Tag Archive | "Identity Theft"

LoJack Issues Warning About ‘Connected Car Thieves’

CANTON, Mass. and IRVINE, Calif. — LoJack, a wholly-owned subsidiary of CalAmp, is alerting consumers to some of the sophisticated techniques vehicle thieves are using to break into today’s connected vehicle. The information shared is part of a consumer campaign the firm rolled out as part of this month’s National Vehicle Theft Protection Month, but it could also be used by F&I managers to educate consumers about the need for vehicle-recovery systems.

With the emergence of sophisticated connected vehicles and Internet of Things technology, the nature of auto theft is changing, the company said. And according to the FBI’s Preliminary Semiannual Uniform Crime Report, auto theft in the first half of 2015 topped what was recorded during the first half of 2014.

“Vehicle theft is starting to shift because of advanced techniques introduced by the ‘connected vehicle thief,’” said Patrick Clancy, vice president of LoJack Law Enforcement. “These criminals are smart, connected and more difficult to impede. They are targeting not only vehicles but also onboard data that, once obtained, can be damaging and difficult to recover. This campaign is designed to educate vehicle owners and businesses about the changing nature of auto theft, who the adversaries are, and what can be done to remain vigilant so that their lives are not negatively impacted by theft.”

The following are some of the methods and tactics used by today’s connected vehicle thief:

  • Car Cloning: Savvy thieves create and install a fake vehicle identification number (VIN), allowing a stolen vehicle to go unnoticed. Hackers then use the stolen VINs to create new documents, hiding the fact that the underlying vehicle is stolen.
  • Vehicle Ransom: Cybercriminals could leverage “ransomware” to break into a vehicle, disable the engine and brakes, and demand payment to restore the car to its functional state.
  • Scanner Boxes: These are devices that can exploit an electronic system controlled by key fobs. Criminals can then unlock and even start a vehicle without even touching the key.
  • Identity Theft: Thieves are targeting the data available within the car, including credit card details, location information, Social Security numbers and driver’s license numbers.
  • Luxury Vehicle Theft Rings: Organized crime rings target higher value vehicles, which can then be cut up for parts, resold or shipped overseas. These theft rings utilize complex schemes, such as copying smart keys and using stolen credit reports to illegally finance vehicles.

LoJack also listed some safety tips F&I managers can share with their customers:

  • Be Selective With Sensitive Data: Be aware that personal data stored in your vehicle, such as credit card information or home address in an onboard GPS system, could be vulnerable to theft.
  • Update Manufacturer Software: Download the latest firmware and software upgrades from the vehicle manufacturer as they become available. Ask about updates when visiting the service department of your dealership.
  • Stay Informed of Recalls: Stay abreast of vehicle-enabled cyberattacks, and check with your vehicle manufacturer about any security recalls or alerts.
  • Use Theft Prevention Products: Immobilizers and visible, audible warning devices are good deterrents and can provide advanced protection.
  • Install a Tracking Device: Consider installing a tracking device operated by law enforcement so that stolen assets have a better chance of being recovered.
  • Keep Your Assets Close: Do not leave smart phones and tablets unattended, as they can be used to access more data. Additionally, use proper safety protocols on vehicles with keyless ignitions.
  • Practice Common Sense: Never leave keys in the vehicle with the engine running and don’t hide a spare key in the car. Additionally, lock all doors when exiting the vehicle. It seems obvious, but car owners are still victimized by not taking these basic safety precautions.

For information and tips on how to protect your customers against the connected vehicle thief, visit LoJack’s Auto Theft Blog by clicking here.

Posted in Auto Industry NewsComments Off on LoJack Issues Warning About ‘Connected Car Thieves’

Lincoln Captive Offers Customers Credit Protection Package

DEARBORN, Mich. — Lincoln Automotive Financial Services is offering its finance and lease customers complimentary credit-protection that includes 24/7 credit monitoring and alerts, unlimited access to their credit reports and score, lost wallet protection and up to $1 million in identity theft insurance coverage with no deductible.

