor Urbach”) you may find a surprising number of “hits” that refer specifically to you. Some people call this exercise a “vanity search” but you may uncover some links that reveal disturbing personal data. You may or may not be able to get these links deleted (and nearly everything on the web is archived to some extent), however, you can still make things more difficult for the bad guys.
5. Avoid "Preferred Customer" clubs. I don't register for any of these "discount programs" at my supermarket, pharmacy, office supply store, etc. It's not so much that I'm concerned my brand preference for laundry detergent or copy paper is being tracked and compiled, I just object on principle – and fear the data gathered will be aggregated with other databases in the future, with unknown consequences. Besides, I find the supposed "specials" not so special, and the "discounts" still available just by saying "no" when the clerk asks, "Do you have a CVS card?" However, please be aware that your purchases can still be tracked if you pay by check or credit card. As usual, for maximum anonymity, pay with cash.
6. Secure your medical records. Negative information in your medical records can have problematic effects beyond what you'd expect. Aside being denied health insurance coverage or payment of claims, your employer and other non-medical organizations can sometimes access your file. Here are several things you should know:
* Get a copy of your MIB report. No, this has nothing to do with "Men In Black." MIB is the Medical Information Bureau, a central database accessed by many insurance companies. Write to: MIB, Box 105, Essex Station, Boston, MA, 02112 or call 617-426-3660.
* Review your HMO and Medicare/Medicaid files yearly. If you find incorrect, embarrassing, or outdated entries, petition to have them removed or corrected.
* Send a letter to your physician. Ask that your doctor and/or staff only give out the minimum amount of information that's requested by an insurance company or other third party. Without this instruction, many medical offices will hand over your entire file, without considering the potential consequences.
* Never sign a "Blanket Waiver." If you do, it'll authorize the release of ALL information regarding your lifetime medical history, symptoms, findings, and exam results. If you need to sign a release, be sure to edit the wording to restrict its scope and duration (that is, limit it to records from a specific doctor or hospital, and put an expiration date on the release).
* If you need treatment for a sensitive condition, like depression, alcoholism, drug abuse, sexually-transmitted disease, etc., seek treatment at a non-employer-sponsored program. While there is *supposed* to be confidentiality, plenty of abuses occur. If you still wish to be treated at a company-sponsored facility, get written confirmation of confidentiality *before* discussing anything with a counselor.
7. Be aware of how you are monitored at work. Your employer has the legal right to monitor your inbound and outbound email, voice mail, hard-drive contents, and (non-personal) telephone calls. Find out what's actively being monitored at your company and adjust your at-work behavior accordingly. See if you can check your personnel file every six months or so. Most of us still remember the grade school fear that one of our misdeeds would be recorded for perpetuity on our "Permanent Record." The not so funny part is that disciplinary actions and negative/sensitive information are commonly recorded in your real permanent record: your personnel file. If you can determine that it's tainted by these entries, negotiate to have them removed after a reasonable period of time.
8. Not everybody needs to know your birthday. You might think this is a minor point. It's not. While (I hope) you know to restrict access to your Social Security Number, many people give out their birth date to anyone who asks. Here's why you shouldn't. Even though your full name is already listed in thousands of databases, often it's just a name, and doesn't mean much. There are likely thousands of other people who share your name. If you ever find yourself in a position where you need to markedly lower your profile, a person seeking you with only knowledge of your name will have a hard time tracking you down. However, armed with both your name and birth date, any competent private investigator will find you in less than a day. Your friends and family already know your birthday. Very few other people need to know it. While you should be honest on insurance or loan applications, or on government forms, consider making an "honest mistake" everywhere else. Privacy expert J.J. "Jack" Luna recommends transposing the month and day when writing your birth date. For example, if your birth date is June 12, 1951, write it as 12/6/51. While this only works if you were born on one of the first twelve days of the month, it's easy to claim you made an innocent mistake if challenged. (Outside of the US and Canada, dates are commonly written day first, month second.) Another approach is to "swap" birthdates with a family member.
9. Guard your driver's license. Your driver's license shows your home address, and it's better for strangers not to know that bit of information. Especially when you're traveling. Don't put your license in that plastic window in your wallet. One private eye found out a target's address by asking him to break a $10 bill. When he opened his wallet, the PI spotted the information he needed. (It goes without saying that your luggage tags shouldn't have an externally visible address on them. Get the kind that hides it inside the tag.) Consider using a P.O. Box or office address on your license if your state's DMV allows it.
