Previous month:
September 2010
Next month:
November 2010

12 posts from October 2010

Former BigBad Employees Pursue Back Wages

Last week, my former employer was in the news again. The Boston Business Journal reported:

"When BigBad closed in March, more than a dozen staffers were still owed between $2,000 and $15,000 each in lost wages and expenses, according to sources. Now, about 14 ex-BigBad employees have retained attorney Christopher Vaughn-Martel to help recoup the money... We’ve made a demand on the company and all of its managing officers for a substantial sum..."

I encourage you to read the entire article (fee). Earlier this year, the Boston Business Journal reported the closing of the agency. While the agency has taken down its website, its Facebook and Twitter pages remain available.

The article discussed both one former Bigbad executive's bankruptcy filing, and some of the website projects abandoned by BigBad that other digital agencies have since completed.

A Review of Bank of America PrivacySource

A couple weeks ago, I received a letter from Bank of America via postal mail:

"Records Request
Please Review Important information Below
Please Reply Within: 14 Days"

You have the right to a free credit report from or 877-322-8228, the ONLY authorized source under federal law."

"Complimentary Credit report and Credit Score -- Your signature is required to try the Bank of America PrivacySource(®) at no cost for 30 days so you can receive delivery of your Compiled Credit Portfolio. your benefits will include the following:
1. Your Complimentary Triple-Bureau Credit Report
2. Your Complimentary Triple-Bureau Credit Score
3. Daily Monitoring notifications"

I had not heard of the PrivacySource service before. I had heard of the PrivacyAssist credit monitoring service from BofA, and reviewed it in this blog. Inside the BofA PrivacySource envelope was a single sheet of paper with this offer and a return envelope. I read the entire offer letter looking for a website address. When I receive an offer like this, I expect the offer letter to provide a website address so I can learn more. Surprisingly, the offer letter didn't mention a website: neither a BofA website nor a PrivacySource website. Not good.

I then performed a few Google searches for PrivacySource which turned up this BofA page. I followed the PrivacySource link at the page bottom, and then entered my state on the next page. The problem: the BofA site redirected to a Privacy Assist page which didn't mention anything about PrivacySource. This was confusing and frustrating. Maybe PrivacySource is replacing BofA's PrivacyAssist credit monitoring service. Or maybe PrivacySource isn't available in my state. The BofA website didn't say. Not good.

After some more searching, I found a page at the site which mentioned the website address for Privacy Source: It should not be this hard to find a website address. Whoever built the BofA PrivacySource website failed miserably at SEO. BofA should have listed the website address in the offer letter. And, the BofA website should have linked me directly to it.

But, back to the offer letter. Part of the way down the page, the letter included some important information:

"By signing this form you are authorzing a debit from your Bank of America checking account to the amount of $12.99 per month for a membership in the Bank of America PrivacySource (®) service unless you cancel within the 30_Day Trial Offer period.

That told me a lot. PrivacySource is a credit monitoring service. The offer was similar to offers I've seen before from and the major credit reporting agencies, except there were two freebies: a "Triple-Bureau Credit Report" and a "Triple-Bureau Credit Score." That sounded nice.

Like most people, I like free things. But, what is a Triple-Bureau Credit Report, and what does it look like? Is it a summary, or does it provide the same details as a credit report from Experian, Equifax, or TransUnion? The offer letter didn't say. Nor did it include an example report. It's hard to evaluate an offer when the service doesn't provide an example report. Not good.

I also wanted to know what a "Triple-Bureau Credit Score" is. Is it the same as a FICO credit score? Or is it a VantageScore? There are several different brands of credit scores available, and I want to know what I am buying. The offer letter didn't say. Nor did it provide a sample score. Not good.

Near the bottom of the offer letter, there was this important information in tiny type:

"By signing this form, you authorize bank of America to share your Social Security Number with Trilegiant, the service provider of the Bank of America PrivacySource service, and authorize Trilegiant and its credit information providers, which may include First Advantage Credco and FAMS, to obtain and monitor your credit files and information from the credit reporting agencies..."

