Cyber safety and ID Theft Assistant Attorney General Jack Zurlini Washington State Attorney General’s Office
Agenda Consumer Protection & the changing marketplace Up close: spam, spyware, & phishing Safeguarding against ID Theft
Consumer Protection Division Enforces Consumer Protection Act - ensures that the marketplace is free of unfair and deceptive practices Tools: informal mediation, litigation, education Consumer Resource Centers: –4 throughout state –89,000 calls in 2006 –Returned about $5.75 million to consumers
Enforcement Actions $3.5 million total recoveries $2.2 million fees and costs $450,000 restitution to consumers $468,000 cy pres $307,000 civil penalties
Some Traditional CP Issues Unfair or deceptive acts or practices –Car repair, leasing and purchase –Contractors –Foreclosure rescue scams –Cell phone bills –Charities –Predatory lending –Credit cards –Telemarketers –Collections
Consumer Protection Lawsuits TargetSettlement Ford Motor Co. $51.5M L.A. Weight Loss $875,000 Ameriquest $325M Trilegiant $14.5M
The Changing Marketplace Networks are now integral to the marketplace When consumer trust is compromised, Internet commerce is at risk Consumer Protection has adapted to digital deception and unfairness
Old Retailing Fraud, New Media Auctions Credit Cards Pyramids Biz Oppty’s Health Care Products & Services Travel/Vacation Investments
Old Fraud, New Media Foreign lottery Sweepstake scam 419 or Advanced Fee Fraud Wire transfer fraud
New High-Tech Fraud SPAM Spyware Phishing –Smishing –Vishing Pharming Typosquatting
High-Tech Deception or Unfairness Examples of an unfair or deceptive practice: –Using image that, when clicked on, doesn’t “x” out –Obstructing the use of a consumer’s computer with recurrent pop-ups –Negative option billing at the end of a free trial offer
High-Tech Deception or Unfairness Failure to disclose material facts: –A person might not download freeware if they knew there were getting spyware –Misrepresentations, such as making a download box for spyware look like a Microsoft Security Alert –Or failure to uninstall despite representing that the program will be uninstalled
Unconscionable practices: –Use of incessant pop-up billing reminders –For instance, holding consumers hostage with a barrage of pop-ups until they provide payment for a service they never ordered –No meaningful choice of terms, i.e. exceedingly unfair terms such as continued surveillance forever or choice of forum for arbitration High-Tech Deception or Unfairness
SPAM Unsolicited bulk Widely used for committing financial institution fraud, credit card fraud, and identity theft Violation of CAN-SPAM Act and WA law Forward to Common Spam Scams: –Nigerian –Phishing –Work-at-Home –Weight Loss Claims –Foreign Lotteries –Cure-All Products –Check Overpayment –Pay-in-Advance Credit Offer –Debt Relief –Investment Schemes
Spam Example
Spyware Installed without consent, spyware monitors or controls your computer use Violation of Washington’s anti-spyware law Effect: –Pop-up ads –Redirect computer to websites –Monitor Internet surfing –Record keystrokes
Spyware Example
Search tools Spam Adware Net send messages Spyware Example
Insert Video of Secure Computer example here (Henderson)
Phishing Fraudulently obtaining an individual’s personal or financial information Forward to If you believe you’ve been scammed, file a complaint with the FTC
If we do not get a new credit card by the end of the business day, your account will be canceled… Any invalid information will result in a $50 processing fee.
Best Practices For PC Users Technology Practices: Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly Set up your browser and operating system properly, and update them regularly Back up important information
Best Practices For PC Users Personal Behavior Practices: Protect your personal information: It’s valuable Know who you are dealing with Protect your passwords Choose the safest payment method Know who to contact if you have a problem
Best Practices For PC Users Download software only from sites you know and trust. Don’t click on links inside pop-up windows or in spam that claim to offer anti-spyware software or anything else. Don’t reply to or pop-up messages that ask for personal or financial information.
Identity Theft Checklist Call and write to: law enforcement, credit card issuers, banks, creditors, debt collectors, credit reporting agencies. Follow up phone calls in writing. Keep a log.
Checklist, con’t Contact police and file report. Contact FTC and file an affidavit at it/affidavit.pdf it/affidavit.pdf Police report or affidavit entitles you to copies of application and transaction forms of accounts opened in your name.
Checklist, con’t Contact credit reporting agencies: tell them you’re disputing debts and why. Inaccurate or fraudulent information on credit report should be blocked per Fair Credit Reporting Act.
Checklist, con’t Contact creditors’ fraud department to alert them of fraud. Existing accounts: close accounts or get new account numbers. New accounts: contact creditor and get copies of application and transaction documents.
Fraud Alerts and Security Freezes Fraud Alert places statement on credit report for 90 days requiring new creditor to call you before extending credit. Security Freeze blocks potential creditor’s access to credit report. Current law requires victim of id theft or of computerized data security breach.
New Security Freeze Law No need to first be a victim. Free if 65 or over; $10 fee to freeze and $30 to thaw. 15 minute thaw to open accounts. Credit reports still accessible to consumer and existing creditors. Effective September 2008.
Reporting Internet Fraud Washington Attorney General: FTC: www.ftc.gov To forward spam:
Reporting Internet Fraud con’t Identity theft: FBI/Internet Fraud Center: Anti-Phishing Working Group: Local law enforcement, internet service provider, or site operator
Additional Information Free credit reports: or call Security freeze or fraud alert: Do not call list or Opt-out list or
Contact Information Consumer Resource Center – – Jack G. Zurlini, Jr., AAG –