10. Choose the right telephone for secure calls. If you need to have a truly private conversation with someone, do not use your home, office, or regular cell phone. Use a prepaid phone card at a payphone if your call requires extra security. Or consider getting a prepaid cell phone. Even though the cell phone call could be intercepted and recorded, prepaid cell phone calls can't be traced to you. By the way, I learned this from watching an episode of the Sopranos (and verified it afterwards). But I sure hope you'll have a more benevolent reason than Tony for wanting to have a private talk with someone! By the way, even though wiretaps on your landline phone are rare, and require a court order, your phone company records are not legally protected. So while your conversation might be private, it's not that hard to find out to whom you've been talking.
11. Keep your email and web surfing private. I hope you already know that ordinary emails sent from either your home or workplace are not secure at all. If you want email privacy, sign up with Lok.Mail. You'll get military-strength crypto with 1024 bit PGP encryption; however both you and your recipient will need to use Lok.Mail addresses. Your web surfing behavior is easily tracked by anyone with the right technical smarts. If you're concerned about this, consider using Anonymizer.com. for just thirty bucks a year, you'll be become invisible to the web sites you visit, and nothing you see or download can be tracked back to you. It's the best way to surf at work without being monitored. Ad blocking and pop-up stopping are built-in to the service, as is cookie control. However, If you don't want to use Anonymizer, it's a good idea to clear your browser's Internet history on a regular basis. Otherwise, anyone with access to your PC can just click the "history" button and find all the sites you've visited recently. For a higher level of scrubbing, use Internet Trace Destructor. It comes with an electronic "shredder" that destroys all traces of deleted files, according to U.S. Department of Defense standards.
12. Lower your car's profile. You can't hide your license plate number, and that presents a problem. Let's say your car is parked in an airport long-term parking lot while you're out of town. It's very easy to "run" your plate number and get your home address from the DMV registration – another good reason to use a P.O. Box or office address on your vehicle's registration. Also, you should be aware that bumper stickers proclaiming affiliation to specific groups or schools, and parking stickers listing specific organizations can provide an "evil doer" with information that he or she really shouldn't have. This is all the more important if you drive a high-end vehicle, and are therefore a more likely target for both criminal attack and frivolous lawsuits.
So... you have a lot of ways to protect yourself. However before you start employing these strategies, it's important to recognize that achieving privacy entails trade-offs. Most of us lead two separate lives: our public life (associated with our business, the organizations we participate in, our avocations, and our communities), and our private home life with our families. For many people, there are good reasons to maintain a relatively high public profile. Being well-known in our communities and industries has many benefits. Woody Allen once said, “80% of success is just showing up.” While I disagree with the 80% part, Woody’s law largely holds. When you’re a high-profile individual within your “community” (business/industry or town), many interesting opportunities spontaneously open up to you. You become “magnetized,” and attract people who can help you achieve the things you want out of life. The challenge is to lower your private profile without disappearing altogether. You’ll have to decide, for example, whether to have an unlisted home telephone number.
Remember, it’s your right to keep your personal information on a “need to know” basis. Your private information has substantial value – that’s why so many people are trying to collect it. You are under no obligation to provide them with the details of your life.
Thursday, November 20, 2008
SPEED TRAPS!
Speed Traps
Nothing is worse than coasting down the highway then seeing those familiar blue lights in your rear view mirror; those lights are a clear indication that you are being pulled over. Perhaps your first thought is to get out of the way of the officer so he can pass you to pull over the culprit then you realize when he pulls directly behind you with his lights still flashing blindly you are the "culprit". Your second thought is probably "what did I do wrong?" still not realizing you were speeding.
Let's face it, speeding is something most of us do and sometimes most of us don't realize we are doing it. We're just cruising along with the rest of the traffic and happen to be the unlucky one who gets pulled over next to receive a ticket.
Our law enforcement officers are simply doing their job but there are some things we can do to educate ourselves to avoid the speed traps that they set for us. Before you take that next trip down the highway check out these interesting sites that will allow you to locate the speed traps before you have to learn the hard way:
http://www.beartraps.com
http://www.speedtrap.org/
Nobody wants to be on the receiving end of an officer handing you a ticket because you can bet it's not going to be to the Policeman's Ball.
