It all started innocently enough at a child's birthday party.
We were invited to a now ex-friend's house for a kid's birthday party this past April. We were told it would be a small gathering of a few close friends. Usually, when we attend things like this, my wife will leave her purse covered, locked in the car. In this instance, thinking it was a small group, she took her purse in. To our surprise, this was not some small get-together, as we were told, but a big party with numerous parents, kids and jump bouncers in back. Many people we had never met. That's cool, meet some new families with kids around the same age. Almost immediately, the 'host' told my wife that she would put her purse in the home office where it would be 'safe.' At the time, we didn't think anything of it since we had been to this house numerous times and had trusted the family.
The following week, my wife mentioned that she couldn't find a couple credit cards but thought she had misplaced them. 'They gotta be around somewhere.' You know the phrase. After another week of not being able to locate them, she called the card companies and requested replacements. At that point, nothing, as far we knew was amiss.
A couple weeks later, we get a letter from the credit card company (the one we replaced) saying they were not able to change the mailing address of our cards since certain security verification was not provided. This was for the old, just replaced card. Clearly not knowing that we had already cancelled and replaced the card, the thief attempted to change the mailing address for our account. What?!? But couldn't provide a photo ID with the new address or the secret squirrel settings so it was denied. Nice. We asked the card company for details and they could only provide the basics: it happened, verification failed, it stopped. But don't you have caller ID?...Can't you go back and look?....What question failed? Nothing. See, while potential fraud was potentially attempted, it never actually occurred since it was not successful...thus no investigation. I can understand.
We locked and froze and alerted the credit community.
Another couple weeks go by and due to the alerting in place, my wife gets a call asking if she's currently attempting making a purchase of some high end sunglasses online. She wasn't. Add to that, whoever apparently entered the wrong billing address. Denied. This was a different credit card than the address change attempt. We got the CC transaction ID and hoped, maybe, that the online vendor could correlate. What address did they enter?...Can you get any meta information from the transaction logs?...Can I talk to your IT department? As you probably know, CC transaction numbers do not always match the merchant's transaction ID and neither was able to correlate the other's. They did their best providing what they could but nothing to connect the two incidents...even though we had our suspicions.
Change of address request could come from anywhere and purchasing online...well it is the world wide web. There was no way to tentatively finger someone but we did file a police report.
And then last week, my wife gets a call from our local pharmacy informing her that the doctor had denied her cough medicine refill and that she needed to make an appointment with the doctor if she needed the medicine. The only problem was that she hadn't requested a refill. This was for some codeine laced cough syrup that was scripted over a year ago. The caller had her name, doctor and birthday...plus knew exactly what medication to request and which store to request it from. Big mistake. The geographic region of the perpetrator just shrunk from world wide to our area. There was/is only one person who would have all that info - the host of the birthday party. It was her doctor (recommended to my wife) and she went with my wife when the cough medicine was prescribed. I told the pharmacy to just fill something with grape juice and hold whoever tries to pick it up. Yeah, ahh, they don't do that. I guess a sting operation is outside the realms of a pharmacy but sounded good to me. Now we've added an 'attempted' medical ID theft with a controlled substance sidebar. Another police report filed.
While we do not have a video of the individual attempting the crimes, all indications point to one person. Some of you might know that my wife is a retired Federal Investigator. She spent some time hunting fugitives as a US Marshall and protected past #2s while in the Secret Service. So she went down every other possible investigative path. The only one who had access to her purse, who also likes to purchase expensive sunglasses and would know specifically my wife's birthday, our pharmacy, and that particular medication along with who prescribed it? It finally sunk in.
According to ITAC, more than 1.5 million consumers were victims of familiar fraud, which is fraud when victims know the fraudster. Back in 2006, the FTC Identity Theft report noted that 2% of thieves were co-workers of the victim, 6% were relatives or family members and 8% were friends, neighbors or in-home employees. For medical ID theft, Ponemon's 2013 Survey on Medical Identity Theft said a family member took the personal identification or medical credentials without consent 28% of the time. Unfortunately, many of these crimes go unreported due to the perpetrators being friends and family.
Identity theft is on the rise and if I remember correctly, medical ID theft is the fastest growing segment. I'm certainly not suggesting to keep your personal secrets locked from your trusted, long time best friend or a family member. But for us, this experience will make us think twice about divulging certain information to fly by friends.
|Connect with Peter:||Connect with F5:|