Chapter 3 – How can My Identity Be Stolen Online?
Unfortunately, there are dozens of ways for criminals to steal your identity, and they are coming up with new scams every single day. Although the look of the scam may change, the end result is usually the same — they have received a crucial piece of information. Your first measure of protection is understanding what information can be used against you.
Right off the bat, you probably thought of your social security number. This nine-digit number is the number one thing people want to steal because, with it, they can get a job, apply for credit cards, open bank accounts, borrow money, and even use it to build credit for themselves. All this will be at the expense of your credit history. Stealing a social security number is like hitting the jackpot to identity thieves, but at the same time, it is one of the more difficult pieces of information to steal. People have long been aware of just how harmful having your social security number stolen can be, so everyone tends to protect this number closely.
Of course, there still are a number of concerns surrounding your social security number, so you should not stop protecting it. Just make sure you learn about the many other pieces of sensitive data as well. Usually, one piece of information is not enough to hurt you, but the good news for thieves is that they usually can access two or more pieces of information in a single step. Here is a list of the things you should keep private:
• Bank Account PINs: Your PIN is most commonly used at an ATM to draw cash from your account. A thief can steal your ATM card and, if he or she has your PIN, totally consume your money. However, even without your ATM card, a thief can make use of your PIN. By calling the bank and reporting a lost card, the thief can give your PIN and other pieces of vital information (listed below) to obtain a new card in your name.
• Driver’s License Number: With this information, a thief can apply for a new photo identification card or even a driver’s license in your name, but using his or her own picture. That comes in handy for underage teens or illegal immigrants.
• Your Date of Birth: Alone, it is not a big deal, but paired with other crucial information, like your social security number or your driver’s license number, your date of birth will make it much easier to steal your identity.
• Passwords: Your passwords are crucial and most often the piece of information targeted. Using your passwords, thieves can access just about anything you have stored electronically, including your online bank accounts. Even if all they do is gain access to your e-mail account, it could ruin you financially. Using this access, they can alert other online accounts that they have “lost” their password, and the usual protocol in this case is to send account information to your preferred e-mail address. Using your e-mail address, criminals can also delete any notifications you may receive to alert you of suspicious account activity.
Other information, such as your phone number, address, mother’s maiden name, and credit card number can all contribute to the theft of your identity. Although this information can be found no matter how hard you try to protect it, use some common sense. If someone is going to try to steal your information, do not make it easy.
There are few times when you should give that sort of information out, but it is important to note here that there is one time to do it – when the police or government is involved. Although you should resist giving out personal information, if you are 100 percent sure that the person asking for the information is a police officer or government official, give it out or you could face criminal charges.
Be aware, however, that you have rights to protect yourself. Most people know, for example, that if they see flashing red lights and are on a deserted stretch of road, they are well within their rights to put on their four-ways and drive to the nearest shopping center or other lit area. It is simply protection; you want to make sure that the person pulling you over is really a cop, not a carjacker that bought a flashing police light off of eBay. It is the same when someone “official” asks for your information. You are well within your rights to wait until you are really at the government office (police station, city hall, etc.) to give out that information – as long as you state that respectfully. Make sure that you are only giving your personal information to people who have been given the authority to securely handle it.
Hacking
Computer hacking is one of the ugliest, most mean-spirited white-collar crimes. Hacking sometimes focuses on stealing identities, but other times, it just seeks to destroy people’s computers and information in order to gain notoriety and a reputation in the online world. In other words, some hackers create viruses simply to create problems. Due to that, some people believe that hacking is not really a problem when it comes to identity theft. If that is your mindset, you are one of the people most at risk.
Symantec Corp., one of the world’s largest anti-virus program producers, found that the trends in hacking have begun to move from notoriety crimes to theft crimes; while once only accounting for 20 to 25 percent of all hacking crimes, identity theft is now the main focus of an astounding 75 percent or more of all hackers. As hackers begin to find out how profitable stealing information can be, this trend will only continue. Even the programs just created to cause problems can be a potential threat to your identity. When a virus attacks your computer, it creates all kinds of security problems, making you an easier target for other criminals.
The sad thing about the hacking situation is many hackers are trained to actually help the computer world. Companies employ hackers to help create programs, test the air-tightness of specific concepts, and remedy situations in which passwords and usernames are lost or misused. Hacking in and of itself is valuable, not a crime — it is the use of a skill that creates a threat to the general public. Stopping hackers can be extremely difficult, but your first step in this battle is learning about the many different ways hackers can attack you.
Bots
Anyone who knows anything about computer programming can make a simplified version of a bot. A really good programmer can make really good bots. Even if you are not a programmer at all, you can still use a bot. People have them for sale all the time, and bots are not just annoying. They can be used to steal your identity.
People created bots to do many things. Some of them can search the Internet for e-mail addresses that are on Web sites and are not protected. Some of them will send various spam messages to people. Bots can also get onto forums and sign up on them – where they can access your personal information such as your passwords and other things. All in all, bots were created to be a program that could go online as if it were a real person (or people), and gather as much information as possible.
Bots are dangerous because they search for information at lightening speeds. This can include addresses, phone numbers, e-mail addresses, and even things that you might not think are important – but are – such as birthdays that can be used in identity theft. The bots are worse than a person collecting this information however – because the bots are much smarter than a person and are also able to go to thousands of Web sites, 24 hours a day. These bots can work constantly to gather information, and they never need to stop. They can travel from Web site to Web site constantly gather information. Then, all of the information is sent to whoever owns the bot.
The other reason that bots are so harmful is they are also able to put information together in a much smarter way than a person could. They can look at your IP address and figure out which of the information is yours. They can also gather things that you might consider to be hidden online. Therefore, bots are very, very dangerous.
As you are protecting yourself from bots, the best way to do this is to make sure that you are able to avoid putting any information online whatsoever. Remember that bots can collect any type of information from your online sites – even parts of information that you might think are hidden. Therefore, the best thing that you can do is to protect yourself by making sure that you are able to keep as much of your own personal information off the Internet as you can.
