Credit Smart Consumers

Beware Of Phishing Emails About Fake CDC Flu Vaccination Registrations

An important notice for consumers so you do not get "mugged" during the flu season. The Centers For Disease Control published an advisory for consumers:

"CDC has received reports of fraudulent emails (phishing) referencing a CDC sponsored State Vaccination Program. The messages request that users must create a personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The message then states that anyone that has reached the age of 18 has to have his/her personal Vaccination Profile on the cdc.gov site. The CDC has NOT implemented a state vaccination program requiring registration on www.cdc.gov. Users that click on the email are at risk of having malicious code installed on their system."

Learn how to recognize a phishing e-mail message and a phishing web site. Or, read this blog post.

Woman Denied Credit When Credit Bureau Tells Her She Is Dead

This past weekend, KOMO News 4 television in Seattle reported:

"All Ann Howe wanted was lower mortgage payments. The last thing she expected was more stress. Months earlier, she'd discovered her husband of 55 years had died in his sleep. Then, she says, a lump in her forehead was misdiagnosed. It turned out to be cancer. Days after cancer surgery, doctors discovered Howe needed open heart surgery. She almost died. When she finally regained her strength, she applied for a mortgage refinance loan to reduce her payments and help her budget... Two of the credit reporting agencies showed her credit rating was close to 800. But her Experian report had a problem... Howe's Experian credit report had her listed as deceased. One of her creditors had reported her as dead."

You can watch a video clip of the KOMO report online. Howe's story highlights three two critical facts of life:

1. Credit bureaus make mistakes and include errors on consumers' credit reports. They are reluctant to advertise this fact, since they make money selling consumers' credit reports to potential lenders, whether those reports are accurate or not.
2. The three major credit bureaus routinely ship consumers' sensitive personal data across country borders worldwide. Often, the updating of records is performed by outsourcing vendors. To learn more, read this 4-part series.
3. It is your responsibility to check the accuracy of your Equifax, Experian, and TransUnion credit reports. Nobody else is going to do it for you. Errors can result in denied credit or higher interest rates.

I have personal experience with this. In 2004, I applied for an American Express card and was denied because I was listed as deceased by the Experian credit bureau.

After reviewing my Experian credit report, I found an error where the credit bureau co-mingled my information with my father's information. We are both named George, this error should not have happened. I was able to correct the problem by providing the credit bureau with a certified copy of my father's death certificate and highlighted the facts that we have different birth dates and Social Security numbers.

So, errors in credit reports happen more frequently than you'd expect. For your free annual credit reports, visit the official Web site annualcreditreport.com today.

When You Should Close A Credit Card Account

In the comments section of a prior post about large interest rate increases by banks and credit card issuers, Vikki, a reader asked:

"Doesn't closing your credit cards bring down your credit score? This is the only reason why I haven't closed my cards... just paying them off and not really using them."

Vikki asked a great question, which I want to answer more completely. We all have felt "mugged" by the recent large interest rate increases, credit limit decreases, or both -- especially when you have an excellent payment history. The temptation -- or reaction -- is strong: to close the credit card account. Regardless, you don't want to make a bad situation worse by closing a credit card account and later learn that it was a mistake.

To learn more about credit scores, I spent some time reading the MyFICO.com Web site, which is run by the Fair Isaac Corporation, the same company that ownes the FICO score formula. At the Web site, you can learn about the factors your credit score includes and the factors your credit score excludes.

The site also has a page about whether closing a credit card account will negatively affect your credit score. A decision to close a credit card account should consider:

• The outstanding balance amounts on your credit cards
• How much of those balances you can pay off now
• The interest rates on your credit cards
• Your "utilization rate" -- how much of the total available credit you use with your credit cards
• The annual fees on your credit cards
• If you will need credit in the near future
• If you have several credit cards, which credit card account you want to close

Your utilization rate is important. It is one of the factors used to calculate your credit score. A high utilization rate will negatively affect your credit score. For example: closing a credit card with a $5,000 limit means you would have $5,000 less in available credit. If you have two credit cards each with a $5,000 credit limit and you owe $2,500 on your second card, then your utilization rate went from 25 to 50 percent. That would negatively affect your credit score.

Only you know whether or not you will need credit in the near future. If you plan to buy a house or a car soon, then you will probably need credit unless you can pay with cash. If you close a credit card account and that results in a lower credit score, then it could cost you more money on your new loan.

