(In the 9th paragraph, corrects first name of fraud investigator to Vicki from Vicky)
By Mitch Lipka
Jan 7 (Reuters) - Carol Stuber was going through her mail and stumbled on a bill that made no sense - $3,300 for goods purchased from Apple using an instant-approved financing plan. “I said, ‘What the heck is this?” she recalls.
Stuber, 70, a longtime tax preparer of Westbury, New York, had not applied for any credit plan or received any merchandise from the company.
The bill was a result of identity theft -- a crime that affects about 8 million to 12 million people every year and cost $18 billion last year, according to federal government statistics and studies by the firm Javelin Strategy & Research.
While data breaches are often blamed for identity theft -- helping fuel a $3.5 billion credit monitoring industry -- it often stems from something much simpler. Selling a used computer or smart phone can lead to all sorts of problems, as Stuber suspects was the cause in her situation.
Since she first realized her identity had been stolen about two years ago, she has seen all sorts of attempts to run up bills in her name and has a pretty good understanding of how the crooks do what they do. Indeed, Stuber, who has been a tax preparer for decades, even found that someone else put in for a tax refund in her name.
In this latest case for Stuber, a thief armed with stolen identity information -- a Social Security number and other identifying details -- used it to apply for “instant credit” financing on Apple.com to help pay for an iPad, Mac or other expensive gadgets. The mean amount of money spent in 2011 on online purchases when a victim’s information was fraudulently obtained was $1,357, Javelin says.
“Apparently, they just apply online for it, and if they know enough answers they get the loan,” Stuber says.
The thief applied for an unsecured line of credit through BarclayCard, which partners with Apple for financing. During the purchasing process an application pops up on the screen when a user clicks on financing options. The system promises a response within 30 seconds and when the answer is “yes,” the process can move along before anyone has had a chance to review the application.
“Meanwhile, the product has shipped before they go through the entire application approval process,” says Vicki Volkert, senior fraud investigator for the credit monitoring and assistance firm Identity Theft 911.
Volkert says most of the unsecured lines of credit issued to identity thieves for Apple purchases that she has seen average $1,500 to $2,000. That’s enough to get a Mac or a few iPads. The thieves in Stuber’s case ran up a larger tab. In the cases Volkert has reviewed, thieves enter the Apple site through a section that offers an educational discount.
The number of identity theft cases involving Apple products has increased significantly since August, according to Identity Theft 911.
BarclayCard US and Apple both declined to comment on why the credit was approved for Stuber’s name, even though she was a known victim of ID theft and had taken the step to place special notices, called fraud flags, on her credit history.
This scam could be used for other products with similar credit offers. “Instant credit often means instant new account identity theft,” says Robert Siciliano, identity theft expert for the Internet security firm McAfee. “Credit is issued in response to basic information like name, Social Security number and address. The retailer often doesn’t check as thoroughly as they should.”
Siciliano says it simply isn’t worth selling a computer second-hand. “I recommend destroying the hard drive with a hammer or drill instead of giving away your identity or selling it for 50 bucks on the second-hand market.”
If you do sell a computer or pass it on to someone else, you should wipe the hard drive and reformat it, as well as using various data-destroying programs.
He also cautions that passing around a thumb drive can inadvertently lead to personal information being pilfered - even when the information has been deleted. It is also difficult to completely clean out Android devices and computers using Windows XP.
In addition, there are some common sense precautions you can take - shredding personal documents before disposing of them, keeping use of your Social Security number to a minimum and protecting personal data on electronic devices. Otherwise, for many, fighting identity theft can be a game of playing defense after the fact.
Experts say that in the case of identity theft, make sure to file a police report and an affidavit with the U.S. Federal Trade Commission. A fraud alert should also be placed with the three major credit reporting agencies (Experian, Equifax and TransUnion). Filing with one agency is supposed to result in a notification being sent to the others. Credit monitoring can then be used to help monitor when someone has tried to access your credit.
The more extreme step is to get a credit freeze, which restricts access to an individual’s credit report, which can stop account fraud cold when crooks apply for credit using your information. Temporarily lifting a credit freeze if you want to apply for a loan or credit card involves a password-protected process -- and often involves a fee. It also might take up to three days.
“It’s a hard process for the victims,” says Volkert, who works with clients to help erase the fraudulent charges.
If you have been a repeat victim, like Stuber, you could take more extreme action, such as changing your Social Security number. But the Social Security Administration warns that comes with significant catches, including having a lifetime of records tied to the old number and essentially going to a blank credit slate. (Follow us @ReutersMoney or here; Editing by Beth Pinsker and Leslie Adler)