Account Hacking and Backdoors
Backdoors are built into almost every computer program, and while they can be very helpful if you forget your password or otherwise have a problem, they are also often targets for scammers. You do not even have to be a knowledgeable hacker to gain access through a program’s backdoor. You just have to be a smooth talker.
Imagine that you have an account, for example, through your business for an anti-virus program. You use it without trouble for a few months, go on vacation, and then return home and head back to work. In your absence, however, you have completely forgotten your password. There is no built-in way to e-mail the password to yourself, so you call the company, hoping they can help you regain access.
And they probably can. Companies assume that people just like you are going to forget their passwords, so they build in systems to work around that login information. These are called backdoors. While a good backdoor can save you a lot of time, the problem with backdoors is they make any computer program much less secure. Anyone with backdoor access can potentially find a way to steal your identity.
Hacking happens more easily than you may think as well. Basically, hacking is when someone who is not supposed to have access to your account finds a way to get into your account anyway, many times through cracking your code – i.e., figuring out your password. There are a number of ways hackers can figure out your password for any given Web site or login program:
• The Dictionary Attack: Hackers have created programs that run based on dictionary words. These programs attempt to log in using every word in the dictionary. Since most people use a very simple password, this cracks a high percentage of passwords wide open. Hackers do not even have to really work in order to guess your password with this method. They simply set up the program to run and wait a few hours until a positive match is found.
• The Hybrid Attack: Like the dictionary attack, hackers do not have to do much work to figure out your password with a hybrid attack. These programs run the same way, but use numbers and special characters as well. Many people use a simple word, like “computer” and then, to attempt to make it more secure, they add on a number to make their password something like “computer2”. The more sophisticated hybrid programs most hackers use check for number add-ons like this.
There are a number of other ways hackers can get into your account as well. It is important to remember, however, that the label “hacker” is not necessarily a bad thing. Yes, there are good hackers, as weird as that may sound. Although the media often uses the term hacker to purely mean someone who attacks your account or a computer program, “good” hackers are employed by all major software companies in order to find program weaknesses. Hackers help make your information more secure! Here is a run-down of hacker classification:
• White hat hackers: Anyone termed a “white hat” hacker is someone who is working with the company to find security weaknesses, working with the government to catch criminals, and so forth.
• Gray hat hackers: Gray hat hackers are those who fall into gray area. They use their hacking skills for morally and ethically ambiguous matters and often toe the line of legality.
• Blue hat hackers: These hackers are not company employees, but help to test a program before launch. They are like freelance white hat hackers. The work they are doing is usually good, although since they are not responsible to the company in terms of being an employee, the temptation to exploit what they’ve found is much greater.
• Black hat hackers: Black hats are the “bad guys,” although they do not always see themselves as such. It is a black hat hacker that will try to steal your identity using hacking techniques. Of course, some black hat hackers, like some criminals, believe that what they are doing is for the greater good, so not every black hat hacker is trying to steal your identity.
When talking about hackers, you may also hear the term “script kiddie.” This is a hacker who does not have much skill or experience with hacking. Script kiddies usually simply follow directions from more experienced hackers, which you can find on the Internet. They do not know what they are doing or why they are doing it – they just know that the steps work. Many identity thieves are nothing more than script kiddies. They frequent hacker forums and message boards and look for ways they can use the ideas posted to steal identities from others. That is why an excellent password will stop most identity thieves in their tracks – when they hit a bump in the road, they do not have the knowledge to figure out what to do next.
Spyware
A study done by a security firm in 2006 found that 40 percent of all spyware programs are meant to be used for stealing personal data and an additional 30 percent are meant to be used for other illegal purposes. That means 70 percent of all spyware programs are designed for identity crimes. An even scarier stat? Webroot took a survey of over a million computers and found that 88 percent had spyware installed on a personal computer and 87 percent had spyware installed on a business computer.
Spyware is made up of various programs that can get downloaded onto your computer. Often this happens in ways that might not be your fault. You might find that spyware is on your computer and you really have no idea how it got there or where it came from. This is because there are many forms of spyware that come attached to other programs. You might think that you are downloading something that is perfectly innocent – but it might contain a hidden piece of spyware that you weren’t even aware of. When this happens, you will find that you have to deal with these issues.
Spyware works in a variety of ways, and all of these ways might create a situation where your identity is at risk. Spyware is a type of program that you are always going to be having run on your computer. Most of it will be able to run on its own, which means you won’t even have to click on the program to start it. Often, the only way that you will know the spyware is there is to check in your add and delete programs files in order to see it. Some of the spyware might not even show up here, and you might need extra programs in order to even find it.
The reason that spyware is going to be so detrimental to your computer and to your identity is that the purpose of the spyware is to collect information. Sometimes, the spyware is created to show the owners of the spyware where people are going online. This can then be used to form advertising that is more guaranteed to be something that you will follow through with. Most of the spyware on the market started like this – so that advertising could be targeted and allow you to get even more out of it. However, it quickly accelerated. Part of the reason that spyware is now so dangerous is along with collection information about where you are going online, they are also used to collect your personal information. As your personal information is collected by the spyware, it can be stored somewhere that people might have access to that data. This is something that you want to think carefully about, because as you are doing your dealings online you might find that someone has gotten much more than your online history out of it. They might actually be able to see where you have been online and what you have been doing. These cases can be very dangerous to you, because if you are online often, you might find that there are many situations where you end up with your identity stolen.
An example of spyware that might help an identity thief steal your identity is one that records keystrokes. Let’s say, for example, that you download a music file from someone on a Web site message board. However, you were unaware that the file had a little bonus present – a spyware program attached to it. You download and open the music file and immediately the keystroke spyware begins running on your computer as well. The identity thief then sees any key you press. How does that help the identity thief? Well, say he or she sees that you hit the keys w – w – w - . – y – a – h – o – o - . – c – o – m – enter. Then he sees you hit t - . – s – m – i – t – h – 9 – 8 (common keystrokes for a username). He knows you are signing into your e-mail. Whatever keys you hit next are the keys to your password. This can be even more dangerous if the identity thief sees that you have signed into a banking Web site.