The MyFICO site has data tables that show the impact of a lower credit score. For example, if your credit score dropped 15 points -- say from 770 to 755 -- it could result in a higher interest rate and monthly payments on a 36-month auto loan. You can view data tables with credit scores and corresponding interest rates and monthly payments for auto loans, mortgages, and home equity loans.

Over at the Red Tape Chronicles blog, Bob Sullivan summed up the problem facing consumers:

"No one can say precisely how much closing a credit card account will hurt your credit score -- too many other dynamic factors go into calculating the number. Fair Isaac, which owns the credit score formula, says the impact can range from zero points to dozens of points..."

If you decide to stop using a credit card instead of closing that credit card account, then your decision could have negative consequences. Some consumers have reported that their bank or credit card issuer (e.g., HSBC, Citibank, American Express) has closed unused credit card accounts, often without notice. That credit card account auto-closed by your bank could drive up your credit utilization rate and negatively affect your credit score. So, check the fine print in your card agreement before you stop using a credit card.

After reading the MyFICO Web site, I remembered some credit decisions I made about 12 years ago, At that time, I had five credit cards with a combined outstanding balance of $18,000. For me, I had too much credit card debt and it had become unmanageable. I didn't need more credit and didn't want any more credit. 12 years ago, the Internet then wasn't the robust research source it is today. I met with a credit counseling agency to get some sound advice. What worked for me: I closed three credit card accounts, negotiated a lower interest rate on one card, halved the credit limit on one card, stopped paying off old credit card balances with new cards, stopped using my credit cards for cash advances, and paid off the highest interest rate card first. I didn't consider the negative impact on my credit score. I was focused on the benefits of living debt free with less stress.

In time, I was able to pay off all of that credit card debt. Today I have zero credit card debt and a credit score above 790. I had it easier than many people since the interest rates on my credit cards were not as high as the outrageous 29.9% today on some credit cards. Today, I pay off my credit card bills in full and on time each month to avoid finance fees. The two credit cards I have are manageable. If either of these cards raise their annual fee in the future, I will switch to another low-annual-fee card and close the offending card account.

Basically, the decision to close a credit card account depends upon your situation. The closed credit card account would be a reduction in credit that could have a big impact on your credit score and on your finances. Make the decision that best benefits you.

How To Negotiate Your Medical Bills

This is new. From Smart Planet reported recently:

"Spiraling bills and a nasty recession have led to the launch of Medical Cost Advocate, a FREE service that aims to negotiate for you and cut your medical bills. Of course it’s not actually free. It’s only free if they fail to get your costs cut. If they do, they get their cut, just like a lawyer who sues the guy whose truck ran you over."

Disclaimer: I have not used the Medical Cost Advocate service, so I cannot speak to its effectiveness.

I performed several Internet searches and the lack of coverage about Medical Cost Advocate by the mainstream news media was startling. A few bloggers have reported about the service.

I briefly looked at the Medical Cost Advocate (MCA) Web site. Consumers have to sign up and submit their medical bills. Obviously, this make me ask who really is behind the Web site and how well they protect patients' sensitive personal information. The MCA site has an eTrust seal, which is a good first step.

The interview with MCA's CEO starts at about 1 minute and 10 seconds into the video:

If anyone has used Medical Cost Advocate, please share your experience below.

Advice For Consumers About Holiday Shopping With Layaway Plans

Since banks and credit card companies have made it difficult to get and to keep credit, many consumers have turned to layway plans as a method to do their holiday shopping. If this situation describes you, then you should know that the U.S. Federal Trade Commission (FTC) issued an alert to consumers about layaway plans so you don't get "mugged" by a shady store or online retailer:

"... it’s important to ask questions about the layaway plan and the refund policy when considering the layaway option. The alert, “Layaway: Another Way to Buy,” also tells consumers to: check out the business offering the plan; get the merchant’s layaway policy in writing; and keep good records of payments."

To check out a business or retailer, visit the Attorney General’s Web site for your state (www.naag.org), the local consumer protection agency in your state, or the Better Business Bureau in your state. These resources can tell you if other consumers have already filed complaints about the retailer you are considering shopping at -- online or their physical store.

If you shop using layaway plans and encounter a problem, we'd love to hear about it. You can describe your situation below in a comment.