Well, that said a lot. Trilegiant operates the credit monitoring service for BofA under the brand name PrivacySource. I know a little about Trilegiant as I wrote briefly about it previously in this blog. And, Trilegiant was involved in 2008 in at least one class-action lawsuit, which the company settled for $25 million:

"Trilegiant, a subsidiary of Cendant Corp., has also been the target of actions by attorneys general in California, Connecticut and Florida. In 2006, it settled charges brought by 16 states alleging that Trilegiant and Chase Bank had deceived consumers into paying for membership programs."

This is the best vendor BofA could find for its credit monitoring service? More troubling are the recent consumer complaints about Trilegiant.

But let's get back to the BofA PrivacySource offer letter. The language of this authorization troubles me... particularly the "may include" phrase. It essentially says that BofA through Trilegiant will share my sensitive personal information with other companies and doesn't name all of companies, only a couple of possibilities. That is partial and insufficient disclosure to me. Not good.

And, who is First Advantage Credco? And FAMS? I did a little searching and found this First Advantage Credco profile on The company's official website is, and it appears to be in the midst of a name change to CoreLogic. CoreLogic Credco appears to collect and data mine consumer information, with perhaps an attempt to enter the credit report marketplace.

I have not been able to determine who FAMS is. If you know, please share a description and website link in the comments section below.

About the PrivacySource website, to its credit the site does provide sample credit reports and credit scores. I compared the reports to actual credit reports I already have from Experian, Equifax, and TransUnion. The PrivacySource credit reports look like summaries. To adequately manage my finances, I need the real thing -- not summaries.

Consumers who visit the PrivacySource website should read the service's Terms and Conditions. This is important to understand what you get for $12.99 per month. You get a credit monitoring service and no credit resolution services. If you are the victim of identity theft and fraud, you'll need both services-- you'll need resolution service to help you communicate with various companies, lenders, and government agencies to fix your credit and all affected financial records.

PrivacySource uses CreditXpert Credit Scores (TM) from Consumers should be aware that this is a different credit score brand. It is not the same as FICO from the Fair Isaac Corporation. The My ID Alert service from Capital One also uses CreditXpert Credit Scores.

If you have the time, you might compare PrivacySource and, Trilegiant's credit monitoring service. I didn't bother comparing the two sites because I'd already made up my mind about PrivacySource. First impressions are important. The PrivacySource offer letter was underwhelming and the site was difficult to find.

Is BofA PrivacySource for you? Only you can make that decision. It's not for me. Why? First, the letter didn't contain enough information for me to to make a decision, and it didn't include the service website. Second, the difficulty I encountered with finding the PrivacySource website gave me the impression that if the company can't do that well, the actual service is probably problematic, too.

Third, the sample credit reports seemed like summaries and not the full detail. Fourth, I prefer a comprehensive service that includes both credit monitoring and resolution services. Fifth, there are more comprehensive services that also help with medical identity theft and fraud.

If you already signed up for PrivacySource, please share your experience below. I've Been Mugged readers would love to hear your experiences, good and bad. If you have experiences with FAMS and/or First Advantage Credco, we'd like to hear about that too.

RapLeaf, Facebook, Data Mining, and Privacy

There is a good article in CNN Money about RapLeaf, its ties to Facebook, and the impact of data mining on privacy. In this latest data breach, RapLeaf obtained from Facebook applications (commonly referred to as "apps") the IDs of Facebook members, merged the data with its own database, and then resold that combined data to advertising networks.

You never heard of RapLeaf before? Neither had I. It is one of many information brokers like Acxiom, ChoicePoint, Spokeo, and Quantcast. This blog covered them, and now RapLeaf, too. The Facebook breach fiasco highlighted several related privacy issues. The issues I see affecting consumers:

  1. The Facebook apps never should have transmitted members' IDs and personal information, especially those Facebook members that had set their privacy settings to private. As I've written before, this breach questions whether Facebook is administratively and technically competent to keep private the personal information its members' specify as private
  2. There are plenty of information brokers eager to do business with Facebook -- to access the sensitive personal information in Facebook members' profiles and apps. Several information brokers, like RapLeaf, already do business with Facebook
  3. RapLeaf combined the data it obtained from Facebook, including IDs from members' who had specified their data stay private, and then resold that combined information to advertisers. RapLeaf later said it shouldn't have transmitted Facebook IDs and removed that data element from information it sells to advertisers
  4. The large network of data sharing relationships in #2 means your sensitive personal information will travel a lot further and faster to more companies and advertisers than you ever imagined. This is the "cost" of a free service like Facebook
  5. Information brokers' data mining efforts are getting more precise. Before they knew your lifestyle: car owned, rent vs. homeowner, favorite genres of films and music, favorite travel destinations, where you live, favorite websites, and purchases you made. Now they know your habits: when during the day you drive and destinations, the times of day you listen to certain genres of music, when you are at work versus traveling on business or pleasure, where you post messages from, and daily routines
  6. Many information brokers don't give consumers any control over the information they have collected about you. They view it as their information to use in other products and services, regardless of of whether it is accurate, totally inaccurate or a mix. Consequences to the consumer be damned

CNN Money summarized the problem facing RapLeaf and information brokers:

"... privacy experts said they believe Rapleaf is being disingenuous. They noted that the company links users' names and e-mail addresses to many social networking profiles -- including Flickr, Friendster, LinkedIn, Twitter, Pandora, Wordpress, MySpace, Bebo, Tribe, Livejournal, Yelp and Amazon -- and sells that information to third-parties..."

I agree. Data miners like RapLeaf can't serve two masters. The drive for profits is too great. Consumers' privacy will be the loser.

While reading the CNN Money article, I also learned what a Klout Score is. Do you know your social media Klout Score? A better question might be: what information brokers know your Klout Score. A more insightful question might be: do you have control over who accesses your Klout Score? According to the number-crunchers at, my Klount Score (based on my Twitter account) is "5 - Explorer:"

"You actively engage in the social web, constantly trying out new ways to interact and network. You're exploring the ecosystem and making it work for you. Your level of activity and engagement shows that you "get it", we predict you'll be moving up."


After reading the CNN Money article, I browsed some of the RapLeaf blog and read the company's spin on its reselling of Facebook members' personal information and IDs:

"The underlying issue is with a piece of the HTTP header called the referrer URL. We recognize that referrer URLs are a major industry-wide problem with the structure of internet security, so Rapleaf has taken extra steps to strip out identifying information from referrer URLs. When we discovered that Facebook ids were being passed to ad networks by applications that we work with, we immediately researched the cause and implemented a solution to cease the transmissions."

Really? RapLeaf's information systems are totally reactionary without any quality controls or checks?

Okay, I get it. Facebook IDs were embedded into the referrer URL and RapLeaf didn't scrub the headers and remove said sensitive information. Sounds to me like the system was programmed for speed over both quality and privacy. Rapleaf corrected the problem later, but the damage had already been done.

What exactly was the damage? In his Freedom To Tinker blog, Harlan Yu analyzed the Facebook app breach:

"Because of the way Zynga (the makers of FarmVille) crafts some of its URLs to include the user’s Facebook ID, the browser will forward this identifying information on to third parties. I confirmed yesterday evening that using FarmVille does indeed transmit my Facebook ID to a few third parties, including Doubleclick, Interclick and"

So, it's not just RapLeaf. Yu summarized well the threat to consumers:

"... allowing advertisers and other third parties to easily and definitively correlate a real name with an otherwise "anonymous" IP address, cookie, or profile is a dangerous path forward for privacy."

Dangerous, indeed. What do you think?

During the past few months, I have heard people comment on blog posts that, "online privacy is dead." I don't buy that. It is a lame excuse by corporate apologists and executives who want to do as they please with consumers' personal information without having to worry about disclosures, rules, accountability, or responsibility.

If the information brokerage and advertising industries can't police their companies to ensure consumers with reasonable online privacy, then it will get sorted out in the courts. Several ISPs and technology firms already learned this the hard way with behavioral advertising. Meanwhile, some things consumers can do to maintain privacy online:

The State of Anti-Virus Software

Last week, NSS Labs released their quarterly report on Consumer Anti-Malware Products. I read this report because one advice experts always recomend to avoid identity theft is that consumers keep the anti-malware (e.g., software that identifies, blocks and deletes viruses, spyware and related bad stuff) software on their home computers up to date.