Nothing is worse than coasting down the highway then seeing those familiar blue lights in your rear view mirror; those lights are a clear indication that you are being pulled over. Perhaps your first thought is to get out of the way of the officer so he can pass you to pull over the culprit then you realize when he pulls directly behind you with his lights still flashing blindly you are the "culprit". Your second thought is probably "what did I do wrong?" still not realizing you were speeding.
Let's face it, speeding is something most of us do and sometimes most of us don't realize we are doing it. We're just cruising along with the rest of the traffic and happen to be the unlucky one who gets pulled over next to receive a ticket.
Our law enforcement officers are simply doing their job but there are some things we can do to educate ourselves to avoid the speed traps that they set for us. Before you take that next trip down the highway check out these interesting sites that will allow you to locate the speed traps before you have to learn the hard way:
http://www.beartraps.com
http://www.speedtrap.org/
Nobody wants to be on the receiving end of an officer handing you a ticket because you can bet it's not going to be to the Policeman's Ball.
Free Annual Credit Report
California consumers can now receive free copies of their reports once every 12 months thanks to the Fair and Accurate Credit Transactions (FACT) Act.
Go online www.annualcreditreport.com or call (877) 322-8228
Or mail a standardized form which you can get at www.ftc.gov/credit Click on “New Law Promotes Access to Free Credit Reports” then click on “Annual Credit Report Request Form”
Mail to:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta GA 30348-5281
Go online www.annualcreditreport.com or call (877) 322-8228
Or mail a standardized form which you can get at www.ftc.gov/credit Click on “New Law Promotes Access to Free Credit Reports” then click on “Annual Credit Report Request Form”
Mail to:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta GA 30348-5281
The Secret To Removing A Chapter 7 Bankruptcy Permanently
In today’s article I’m going to show you a way to easily and legally remove a Chapter 7 bankruptcy from your credit reports.
Unlike other negative information which stays on your credit report for 7 years, bankruptcy can be reported for up to 10 years.
Bankruptcy courts keep cases active for a period of two years before placing them on microfiche.
If your Chapter 7 bankruptcy has aged at least 27 months since the date of discharge, you’re in a great position to make it disappear forever, simply file disputes with the credit bureaus indicating that your bankruptcy was a Chapter 13 and not a Chapter 7.
You need not provide any documentation to support your dispute; the burden of proof is on the government.
Bankruptcy courts do not respond to requests for verification on cases which has been archived to microfiche, as a result the credit bureaus are required by law to delete the bankruptcy permanently.
Unlike other negative information which stays on your credit report for 7 years, bankruptcy can be reported for up to 10 years.
Bankruptcy courts keep cases active for a period of two years before placing them on microfiche.
If your Chapter 7 bankruptcy has aged at least 27 months since the date of discharge, you’re in a great position to make it disappear forever, simply file disputes with the credit bureaus indicating that your bankruptcy was a Chapter 13 and not a Chapter 7.
You need not provide any documentation to support your dispute; the burden of proof is on the government.
Bankruptcy courts do not respond to requests for verification on cases which has been archived to microfiche, as a result the credit bureaus are required by law to delete the bankruptcy permanently.
Wednesday, November 19, 2008
HOW TO GET OUT OF CHEXSYSTEMS!
HOW TO GET OUT OF CHEXSYSTEMS!
If you’re currently having trouble getting a checking account because you’ve been
reported to ChexSystems, you may have more options than you think.
Basically, a bank can arbitrarily decide to punish you if it suspects you have
"misbehaved" with your checking account. It's called "Chex Systems" and once you
are in this system you cannot have a checking account for five years.
If you don't balance your checkbook and you commit overdrafts, there is a reason
behind the bank's decision. But if you make a mistake or the bank makes a
mistake, there is no recourse.
Say you move and close your account and a check bounces later, there should be
an alternative. But right now there is not. If you get put into Chex Systems, there is no appeals process.
It's highly controversial and consumer advocates have been fighting it for years.
Under recent revisions to the Fair Credit Reporting Act, you can now appeal to Chex
System itself. But the banks can still send you to Chex Systems prison on a whim.
Thankfully, about a dozen states around the country allow you to get out of the
program by taking a course in budgeting and handling finances. You receive a
voucher to go open a checking account once you finish the course.
Go to getchecking.org to see which states offer the class. But if you live in a state
that does not have this "out," appeal to Chex Systems directly.
If you are not in a state that offers Get Checking, you will have to dispute items on
your own.