This form of spyware is not the only kind you have to worry about. There are many kinds of spyware and all are equally damaging to your computer. In short, beware of spyware. It can ruin your life.
Spam
In 2004, 65 percent of all e-mails sent over the Internet were spam — junk, unsolicited, bulk messages. Many people avoid both spam and phishing because they do not want to fall victims to identity theft. However, spam is more detrimental than you might think. Phishing is easy to fall for, but once a person recognizes it, it is also easy to avoid. Spam can be a bit harder to avoid.
Spam is easier to fall for because a lot of it seems like it might actually be a good idea. This is part of why people fall for it so often – it simply seems like they will be able to get something for nothing, or to buy a great product. Part of the problem with spam is it is everywhere, and also that it is very hard to trace. As the products are offered, your identity can be stolen.
Spam is what comes into your inbox that can promise you all kinds of great products. These might be anything from enhancements for your body, to toys or games, to books or property. Spam makers and sellers can offer you just about anything for sale, and it usually seems like it will be a good deal. It also might seem very legit. There are many people who want to have the products that are being sold, so they’ll pay for it. A more dangerous method of spam is actually offering free items. A person would love to get something for free, so by offering free items, it is easier to get people to agree.
Whether they have convinced someone to buy something, or to get a free item, the identity thief will then ask for information. Of course, if you agree to purchase something, you will have to provide your credit card number to purchase your item. Once you have given it to the identity theft, he or she will be able to use the credit card. There are also other dangers that go along with spam. In order to buy something you will have to provide your card, the other numbers that go on it, your full name, and billing and shipping address. This is almost all of your personal information, and if you provide this to someone who is not actually selling a product, you have given your number to a thief.
There are other ways that identity thieves can get you through spam. Even when they offer you something for free, they will often ask you for your credit card information – often to prove that you are a real person, or to prove where you live – or even so that you might make additional purchases from them. No matter what their reason might be for getting your credit information, you probably will not get that free product, and you might end up owing a lot more in the long run.
Secure sites are the only safe way to purchase things online. Buying things that come into your spam box or even into your inbox can be extremely dangerous for you. Do not be fooled, no matter how great the deal might seem to be.
Phishing and Spoofing
Spoofing is one of the easiest ways to steal someone’s identity. Millions of people have responded to spoofed e-mails and Web sites, meaning that this is an online cash cow for crooks. Sadly, as online banking and having other online accounts gets more and more popular, spoofing gets easier and easier. The problem is most people have no idea this scam is even happening. Spoofing has two main forms: e-mail and Web site.
E-mail Spoofing (Phishing)
If there were a problem with your account, you would expect the financial institution to contact you by phone, e-mail, and snail mail as soon as it is discovered. You would want to take action as quickly as possible, and you would want to make sure that you were as thorough as you could be in stopping the threat. From suspicious activity to password problems to security threats, getting any kind of correspondence that indicates a problem with your account is enough to send anyone into panic mode. In fact, that is exactly what spoofing scammers are counting on to happen.
E-mail spoofing, also called phishing, is one of the fastest growing crimes on the Web. A study done by the Anti-Phishing Working Group found that 5 percent of the 75 to 150 million phishing e-mails sent every day are actually answered. That is a very high rate of return for scammers, making phishing one of the most popular ways to steal your identity online.
Here is the basic concept: First, the scammers collect a list of people with accounts at a particular financial institution. This might be information from a bank, a credit card company, or even an online auction site. Almost any financial account could be at risk. The only thing the thief needs to get started is your name and e-mail address. Depending on the complexity of the scam, the thief can work from there or he or she can spend extra time looking up your birthday, address, or other personal information, most of which can easily be found through public records on the Internet.
The thief may also take the extra step to copy the financial institution’s look and feel. This can be done through links back to the institution’s Web site, use of a masthead, use of legitimate officer names, and so forth. It depends on how much time the scammer is willing to take to be successful. When it is all said and done, the thief will send you an e-mail, saying that there was a problem with your account. The problem varies from scam to scam, and the thief may even relay “personal” information, like your birthday, back to you to “prove” that it is a legitimate e-mail. The e-mail will then ask you to do one or two things — call a number for account verification or reply to the e-mail for account verification. In either case, the scammer will likely ask for your password so that it can be reset to deter the person trying to break into your account. If a thief is really feeling lucky, he or she will also ask for your social security number to verify that you are, in fact, the owner of the account.
It might be days or even weeks until you start seeing the effects of this scam, depending on what information was stolen. There was never any problem with your account; the scammer just wanted you to release personal information.
Remember that your financial accounts are not the only things at risk. Any online account you have is at risk, including ones that you do not think mean anything, like a subscription to an online magazine or a social networking account. Phishers will use every opportunity to find out information about you. Say, for example, the con artist contacted you through MySpace, a popular networking site. You are told that your account is in danger of deletion unless you verify your user name, real name, and password. Your password will then be reset, you are told, and you can pick a security question to prevent this from happening again. Your MySpace account is simply pictures and song lyrics, so even though it is annoying to have another person sign into it and pretend to be you, does it really matter? Absolutely. The criminal is probably banking on the fact that you have other online accounts that you use the same password for or a similar version. Your security question answer (“Who was your favorite teacher in high school?” or “What was your first pet’s name?”) is also probably the security question you use in other places. You are giving the scammer access to other places, unless you are one of the few people who actually use different random passwords with every account. Most people do not, which is how e-mail spoofing thrives.
IP Address Spoofing
You can also be attacked by IP (Internet Protocol) spoofers. This is a much more sophisticated kind of e-mail spoofing attack and can really wreak havoc on you and your personal information. Whenever you send anything over the Internet, which is usually (but not always) done via e-mail, there is a personal IP address attached to it. Let’s take a non–e-mail example: Say you are reading a blog and want to leave a comment for the author about a particular post. When you hit “submit” and post your comment, your IP address is attached to that comment. Your IP address is unique to your computer and allows the person receiving the data (in this case, the comment sent to the blogger on a Web site) to see where the comment is coming from. In the case of blogging, this is important because a person can block harassing users or track statistics from certain areas. You IP address, which is just a series of numbers is also attached to e-mails, downloaded and uploaded information, and just about any interaction on the Internet.