Usually NSS Lab's report is available for a fee, but this quarter's version is free because of the subject matter. NSS Labs tested several anti-malware software brands and the software effectiveness is far from consistent. Key results from the report:

  • Software effectiveness varies. The ability to block software viruses varies widely by brands from a low of 54% (AVG) to a high of 90% (Trend Micro) across tested products. You would think that performance would not vary so widely (36% points) across products, but it does. Higher numbers are better since it represents a product that prevents the user's computer from downloading more viruses and from running more viruses accidentally downloaded.
  • Update time varies. The time before a malicious website (e.g., a web site infected with malware) was blocked ranged from a low of 3.3 hours (Trend Micro) to a high of 28.5 hours (AVG) across 11 vendors' products. Lower numbers are better since it represents a product that prevents sooner the web browser from visiting infected websites.

The report includes a really good chart comparing each product's performance in 3Q2009 to 3Q2010. The report groups products into three categories: Recommend, Neutral, and Caution. I am happy that the anti-virus software I used was listed in the "Recommend" category. Products in this category performed well consistently across all tests, compared to products rated lower which performed highly on one test and poorly on another.

The report's authors estimated that:

"Cybercriminals have between a 10% - 45% chance of getting past your AV with Web Malware (depending on the product). Cybercriminals have between 25% - 97% chance of compromising your machine using exploits."

NSS Labs tested all software on computers running Windows® 7 with 2 GB RAM and 20GB hard drive. "Exploits" included attempts to take over the computer and send spam to others, to capture and transmit sensitive personal information such as bank account numbers and sign-in credentials. Applications included Internet Explorer®, Mozilla® Firefox®, Apple® Quicktime®, and Adobe® Acrobat®. NS Labs tested the leading anti-virus software products including AVG Internet Security 9, ESET Smart Security 4, F-Secure Internet Security 2010, Kaspersky Internet Security 2011, McAfee Internet Security, Microsoft Security Essentials, Norman Security Suite, Panda Internet Security 2011, Sunbelt VIPRE Antivirus Premium 4, Symantec Norton Internet Security 2010, and Trend Micro Titanium Maximum Security.

Download today the NSS Labs report.

National Protect Your Identity Week

If you hadn't heard, October 17 - 23, 2010 is National Protect Your Identity Week (NPYIW). About 10 million consumers were victims of identity theft and fraud last year. And the problem isn't going away anytime soon.

The ProtectYourIDNow site contains events for consumers by state. I visited the website to see the types of events available. Most of the events are sponsored by local organizations and governments, and many events are access to portable shredding resources for consumers who don't have at-home shredding machines. Other events include workshops about how to avoid scams, or tips about credit scores and credit reports. Many of the events are free. I encourage readers to find a NPYIW event near you.

The NPYIW website includes informative videos, and an online quiz to test your knowledge about identity theft and fraud. Sponsors of NPYIW include the Better Business Bureau, the National Foundation for Credit Coounseling, the Consumer Federation of America, the U.S. Federal Trade Commission (FTC), myFICO, the Identity Theft Resource Center, the National Crime Prevention Council, the National Council of La Raza, the Credit Union National Association, and many others.

Facebook Apps Share Members' Personal Data With Advertisers and Web Tracking Companies

Yesterday, the Wall Street Journal and many news organizations reported about the fact that Facebook applications (like Farmville, that are commonly called "apps") sharing members' UserID and personal information with advertisers and web-tracking services, when you have set your Facebook Privacy settings to "public." I encourage all readers to watch this PBS NewsHour news broadcast about Facebook apps and exactly what personal data Facebook apps share.