How to get off ChexSystems
Don't pay a service to send a letter to get removed from ChexSystems. Free
information. Beat ChexSystems! Survive while on ChexSystems! Get a second
chance! Open a non ChexSystems bank account now
Request a copy of your report in by writing directly to ChexSystems at the
following address:
ChexSystems Customer Service
12005 Ford Road, Suite 600
Dallas, TX 75234-7253
Fax: (972) 241-4772
Local (972) 280-8585
ChexSystems toll free phone number
(800) 428-9623 or (800) 513-7125
Visit chexhelp.com and order a copy of your ChexSystems report. This will allow
you to find out what caused you to be placed on their system. This will also give
you a Consumer ID number. If the information on the report is not a true
representation of the facts use the following information to resolve a dispute
Letter 1: Ask them to verify the information
Inform ChexSystems that you have reviewed your report and are unaware of this
negative listing occurring (if you dispute it). Ask them to validate the information
from the bank, and send copies of any documentation they have regarding this
listing that bear your signature, at the same time ask to have the information
deleted from the file under your social security number. (This could be your only
letter.) This maybe enough to have them remove your name from the system.
Keep a copy of the letter for your files and send the original letter Certified Mail
return receipt requested. This will become a legal document. You will want proof
when it was sent out because ChexSystems is required to contact you in 30 days
or delete the listing.
Letter 2: If your dispute was verified yet inaccurate
Inform ChexSystems that you wish to have a description of the procedure used to
determine that the information they sent you was valid. Looking at a computer
screen does not make it valid. Also, request a listing of the names, addresses and
telephone numbers of the people they contacted at the listing bank. There may be
identity fraud involved. Contact the bank and verify the legitimacy of the listing.
I was informed that mentioning to any credit bureau, that you are aware of
Wenger v. Trans Union Corp., No. 95-6445 (C.D.Cal. Nov. 14, 1995) may help.
You will want to request that they respond to your letter in 30 days (may vary by
state). State in your letter, if you are not contacted in 30 days you will contact the
FTC and your state Attorney General's office. This may get some results.
If your letter has been responded to in 30 days and was verified accurate
If you legitimately owe the money, pay it. Some banks will accept people for
checking accounts once the debt has been resolved. If the debt is resolved and
you still can't get a checking account, you may try a small claims action for the
costs of cashing checks and buying money orders. No promises! Ask an attorney or
legal aid society in your state about the specifics in your case before you do!
If your letter has not been responded to within 30 days
Checkout the FTC website for specific information on non complying credit
bureaus. Federal Trade Commission Home
Once ChexSystems has removed the negative listing (s)
As soon as you receive a notice from chexsystems that your account has been
cleared open several checking accounts. It is possible that chexsystems will allow
the disputed claim to creep back on to your report. You will want to have an
account opened by then. Some banks check chexsystems within the first 30 days
of an account being opened. You would not want to take the chance of your
account being closed
If the date of the listing from a credit agency is incorrect
The FTC website just won a Civil Penalty against a collection agency for violation of
the FCRA. Include a copy of this article in your letter to the agency. NCO Group to
Pay Largest FCRA Civil Penalty to Date.
NON CHEXSYSTEMS BANKS
FSNB
www.fsnb.com
(800) 749-4583 ask for new accounts
FSNB is now open to anyone regardless of your location. Take advantage of this
while you can. It may not last.
They DO have online banking/access, however you have to call them and ask for
new accounts. Tell them that you wish to open a checking account. They will send
an application to you.
You will probably get an ATM debit card at first, good at any ATM for cash
withdrawal. After 4 months, you will be eligible for the Visa debit card.
**If you set up DIRECT DEPOSIT, after your second deposit hits, call them up and
ask them to send you a VISA debit card.
Also if you have direct deposit with them, you can get an advance for a $14 fee. It’s
called a temporary overdraft.
*No credit checks
*No applications
They give you an advance, up the lowest of your last 2 deposits for a $14 fee.
USAA FEDERAL SAVINGS BANK
www.usaa.com
USAA uses Tele check not Chex Systems.
Anyone can get an account with USAA. This is an internet bank. You do not have to
be in the military to get an account with USAA. Simply call them and tell them you
need a membership number to get a checking account. If you can give them the
initial deposit of $50 over the phone using a credit card, they will have your account up and running in 2 days. Some have been known to get their checks and Visa
debit cards in under a week!