How To Check Your Insurance Company's Complaint Record

Everyone has horror stories about insurance companies, whether its auto insurance, health insurance, homeowners, or property insurance. There's a good article at Kiplinger.com that has documented the leading ways insurance companies "mug" or abuse their customers:

"... the top complaint had to do with claims payments -- claims-handling delays (19.1%), followed by denial of claims (17.9%) and unsatisfactory settlement offers (15.0%). You should be concerned if a company you're considering has a lot of complaints in these areas. The next category of complaints revolves around underwriting -- the insurer's process of accepting or rejecting applicants and setting rates. Premium and rating accounted for 4.8% of the complaints, and policy cancellation for 4.2%. The type of insurance policyholders had the most complaints about was accident and health insurance (37.7%), followed closely by auto insurance (33.7%). There were fewer complaints about homeowners insurance (12.71%) and life insurance and annuities (10.4%)."

Maybe you are looking for a new insurance company, or just curious about your current provider. To check an insurance company's complaint record, visit the Consumer Information Source Web site produced by the National Association of Insurance Commissioners (NAIC). Then:

"Type in the name of the company, the state where you live and the type of insurance. (Under "statement type" and "business type," click on "property/casualty" for home and auto insurance or "life, accident and health.") The site then provides the insurer's national complaint statistics. Focus on the complaint ratio, which shows the ratio of the company's U.S. market share of complaints to the company's U.S. market share of premiums for a specific policy type... If the national median complaint ratio is 1.00 and the ratio for the company you're considering is 2.00, for example, that should be a red flag. Also look at the complaint trend report to see whether the company's complaints have been increasing or decreasing over time. If the insurer's complaint ratio is high, check its record at your state insurance department and find out whether any enforcement actions have been taken against the insurer."

To find your state government's insurance department, browse this NAIC Web page with a map of insurance commissioners by state. Both links are great resources, whether you are happy with your current insurance company or looking for a new one.

FTC Delays "Red Flag" Enforcement Again

Once again, at the request of members of Congress, the Federal Trade Commission (FTC) has delayed the enforcement of the “Red Flags” Rule until June 1, 2010, for financial institutions and creditors.

The prior enforcement date had been November 1, 2009. In May of 2009, the FTC changed the enforcement date from May 1, 2009 to August 1, 2009.

As part of the Fair and Accurate Credit Transactions Act, Congress directed the FTC and other agencies to develop regulations requiring financial institutions and creditor companies to address identity theft. The resulting regulations require these companies to develop and implement written identity theft prevention programs to help identify, detect, and respond to patterns, practices, or specific activities -- commonly called "Red Flags" -- that could indicate identity theft.

The FTC regulations are pretty specific about the types of companies covered by these new identity-theft regulations:

"The Rule defines a “financial institution” as: 1) a state or national bank, 2) a state or federal savings and loan association, 3) a mutual savings bank, 4) a state or federal credit union, or 5) any other entity that directly or indirectly holds a “transaction account” belonging to a consumer. “Transaction accounts” are deposits or accounts from which a consumer can make payments or transfers to third parties. Banks, federally chartered credit unions, and savings and loans come under the jurisdiction of the federal bank regulatory agencies or the National Credit Union Administration and should check with them for guidance. The FTC’s jurisdiction extends to state chartered credit unions and other institutions that hold transaction accounts – for example, mutual funds that offer accounts with check writing or debit card privileges or other businesses that offer accounts where consumers can make payments or transfers to third parties. Under the Rule, the definition of “creditor” is broad, and includes businesses or organizations that regularly provide goods or services first and allow customers to pay later. Examples of groups that may fall within this definition are utilities, health care providers, lawyers, accountants, and other professionals, and telecommunications companies. The definition also covers businesses or organizations that regularly grant loans, arrange for loans or the extension of credit, or make credit decisions. Examples include finance companies, mortgage brokers, and automobile dealers or retailers that offer financing... In addition, the definition includes anyone who regularly participates in the decision to extend, renew, or continue credit, including setting the terms of credit. For example, a third-party debt collector..."

In April of 2009, the FTC launched a Web site to help small and medium-sized businesses comply with the new Red Flag regulations. A U.S. District recently ruled that attorneys are exempt form the new regulations. A different set of regulations apply to hospitals and health care firms.

During the coming weeks and months I will explore the Red Flag rules more closely since the new enforcement data is an opportunity for consumers to demand more from companies that store and user their sensitive personal information. The opportunity is for consumers to be able to ask a company they are considering doing business with for a written statement of how that company protects their sensitive personal data.

