Two years ago, Todd Davis, the founder of LifeLock, decided to plaster his Social Security number wherever he could get ad space. For a fee of about $10 a month, LifeLock offers what it calls a “proven solution” that prevents its customers from becoming victims of identity theft and fraud. I wrote about whether a solution like this is worth the money a few weeks ago (Is ID Theft Protection Necessary)… and apparently it’s not.

One man in Texas has already succeeded in getting a payday loan in Davis’ name. However, when asked about the breach Davis stressed that his service does not guarantee that your I.D. won’t be stolen. Rather, it aims to reduce the likelihood that your I.D. is stolen, and if it is, LifeLock promises to fix the problem.

But that’s not the real problem. LifeLock’s current problem is dealing with lawsuits of up to 105 of people who now claim that LifeLock didn’t live up to its advertising and have suffered at the hands of identity thieves.

So what can you do to prevent 83 people from trying to access your personal information? The answer is not LifeLock. The answer, as of today, does not involve only one approach. You need to be active in monitoring your own credit, and perhaps combine your own efforts with a service such as LifeLock… to help you with the monotonous lifting. Take a read through Is ID Theft Protection Necessary and try and follow the suggestions I’ve made. Monitoring your own credit, placing freezes on your credit, and many other “tricks” can keep you one step ahead of the game.

But as this problem grows we also see the growth of an entirely new industry - identity theft protection. Banks, credit bureaus, and a host of companies are now providing identity theft protection for prices ranging from a few dollars a month to over $100 per year… but are they worth it?

What Does ID Protection Provide?
Most ID theft protection companies provide a standard fare of services in three major areas: prevention, detection, and identity restoration.

ID theft prevention is actually a lesser-known service, with most people focusing on ID theft detection instead. However, many companies offer services to prevent fraud from even happening by setting and renewing fraud alerts with major credit agencies. The fraud alerts tell the credit bureaus that you your identity may have been compromised, alerting creditors to actually contact you to confirm your identity before opening a new account. In addition, some companies offer to remove you from pre-approved credit offers to decrease the likelihood of someone filling one out in your name.

In terms of helping detect ID fraud, most companies offer some sort of 24/7 continuous credit monitoring service, alerting you to any inquiries into your credit, new accounts opened, or changes to your personal information. Annual or even monthly credit reports are also standard menu items for detection services.

Identity restoration is usually offered in the form of ID Theft “insurance.” The policies, ranging from $20,000 to $1,00,000 are meant to reimburse you for any damages incurred from your identity actually being stolen. Did someone open a new credit card account in your name and rack up $10k in charges? Your ID theft insurance would, in theory, pick up the tab.

Can I Do This Myself?
The underlying worth of ID theft protection is the convenience. There’s no magical product that these companies offer, no “new” service. After doing a little bit of research you’ll come to find out that you can do almost everything the ID theft protection companies do yourself… for free. So the question you have to ask yourself is whether or not the $19/month is worth your time. In a recent FTC study, the median amount of time spent resolving ID theft was found to be four hours. And 10% of victims spent more than 55 hours resolving their problems. So if you can spend a few hours a year maintaining an ID theft protection regimen then you probably shouldn’t waste your money on someone else’s services.

How Can I Do This On My Own?
If you’d like to provide your own ID theft protection, here are a few places to start:

First, skip the insurance. According to a report by Javelin Strategy and Research, consumers spend an average of $422 out of pocket to resolve identity fraud, could spend more than $900 in cases where the fraud goes undetected until a debt collector gets involved or the victim is denied credit. According to another Federal Trade Commission study, in more than 50% of the cases, victims incurred no out-of-pocket expenses for ID theft. In fact, you’re liable for only $50 in unauthorized credit-card charges, and that’s usually waived. Also, take a minute to call your bank, credit union, and homeowners insurance company - you may find they offer identity theft insurance to you for free just for being a customer.

As mentioned above, the best way to prevent ID theft is to contact one credit bureau (which will in turn contact the others) every 90 days to put a fraud alert on your account. The problem is, without proof of actual fraud, you can’t request an extended fraud alert, hence the renewal every 90 days. Alternatively, you can place a freeze on your credit. The rules are different between states, so you should check with your state consumer organization to find out what the rules for credit freezes are. Credit freezes prevent both fraudulent and legitimate lenders from reviewing your credit report without your consent, giving you perhaps more protection than you want. It’s most effective when you’re dealing with an aggressive identity thief, or fear that someone — such as an angry ex-spouse — is trying to ruin your credit.