Although it is usually hidden, a scammer with some computer Internet know-how can see that IP address in the header of whatever he or she is sending before it is sent. That way, they can go in and change that information, which from a technical standpoint makes the data look like it is coming from a completely different source altogether. Why would anyone do this?
Well, in most cases, the scammer simply wants to create problems within a system so that legitimate e-mails are deleted along with legitimate e-mails. The network is so overwhelmed with fake e-mails that it has to shut down completely to handle the attack. This can also prevent legitimate people fro accessing sites. Say, for instance, scammer attacks a bank with money requests. Getting hundreds of fake money requests every minute, all from spoofed IP addresses, can make it impossible to sort out the real money requests.
Most of the time, this just causes trouble and delays. The scammer has nothing to gain, in a monetary sense at least. However, IP spoofing can be really dangerous on a network, like you’d find at work. If the hacker can intercept e-mails and change the IP address to reroute everything to his or her own computer, sensitive information can be sent to the wrong person, putting identities at risk. This is one of the main reasons why it is very, very important to use password protection methods when setting up a wireless router in your own home. Otherwise, anyone sitting outside your door can potentially get into your system and cause trouble rerouting e-mails.
Web Site Spoofing
Even more dangerous than phishing (e-mail spoofing attacks) is Web site spoofing. This is a complex skill to acquire, but not hard to pull off once you learn how to do it. As with e-mail spoofing, the level of complexity is determined by the amount of time a criminal puts into planning the attack. While amateurs can set up this kind of scam in about a day (or even less), others may go to great lengths to cover all their bases. When someone wants to scam you to steal your identity, they will spend the time it takes to do it right. After all, the payoff is huge. If they get your credit card number, it could mean thousands in profit. Multiply that dollar amount by hundreds or even thousands, depending on how many people fall for their scam. They are willing to spend a few weeks or even months creating an airtight scheme.
The most amateur way to go about spoofing a Web site is simply to copy its look and feel. Take PayPal, for example. This Web site is commonly used to send and receive money, and if anyone accesses your account, they can transfer all the money in said account to their own bank account or another PayPal account. Using a computer photo editing program or Web site building program, a scammer can take the homepage of PayPal and recreate it exactly but post it at another Web address. This scammer is banking on the fact that you will not notice that a link redirects you to a site other than paypal.com. You will see the sign in box, but instead of signing in, the site will simply record your e-mail and send it to the thief’s e-mail address. You will see a screen pop up that says you have entered the password incorrectly, and you will be redirected to the real PayPal site to try again. This time it will work, and you will probably never think twice about the first error — after all, we all make typos now and again. In a few hours, your PayPal account will be looted.
Of course, the best thing about this scam for you is the thieves do not invest much time or money into it, so you should be able to notice the weird Web address. In any case, someone will notice (usually relatively quickly) and notify PayPal. In a matter of a few days or even hours, the fraudulent site will be shut down, hopefully catching the criminal before he or she disappears, although you cannot rely on that. In any case, the less thought out, the better.
It is not always easy, unfortunately. Any seasoned identity thief will realize that it is worth the extra time to think the plan through instead of getting shut down and facing criminal charges in a matter of hours after only stealing a few passwords. Instead, they use an even trickier spoofing technique. They start the same way — by creating a Web site with the same look and feel of the original. However, instead of buying a random domain name and hoping that you do not notice, they will go that extra mile and buy an international domain name (IDN). IDNs are causing a lot of trouble around the world.
If you are not interested in the domain name buying and selling industry, IDNs can be a hard concept to understand, so do not be alarmed if it takes some time to wrap your head around the idea. Let us start simply by talking about languages. In every language, you will have a slightly different alphabet. Think about French, for example, from which we get the word résumé. Because this word is so integral to the English language, we often write it “resume” without the special characters, but the “é” in résumé is not the same as the “e” in any other word in this sentence. It has to do with an alphabet that is different from English. Even though a Web site’s standard is to be written in English, this is not always the case.
In fact, when you go to different countries, there are different keyboards. These help to accommodate all the other letters that we do not have. Cyrillic, a language of the Middle East, is one of the biggest culprits in IDNs because they have quite a number of “special” letters. However, like with resume and résumé, when you handwrite the letters, they are often very similar. Typing them on an English keyboard then becomes a problem. The website resume.com is not the same as the Web site résumé.com — although both Webmasters might advertise it as resume.com. I know — it is difficult to follow. That is what makes this scam so great — most people do not understand it.
Resume.com might not be a huge threat, but think about our PayPal example before. In other languages, the letter “â” is used. Imagine, then, what happens if someone registers the domain name pâypal.com or even goes a step further and replaces both “a”’s with the wrong letter. They own paypal.com, but not the paypal.com that you think you will see when you use the site. This causes a lot of confusion. In the past, PayPal actually was the victim of such a spoofing attack, and thousands of users’ passwords were stolen.
An easier way to spoof Web sites is to use English letters that look similar. Pretend for a moment that you have an account with 1stCreditBank.com. What happens if someone buys that same domain name with a lower-case “L” as the first character instead of a number one? Side by side, 1 and l look exactly the same. Zeros, capital I’s, and a number of other English keyboard characters also look alike. The font matters, too. In one font, two characters may look completely different, but in another font, they may be very similar. Identity thieves will play with fonts until they find one that works well for their scheme. It is your responsibility to play with fonts until you catch them. It is fairly easy to dupe a victim if you try, and the only way to notice that the site you are clicking is not a fake site is to be observant. IDNs will translate different once you have clicked on the link, for example. You can easily recognize an IDN by the first two characters — xn.
