LifeLock Settles Advertising Dispute With FTC, 35 States

By Dave Lieber

Nobody advertises more than LifeLock.com.

You hear their ads on the Rush Limbaugh radio show, done by Rush himself.

You know company founder Todd Davis’ Social Security number (457-55-5462) because he broadcasts it everywhere to show he’s not worried about someone stealing it (even though a Fort Worth man did just that a few years ago here).

But some of that advertising might have gone a little too far, according to legal documents filed in a settlement announced March 9 by Texas Attorney General Greg Abbott and 34 other states.

Under the terms of the agreement, LifeLock Inc. “agreed to more accurately describe its ID theft protection services.” The company also agreed to pay $11 million in restitution to eligible customers.

As part of a joint investigation by the Federal Trade Commission and the states, LifeLock “unlawfully exaggerated its range of services and ability to prevent ID theft.”LifeLock is NOT allowed to state that its products:

- provide “complete protection” against ID theft

- prevent unauthrorized changes to customers’ address information

- constantly monitors activity on its customers’ credit reports

- ensure a customer will always receive a phone call from a creditor before a new account is opened.

Watchdog Bytes contacted LifeLock after the settlement was announced. Spokeswoman Cortney Lanik released this statement from Davis:

“LifeLock is pleased with this agreement, which works to set advertising standards for the entire identity theft protection industry. As FTC Chairman Jon Leibowitz stated … the FTC has ensured that LifeLock has a legitimate business model going forward with honest advertising.  Notably, as part of its just-concluded investigation, the FTC reviewed both the LifeLock service and LifeLock’s current advertising to confirm that LifeLock is in compliance with all applicable legal requirements. We will abide by the terms of this consent decree because we intend to continue to be true to our core mission — to help protect you, your family and your friends from identity theft.

“We welcome federal and state efforts to regulate our industry because, at the end of the day, doing so helps to protect consumers from the risks of identity theft. Because of LifeLock’s marketing efforts, many more Americans now know of the risks of identity theft and the need to take effective action to protect themselves. LifeLock is committed to developing and applying the most advanced technologies available to help protect consumers from the consequences of identity theft. We will continue to work very closely with federal and state regulators on regulatory and best practices to protect individual consumers.

“Nothing changes as a result of this settlement because it was based on activities from over two years ago. We agreed to settle this matter in order to quickly put this behind us so we can get back to doing what we do best – helping to protect our members from identity theft.”

Some of LifeLock’s advertising claims were “unlawfully exaggerated” according to a legal settlement in which the company agrees to pay $11 million in restitution. Hey, if you can’t trust your ID theft protection company to be straight with you, who can you trust?

Dave Lieber, The Watchdog columnist for The Fort Worth Star-Telegram, is the founder of Watchdog Nation. The new 2010 edition of his book, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong, is out. Revised and expanded, the book won two national book awards in 2009 for social change. Twitter @DaveLieber

On Facebook, which last week bragged about its 300^th million user and first-time profitability, you have “Friends.” You don’t have “Enemies.”

Or do you?

WatchdogNation.com wants everyone to learn some new Facebook terms that don’t necessarily show up in the company’s amazing corporate history.

Compromised account.

Account takeover.

Account hijack.

Definition: term used to describe when an unknown scamster gains control of your account, often resulting in a fairly believable plea to your friends for money to rescue you from disaster.

That’s my definition. Feel free to rewrite in the comments.

Let me show you how it works. This research first appeared in the September 20, 2009 Fort Worth Star-Telegram, the best paper in Texas, in the Dave Lieber column.

* * *

While on Facebook recently, Gary Rifkin received an instant message from his friend Karen Cortell Reisman.

“Hey Kar, how’s it going?” he typed back.

“Not too good at the moment,” she answered.

“What’s going on?” he asked.

“I’m in a deep mess as we speak and I need your financial assistance,” she answered.

She explained that she was in London “and we got mugged at gunpoint.”

“Oh my God,” Rifkin said. “Are you okay?”

“Yes. Cash, credit card and phone got stolen. It was a brutal experience.”

“How are you going to get home?” he asked.

“That is the main problem now. I need your financial assistance.”

“How much do you need?” he asked.

“All I need is $1,300.”

“Where should I send it?”

The address was in London.

“Hang in there,” he advised, a transcript of the conversation shows.