In terms of credit monitoring, laws are now in place to allow you to receive one FREE credit report from each of the major credit agencies EACH YEAR. This allows you to request a free credit report every 4 months throughout the year (there are 3 major agencies). Start by going to https://www.annualcreditreport.com/cra/index.jsp . And putting a fraud alert on your account every 90 days as mentioned above entitles you to a free copy of your credit report from each of the three credit bureaus every 90 days. That’s 15 free credit reports a year - definitely more information than you probably need to adequately monitor your credit.

If by chance you are the victim of identity theft, there are a number of organizations that provide free help and support. Since this topic could be the subject of its own post I’ll point you instead to the Identity Theft Resource Center, the Privacy Rights Clearinghouse, the FTC’s Identity Theft Site, and the attorney general’s office in some states.

Where Can I Purchase ID Theft Protection?
As with any type of financial service, be sure to do your homework before purchasing. Starting with this post is a good start - congratulations! As a next step, assess what type of protection you’re looking for and the places you can find it. Are you willing to do some of the leg work and want to buy only insurance? Do you want to pay only for credit monitoring? There are a few sites out there such as ConsumerCompare.org that present an easy-to-read chart of ID Theft Protection services and what’s offered by each. Be sure to focus not only on price, but check the “small print” to see if the services offered have any sort of limitations. Also, be on the lookout for reviews from actual customers - ones that have and have not been hit by identity theft.

In an effort to appear legitimate, the bogus e-mails include text from an actual speech about the wildfires by a member of the California Assembly.

The scam e-mail urges recipients to click on a link, which then opens what appears to be the IRS Web site but which is, in fact, a fake. An item on the phony Web site urges donations and includes a link that opens a donation form which requests the recipient’s personal and financial information.

“People should exercise caution when they receive unsolicited e-mail or e-mail from senders they don’t know,” said Richard Spires, IRS Deputy Commissioner for Operations Support. “They should avoid opening any attachments or clicking on any links until they can verify the e-mail’s legitimacy.”

The bogus e-mails appear to be a “phishing” scheme, in which recipients are tricked into providing personal and financial information that can be used to gain access to and steal the e-mail recipient’s assets.

The IRS also believes that clicking on the link downloads malware, or malicious software, onto the recipient’s computer. The malware will steal passwords and other account information it finds on the victim’s computer system and send them to the scamster.

Generally, scamsters use the data they fraudulently obtain to empty the recipient’s bank accounts, run up charges on the victim’s existing credit cards, apply for new loans, credit cards, services or benefits in the victim’s name or even file fraudulent tax returns to obtain refunds rightfully belonging to the victim.

As a rule, the IRS does not send e-mails soliciting charitable donations, nor does not send unsolicited e-mails or ask for personal and financial information via e-mail. The IRS never asks people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.

Recipients of the scam e-mail can help the IRS shut down this scheme by forwarding the e-mail to an electronic mail box, phishing@irs.gov. This mail box was established to receive copies of possibly fraudulent e-mails involving misuse of the IRS name, logo or Web site for investigation. The IRS and the Treasury Inspector General for Tax Administration (TIGTA) work with the U.S. Computer Emergency Readiness Team (US-CERT) and various Internet service providers and international CERT teams to have the phishing sites taken offline as soon as they are reported.

If you’d like to contribute to one of the many charities accepting donations for victims of the California wildfires, please go to the respective charity’s website directly. NEVER click on a donation link from an email.

The IRS saw an increase in complaints in recent weeks about these e-mails, which are designed to trick the recipients into disclosing personal and financial information that could be used to steal the recipients’ identity and financial assets. Since November, 99 different scams have been identified, with 20 of those coming in June – the most since 40 were identified in March during the height of the filing season.

The current scams claim to come from the IRS, tell recipients that they are due a federal tax refund, and direct them to a Web site that appears to be a genuine IRS site. The bogus sites contain forms or interactive Web pages similar to IRS forms or Web pages but which have been modified to request detailed personal and financial information from the e-mail recipients. In addition, e-mail addresses ending with “.edu” — involving users in the education community — currently seem to be heavily targeted.

So please be on the lookout for suspicious emails. If you ever question the legitimacy of an email just visit the site directly or give them a call and ask if they need some information from you. Don’t ever click on the links contained in suspicious emails (or most emails for that matter). If you receive a bogus email please help the IRS by forwarding the email to phishing@irs.gov.