Once you are at the site, the process is the same. You will be asked to sign-in, and the login will redirect you to the real site while simultaneously sending an e-mail with your information to the site’s owner.
Some criminals even use their spoofed Web sites in conjunction with a phishing e-mail. They may send you a short note saying that your account may have been compromised and that you should log in to review your transaction history. The e-mail will include a handy link to the site where you have the account. This link will take you to the fake site. So, the crimes continue to multiply, and as soon as one scammer is caught, ten more pop out of the woodwork.
Common Scams
Within each of the scamming categories, there are dozens of specific scams that people use to steal identities. In this section, some of the most common scams are listed. However, keep in mind that identity thieves will always come up with new stories. It is kind of like a child giving a teacher excuses as to why he or she did not do any homework. That old “the dog ate it” will not work anymore, so children are becoming more resourceful. Some of the same excuses prevail – “I forgot my books” or “I didn’t understand how to do it” – but new excuses evolve with time. Today’s children might say, “My computer crashed,” for example. By this time next year, there will be even more excuses made popular by lazy tykes everywhere.
Teachers are smart, and you should be smart about identity theft. New scams will pop up every day, so stay in tune with popular trends. These old, classic types of scams listed here will still circulate from time to time, but do not look at this list at all as exhaustive. The more information you have about popular scams, the better you can avoid them.
Mortgage Scams
In the United States, mortgage fraud rose almost 400 percent from 2002 to 2005. Some of the hotspots for this fraud include Georgia, South Carolina, Florida, Michigan, Illinois, Missouri, California, Nevada, Utah, and Colorado.
The most common type of mortgage scam occurs not online, but rather in face-to-face interactions with dishonest lenders. The contract that you sign is different than what you have been led to expect. Lenders can pull this off in a number of ways:
• The lender may talk about one thing but the contract may say another. They get away with this because few people read the contract all of the way through, worrying that they are taking too much time to do so or somehow offending the lender because they are showing that they do not “trust” that the contract is fair. If caught, the lender may act surprised, like it is a mistake, and will quickly fix the contract. However, if you sign the contract and it is not what you were led to believe, you are, in many times, simply out of luck. There is no way to prove that a certain conversation happened. The contract is supposed to reflect the verbal conversation.
• The lender may leave things blank where they can be filled in. Is there a certain number filled in for the interest rate, for example? If not, after you sign it, the lender can fill in whatever number he or she wants to fill in, which may be much higher than you actually verbally agreed.
• After you read the mortgage agreement, but before you sign it, the lender replaces it with a fresh version for some reason. Maybe you spotted a typo. Maybe he or she spilled coffee on it. Whatever the problem, if the agreement is out of your sight any time after you read it, read it again before you sign it. Some of the information may have been magically changed.
• The wording could be purposely confusing. If you do not understand something on your contract, you are likely to pass it by, trying to look like you understand everything. Many people get pulled into balloon schemes in this process. A balloon loan is when you have very low payments and a very low interest rate for the first year or two, and then suddenly the entire loan comes due. If you cannot repay it in full, you are forced to refinance, often for very high fees and a very high interest rate.
You can also be scammed when taking out a mortgage if you use a lender that is not really a lender. This person will simply take your personal information in order to “check your credit history.” However, in reality, you will never be approved – there is no money. He or she is not really a lender – that company is just a front used to steal your personal information. Never give away your information to a lender unless you first check to be sure that he or she is legitimate.
This is especially common online, where new lenders seem to pop up every day. Remember, these so-called lenders can say whatever they want to on their sites, including making up fake testimonials. Before you trust anyone with your information, make sure that you do a thorough investigation. Check with the Better Business Bureau, call phone numbers to make sure that they are legitimate, and further take measures to ensure that the lender really is a lender, not someone simply collecting personal information.
Auction Scams
Auction scams are all too common. Studies show that 40 percent of all auction buyers have had problems with their transactions. Considering some 35 million Americans have participated in online auctions that means 14 million people have had problems, accounting for 75 percent of all complaints with the Internet Crime Complaint Center.
The scary thing about online auctions is the unknown. On most sites, it is very easy to sign up for an account, and you can use a fake name and address if you want. If there is a problem, it is your word against the seller’s word. It is hard to prove that the transaction did not go as planned. Unless you use a reputable escrow service, you will probably have to resort to leaving a bad rating and counting your losses. There is not much else you can do to ensure that the fraudulent seller is brought to justice.
There are a number of ways in which you can be scammed on online auction sites:
• You might never receive the item after paying for it. It is always “in the mail.”
• The item might be broken or drastically different than what you thought you were buying. Be careful to read the description, however, since many items are sold in non-working condition or come with disclaimers that the actual item may be a bit different from the pictured item.
• Your credit card number could be stolen, leading to complete identity theft.
• The escrow service the seller wants to use could be fake, meaning that you have lost the money and sensitive information.
• Someone could hack into your account and use it to bid on items or sign up as a seller and scam other people. They also can often find sensitive information, like your e-mail address and password, in your account.
The problem with online auction scams is they are extremely hard to fight. If you get scammed in an online auction and try to seek legal action, nine times out of ten, you will be throwing good money after bad money. That does not mean that you should not try to bring the bad guys to justice. You should! Just be aware going into an auction that nine out of ten people are too trusting and do not ask for contact information, escrow services, or contracts. Protect yourself, especially if the auction item is fairly expensive.
The main threat here is actually not the loss of your money, but the loss of your identity. While paying for an item that you never receive can be a blow to your budget, paying for an item and then having your credit card number stolen is much, much worse. On top of that, if you entered other personal information, like your social security or driver’s license number as “confirmation” (like many escrow services ask that you do), the thief who started that fake escrow service now has enough information to get a job in your name, open credit card accounts, take out loans at the bank, and even use your identity to run from the law. It is a scary situation.
Online Dating Scams
There are multiple varieties of online dating scams, and these are often the most tragic of all online scams. With online dating scams, it is not just your identity that is attack; it is also your heart on the line. Online dating is becoming more and more popular every day, and so online dating scams are on the rise. No one is suggesting that you avoid online dating altogether, as many people really are finding true, legitimate love online. Protection is the key.