Will the June 2010 date hold? Who knows. The FTC's pattern of delays suggests probably not. As this issue moves forward, the I've Been Mugged blog will report about it.

Debt Collection Scams And Identity Theft: How To Avoid Both

Last week a friend, Mary Grace, sent an e-mail message asking if I had:

"... heard of NCO Financial Debt Collectors? I got an automated call and when I called the number back it was busy. I called their main 800 number off of their website and they asked me for my social and name - they would not give me any information on the reference number that was left on the automated message. I did not give them my name or my social and ended up hanging up on the rep because he could not identify why they called me stating there were many names associated with the reference number and he needed my information to understand why they called."

I hadn't heard of NCO Financial Debt Collectors. There is a valid collections company with a similar name: NCO Group (a/k/a NCO Financial Systems. The call sounded sketchy since the reference number didn't identify Mary Grace specifically. I told her to contact the Better Business Bureau (BBB), and contact the U.S. Federal Trade Commission (FTC). I assured her that she was correct to not disclose her Social Security Number and other sensitive personal information without first getting written proof of the debt.

In her e-mail message, Mary Grace also wrote that she had:

"... called AT&T to check on the 888 number the automated message left and [the AT&T customer service representative] said it was probably an outbound number only and that he hears these kinds of calls all the time but can not give any advice because of legal reasons."

Yes, this debt collection call was definitely sounding like a scam.

Mary Grace couldn't think of any company she owed money to, as she is very good with her credit. Perhaps she had a debt at Cedars-Sinai Medical Center due to a recent surgery, but theyhadn't contact her.

Since Mary Grace lives in California, I suggested that she check the State of California attorney general's web site for advice about her rights and how to deal with debt collection phone calls and collection agencies. Every state has an attorney general (AG), and the AG's web site usually describes the rights consumers have and what constitutes harassment by a debt collector.

While California state law allows debt collectors to supply information about bills they are collecting to credit reporting agencies, the collection agency cannot threaten a consumer with this unless it is already a customer of the reporting agency. The collection agency must tell the reporting agency whether any dispute has been filed, and it must update the consumer's record to show when the debt is paid.

I did some light research and found that there tend to be two types of debt collection scams:

• Fake debt collection agencies
• Valid debt collection agencies with fake debts

The first type usually includes a scam artist calling with fake debts. The scammer is trying to trick consumers into revealing over the phone their sensitive personal data: Social Security number, bank account information, and so forth. Disclosing any of this could lead to identity fraud.

How do the collections scammers get consumers' name and address information? Any number of ways: from combing through online white pages web sites, or purchased on the black market from with data resold by thieves after a data breach.

If you receive a debt collection call, experts advise consumers to demand written proof of the debt. Tell the caller that you only reply to debts submitted in writing with written proof. If the scammer does send a letter via postal mail of a debt you know is fraudulent, then you have written proof of the scam.

The second type of scam is a little trickier. Sometimes a valid debt collection company is calling with a valid debt that they think is yours, but really belongs to another person. Perhaps you changed your phone number recently, and the collections agency has confused you with the prior owner of the phone number. Perhaps you moved recently and the collection agency has confused you with the prior resident at our current address. A less than honorable collector wants to collect money and may pressure the person they contact into paying.

Either way, the best response is to demand that the debt collection caller fully identify their company. Then, demand written proof via postal mail that the debt is yours. Ask the caller for a phone number so you can call them back. Scammers hate this and will serve up a variety of excuses why you can't call them back.

In this case, Cedars-Sinai sent a bill to Mary Grace's old address, even though the medical center also had her current address on file. The medical center then sent the unpaid debt to two valid collection agencies... a case of one internal department failing to communicate with another department.

A couple days later, I received a follow-up e-mail from Mary Grace:

"... Cedars-Sinai knew I had a stellar record with them. They called the true collection agencies, had them retract my name and restore my credit ratings, and I paid [Cedars-Sinai] directly. I should receive letters from Cedars, and the agencies stating just that. Then I will look at my credit report to ensure that it was restored. Who knew that a phony call could end up exposing all this!"

And, NCO Financial Debt Collectors turned out to be a scam -- a phony debt collection agency. So, if you get a phone call from them, hang up and report it to the BBB and FTC.