Rifkin never sent the money. He knew he wasn’t talking to his friend but someone pretending to be her. He knew his friend was at home in Dallas.

Reisman, meanwhile, started getting frantic phone calls from friends asking, “Are you OK?”

As she told me later, “It was stunning to see how fast this grew over the course of one day.”

She calls the whole experience “the day I got hijacked on Facebook.”

Reisman uses Facebook as part of her speaking and coaching business. But she couldn’t get into her account because her password no longer worked. She tried to call Facebook’s corporate office in Palo Alto, Calif., but she couldn’t find the phone number. (Note: 650-543-4800)

She found the help page on Facebook that led to a contact form that put her in touch with the security team.

When Facebook e-mailed her a new password, she worried that it, too, was a hoax. But it wasn’t. She got her Facebook page back.

None of her friends sent money, but most called to see whether she was OK. “I was so touched by the concern of so many people,” she said.

In Facebook lingo, her account was compromised, company spokesman Simon Axten said.

Reisman has no idea how it happened. In all probability, Axten said, scammers learned her password through phishing.

That’s when a user goes to a fraudulent Web site that looks like the real thing. The person enters his or her login information, and then the crooks have what they need.

I can see how this happens. Sometimes I get an e-mail on an account that Facebook doesn’t know about. The e-mail asks me to look at Facebook photos. But I’d have to log in to Facebook. I ignore it.

The Facebook spokesman says scammers re-create e-mails that look like ones Facebook sends out. They might say that a friend has commented on your link or that you were tagged in a photo.

“We advise people to be careful when they’re clicking on e-mails, and especially links,” Axten said. “And when they do click on a link, check the URL [Web address]. If it’s not www.Facebook.com and it’s something else, most likely it’s a phishing site. Be careful.”

He suggests that when a friend claims to be in trouble, test the friend’s identity by asking key questions (“Where did we have lunch together last week?”).

The number of accounts compromised is very low, Axten said, considering that Facebook has 300 million worldwide.

“But obviously the consequences are pretty severe if someone ends up sending money. That’s a significant loss. As a result, we’re taking it very seriously, as we do any security threats.”

How?

Facebook monitors users who start sending out lots of messages or making “wall” posts. Facebook may block or disable the account until the mystery can be solved, he said.

Passwords should be complex, with a variety of letters and numbers.

Reisman changed all her passwords after her experience – for Facebook and for her bank, e-mail, other social media sites and credit cards.

Previously, she said, “I used the same password for everything because life is short and I can’t remember everything.”

Now she keeps a separate list of passwords.

Facebook isn’t as much fun for her now.

“It’s left a bit of a bad taste in my mouth,” she said. “But Facebook came through, in my opinion, because they really did react to the problem in a fairly quick manner.”

Do you use the same password for multiple accounts? Or simple passwords, easy to figure out, like the name of your dog?

Remember that the best password is a combination of letters, numbers and punctuation marks. Always be careful when entering it into any e-mail that is sent to you.

And please feel free to share your detailed stories about similar problems – along with suggestions about how we can protect ourselves in the comments below.

* * *

Learn more about protecting yourself in the national-award winning book about social change, Dave Lieber’s Watchdog Nation: Bite Back When Businesses and Scammers Do You Wrong. Visit www.WatchdogNation.com.

---

Facebook Protection TIPS

- Be suspicious of friends who ask for money. Test their identity. Ask others who know them to verify any questionable situations that arise.

- If you see something suspicious on a friend’s account, go to the help link on the lower-right corner of a Facebook page and report it to the Help Center.

- Learn about security tips at www.facebook.com/security.

- Choose a strong password and don’t use it for other Web accounts.

- Use an up-to-date Web browser that offers anti-phishing features.

- Run anti-virus software on your computer.

- Reset your Facebook password if you suspect that your account has been compromised.

- Become a fan of Facebook at www.facebook.com/facebook to get the latest security announcements.

Source: Facebook

Like many of you, The Watchdog recently shopped for lower credit card rates. But I ran into an unexpected problem.

I got rejected for a new credit card.

Not because of my credit score. Instead, I was rejected because I hadn’t bought anything on credit since 2003.

Only that’s not true.

As I first reported in the Aug. 7 Fort Worth Star-Telegram,  a credit card company told me to take a hike because I had “insufficient credit history.” The company learned this from Equifax, one of the three major credit bureaus.