If you are new to this blog, I suggest you:

Basic Steps To Protect Your Wireless Home Network From Hackers

If you operate a wireless network at home, you may find this U.S. Federal Trade Commission (FTC) video helpful:


To learn more, read these related blog posts:

Cities Whose Consumers Have The Highest Credit Scores

I found this report very interesting. The Experian State of Credit report ranked cities in the United States by consumers' average credit score. Residents in these cities had the highest average credit scores:

  1. Minneapolis (MN): 787
  2. Madison (WI): 785
  3. Cedar Rapids (IA): 781
  4. Green Bay (WI): 780
  5. San Francisco (CA): 780
  6. Boston (MA): 779
  7. Peoria (IL): 778
  8. La Crosse (WI): 778
  9. Seattle (WA): 777
  10. Sioux Falls (SD): 777

The average credit score was based on January to June 2010 inputs by Designated Marketing Area (DMA) from VantageScore and other leading credit reporting agencies. VantageScore is a newer credit-score score brand which competes with the FICO score, produced by the Fair Isaac Corporation. Consumers' VantageScores range from 500 to 990. 16% of the population has a VantageScore between 900 to 990.

The cities with the lowest average VantageScores:

  1. Harlingen (TX): 684
  2. Jackson (MS): 698
  3. Corpus Christi (TX): 700
  4. Shreveport (LA): 701
  5. El Paso (TX): 706
  6. Monroe (LA): 706
  7. Las Vegas (NV): 707
  8. Bakersfield (CA): :708
  9. Myrtle Beach (SC): 709
  10. Tyler (TX): 709

Residents in Harlingen had an average of 1.4 credit cards, $23,500 outstanding credit card debt, and an 11.7% unemployment rate. Residents in Minneapolis had an average of 2.1 credit cards, $25,100 outstandind credit card debt, and a 6.8% unemployment rate. Coincidentally, the Minnesota Attorney General's website provides its residents with good information about both personal finance and credit scores. The website lists these factors that affect consumers' credit scores:

  • Have you paid your bills on time?
  • How much outstanding debt do you have?
  • How long have you had credit?
  • How often do you apply for credit?
  • What types of credit are you using?

When comparing credit scores, consumers need to know which brand of credit score they have. Want to learn more? Visit the attorney general or consumer protection website for your state. Also, you may find these related blog posts helpful:

The Age of Conversation 3 and Water

As you may remember, the Age of Conversation 3 book -- with one chapter written by yours truly -- went on sale in May of 2010. All proceeds from book sales go to a worthy charity. I have some good news and some not-so-good news about that.

First, the not-so-good news. You may recall that Make-A-Wish was the originally intended charity. Sadly, that fell through about some rigid rules MAW had about how we bloggers were to promote it. Then, the #2 charity choice. UNICEF, was uninterested.

The good news: despite these setbacks, a charity was selected and it is charity: water:

"... is a non-profit organization bringing clean, safe drinking water to people in developing nations. We use 100% of public donations to directly fund sustainable water solutions in areas of greatest need. Just $20 can give one person clean water for 20 years."

I encourage you to visit their site, watch the video or read the charity: water blog, and then buy the Age of Conversation 3 (AOC3) book if you haven't already. For maximum impact, please buy the book on or before October 15, Blog Action Day 2010. You can buy AOC3 at online retailers including and at Barnes & Noble. A Kindle version is also available! For students of social media, AOC3 is a must-have.

We picked Blog Action Day 2010 because the 100 bloggers who contributed to the AOC3 want to support a worthy cause. It doesn't hurt that all bloggers worldwide will discuss on October 15 the same topic: water. You can also follow Blog Action Day feed on Twitter.

I think that we all know the value of clean drinking water. We need it to live. Experts state that about 1 billion people around the planet don't have access to clean water, and 42,000 people die each week from water-borne diseases.

Once again, thanks to our friends at Channel V for their digital publishing and accounting work for AOC3. The AOC3 editors already received the first royalty check of $2,000.00 which was forwarded to charity: water. Watch this video about charity: water:

charity: water 2010 September Campaign: Clean Water for the Bayaka from charity: water on Vimeo.

US Search Settles with FTC Over Deceptive Marketing

Many consumers want to manage their online identity and reputation, especially when the online information is false or misleading. Unfortunately, some companies have rushed to take advantage of consumers' fears.