Online dating scams started long before eHarmony and Match ever existed. Mail order brides and the companies that represented them were the first of the online dating scammers, and actually, mail order brides existed even before the Internet. Usually “selling” brides from Eastern Europe or Asia, mail order bride companies try to steal your identity in two main ways.
First, there may not even be any brides, and the company itself could be scamming you. Beware of any mail order bride company that contacts you via e-mail. A legitimate company will advertise, but allow you to come to them. Keep in mind, however, that any mail order company might scam you. Sometimes, there are not brides at all. With this type of scam, the company may show you pictures or even send you fake letters and e-mails from potential brides. This may go on for weeks or months, but once you choose a bride to sponsor and send in the payment for a visa (or whatever they say they need the money for) the company – and your bride – will disappear. It is especially easy to spot these companies in some cases because they use a PO Box mailing address and are not registered with their state. They also often will not know how to answer your immigration questions, which a legitimate company should be able to do. Do some digging by asking questions, and if they are avoided or answered incorrectly, you know there is a problem.
Sometimes, the company is legitimate, and it is the girl who is scamming you. Yes, mail order bride companies do legitimately exist, and although many people have moral issues with this kind of business, they really can help bachelors find brides in some cases. Just make sure that your bride really wants to be with you. Many of these girls simply want to get to the United States and will lie to find a meal ticket and sponsor. So how can you tell?
Unfortunately, you often cannot tell the difference. Communication online does not make it easy to catch a liar, and even telephone conversations may not alert you to the fact that the girl does not really care about you. Face to face meetings are crucial, but even before that, keep your guard raised. Do not fall in love too quickly with anyone who has so much to gain from loving you. That advice stands true not just with mail order brides. This is the shadowy side of people dating online – are they trying to use you and possibly attempting to steal your identity?
Do not fall into the trap that this online dating scam cannot happen to you because it can. It happens to smart people every day. Emotions have a funny way of affecting your judgment, making it easy for scammers to take advantage of you. In fact, this is exactly what scammers are hoping will happen. The lies one person tells will differ greatly from the lies another person will tell, simply because it only depends on the scammer’s creativity.
Basically, the scammer wants you to fall in love. After all, you will do anything for the person you love, right? That includes sending money, having physical relationships, buying gifts, and giving up personal information. These scammers want you to trust them so much that, even after you feel like you have been scammed, you do not believe it’s possible. Many victims never alert the police because they do not comprehend what happened or they are too embarrassed to admit that they fell in love with someone who scammed them. If no one goes to the police, the scammer can simply start over again with little worry, which is the main draw of this kind of sweetheart scam. Online dating scams take a lot more time than many of the other scams on this list, but the payout is great. Plus, although this sounds horrible, dating scams are more “fun.” Would you rather try cracking passwords all day or talk online to someone falling in love with you?
Online dating scams start with an initial meeting. Mail order brides are just the beginning. You will also find scammers in chat rooms, on instant messenger programs like Yahoo! Messenger or AIM, on forum message boards, on social networking sites like Facebook or MySpace, and even on the one site where you should be safe – the online dating site. Online dating sites are made to help you find love, so of course, users want to believe that everyone on the site is there for the same reason. Unfortunately, these sites are playgrounds for scammers. That is not to say that you cannot find a legitimate relationship online, because you can. However, you have to be very, very careful. Online dating is risky and your identity could be quickly put in harm’s way.
After the initial contact, you will probably find that most scammers will push the relationship forward fairly quickly. They will say that they feel a connection and may even say that they love you rather quickly. Of course, this might happen in a real relationship as well, so it cannot be the deciding factor as to whether or not the man or woman is a scammer, but it is a good indication.
On top of quickly “falling for you,” a warning signal of a possible online dating scam is the unavailability of information. The scammer will be much more interested in your life than willing to talk about him- or herself. Scammers often do not lead the life they say they lead because they want to be hard to catch. For example, a scammer will typically lie about his or her job, family, education, and so forth. The key to noticing the scam is to look for inconsistencies in the stories. Most scammers use a single story as they move from victim to victim, but the story does have to change slightly. Otherwise, the community online would rally to catch the scammer. Typically, small changes in the story make the scammer’s victims less likely to meet up with one another. The scammer may also change his or her story to better draw you in. For example, if you share that you have recently lost a parent, he or she may talk about the death of a loved one to find that heart-wrenching connection.
Playing games in a relationship, on or offline, is never a good idea. That said, you should attempt to look for inconsistencies in an online friend’s story. If the scammer feels like things are beginning to fall apart, he or she will leave or start to ask for money and/or information from you, and believe me: an online dating scammer will have no mercy. It is important to remember that anyone who can say “I love you” online before meeting or even talking to you in person, face to face, probably does not mean it. If you feel that strongly, set up a safe in-person meeting to truly explore your feelings with the other person.
However, many people do “fall in love” online, and when that happens, the scammer will begin to look for opportunities to steal your identity. He or she may ask for money, plane tickets to come see you, help co-signing for a car, and so forth. There will always be good reasoning behind why the scammer needs you to help. Deaths in the family are common, for example. And who would not help someone they love with a few hundred dollars to pay for a funeral?
Scarier than losing money, though, is losing your identity. There is absolutely no reason that an online relationship partner should need your social security number, credit card number, driver’s license number, or other personal information. None. Often, at this point, he or she will pull the “But if you loved me…” card if you seem at all hesitant. In reality, a person who loves you will not ask for these things in the first place.
Know the law, especially if your online sweetheart resides in another country. Certain documents and personal information may actually be needed to allow immigration, but there is no need for you to give out that information to your partner. Instead, work only with government officials. Do not be afraid to do a little snooping, finding out as much as you can about anyone you meet online before you attempt any kind of relationship.
