Verizon Was The Most Frequent Target For Identity Theft Scams In 2007

Identity theft reports to the Federal Trade Commission show that Verizon was the most frequently named company, averaging over 900 events per month in 2007. According to an updated study by Chris Hoofnagle, senior fellow at the Berkeley Center for Law and Technology, the number of complaints involving Verizon nearly tripled from 2006. Rounding out the top five are AFNI (a collection agency), JP Morgan Chase, AT&T, and Capital One.

We wrote about Hoofnagle’s research in February, when he was analyzing identity theft at banks. Since then, he’s expanded his research to include incidents at all companies.

Although the research is useful, Hoofnagle concedes that it is imperfect: a customer who falls for a phishing scam doesn’t necessarily impart any fault to the company. On the other hand, the amount of phishing-related identity thefts is dwarfed by other types of fraud, such as new accounts created from pre-approved credit solicitations. Hoofnagle asks for increased transparency by businesses, which would provide more useful data and lead to better analysis.

Measuring Identity Theft (Version 2.0)


Edit Your Comment

  1. jdmba says:

    This doesn’t make any sense … on the one hand it says that Verizon customers are more gullible than AT&T customers, but AT&T customers wait in line for 3 days to buy a not-ready-for-prime-time overpriced phone.

  2. @jdmba: Ahh… but there is a flaw in your argument: Not all of the beta-testers were AT&T customers prior to purchasing the “not-ready-for-primetime” product. It could probably be said that many even defected from *GASP* Verizon.

  3. jdmba says:

    @FightOnTrojans: So the iPhone actually kept Verizon’s gullibility rating lower than actually shown, and increased AT&T’s. Brilliant!

  4. A collections agency is ranked #2? So I can I just stop paying my bills and scream identity theft?

  5. Squeegoth says:

    I would be interested to find out how this data was found(admittedly I’m posting before I read the link). I worked for a fraud department in Verizon after Verizon merged with MCI. There were 2 well staffed fraud departments working for Verizon. One full time and one for 16 hours out of the day. I would not be surprised if the inflated numbers are more a matter of vigilance than having an easier time defrauding Verizon. Then again, that could just be me patting my ex-coworkers on the back?

  6. Amy Alkon000 says:

    A couple questions for Squeegoth: Do phone companies and other businesses have your driver’s license on record? What companies would, if any? (Beyond your auto insurer, for example?)

    Is any employee able to access your social security number and other information? What info do they have? Birthdate, stuff like that?

    Your answers would be most helpful, as I’m dealing with identity theft now, despite being very tight with my personal data (consider checks risky instruments, don’t use debit cards, try never to give out personal information or show my driver’s license, etc.).

    Many thanks in advance.

  7. John Gardner says:

    I was one of the 900/month in may. Well, technically it started in december of 2006. What a pain in the ass THAT was.

    and the sad thing was that i WAS A CUSTOMER the whole time. it was really nice of them to look me up in the system before they gave the fake me phone service, or after any of the repeated times they checked my credit, or sent the fake me to collections…

  8. Cliff_Donner says:

    I’m sorry, I’ve read the original post, and read the linked items, and I’m still not getting it. Could someone more informed than me please explain more clearly?

    Are we talking about:

    1) Data on file at various companies being hacked (or accessed by unscrupulous employees) and used to steal people’s identities? (Company’s fault = poor security.)


    2) People falling for “phishing” scams — con artists — totally unrelated to the companies in question — sending out emails asking for personal info, then using the info that people voluntarily send back to them to steal their identities? (Consumer’s fault = use your head!!)

    These are completely different situations, and I can’t tell if the post is talking about one, or the other, or both.

  9. ShabazOSU says:

    Haha, outstanding, I have accounts with 3 of the top 5.

  10. Pro-Pain says:

    Haha, outstanding, I have zero accounts with any of those morons. Go me!

  11. Angryrider says:

    Go me! I’ve not a cell phone by any of these morons!
    Regular Verizon woot!

  12. Metropolis says:

    They should convert the numbers to percentages to give an accurate comparison. Numbers are useless when each company has a different amount of subscribers.

  13. dragonvpm says:

    I have some doubts about the validity of this survey. It seems like they’re just counting events of various flavors without normalizing for the relative size of the companies. So you have no way of knowing if an unusually large percentage of Verizon customers vs AT&T vs BoA are victims of identity theft.

    Given the sizes of most of the companies listed there It would be useful to have some point of reference rather than just the raw numbers of events. If one company has 2x as many complaints but 5x as many customers as it’s nearest rival, it’s not doing so bad (by the same token 2x the complaints and 1/3 the customers and it’s even worse than it looks).

    The author also makes some interesting (read: questionable) assumptions. “A correlation analysis shows a link between measures of institution size and number of events. This could mean that larger institutions are targeted successfully more frequently, or that larger institutions are less effective in preventing identity theft events.”

    It could also just mean that larger companies are targeted much more often than smaller ones and even a relatively low success rate will result in relatively high numbers of successful attacks.

    Eh, it seems like another example of how just because someone throws numbers at you doesn’t tell you that those numbers mean anything or mean what they say it does. Clearly, large companies will be attractive targets for identity theft and clearly some of those attacks will work, but just knowing how many are reported to the FTC doesn’t really give you any useful data.

  14. Squeegoth says:

    @Amy Alkon: Driver’s License on record? I’d be shocked. I never saw anything like that during my time there. Social Security numbers are available with companies that collect them. Often just parts of SSNs are taken, a lot of companies are moving away from taking whole SSNs for exactly that reason. It’s rare for someone to request specifically a driver’s license. The most likely person to have that isn’t any company you’re doing business with but your employER. That information is often collected and stored for I-9 compliance purposes. Worked for any shady people lately?