Mary Grace's experience provides clear instructions for consumers about how to handle debt collection phone calls:

• Asked the caller to identify their company
• Don't trust the caller at their word. Don't share sensitive personal data over the phone. Demand written proof via postal mail of any debts
• File a complaint with the BBB about any phony debt collector you encounter
• Demanded written proof of paid debts
• Demanded written proof from a creditor of debts sent in error to collection agencies
• Demanded correction of erroneous entries to credit reporting agencies

Why It Is Important Not To Disclose Certain Personal Data on Social Networking Sites

In an earlier post, I wrote about the risks of disclosing your birth date in e-mails and at social networking sites. It's a key piece of personal data for identity thieves and fraudsters. There are more personal data items you should not disclose to avoid identity fraud.

From a recent AARP Bulletin:

"Along with your birth date, your place of birth may help scammers guess most, if not all, of the nine digits of your Social Security number, suggests a recent study published in the Proceedings of the National Academy of Sciences. Those two pieces of information were all that Carnegie Mellon University researchers needed to discover patterns in how SSNs are issued, resulting in impressive success in guessing exact numbers."

The researchers documented how identity thieves could use your hometown information to guess your Social Security number:

"... The first three digits of the SSN are an “area number,” issued according to the ZIP code of the mailing address provided on a Social Security application form. High population states have many area numbers — New York has 85, for example — but Delaware and Alaska have only one... The fourth and fifth digits of the SSN are a location-based “group number”; those digits change periodically, usually in increments of 2. For instance, for people born in 1966 in Oregon, those middle numbers started at 47, and 60 days later, switched to 49. “Because of this, knowing a birth date and hometown makes the first five digits of a SSN the easiest digits to guess... The last four digits, the ones most often used as identifiers on accounts, are issued sequentially. But they’re harder to guess because they depend on how long it took to process a Social Security application..."

So, security experts advise consumers not to disclose both their birth date and hometown information on social networking sites. Now, you know what to do and why.

Smart Online Shoppers

Two important Events For Consumers To Avoid Identity Theft

The Better Business Bureau (BBB) announced its Secure Your ID Day events for October 17, 2009. The nationwide event includes free shredding services (for your old checks, junk mail, bank statements, old files, etc.) and educational programs by local BBB's in each state to help consumers avoid identity theft. Browse the Secure Your ID Day site to learn more about events in your area. Canadian residents should visit the BBB Canada site.

This BBB event coincides with the second annual National Protect Your Identity Week events October 17 - 24, sponsored jointly by the the Council of Better Business Bureaus (CBBB) and the National Foundation of Credit Counseling (NFCC). The event site is available in English and Spanish.

I strongly urge consumers to learn more and attend both events.

Warning College Students About Identity Theft

It was good to read this article in the New York Post:

"D theft is on the rise on university campuses as thieves take advantage of open dorm doors, the careless habits of students and plenty of laptops to steal ID from and use to gain access to the assets of not only the students, but also their parents. Parents should be aware that "criminals look at universities because not only are students the path of least resistance, but universities are lax in their security," said Robert Siciliano, an identity-theft expert. "Twenty percent of students do not acknowledge that it's a problem. They are just irresponsible and making all of their parent's personal information vulnerable.

What the consequences can be:

"This past summer, a 22-year-old male at the Southern University in Louisiana experienced ID theft due to carelessness in the dorm room and is now faced with explaining to his parents why their credit card has a $2,400 balance."

Hopefully, parents will pay attention and warn their college-age children to keep sensitive papers and records under lock and key.

Do You Know The Black-Market Value of Your Sensitive Personal Data?

Symantec recently launched its Norton Online Risk Calculator, an online tool that computes the black-market value of a consumer's sensitive personal data. I tried this calculator to see what it was all about.

First, the calculator asks basic information about your online habits and general demographic data (e.g., gender, age range, whether you have an e-mail account, etc.). Smartly, the calculator asks you for an age range and not your specific birth date. Otherwise, I wouldn't have completed the calculator.

Second, the calculator ask questions about whether you do banking and shopping online. The tool includes related questions about whether you bank online and pay bills online. It also asks if you shop online with a debit card, and whether you have installed and use anti-virus and spyware software on your computer. The calculator asks a very relevant question about whether you disclose on social media sites your birth date. The calculator also asks you to estimate to the total value of your online accounts and what you think thieves would pay for your sensitive personal data (e.g., name, address, birthdate, and bank account information).