There is one other main way you can be the victim of an online dating scam. If someone steals your password, he or she can pretend to be you in order to get a date. This is most common if you have a desirable profile with lots of great pictures. Sometimes, jealous family members or ex-girlfriends or boyfriends also try to log in to pretend to be you. Identity theft does not always mean that the other person is trying to steal your money. Someone who uses your identity for online dating is doing other kinds of damage. It is still a serious matter.
Pharmaceutical Scams
Millions of drug scam e-mails go out every day, and a study in 2004 actually found that pharmaceuticals were the most common topic of e-mail scams on the Internet — they even overtook porn as a scam leader. Pharmaceutical scams are popular, but they are also hard to stop simply because every country has different laws regarding what kinds of drugs can and cannot be sold online. Proving that a real crime is happening is harder than just shutting down a Web site. Most sites cannot be shut down purely for selling drugs. The way to nail these scammers is to prove that they are selling drugs that are not what they say they are or to prove that they are using the pharmaceutical shop as a storefront for an identity theft scheme. Those two things can be hard to prove.
It may seem easy – simply have an undercover agent attempt to purchase drugs and then see what happens. The problem lies in the fact that these companies are here one day and gone the next. They use private registration to purchase a Web site or, worse, use the credit card information of someone they have scammed to buy a domain name. They use dishonest means to find your e-mail address and then send out spam e-mail as fast as possible. Even if only 1 percent of all people who receive e-mails reply, that is still a pretty fair number considering that they send out millions of e-mails.
But what is the harm? We can just delete the e-mails and move on, right? An Internet-savvy person will do just that, but for some people who are not as experienced, pharmaceutical Web sites seem like a fairly easy way to purchase the drugs they need for a cheaper price. After all, prescriptions and doctor’s appointments can be expensive. Pharmaceutical sites capitalize on the fact that not everyone in the United States has health insurance. In fact, a good percentage of people do not. These same people are less likely to be educated about identity theft online. Therefore, they log on and attempt to order drugs online. Sometimes they get them; sometimes the pills are perpetually in the mail.
There are three main ways a pharmacy scam can run. Note that not all online drug sites are trying to scam you. A few are legitimate, but you should always proceed with caution, as a good majority is not valid. They all have one thing in common, however. They want your money.
First, an online drug site could actually be selling the drugs they advertise. Note that this is rare unless the site really is legitimate. However, it does happen. Someone has access to prescription drugs, so they sell them online for a cheap price. They do not want a doctor’s official prescription; they just want your money. Consider this kind of site illegal, although it does depend on where you live. In any case, ordering here is a crapshoot. It is like buying something at an online auction. You cannot be sure as to how trustworthy the seller is, so he or she may take of your payment and “forget” to mail out what you have ordered.
The second and third types of online drugstore are a bit more complicated and you have a lot more at risk. They will not, however, look any different than the one that really will send out your prescription, which is why this process can be so confusing. The second type is scamming you for your money, but not in a way that you will realize in a long time. They are not sending you the real thing. Their pills are filled with “filler” substances that make the prescription useless. You might as well be eating candy instead. In some cases, the pills are composed of the correct ingredients, but in the wrong ratios. They may be stronger or weaker than the real version of the pill or they may cause strange side effects. In any case, this is not only unhealthy, but could be downright dangerous. You never know what is going to be in your prescription drugs if you do not get them from a reputable source, like your local neighborhood pharmacy with a doctor’s prescription.
The third major way in which online drug companies can scam you is by actually stealing your information. They may say that they need your social security number for confirmation, or they may take your credit card information and use it to ring up fraudulent charges. They want to gather as much information about you as possible because the more information a thief has, the more money he or she can make from you. Identity thieves want to make as much money as possible, so they will push you to share all kinds of personal information. Since so many people want or need pharmaceutical services, it is easy to scam those unaware that this practice is so common.
As soon as the online pharmacy scammer has all the information that he or she needs from you (or that he or she suspects you will give up), the company will suddenly disappear. You may find that the Better Business Bureau can help you, but more often than not, you can simply submit your case to the FBI for them to add to their long list of online scammers that need to be stopped. By the time your case hits the top of the list, there will be little trace left of the people who scammed you. If they are from another country, which is the case most of the time, it becomes even harder to bring these people to justice. It does not matter anyway because the scammers have already probably scammed dozens of other people just like you.
Advanced Fee Scams
These types of scams are to hard to miss if you have an e-mail account, although you may not call them by the name “advanced fee scams.” What we are really talking about here is more commonly called the Nigerian scam. You may have to wonder who would ever agree to what the e-mail asks a person to do, but sadly, people around the world lose millions to the Nigerian scam every single year.
The basis of this scam, which does not have to come from Nigeria (but which usually does) is that the sender, for some reason or another, cannot get to his money. Sometimes this has to do with an inheritance. Other times it is about a large client check he wants to cash. Whatever the case, there is a business problem, and he cannot get to money that is rightfully his, and that is where you come in. The laws in America are much more lenient. Will you please cash this check and wire the money? Of course, you can take a large commission. It is his way of saying thank you for your kindness. This might be a promise of just a few thousand dollars or could be a promise of a few million.
If you agree, there will be problems with your transaction. Something will come up and you will be asked to front money for a payment they need to make. The reasoning behind this varies, but they will always ask you for money. They will usually start off with a low amount and then, later, ask you for larger amounts. They will not stop asking for money until you are out of it. Consumers get sucked in because they are always ensured that, for just a few thousand more dollars, they will get their huge reward. There is no un-cashable check or inheritance. It is just a scam, and as soon as you are out of money, they will disappear. These thieves will go to great lengths to continue assuring you that you will be paid, including sending you multiple e-mails every day and even calling you to talk about the deal over the phone.
Every once in awhile, you will actually receive a check you can cash. This is most common with smaller scams for under $100,000. However, this version of the Nigerian scam is not any less destructive. You will be asked to cash the check and then wire transfer the money (minus the fee) to the recipient. You will be asked to do this as quickly as possible to “prove you are trustworthy.” In a day or two, you will find out that the check was bad. They send you forged or washed checks, which you are then responsible for repaying. In other words, the money you sent via wire transfer is lost and you, as the casher of the check, are responsible for refunding the money to your bank. By that time, the culprit will be long gone.