When I protested that I have a mortgage, have made regular car payments and pay regularly on other credit accounts, the company told me to take it up with Equifax.

So I ordered my credit report from Equifax and braced myself. As a victim of identity theft in December, I’m not surprised by anything.

Sure enough, the Equifax report showed that I had stopped engaging in any financial activity whatsoever after 2003. Ridiculous.

Mine is what a credit report must look like for someone who dies, goes to prison, or swears off credit forever and now lives under a bridge somewhere.

Whatever the problem, until it was fixed, I couldn’t open a new credit line with any borrower who relies on Equifax for information. (The two other major credit bureaus, TransUnion and Experian, did have accurate information about me.)

I’m not alone.

Consumer groups say credit reports are rife with inaccuracies, and these mistakes are hard to correct.

“When consumers have a problem with credit reporting agencies, good luck getting it fixed,” said Ira Reingold of the National Association of Consumer Advocates.

The reason, according to a report by the National Consumer Law Center: “Workers [for credit bureaus] don’t examine documents, contact consumers by phone or e-mail, or exercise any form of human discretion in resolving disputes.”

The law requires credit bureaus to provide the maximum level of accuracy for consumers, but that doesn’t always happen, Reingold says. Consumers sometimes have to sue the bureaus to clean up their reports.

What is the accuracy rate? Nobody knows. The leader of the trade association for credit bureaus, the Consumer Data Industry Association, told Congress two years ago that the industry has about a 2 percent error rate.

The National Consumer Law Center says the inaccuracy rate could be as high as 25 percent.

Bad information hurts people. Credit reports are widely used to check a consumer’s eligibility for credit, employment, insurance and rental housing. Errors in a consumer’s report can result in a denial of those benefits or higher costs, the Federal Trade Commission says.

A new FTC rule, announced last month, will require companies that provide information to credit bureaus to investigate complaints about incorrect information. The rule goes into effect in July 2010. Until then, credit bureaus are supposed to investigate.

A pilot study conducted by the federal government showed that most consumers who found errors were able to get them fixed, says Rebecca Kuehn, assistant director for the FTC’s Division of Privacy and Identity Protection.

The FTC is going to sponsor another study and, ultimately, make recommendations to Congress about how to ensure greater accuracy, she told me.

Rather than contact Equifax myself, I decided to test the identity theft protection service I had hired after my ID theft problem last year. Debix.com promises to restore your credit in the event of any problems. The Austin-based company charges $9.95 a month and has 400,000 customers.

“We’ve never seen anything like this before,” Debix Vice President Julie Ferguson said of my case. Paul Rendsland, a licensed private investigator with Debix, was assigned to my case. He collected my paperwork and sent it to Equifax. But the problem wasn’t resolved immediately, so Debix stepped it up.

“We have a good relationship with all three credit bureaus,” Ferguson said. “So we called one of the executives at Equifax and asked them to call you.”

Dinah Watson of Equifax’s consumer affairs office called me and said she fixed the problem. When I asked her what happened, she explained that I had used my full middle name on some credit applications and only my middle initial on others. Equifax, she said, split my credit history into multiple files and didn’t provide all of them to the credit card company. She made it sound like it was my fault.

That sounded peculiar. What about my Social Security number? And my address? My date of birth?

“That’s not a good explanation,” Atlanta lawyer Steven H. Koval said when I told him about it. Koval sued Equifax on behalf of a client who spent two years unsuccessfully trying to correct her credit report.

Jennifer Costello, an Equifax spokeswoman, later told me that customers should contact the credit bureau and work to resolve problems. Equifax is sending me a credit report and my credit score as a consolation.

When that report arrives, I’m going to hunt for more errors.

Action plan

Order a free credit report each year from annualcreditreport.com.

When errors are found, request an investigation by the credit bureau in writing – not by phone or online. Send along documentation by certified mail, return receipt requested.

Notify the company that furnished the incorrect information as well.

If unsuccessful, consider hiring a lawyer who specializes in credit report errors. Go to www.naca.net to find them.

Learn your rights by reading the Fair Credit Reporting Act.

On the final day of 2008, I got a phone call, but it wasn’t someone with good wishes for the new year. The call was from a woman at a collection agency. She was stern and to the point: She asked me to repay $279 for a bounced check I had written at a Wal-Mart in Pearland.