They also send you postage paid envelopes for deposits. There are cash back
rebates made on all purchases made as a credit card purchase.
SAMPLE CHEXSYSTEMS DISPUTE OF ANY NON-ACCURATE ITEM
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute.
DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
I have received a copy of my ChexSystems report, and I am writing to notify you that the following information is incorrect:
Bank Name
Date
[Indicate: wrong amount, wrong date, this is not your credit line, you do not have a credit listing with this bank, this account was paid off, the dates are wrong, or other reasons you would like this listing verified.]
[Itemize: each correction using the same format]
Based on this, please delete this information and send written confirmation that you have done so to the address above.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS DISPUTE FOR 30-DAY TIME EXPIRED
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO I\JOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
In a letter dated [Insert: date of first letter], I requested that you correct the following information
in my ChexSystems report:
[List: errors indicated in first letter]
To date, I have not received confirmation that you have done so.
As 30 days have now passed, this letter is my formal demand to be removed from the ChexSystems database. Please note that your failure to do so violates the Fair Credit Reporting Act.
Please immediately send confirmation of the deletion to the address above.
If I do not hear from you within ten business days, I am prepared to take legal action to remedy the situation.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS 1S-DAY METHOD OF VERIFICATION REQUEST
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Date
RE: Consumer 10 # [your consumer 10 # here]
Dear Consumer Relations Dept.:
I am writing in response to your claim that [Name of Bank] has confirmed my unpaid debt. Please note that you have again failed to provide me a copy of the evidence submitted to you by this bank.
I request that you provide me a description of the procedure you used to determine the accuracy and completeness of the bank's information. Please send this information to me within fifteen (15) days of the completion of your reinvestigation. In addition, please provide the name, address, and telephone number of each person you contacted at [Name of Bank] regarding my alleged account.
I also request a copy of any documents submitted to you by [Name of Bank] which bear my signature and show that I have a legally binding contractual obligation to pay them.
Be aware that this is my final goodwill attempt to have this matter resolved. As it now stands, the information you have presented to me is inaccurate and incomplete and represents a serious error in your reporting.
It is my understanding that your continued failure to comply with federal regulations can be investigated by the Federal Trade Commission (see 15 USC Section 41). For this reason, I am maintaining a careful record of my communications with you should I need to file a complaint with the FTC and the state of [your state] Attorney General's office.
If you do not respond within 10 business days, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
Sincerely,
Your Name (printed or typed, not signed)
Your social security number
SAMPLE DISPUTE TO THE
FURNISHER OF INFORMATION
Instructions: Complete and mail this form by certified letter to the bank that has reported you to ChexSystems.
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from Form 1. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Name and Address of original bank
Date
RE: Acct # [insert your account number here]
To Whom It May Concern:
I am writing regarding the unpaid debt on account # [insert your account number here], which I dispute.
According to the Fair Debt Collection Practices Act, I am requesting "validation," or competent evidence that bears my signature and shows I have some contractual obligation to pay you. Please be aware that any negative mark on my credit report (which includes ChexSystems credit report) for a debt I don't owe is in violation of the Fair Credit Reporting Act (FCRA).
Therefore, if you cannot validate the debt, you must request that all credit reporting agencies delete the entry. In addition, until I have received and reviewed any evidence you provide me, I ask that you take no action that might damage my credit reports.
If the debt described above has been resolved, I ask that you remove, or have removed, any derogatory marks from my credit reports per the FCRA and send me confirmation that you have done so.
Please note that if you fail to respond within 30 days of receipt of this certified letter, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
By sending this letter, I am disputing both the validity of the alleged debt and the validity of your claims. This is my attempt to correct your records. Please be aware that any information I receive from you will be collected as evidence should any further action be necessary.
Best regards,
Your full name signed here
Your printed full name here
If you’re currently having trouble getting a checking account because you’ve been
reported to ChexSystems, you may have more options than you think.
Basically, a bank can arbitrarily decide to punish you if it suspects you have
"misbehaved" with your checking account. It's called "Chex Systems" and once you
are in this system you cannot have a checking account for five years.
If you don't balance your checkbook and you commit overdrafts, there is a reason
behind the bank's decision. But if you make a mistake or the bank makes a
mistake, there is no recourse.
Say you move and close your account and a check bounces later, there should be
an alternative. But right now there is not. If you get put into Chex Systems, there is no appeals process.