A few months later, MixItForMe.com had changed dramatically - dumping it’s ‘mixing’ services and devoting all of its energy into electronics sales. They occasionally had another good deal or two - but most of the time their prices were comparable to every other online retailer. I didn’t think anything of it until I began hearing more and more customers complain about not getting their orders on time - up to 6 months after ordering.

Just this last week I decided to visit MixItForMe.com but when I did the site was gone. A little Google searching turned up a number of articles including a BBB Reliability Report and a NBC report outlining an FBI investigation into the business practices of MixItForMe.com. Apparently the BBB “files contain a pattern of customer complaints regarding non-delivery or delayed delivery of merchandise and difficulty and long delays in obtaining refunds. The company has not worked cooperatively with the BBB in providing prompt and meaningful responses to customer complaints presented to them or in eliminating the cause of those complaints.”

On March 27th of this year the FBI, Secret Service, US Postal Service, RI State and Providence police raided the offices of MixItForMe, seizing company records. The FBI is now alleging that MixItForMe sold millions of dollars of electronic merchandise and has not filled many of the orders.

After reading all of this I considered myself lucky to have received my order when I did. It sounds like if I had purchased that iPod any later I would never have received it.

There are a number of things that a person could “learn” from this situation.

First, it’s all about the cash flows. If you’re going to run a successful business longer than a few months, you must have a cash flow game plan. Regardless of how many sales you make, your suppliers are going to want to be paid in cash - preferably the cold hard kind.

Second, you’re business has to be scalable. Growth is great… when you’re prepared for it. If your business grows too fast for you to keep up with you’ll end up with business version of the “digg effect” and your business will come to a screeching halt.

The third thing we can learn from MixItForMe is that honesty truly is the best policy. I can guarantee you that if you tell me my order will be shipped in 6 weeks and it take 8 - I’ll never be back. If you’re up front with your customers they’ll be more understanding to any growing pains your business might be having, and less likely to call in a FBI raid.

If you haven’t heard already, a federal judge and jury passed judgment on former Enron Corp. chiefs Kenneth Lay and Jeffrey Skilling Thursday, finding them guilty of fraud and conspiracy in one of the biggest business scandals in U.S. history.

What bothers me the most about this trial and its outcome is the fact that everyone is labeling it a “victory for the Government.” It should be labeled a victory for American investors! For so long white-collar crime such as fruad has not been persecuted and the investors are the ones who ultimately lose - not the government. The investors are the ones who must wait for their company to post sales 10x normal just to recover the amount of cash taken by fraudsters. The investors are the ones who, when cheated and swindled (yeah, I can’t believe I used that word either), are forced to listen to lame and pathetic excuses from men and women who claim ignorance and yet two breaths earlier report that they are the most powerful man in the company and worth every penny of his $30 million salary.

No, this victory is the investors’. And now they should feel more comfortable in prosecuting - and winning - fraud cases such as this because the American people are slowly becoming aware of accounting fraud and what it means to you and me. And the lack of knowledge of what is right and wrong in the accounting world is what has kept people like Skilling and Lay free for so long. But hopefully not any more…

Phishing and Pharming Presentation

Lennon contended the court order is “extremely broad” and “prohibits efforts by 12 Daily Pro members from enforcing claims through self-help, such as initiating credit card charge backs, or reversing electronic fund transfers.” Anyone who does so, he warns, risks being “found in contempt of Court, with the resulting consequences.”

His announcement came after many of the victims of 12 Daily Pro’s Ponzi Scheme had been trying to get back their investment by using “charge backs”. They went to their bank or credit card issuer and asked them to reverse or “charge back” transfers to the 12 Daily Pro account.

However, last week Judge Manella issued a Minute Order allowing 12 Daily Pro “investors” to try and dispute charges with their credit card company, bank, or ACH. Some claim they’ve been successful using this tactic; however, there’s no guarantee that the members will get anything of the total $50 million back.

This guy, like all of us, recieves a lot of credit card applications in the mail telling him he’s Pre-Approved for $1,000,000!!! and garbage like that. He usually rips up the applications into tiny pieces to prevent the casual dumpster-diver from getting any personal information (I personally shred them, which is the moral of this story).

Due to boredom (or maybe to post about it on his blog) this guy decided to get some scotch tape and tape the ripped up credit card application back together. He then filled it in and mailed it into Chase for a new mastercard. Can you guess what happened? That’s right! Sure enough, a few weeks later he recieved his shiny new credit card with his parent’s address and his cell phone number tied to the account.

Hopefully this story will prompt those of you who do not own a shredder to go out and spend the $30! Be sure to shred anything with personal information on it including credit card applications, statements, bills, and basically anything else with your name and address on it!