Late last month, US Search settled charges with the U.S. Federal Trade Commission (FTC) about deceptive marketing. The settlement requires the data broker to refund fees to about 5,000 consumers and not to engage in future deceptive marketing:

"US Search, Inc., is an online data broker that compiles public records and sells data about consumers to the public. The records may contain not only names, addresses and phone numbers, but also information such as aliases, marriages and divorces, bankruptcies, neighbors, associates, criminal records, and home values... Since June 2009, US Search sold consumers its “PrivacyLock” Service, which it claimed would allow them to “lock their records” and prevent their names and other information from appearing on the company’s website, its search results, or advertisements for a year."


In its complaint, the FTC alleged the data broker's promises to consumers were false and that the PrivacyLock Service failed to:

  • Block consumers’ names from showing up as an associate of someone else in a search for the other person’s name;
  • Block consumers’ information from appearing in a “reverse search” of their phone number or address, or in a search of their address in real estate records;
  • Work when the consumer changed addresses, thereby generating new records that would not be subject to the PrivacyLock

A "reverse search" is when a user enters a phone number or street address and the service displays the person's name. This website capability has been around for years at popular white-page telephone book websites such as AT&T AnyWho and This is one reason why I pay the extra monthly fee to not disclose my landline phone number in the telephone company's white pages. Once your landline phone number gets out, it will likely end up in lots of data brokers' databases.

Many data brokers compile and resell information about consumers. To learn more, read these blog posts about Spokeo and Acxiom. Plus, many states' registry of motor vehicles departments sell data to data brokers. In July of this year, a major DPPA class-action lawsuit was dismissed.

6 Tips To Help Consumers Spot Credit Repair Scams

Perhaps you were the victim of identity theft and fraud which wrecked your credit scores and credit. Perhaps, you made made some poor financial decisions. Or maybe you home was foreclosed upon after you lost a job during the recent economic recession. What should a consumer be aware of when trying to improve your credit?

Some consumers seek help from credit repair services. After all, there are ads everwhere online and on television by credit repair services offering to help. Some credit repair services have even posted comments on this blog. What should consumers be aware of? How can you spot legitimate credit repair offers from the scams?

Everyone wants to be a smart, informed shopper. The U.S. Federal Trade Commission (FTC) offers six tips to help consumers spot credit repair scams. Credit repair scams will often:

  1. Demand payment before they provide any services. The Credit Repair Organizations Act specifies that they cannot force you to pay until after they have provided the services promised
  2. Won't explain your rights nor what you can do for free by yourself
  3. Instruct you not to contact the three major national credit reporting agencies: Equifax, Experian, and TransUnion
  4. Promise they can delete most or all the negative information in your credit reports, even when that information is accurate
  5. Ask you to create a “new” credit identity to get a new credit report by applying for an Employer Identification Number instead of your Social Security number
  6. Instruct you to dispute all the information in your credit reports, even when it accurate

Obviously, before doing business with a credit repair service you should review your credit reports from the three major credit reporting agencies. Know you rights and use the official website to order your free credit reports as provided by law: Like any other serious financial situation, document everything in writing when doing business with any credit repair service.

If you need more help, check the website for the Attorney General's Office in the state where you love. Many provides assistance and advice about credit repair scams. For example, see the Connecticut or Missouri or Florida attorney general websites.

The Exodus From Facebook

After Bill Moyers retired, the Need To Know show filled the gap on PBS when the Bill Moyers Journal show ended. Need to Know recently broadcast the segment below about consumers leaving Facebook. The reasons vary why people are leaving Facebook. For me, Facebook's questionable and seemingly insincere commitment to protecting my privacy encouraged me to reduce my personal time on Facebook and use it mostly to support this blog. Reducing your time-on-site or deleing your account are options I encourage consumers to consider for any service or website that doesn't meet their needs.

If you are thinking about leaving Facebook, you might visit the Web 2.0 Suicide Machine or Seppukoo websites for additional information. The Need to Know segment:

Watch the full episode. See more Need To Know.