It's highly controversial and consumer advocates have been fighting it for years.
Under recent revisions to the Fair Credit Reporting Act, you can now appeal to Chex
System itself. But the banks can still send you to Chex Systems prison on a whim.
Thankfully, about a dozen states around the country allow you to get out of the
program by taking a course in budgeting and handling finances. You receive a
voucher to go open a checking account once you finish the course.
Go to getchecking.org to see which states offer the class. But if you live in a state
that does not have this "out," appeal to Chex Systems directly.
If you are not in a state that offers Get Checking, you will have to dispute items on
your own.
How to get off ChexSystems
Don't pay a service to send a letter to get removed from ChexSystems. Free
information. Beat ChexSystems! Survive while on ChexSystems! Get a second
chance! Open a non ChexSystems bank account now
Request a copy of your report in by writing directly to ChexSystems at the
following address:
ChexSystems Customer Service
12005 Ford Road, Suite 600
Dallas, TX 75234-7253
Fax: (972) 241-4772
Local (972) 280-8585
ChexSystems toll free phone number
(800) 428-9623 or (800) 513-7125
Visit chexhelp.com and order a copy of your ChexSystems report. This will allow
you to find out what caused you to be placed on their system. This will also give
you a Consumer ID number. If the information on the report is not a true
representation of the facts use the following information to resolve a dispute
Letter 1: Ask them to verify the information
Inform ChexSystems that you have reviewed your report and are unaware of this
negative listing occurring (if you dispute it). Ask them to validate the information
from the bank, and send copies of any documentation they have regarding this
listing that bear your signature, at the same time ask to have the information
deleted from the file under your social security number. (This could be your only
letter.) This maybe enough to have them remove your name from the system.
Keep a copy of the letter for your files and send the original letter Certified Mail
return receipt requested. This will become a legal document. You will want proof
when it was sent out because ChexSystems is required to contact you in 30 days
or delete the listing.
Letter 2: If your dispute was verified yet inaccurate
Inform ChexSystems that you wish to have a description of the procedure used to
determine that the information they sent you was valid. Looking at a computer
screen does not make it valid. Also, request a listing of the names, addresses and
telephone numbers of the people they contacted at the listing bank. There may be
identity fraud involved. Contact the bank and verify the legitimacy of the listing.
I was informed that mentioning to any credit bureau, that you are aware of
Wenger v. Trans Union Corp., No. 95-6445 (C.D.Cal. Nov. 14, 1995) may help.
You will want to request that they respond to your letter in 30 days (may vary by
state). State in your letter, if you are not contacted in 30 days you will contact the
FTC and your state Attorney General's office. This may get some results.
If your letter has been responded to in 30 days and was verified accurate
If you legitimately owe the money, pay it. Some banks will accept people for
checking accounts once the debt has been resolved. If the debt is resolved and
you still can't get a checking account, you may try a small claims action for the
costs of cashing checks and buying money orders. No promises! Ask an attorney or
legal aid society in your state about the specifics in your case before you do!
If your letter has not been responded to within 30 days
Checkout the FTC website for specific information on non complying credit
bureaus. Federal Trade Commission Home
Once ChexSystems has removed the negative listing (s)
As soon as you receive a notice from chexsystems that your account has been
cleared open several checking accounts. It is possible that chexsystems will allow
the disputed claim to creep back on to your report. You will want to have an
account opened by then. Some banks check chexsystems within the first 30 days
of an account being opened. You would not want to take the chance of your
account being closed
If the date of the listing from a credit agency is incorrect
The FTC website just won a Civil Penalty against a collection agency for violation of
the FCRA. Include a copy of this article in your letter to the agency. NCO Group to
Pay Largest FCRA Civil Penalty to Date.
NON CHEXSYSTEMS BANKS
FSNB
www.fsnb.com
(800) 749-4583 ask for new accounts
FSNB is now open to anyone regardless of your location. Take advantage of this
while you can. It may not last.
They DO have online banking/access, however you have to call them and ask for
new accounts. Tell them that you wish to open a checking account. They will send
an application to you.
You will probably get an ATM debit card at first, good at any ATM for cash
withdrawal. After 4 months, you will be eligible for the Visa debit card.
**If you set up DIRECT DEPOSIT, after your second deposit hits, call them up and
ask them to send you a VISA debit card.
Also if you have direct deposit with them, you can get an advance for a $14 fee. It’s
called a temporary overdraft.