The package, which last for two years, depending on the client’s financing term, includes access to VantageScore, a credit score developed jointly by the three major national credit reporting companies. It also provides finance customers with unlimited access to the client’s TransUnion Credit Report, and a dedicated identity restoration specialist to help them restore their identities.

“This complimentary protection will alert our clients to activity affecting their credit and will help them restore their identity if it is compromised,” said Krista Conyers, the captive’s director of marketing.

With the package’s lost wallet protection, the captive’s clients can upload their driver’s license, credit card and other important numbers. If the wallet is ever missing, the client makes one phone call to a specialist who reports missing cards to the issuers and begins the replacement process.

The complimentary coverage is offered to clients who finance or lease with Lincoln Automotive Financial Services in the United States and lasts for two or three years, depending on the client’s financing term.

Posted in Auto Industry NewsComments Off on Lincoln Captive Offers Customers Credit Protection Package

Dealer Sentenced to 15 Years for Identity Theft

INDEPENDENCE, Mo. — The owner of Edge Auto Sales, an auto dealership with locations in Blue Springs and Independence, was sentenced to 15 years in prison for multiple felony convictions related to an extensive identify theft scheme he ran out of his dealerships.

Morrow acquired personal identifying information about his victims through their applications for auto financing, according to Attorney General Chris Koster and Jackson County Prosecuting Attorney Jean Peters Baker. Morrow used the victims’ information to forge dozens of fraudulent auto loans for car sales that never occurred. He then sold those fraudulent loans to automotive finance companies, who bought the rights to collect on the loans for a lump sum payment to Morrow.

The Missouri Attorney General began investigating Morrow in 2012 after receiving a tip from a consumer who discovered a fake car loan on her credit report.

In addition to Edge Auto, the attorney general’s office discovered that Morrow fabricated the existence of a dealership in Kansas City, forging documents so that it appeared to be owned and operated by one of his Edge Auto victims. Morrow also created fake loans through this fictitious dealership.

In 2012, Morrow created another dealership, Silver Star Motors, in Illinois. Through this new dealership, Morrow reused identities of his Jackson County victims in addition to selecting new victims in Illinois to continue his scam. An Illinois consumer checking his credit report also discovered a fraudulent car loan and alerted authorities there.

In April, Morrow pleaded guilty to nine felony counts of forgery, nine felony counts of deceptive business practices and two felony counts of identity theft. On Thursday, the judge sentenced him to 15 years on each of the two identity theft counts, seven years on each of the nine forgery counts, and four years on each of the counts for deceptive business practices. The sentences were ordered to run concurrently and Morrow was credit with approximately a year for time served. The Missouri Attorney General’s Office assisted Jackson County Prosecuting Attorney Jean Peters Baker in the prosecution.

Koster said that his office identified at least 44 Missouri victims and approximately $1.125 million of fraudulent loans, which Morrow sold to four automotive finance companies for approximately $478,000 in cash.

“Terry Morrow perpetrated the most extensive identity theft scheme ever prosecuted in Missouri and the sentence handed down today reflects the severity of his crimes,” Koster said. “His scheme was discovered because consumers checked their credit reports and found loans they had not taken out. Without that consumer vigilance there is no telling how many more victims there might have been.”

Posted in Auto Industry NewsComments Off on Dealer Sentenced to 15 Years for Identity Theft

RouteOne And National Credit Center Partner To Assist Dealers With Identity Verification And Compliance

Farmington Hills, Mich. – RouteOne LLC and National Credit Center (NCC) will integrate to offer identity verification and authentication services to help auto dealers streamline and improve their compliance efforts. These services enhance RouteOne’s current compliance offering, and are delivered through its IDOne product.

“We are pleased to welcome NCC as a supporter of RouteOne’s IDOne identity verification tool,” said Mike Jurecki, CEO, RouteOne. “We are committed to helping our customers minimize fraud risk and effectively meet the growing list of compliance requirements they face as an integral part of our credit application and dealership solutions. Our partnership with NCC builds on that commitment to assist dealers in protecting their customers and financing business.”

Dealers using the service will be able to verify applicant information across multiple data sources simultaneously with one simple mouse-click, including an OFAC check. If an alert is identified, dealers can then administer an “out-of-wallet” risk-based quiz from the same system as another method to confirm identity. The solution enables dealers to move through the process efficiently to either close the sale or determine the risk is too great.