Prior I've Been Mugged posts have explored the value of stolen consumer data, the risks of disclosing your birth date on social media sites, how to create strong online passwords, how to avoid getting your e-mail account hacked, and how to recognize phishing e-mail spam and sites. Unfortunately, many consumers believe their computers are protected by anti-virus software when in fact they aren't. And, it is extremely difficult to tell when your computer is infected by spyware and botnet software.

According to the Symantec calculator, my sensitive personal data is worth about $30.29.

Is this risk calculator any good? Part of me feels that it is a slick method to advertise their Norton anti-virus software. After you complete the calculator, the site does present a couple of their software products. Like any other viral application, the site presents a "Send to a Friend" link at the end, hoping you will disclose your friends' e-mail addresses and tell your friends about the risk calculator. I did not refer any friends.

Symantec could have done a better job with this calculator. Why?

1. The calculator should have been produced as a secure site (https://), which it isn't.
2. The calculator is a Flash application and the site does not disclose how it uses the Flash cookie on the consumer's computer.
3. The calculator does not state what it will do with your answers, how long it will store them, and what other companies it will share the information with. The site has a general link to Symantec's Privacy Policy.
4. The calculator does not ask if your sensitive personal data has actually been exposed already during a data breach, nor did it ask if the consumer monitors their credit reports with a credit monitoring service, nor did it ask if the consumer already protects their credit report data with a Security Freeze.
5. The calculator did not ask any questions about whether you use RFID or contactless credit/debit cards.

My recommendation: skip this site. It's just not worth it. I expected something far more rigorous from a security software company.

Smart Consumers Recognize Phishing Scams

Prior posts to learn more about phishing and scams:

• May 9, 2008 : 'Whaling' Is the Latest Phishing Threat
• September 25, 2008: Emerging Identity Fraud Scam: Credit Card Shaving
• February 16, 2009: Clickjacking: What It Is And How To Protect Yourself
• March 2, 2009: New ID-Theft Scam; Fake Parking Tickets
• March 11, 2009: Check Scam Still Operating at Craig's List Site
• March 12, 2009: The Risks of Disclosing Your Birth Date On Facebook And Other Social Networking Sites
• June 9, 2009: Fraud & Scam Warning For Consumers From the Better Business Bureau
• June 17, 2009: Teach Your Dad About Phishing this Father's Day
• June 29, 2009: How to Protect Yourself Against a Rental Scam
• July 7, 2009: Social War Dialing: A New Identity Theft Scam. How To Protect Yourself
• July 20, 2009: The 'I.Q. Test' on Facebook: How To Protect Yourself

Learn how to recognize a phishing e-mail message and a phishing web site.

Private Browsing Mode in MSIE v8

Thanks to Mary Grace Whalen for alerting me to this All Things Digital blog post:

"... InPrivate Browsing, is only available in the latest version of IE, called IE8. You turn it on by either selecting that option from the Safety button at the upper right, or from the Tools menu in the Menu Bar if you have chosen to make that bar visible. Once you do, an “InPrivate” label appears at the top left corner of the browser and a page appears explaining that the browser won’t record on your own PC certain records of what you do in that browsing session. There’s an additional privacy mode, available from the same two drop-down menus, called “InPrivate Filtering,” which goes further. It blocks Web sites you go to from saving certain records of your presence there on their own servers. InPrivate browsing lasts until you close the InPrivate browsing window."

There's also a video about it:

If you value your online privacy, this seems like a pretty cool feature. I haven't used this feature, yet, since I use Firefox (which has a similar feature in v3.5) 99% of the time. If you have used MSIEv8's InPrivate Browsing feature, let us know below what you think about it.

Warnings For Consumers From The Federal Reserve Board

This blog is all about empowering consumers (whether you have been mugged or not) to protect their money and sensitive personal information. Last week, the Federal Reserve Board (FRB) issued a warning to consumers to be aware of:

"... fraudulent solicitations that appear to be made with the approval or involvement of the Federal Reserve, Federal Reserve officials, or other U.S. government officials. These solicitations promise bogus financial services or large sums of money in exchange for either payment or personal information that can then be used to access a consumer's bank account."

This type of warning usually means a rise in the amount and frequency of phishing e-mail messages and/or phishing Web sites -- methods to trick consumers into disclosing their sensitive personal information (e.g., bank account numbers, Social Security number, etc.) to identity criminals. That means you may see official-looking but bogus e-mail message that appear to come from the FRB. The FRB operates this web site for users to file complaints about fraud. You should also notify your local law enforcement and submit a complaint to the FTC.