*No credit checks
*No applications
They give you an advance, up the lowest of your last 2 deposits for a $14 fee.
USAA FEDERAL SAVINGS BANK
www.usaa.com
USAA uses Tele check not Chex Systems.
Anyone can get an account with USAA. This is an internet bank. You do not have to
be in the military to get an account with USAA. Simply call them and tell them you
need a membership number to get a checking account. If you can give them the
initial deposit of $50 over the phone using a credit card, they will have your account up and running in 2 days. Some have been known to get their checks and Visa
debit cards in under a week!
They also send you postage paid envelopes for deposits. There are cash back
rebates made on all purchases made as a credit card purchase.
SAMPLE CHEXSYSTEMS DISPUTE OF ANY NON-ACCURATE ITEM
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute.
DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
I have received a copy of my ChexSystems report, and I am writing to notify you that the following information is incorrect:
Bank Name
Date
[Indicate: wrong amount, wrong date, this is not your credit line, you do not have a credit listing with this bank, this account was paid off, the dates are wrong, or other reasons you would like this listing verified.]
[Itemize: each correction using the same format]
Based on this, please delete this information and send written confirmation that you have done so to the address above.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS DISPUTE FOR 30-DAY TIME EXPIRED
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO I\JOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
In a letter dated [Insert: date of first letter], I requested that you correct the following information
in my ChexSystems report:
[List: errors indicated in first letter]
To date, I have not received confirmation that you have done so.
As 30 days have now passed, this letter is my formal demand to be removed from the ChexSystems database. Please note that your failure to do so violates the Fair Credit Reporting Act.
Please immediately send confirmation of the deletion to the address above.
If I do not hear from you within ten business days, I am prepared to take legal action to remedy the situation.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS 1S-DAY METHOD OF VERIFICATION REQUEST
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Date
RE: Consumer 10 # [your consumer 10 # here]
Dear Consumer Relations Dept.:
I am writing in response to your claim that [Name of Bank] has confirmed my unpaid debt. Please note that you have again failed to provide me a copy of the evidence submitted to you by this bank.
I request that you provide me a description of the procedure you used to determine the accuracy and completeness of the bank's information. Please send this information to me within fifteen (15) days of the completion of your reinvestigation. In addition, please provide the name, address, and telephone number of each person you contacted at [Name of Bank] regarding my alleged account.
I also request a copy of any documents submitted to you by [Name of Bank] which bear my signature and show that I have a legally binding contractual obligation to pay them.
Be aware that this is my final goodwill attempt to have this matter resolved. As it now stands, the information you have presented to me is inaccurate and incomplete and represents a serious error in your reporting.
It is my understanding that your continued failure to comply with federal regulations can be investigated by the Federal Trade Commission (see 15 USC Section 41). For this reason, I am maintaining a careful record of my communications with you should I need to file a complaint with the FTC and the state of [your state] Attorney General's office.
If you do not respond within 10 business days, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
Sincerely,
Your Name (printed or typed, not signed)
Your social security number
SAMPLE DISPUTE TO THE
FURNISHER OF INFORMATION
Instructions: Complete and mail this form by certified letter to the bank that has reported you to ChexSystems.
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from Form 1. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Name and Address of original bank
Date
RE: Acct # [insert your account number here]
To Whom It May Concern:
I am writing regarding the unpaid debt on account # [insert your account number here], which I dispute.
According to the Fair Debt Collection Practices Act, I am requesting "validation," or competent evidence that bears my signature and shows I have some contractual obligation to pay you. Please be aware that any negative mark on my credit report (which includes ChexSystems credit report) for a debt I don't owe is in violation of the Fair Credit Reporting Act (FCRA).
Therefore, if you cannot validate the debt, you must request that all credit reporting agencies delete the entry. In addition, until I have received and reviewed any evidence you provide me, I ask that you take no action that might damage my credit reports.
If the debt described above has been resolved, I ask that you remove, or have removed, any derogatory marks from my credit reports per the FCRA and send me confirmation that you have done so.
Please note that if you fail to respond within 30 days of receipt of this certified letter, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
By sending this letter, I am disputing both the validity of the alleged debt and the validity of your claims. This is my attempt to correct your records. Please be aware that any information I receive from you will be collected as evidence should any further action be necessary.
Best regards,
Your full name signed here
Your printed full name here
Subscribe to:
Posts (Atom)