Only I have never been to Pearland, and I don’t write checks at Wal-Mart.

My first thought: scam.

I asked for her company name, and she told me. When I asked for her name and her employee ID number, she refused, saying, “You’ll get a letter.” She hung up.

I did an Internet search for the company name — TRS Recovery — and the words Wal-Mart and bounced check.

A slew of comments came up.

One person reported a similar situation: bounced check in a Wal-Mart he never visited, and he doesn’t write checks.

His bank representative, he wrote, looked up TRS on the Internet and discovered that the company “is a fraud!” He complained that letters from the company “looked very real” and worried about people who have been “scammed by this company.” He added that he intended to file a police report against the company and also a complaint with the Federal Trade Commission.

After reading that and similar comments on another Web site, I thought that was all there was to it, and I could return to prepping for our New Year’s Eve celebration.

But a voice in my head asked, “What would The Watchdog do next?”

An unexpected twist

Next I checked the company’s Better Business Bureau report online.

What I found was unexpected and further proof that a lot of people write a lot of nonsense in blog postings. A scam? Hardly.

Turns out TRS Recovery is an affiliate of TeleCheck, which operates an electronic check verification system for retailers.

The BBB report shows 677 complaints against the company. Half are for billing and collection issues. But another statistic is one not found in a scam company. Of those 677 complaints, the number resolved is also 677. A company that cleans up its messes.

The free report listed company officials with phone numbers. I picked the top name on the list and called her – Denise Hossler, director of compliance.

New Year’s Eve. I figured I’d never get anyone. But Hossler picked up her phone.

She offered to help, and no, I didn’t tell her I’m The Watchdog. I wanted to see how she treated customers. I got lucky. This is someone who cares. When I complimented her on the perfect BBB record, she said that was her personal goal for the year.

Hossler looked up my file, and we figured out what happened.

Someone had bought $279 worth of merchandise at a Wal-Mart in Pearland last month using a fake check with my name and address. The check purported to be from a Harlingen credit union.

I was the victim of identity theft.

Happy New Year.

A victim again.

What did Yogi Berra supposedly say? Deja vu all over again.

Thirteen years ago, I tried to pay at a Wal-Mart in North Richland Hills, and the store declined my check. Turns out someone had written a check at a Montgomery Ward store in my name. Later, I learned another check was written at a toy store.

Took two days to clean things up. For two weeks, I wasn’t permitted to write checks. A state trooper told me that my driver’s license number was probably “pulled out of the air” by a con man.

Very few people become the victim of ID theft twice, says Linda Foley of the Identity Theft Resource Center. “You’ve been hit twice.”

Better that than lightning.

According to one study, Americans have a 1 in 37 chance of becoming an ID theft victim.

In Texas, a new legislative study shows that although half of all Texas ID theft victims lose no money, they spend between four and 130 hours fixing problems related to the theft. For those who do lose money, losses average $500.

Texas has laws to protect people in my situation. A debt collection company can’t hold me responsible for a debt I didn’t incur. Lenders can’t penalize me if I apply for loans or credit.

But what concerns me is the ease with which someone can pull this off. Fake checks — called synthesized checks — can be printed on a home computer.

I wondered about Wal-Mart’s procedures for verifying checks. Wal-Mart spokeswoman Ashley Hardie told me that check writers at Wal-Mart stores are randomly checked for additional information such as a driver’s license or a phone number when a cashier is prompted to ask for more information by the TeleCheck system. But this means that not all customers’ checks are verified.

Mike Prusinski, a spokesman for LifeLock, which provides loss protection for consumers, said big retailers that don’t demand more rigorous check verification are a major contributor to identity theft.

“If Wal-Mart and all the other places, instead of doing it randomly, did it all the time,” ID thieves would face tougher obstacles, he said.

Foley, of the ID Theft Resource Center, says, “Thieves know which companies don’t check things carefully and which ones do. They’re not stupid. This is their profession.”

Next, I’ll show you how I’m digging out of this hole.

PART TWO: WHEN IDENTITY THEFT HAPPENS, KNOW HOW TO FIGHT BACK

A few hours before the end of 2008, I found out that I was the victim of identity theft. I got a call from a collection agency seeking payment for a $279 check in my name payable to a Wal-Mart store in Pearland.