Recently, the I've Been Mugged blog reported advice for consumers from the FRB about private educational loans, shopping for mortgages, and credit cards.

Fact Check The Messages In Your E-mail In-Box Before Forwarding

A few days ago, an acquaintance in Atlanta (who is a doctor) forwarded this e-mail message to me:

"Subject: SOCIAL SECURITY CHANGES

It does not matter if you personally like or dislike Obama. You need to sign this petition and flood his e-mail box with e-mails that tell him that, even if the House passes this bill, he needs to veto it. It is already impossible to live on Social Security alone. If the government gives benefits to 'illegal' aliens who have never contributed, where does that leave those of us who have paid into Social Security all our working lives? As stated below, the Senate voted this week to allow 'illegal' aliens access to Social Security benefits. Attached is an opportunity to sign a petition that requires citizenship for eligibility to that social service. Instructions are below. If you don't forward the petition and just stop it, we will lose all these names. If you do not want to sign it, please just forward it to everyone you know. To add your name, click on 'forward'. Address it to all of your email correspondents, add your name to the list and send it on. When the petition hits 1,000, send it to comment@whitehouse.gov .

Dear Mr. President:
We, the undersigned, protest the bill that the Senate voted on recently which would allow illegal aliens to access our Social Security. We demand that you and all Congressional representatives require citizenship as a pre-requisite for social services in the United States. We further demand that there not be any amnesty give n to illegal aliens, NO free services, no funding, no payments to and for illegal immigrants.
[Names redacted]"

My acquaintance wanted to know what I thought of this message, and if the e-mail message is accurate. First, understand that I am all for citizen participation in a democracy. And that includes petitions.

When I receive an e-mail message like this, I try to verify its accuracy and authenticity. One way I do this is to see if the e-mail message includes any references and/or citations. The citation could be the formal bill number and/or a web site address. Bills written in the U.S. Congress have an HR-xxx number, and bills written in the U.S. Senate have a S-xxx number. This is how everyone tracks Federal legislation, and it assumes you know how the legislative process works. For a complete list of resolution and bill prefixes, see this U.S. Senate site page.

The e-mail message above didn't include a date, any references to bill numbers, any links to Web site pages by the sponsor of the petition, or to related news articles. Maybe this information was deleted as multiple people forwarded the message. Regardless, the message I received didn't provide any means to evaluate the petition's accuracy and authenticity. Hence, this e-mail message is garbage, in my opinion, and I deleted it after sending a reply to my acquaintance.

As a last resort, I suggested that my acquaintance check snopes.com, which does a good job of analyzing and debunking the hoaxes and fictitious e-mail messages. Maybe snopes.com has analyzed this email message. I felt that the message was not worth me wasting any more time on it.

After thinking about this some more, I began to wonder if messages like this are slick attempts at e-mail harvesting.

I also wonder about the thinly disguised bigotry in the message, since it targets undocumented workers in the USA, and not the companies that hire them without perform adequate and sincere background checks. Yes, people who immigrate illegally into the USA often use stolen identification papers in order to gain employment. That usually means using another person's Social Security number (SSN) to get paid. There are severe consequences for a consumer when another person uses your SSN.

This situation is good and bad news. While these undocument workers are working illegally, they pay into Social Security, local taxes, and Federal taxes. Our state and local governments seem happy to receive this tax revenue. The bad news is for the victims -- the consumers whose SSN's are being used by two people. It places the burden on the victims to prove the fraud. Citizens are already urged to check our annual Social Security Statements for fraud, which is a dubious data security process at best. Experts state that this method won't catch all SSN fraud.

In my opinion, the USA needs a better, more secure process for creating, administering, and securing Social Security numbers. A couple computer scientists should not be able to create real Social Security numbers using mathematical formulas. It also means holding companies responsible to perform adequate background checks when hiring workers.

Currently, there is no effective way for citizens to protect their SSN from abuse. The only thing you can do is monitor you annual social security statement and if the salary in that does not match what you earned last year, then it's a good chance another person is using your SSN. At that point, you need local law enforcement and a lawyer to help you resolve and unravel things.

There has to be a better way than this current approach. We citizens should demand that of our legislators. That is a more important issue. It's about the integrity of the Social Security system.