“We are very excited to welcome RouteOne into our partner portfolio,” said Ken Suprenant, GM and vice president, NCC. “Identity fraud is the fasted growing crime in the U.S., and auto dealerships are being targeted more than other businesses for their high-dollar transactions. IDOne is a revolutionary product that fits perfectly within our comprehensive suite of credit and compliance services.”

In addition to verification, IDOne provides an audit trail to ensure compliance, and works with RouteOne’s credit application system to eliminate duplicate data entry and the potential for error. The service is backed by RouteOne’s Help Desk and field staff to ensure support is there when it is needed most.

Posted in Auto Industry NewsComments (0)

10 Questions to Ask When Creating a Cybersecurity Plan for Your Business

Via Entrepreneur

Cybercriminals are increasingly preying on small businesses, which often lack the expertise and resources to adequately protect themselves. Last year, companies with one to 250 employees were the victims of more than 30 percent of all cyber attacks, according to Symantec’s 2013 Internet Security Threat Report. That’s a threefold increase since 2011.

With larger companies increasing their protections, small businesses are now the low hanging fruit for cybercriminals,” says Julius Genachowski, chairman of the Federal Communications Commission.

But your company doesn’t have to be vulnerable if you simply take some basic protective measures. Here are 10 key questions to ask when securing your company from cybercriminals:

1. Should I install antivirus software?
Installing antivirus software and keeping it updated is a must for business owners, says Brian Underdahl, author of Cybersecurity for Dummies (Wiley, 2011). Antivirus software detects and removes malware, including adware and spyware, and filters out potentially dangerous downloads and emails.

Underdahl says he uses CheckPoint Software Technologies Ltd.’s ZoneAlarm Extreme Security 2013, a comprehensive antivirus software security package. It costs $54.95 for one year and $84.95 for two years. Other popular, effective antivirus options include Bitdefender Small Business Security ($150 for one year) and Webroot SecureAnywhere Antivirus 2013 ($39.99 for one year).

2. How should I handle suspicious emails from known and unknown senders?
Never open or reply to an email that seems suspicious, Underdahl says, even if it appears to be from someone you know. And after opening emails, don’t click on suspicious links and attachments, he says. If you do, you could fall victim to email-borne financial and identity theft threats, including “phishing scams.” Phishing emails, which appear to be from trustworthy sources, such as a bank or an online merchant you have done business with, attempt to acquire private data, including bank account and credit card numbers.

Also, recommend to your employees that they set their email client preferences to show the full address of the sender, not just the display name in the From section of their inbox, says Brett McDowell, senior manager of customer security initiatives at PayPal and a board member at the National Cyber Security Alliance Advise employees to use unique passwords for all business-related accounts online and across your company’s information systems. Their passwords should include combinations of upper and lowercase letters, numbers and symbols and should be changed every 60 days or so. Also, never use the same password for different logins and never leave your password written down near your computer, Underdahl says.

McDowell recommends multi-factor authentication to verify an individual’s identity, especially for financial transactions. For example, PayPal offers two extra forms of authentication to secure users’ financial transactions: the PayPal Security Key, which generates random temporary security codes to verify users when they login, as well as a system that sends security codes via text message to users’ mobile phones.

4. Whom should I allow access to my company’s critical data?
Administrative login credentials should be given only to key company personnel, such as the CEO, CIO and trusted IT staff. Develop a clear plan that designates which individuals have access to which types of sensitive information, McDowell says.

5. Should I use a firewall to protect my company’s internet connection?
Always use a firewall to protect your company’s inbound and outbound network traffic. A firewall can help prevent hackers from tapping into your network and to block access to certain Web sites. They can also be configured to bar employees from sending proprietary data and specific types of emails outside of your network. Firewalls come standard on most routers and similar consumer network gear. But you can add additional firewall protection for free from ZoneAlarm or Sygate Personal Firewall Free.