Only I didn’t write the check and I’ve never been to Pearland. This is the second time this has happened to me in 13 years.

I didn’t let it ruin my fun. I wasn’t angry or upset. I didn’t panic. I figured that whatever happens, I can deal with it. Then I tried to make as many calls as I could to learn what happened and do what I was supposed to do before the clock struck midnight.

It doesn’t take long to lay the groundwork to protect yourself when something like this happens. I kept a diary of my experience, and I’ll share it so you’ll know what to do if this happens to you.

1. I check out the collection agency – TRS Recovery – on the Internet. I discover that others have received similar calls. Several write that the TRS/Wal-Mart/bounced check story is a scam and that the company is taking money from innocent victims. But that turns out not to be true.

2. At the Better Business Bureau Web site, I learn that TRS is an affiliate of TeleCheck, a large check-processing company. The company has a perfect BBB record. 667 complaints. All of them resolved.

3. The BBB report lists phone numbers for company officials. I call the first one on the list — the director of compliance. Even though it is New Year’s Eve day, Denise Hossler answers her phone. She walks me through the facts, and I learn that this is a case of identity theft.

4. At her urging, I call workers at TRS’ fraud unit to register a dispute. I get a reference number. They tell me to get a Federal Trade Commission ID theft affidavit form from www.ftc.gov, fill it out and fax it to them to wipe the slate clean.

5. After downloading the affidavit from the FTC Web site, I complete it and take it to a notary. Notary public Stephanie Silva hears what has happened and says of ID thieves, “If they spent as much time doing honest work, they’d be millionaires.”

6. I call the FTC ID theft hot line (1-877-438-4338) to register for a national list of victims. I get another reference number.

7. The credit union where the check supposedly originated tells me the account with my name doesn’t exist. Someone used the credit union’s name but printed the check on his or her own. The credit union e-mails me a letter stating that.

8. The FTC affidavit is faxed to the debt collectors, along with the required proof of address (my Fort Worth water bill). But I receive no verification that it arrives. So I call back and ask for the mailing address so I can send it certified, return-receipt requested. They say that’s not necessary. I do it anyway.

9. When I call the Wal-Mart store to report the theft, I’m placed on hold. Eventually, I hang up. Later, Wal-Mart’s media relations department puts me in touch with a Wal-Mart risk-assessment employee, who takes a formal report. (A Wal-Mart spokeswoman says that ID theft victims should report incidents to the store involved.)

10. I call the Brazoria County Sheriff’s Department, which covers that Wal-Mart, to file a complaint, but I’m told to contact my hometown police department. Fort Worth police take my complaint and give me a police report number, which I’m told is the most important reference number of all. I’ll file an open-records request with the city to get a copy of the actual report.

11. I call LifeLock (phone: 1-877-Lifelock), a company that provides me with limited ID theft protection for $10 a month. A representative tells me that if I lose any money, LifeLock will cover it and that if I ever have a problem clearing my credit report, the company will work on that, too.

12. At the Identity Theft Resource Center’s Web site (www.idtheftcenter.org), I read informative articles about ID theft. Then I call the center’s Victim Assistance Center (1-858-693-7935) and talk to an adviser. She reminds me that this is not going to ruin my life, hurt my credit score or take money out of my pocket.

Most people, she says, “are very upset. They don’t know what to do. They’ve never had this situation happen to them. They ask, “How dare anyone do this to me?”

13. I call Linda Foley, a leader at the ID Theft Center, to ask more questions. She recommends that I call the three major credit bureaus and put a fraud alert on my credit to prevent anyone from opening a line in my name. Anyone can get an alert for 90 days before renewing, but as an ID theft victim, I can get it for seven years. She also suggests that I ask the bureaus for a security freeze so no one can access my credit report without my permission. (TransUnion, 800-680-7289; Equifax, 800-525-6285; Experian, 888-397-3742).

Foley predicts that as credit tightens, thieves will turn to check fraud. Unlike a credit card account, which can be closed, a check writer can keep writing fake checks. Every time a fake check pops up somewhere with my name, I’ll have to answer it by sending that FTC affidavit to the merchant as my explanation.

When does this end for the thousands like me who endure this? Probably when stores put in check-processing systems that can show cashiers a photo of the rightful holder of a checking account, Foley says.

No photo match? Then no purchase.

Meanwhile, I’ll keep you posted.