Is Your Credit Report Safe From Hackers when the Credit Bureaus Are unable too.
This hacker product list appeared recently on what seems to be a Russian-based website offering credit reports for sale. The prices are based on the victims’ credit scores.
By Bob Sullivan
What most people believe to be the essential tool consumers have to fight against ID theft has been turned against them by hackers, as reported by msnbc.com on March 26, 2012. Sites that offer consumers an opportunity to see their credit reports are boldly utilized used by hackers to steal your information.
The prices of a report rise and fall, depending on the credit score of the victim. For consumers with high credit scores in the 750s, report data might fetch $80; reports from victims with low credit scores in the low 600s sell for about half that, according to “for sale” pages.
The price shows how people with good credit and a good net worth now have a bulls-eye on their backs.
The most disturbing fact of these hackers markets is the accessibility of credit reports, and the hackers’ are bragging about how simple it is to infiltrate websites like AnnualCreditReport.com or CreditReport.com. However – many hosted in the .su domain, which stands for the now-defunct Soviet Union.
“I’m selling super-prime credit reports and scores which include all three bureaus and other information,” brags one advertisement on one site.
According to the article, they viewed tons of credit reports on the site, most of which had CreditReport.com printed across the first page. But others saw indicators they were stolen from AnnualCreditReport.com and Equifax.com. Also, other online credit reports and some credit score suppliers were hacked, too. They shared a page showing a victim’s score produced at CreditKarma.com.
No one has any idea how many reports have been used or put up for sale in the ‘libraries.’
The credit report business shows why even simple credit card fraud – long considered a relatively non-threatening form of ID theft – can quickly become a full-scale identity nightmare. Crooks with stolen cards can obtain background reports, credit reports and ultimately open new accounts using the information collected about the victim,
One of the how-to posted on a bulletin board, a hacker, refer to one brute-force attack they used to gain access to the credit report websites. Most of these sites have “challenge” questions like, “Which bank holds the mortgage on your home?” But there’s a critical flaw, the hacker said:
“Normally, all … of them will ask you the same question,” the hacker wrote.
Because the sites use the few choice formats, it’s easy to use the process of elimination and determine the correct answers, he claims.
The hacker explained that it is easy to open several credit report sites and keep trying random answers until one set work.
The instruction is extremely detailed, including supportive tips such as, “Take a shot of screen to recall what answers you gave to the questions. After doing that, click the submit button and see what it says.”
This bulletin board post, purposely cut off to be incomplete by msnbc.com, shows a hacker discussing how he supposedly defeats credit report website security.
Would-be credit report thief needs supplementary information to get credit report access, but that can often be gathered by ordering background checks using the victim’s stolen credit card. Reports stole from Intellius.com and BeenVerified.com, which provide previous addresses and a host of other treasured information, also were found on the site.
The article reported that one victim whose credit report was on the website told msnbc.com that she found an instance of credit card fraud on her accounts around the time the data theft was discovered. She now pays to keep a credit freeze on her credit reports, which is a problem if you want to go and buy something that requires financing. It can take up to 3 days to remove a freeze, and the hackers will find a way around this in time.
“You hear about this kind of event all the time, but you do not once think it will ever happen to you,” said the victim, who requested that her name is being withheld. “And when it happens, you think, ‘Great. Now what do I do?’”
For years, consumers have been instructed to get their Annual credit report from AnnualCreditReport.com at least once each year to see their credit reports. Now the experts tell you to get one credit report per quarter to keep a closer eye on the credit history. Federal law requires the nation’s three largest credit bureaus – Experian, Equifax, and Trans Union – to maintain the site, under the guidance of the Federal Trade Commission.
That’s still good advice – looking at your credit report is the best way to detect identity theft. But the site is both an ally and a foe now. Also, the Federal Government, in all its wisdom, passed a law that a person only has 60 days to dispute an inaccurate debt, whether you know about it or not. If, after the 60 days, you still owe the debt. That is why you need, at a minimum, a credit monitoring service that monitors all three credit bureaus.
The FTC will not comment on the hackers’ use of the site of AnnualCreditReport.com.
In the past, the FTC has sued companies for inadvertently selling credit report data to hackers, however. In 2011, the agency settled with Settlement one Credit Corp., ACRAnet Inc., and Fajilan Associates after those firms unintentionally sold reports to crooks. The firms were ordered to submit to 20 years’ worth of security audits.
These firms prepare reports for car dealerships and other credit grantors. Attacking consumer sites like AnnualCreditReport.com is even bolder,
CreditReport.com is operated by the credit bureau Experian; it also delivers credit reports to the consumers on the site AnnualCreditReport.com.
“Experian is fully aware of schemes such as this to gang access reports illegally, and we have taken measures within our systems to mitigate the issue, “said Experian” We are continually evolving our systems to prevent fraud and criminal activity, but do not comment publicly on the specifics of our fraud prevention methods.” But Experian Still managed to have a data breach that affected millions. Then had people sign up for their Identity Monitoring program. I find this hard to believe because why would you pay someone to protect and monitor your credit information that had the largest data breach in 2015.
Trans Union and Equifax, which also provide credit reports through AnnualCreditReport.com.
Kenneth Lin, CEO of CreditKarma.com, said the firm had received “a handful” of complaints about compromised accounts and worked quickly to shut down access. CreditKarma offers credit score reports and shows no account information or other personal data, so the security risk posed by an imposter getting a victim’s score is minimal, he said.
Solving the problem of credit reports getting stolen over consumer websites is no small task. One irony of the hackers’ ability to easily bust such sites is that many consumers report great frustration getting their credit reports through AnnualCreditReport.com. The challenge questions are sometimes so arcane – such as, “Which bank held your previous auto loan?” — That legitimate consumers can’t answer them effortlessly.
But anyone who does any amount of research can probably figure out what the answers are before you can. In other words, it’s too easy for criminals to get credit reports, but it’s too hard for consumers.
“You currently can’t stop the Hackers scam because the ‘soft inquiry’ of a consumer pulling their report doesn’t record in the majority of credit files.” The reason for this is that a consumer would never have an idea if a criminal pulled a copy of their credit report. “Unfortunately, this allows the bad guys, by impersonating you, to download your credit file and leave no tracks.” If you don’t have the number one Identity Theft product on the market, you will spend hundreds of hours and Dollars fixing everything that gets damaged on your Identity.
There are more forms of Identity Theft here we discuss the Financial Identity Theft, and the other types are Medical, Driver’s License, Synthetic, Insurance, Criminal, Social Security, and Children Identity Theft.
Contact me for more information about our service.