6. How often should I back up essential company information?
Back up your business’s vital information on a regular basis automatically, using a combination of cloud and off-site backup, Underdahl suggests. Carbonite, an online data backup service for Windows and Mac users, offers encrypted backup storage services for small businesses for $229 to $599 per year. SugarSync is a similar cloud storage provider, with business packages starting at about $550 per year.

7. Should I use data encryption?
Encryption is essential to keeping such data as credit card, bank account and Social Security numbers as safe as possible. Encryption algorithms change information in your computer files into unreadable ciphertext, or “unreadable gobbledygook,” as McDowell calls it.

Whether a cybercriminal or a criminal employee walks away with some of your data, encryption would keep you protected because [he or she] wouldn’t have the special keys to un-encrypt the data and make sense of it,” he says. “Only you would.” If you’re using Windows 8 Pro or Windows 8 Enterprise, all your local files and folders are already encrypted via BitLocker Drive Encryption. If you’re using Mac OS X Mountain Lion or Mac OS X Lion, FileVault 2 automatically encrypts all your data.

8. How should I communicate company cybersecurity policies to employees?
Create a written security policy that details what employees can and cannot do on the internet while using company devices. Also, provide clear instructions as to how staff (and contract workers, if applicable) should handle vital company and customer data. Repeat your cybersecurity policies often via email and in-person meetings.

9. How can I secure my Wi-Fi network?
Instead of using an older, less secure Wired Equivalent Privacy (WEP) network, Underdahl suggests using Wi-Fi Protected Access version 2 (WPA2), which is widely considered the most current and secure encryption available. To hide your Wi-Fi network, change the name of your wireless access point or router, also known as the Service Set Identifier (SSID). If you don’t, hackers could easily breach your network using the default SSID provided by the router’s manufacturer. For added protection, you can require users to enter a 25- to 64-character alphanumeric Pre-Shared Key (PSK) passphrase.

10. How can I secure company mobile devices?
Mandate that employees create passwords for their devices. Stolen or lost company-owned mobile equipment should be reported immediately to your tech support person or IT staff so that service can be shut off.

Consider installing an app like McAfee WaveSecure (19.99 with a one-year subscription, available for iPhone, Android, BlackBerry and Windows Mobile) that enables you to remotely track the device’s SIM card, back up data and remotely lock the device before hackers can get their hands on sensitive company information. For iOS, consider Lookout Inc.’s free app, Lookout Free Backup, Security, Find My Device.

Posted in Small Business TipsComments (0)

Identity Theft Tops FTC’s Complaint List for 2012

Washington, D.C. — Last year, identity theft once again topped the Federal Trade Commission’s list of top consumer complaints, which the agency issued this week. The FTC also reported that 2012 marked the first year it received more than two million complaints overall, with 18 percent of them related to identify theft.

Of the 369,132 identity theft-related complaints received last year, more than 43 percent were related to tax- or wage-related fraud, according to the FTC’s report, which provides national and state-by-state data. The report also lists the metropolitan areas that generated the most complaints, including the Top 50 metropolitan areas for both fraud and identity theft complaints.

The following are the nine other complaint categories making up the Top 10 complaints of 2012:




Debt collection


10 percent

Banks and Lenders


6 percent

Shop-at-Home and Catalog Sales


6 percent

Prizes, Sweepstakes and Lotteries


5 percent

Impostor Scams


4 percent

Internet Services


4 percent

Auto-Related Complaints


4 percent

Telephone and Mobile Services


4 percent

Credit Cards


3 percent

A complete list of all complaint categories is available on page six of the report.

The FTC enters complaints into the Consumer Sentinel Network, a secure online database that is available to more than 2,000 civil and criminal law enforcement agencies across the country. Agencies use the data to research cases, identify victims and track possible targets.

Other federal and state law enforcement agencies contribute to Consumer Sentinel, including the Consumer Financial Protection Bureau, the U.S. Postal Inspection Service, the Federal Bureau of Investigation’s Internet Crime Complaint Center and the offices of 14 state attorneys general. Private-sector organizations contributing data include all Better Business Bureaus in the U.S. and Canada, PrivacyStar, Publishers Clearing House and others.

Posted in Auto Industry NewsComments (0)