What Personal Data Do Facebook Quizzes Collect And Share? (Privacy Rights)

From time to time, I have written about Facebook.com since the site has a checkered history of protecting consumers' sensitive personal data and privacy. If you use Facebook.com, then you want to know about this Facebook petition sponsored by the ACLU of Northern California:

"Dear Mark Zuckerberg:
Millions of people on Facebook use third party applications without realizing the extent to which these apps can access their private information. Please take the following steps to ensure that all of the private information people put on Facebook is not swept up by application developers and used or abused for unknown purposes:

- Change default privacy settings so that quizzes and other third party applications run by a user’s friends do not have access the information on a user’s profile without the user’s opt-in consent.

- Simplify and improve privacy controls to give users real control over the personal information that is shared with applications through Facebook.

- Require that third party applications like quizzes list the categories of user data they will access and allow users to view this list. Prevent applications from having access to information that has not been listed, and notify users if an application’s data categories change before allowing access to this additional information.

Facebook is a wonderful forum for communications and social engagement, but it requires meaningful privacy protections if it is to continue to grow. Please take the steps above to protect my privacy and continue to make user privacy a high priority.
Signed,"

To learn more about how much of your personal information Facebook quizzes share regardless of your Facebook Account Privacy Settings, Facebook members should visit the "What Do Quizzes Really Know About You?" Facebook application page.

Advice And Help From The Federal Reserve Board For Consumers

Three things you should know about so you don't get "mugged" by a loan company or bank:

1. On July 30, 2009 the Federal Reserve Board (FRB) issued updated rules about mandatory disclosure by companies offering private educational loans:

"The Federal Reserve Board on Thursday approved final amendments to Regulation Z (Truth in Lending) that revise the disclosure requirements for private education loans. The amendments implement provisions of the Higher Education Opportunity Act (HEOA) enacted in August 2008. Under the amendments, creditors that extend private education loans must provide disclosures about loan terms and features on or with the loan application and must also disclose information about federal student loan programs that may offer less costly alternatives. Additional disclosures must be provided when the loan is approved and when the loan is consummated... The new disclosure requirements apply to loans made expressly for postsecondary educational expenses but do not apply where educational expenses are funded by credit card advances, or real-estate-secured loans. In addition, the amendments do not apply to education loans made, insured, or guaranteed by the federal government, which are subject to disclosure rules issued by the Department of Education."

The changes go into effect in about 6 months.

2. The FRB also announced the availability of a new publication, "5 Tips for Shopping for a Mortgage," to help consumers make good decisions to select the best home mortgage possible:

"As a starting point, consumers are urged to conduct a financial self-assessment that includes scrutinizing their budget, checking credit reports, and reviewing credit scores. The guide directs consumers to a worksheet for developing a monthly spending plan and strongly suggests setting aside funds for emergencies. It is important for consumers to evaluate their options and avoid expensive loans. The publication recommends taking the time do some comparison shopping by analyzing loan offers from mortgage lenders and mortgage brokers. It also explains the difference between brokers and lenders... The guide advises consumers to take advantage of additional information from other Federal Reserve publications, resources, and websites. It suggests that consumers also seek financial education materials from other trusted sources such as the U.S. Department of Housing and Urban Development and NeighborWorks."

NeighborWorks is a national nonprofit organization created by Congress to provide financial support, technical assistance, and training for community-based revitalization efforts. "5 Tips For Shopping for a Mortgage" is available in both English and Spanish. This publication is a good step given the large amount of mortgage defaults by consumers as part of the financial crisis.

3. During the financial crisis, many consumers have experienced reduced access to credit. Early in March, this blog warned consumers of the coming higher interest rates, additional fees, and reduced limits for credit cardholders. For some home owners, the crisis meant reduced home equity lines of credit (HELOC). For this, the FRB announced a new guide for consumers that:

"... explains consumers' rights and lenders' responsibilities when credit lines are reduced and provides information for those seeking to have a credit line reinstated. "5 Tips for Dealing with a Home Equity Line Freeze or Reduction" explains that lenders can lawfully reduce or limit a consumer's line of credit regardless of whether the consumer has made timely payments. However, the lender must send a written notice of the action no later than three business days after the freeze or reduction goes into effect. The notice must include information about any other changes to the HELOC. The freeze or reduction notice should include specific reasons for the action. The most common reasons for modifying the terms of a HELOC are a decline in the home's value, or a change in financial circumstances."