Although you may receive an advanced fee scam e-mail from anyone, the majority still do come from Africa, with most coming from Nigeria. Every day, the United States Secret Service receives 400 to 600 complaints via phone and mail regarding these advanced fee scams. This problem is not going to disappear any time soon.
While all this is alarming, it does not really affect your identity — or does it? Some advanced forms of this scam are now being pulled in order to steal valuable information from you, whether it is your credit card number or bank account PIN. Some use this information to falsify immigration documents, open new accounts, or drain your money, while others take an even easier route — they sell your information for a quick dollar. Thousands of people are scammed this way every year, so be wary of suspicious e-mails. You should never have to spend money to make money.
There are some common traits of advanced fee scams that you should know. Spotting these things can help determine whether or not an e-mail is a scam:
• The e-mail will probably be marked as urgent or confidential. Commonly, this is in all caps in the subject of the e-mail, as they are trying to catch your attention right off the bat.
• The e-mail will never be addressed directly to you. Anyone legitimately asking for money should know your name. Be wary about any e-mail addressed to “CEO” or “sir.”
• The dollar amounts will be written out for emphasis. If an e-mail asks you to help with retrieval of THREE MILLION DOLLARS, you are most likely being scammed.
• The e-mail will come from one of the following people: someone at the Bank of Nigeria, a relative of someone deceased who has left a lot of money, a barrister or doctor, someone with a government title, a religious figure, or a member of the royal family. Of course, these people are not really who they say they are, but these are the personas most commonly used.
• The scammer will give you specific instructions on what to do next. You will need to provide lots of personal information to prove that you can be trusted with this duty. Sending this personal information is the main way your identity can be stolen in the Nigerian scam.
• In most cases, the e-mail will be sent out as a bulk e-mail to hundreds of people. Therefore, they might be filtered out into your bulk mailbox.
Do not get duped into this scam. No matter how much information they send to you, they are never going to send you the big bucks. Never. They will go to great lengths to convince you they are legitimate, including sending you papers documenting their “true” identity. These papers are all fake. Unfortunately, the Nigerian government is not cracking down on these scams as hard as they should, and many people have actually been detained in foreign countries and killed trying to chase their money. High-level government officials sometimes take part in these scams, and the result is not pretty. Stay away at all costs.
Just for fun, let us look at one of the scam “advanced fee” letters that recently came to my mailbox. I get dozens of these every day, as do most people with an e-mail address. Can you spot what makes it stand out as a scam?
Scam Example
Attn: Winner,
We are pleased to inform you of the release of the long awaited results of the EU-JAPAN EMAIL LOTTO [SWEEPSTAKES] PROMOTIONS lottery programmes draws held recently. You were entered unaware as an independent participants with Ticket Number: 719-226-1319 with Serial Number-902-66.Your email address attached to Lucky Draw number: 5, 12, 30, 11, 17, 43 with bonus number 25 which consequently won the ABM INTERNATIONAL LOTTERY PROMOTIONS INC organised Email lottery for and on behalf of EU-Japan Email Lotto Programmes event in the 3rd category.
You have been approved for a payment of the sum €1,500,000 (One Million, Five Hundred Thousand Euros) in cash credited to file. Reference number: EU/JP/BCC 00078653.This is from a total cash prize of €15,000,000.00 {Fifteen Million Euros} shared among the ten International winners in the 3rd categories. All participants were randomly selected through a computer ballot system drawn from 25,000 names of email users around the world, as part of their yearly international promotion program, this programme is sponsored by the conglomeration of multi-national Companies in Europe and Japan in collaboration with Computer Hardware and Software manufacturers worldwide.
Due to mix up of some names and addresses, we urge you to keep this Winning personal and discreet until your claims have been processed and your funds remitted to you, this is part of our security measures to avoid double claiming or unwarranted abuse of the system by other participants or impersonators. Your lucky Draw number fell under our European coupon booklet, thus your winning prize sum is now deposited in a special.
Account with the OFFICIAL approved European Bank based in Holland-Netherlands-Bank-POST BANK NL. To begin your claim, DO NOT contact us, instead contact the approved paying bank as they will guide you step by step until your winning prize is paid to you.
Dr. M. Richards.
Processing Department
Post Bank NL
Antwoornumer 1802, 1055AM Amsterdam-Netherlands.
Also give him the following information:
YOUR FULL NAME:
CONTACT STREET ADDRESS:
TELEPHONE NUMBERS OFFICE/MOBILE:
FAX NUMBER:
OCCUPATION:
YOUR AGE:
YOUR NATIONALITY {COUNTRY OF ORIGIN}:
Remember, your winning must be claimed as quickly as possible. Failure to claim your winning prize will obviously mean that your winning prize will be re-staked in our next lottery draws, so ensure that the needful is done now and quickly too. Once again, accept our profound and sincere congratulations on your winning.
So, what are you clues that this is fake? First and foremost, the broken and hard-to-read English should tip you off. Then, the e-mail hit all the marks noted as indications that it is fake, starting with the urgent and confidential undertones. The e-mail never addresses you personally, even though you are supposedly the big winner. They reveal the amount for emphasis and give you direct instructions as to what to do next. Spotting these scammer e-mails may not seem hard to you now that you know what you are looking for, but unfortunately, hundreds of people every day are sucked in by the promise of big money. Sometimes it is from a lottery, like this letter. Other times it is an inheritance. Still other times, it is a business deal — they just want your help in cashing a check. Whatever the case, e-mails like this are bad news. Do not reply or get pulled into their plan.
Charity Scams
In my opinion, charity scams are the worst kind. Scam artists are using your “good deeds” to make a profit and, since you are less likely to donate money twice, are effectively stealing from the legitimate charities that really do need the money. Unfortunately, charity scams are also some of the hardest to bring to justice. After all, you willingly gave up money to these people, expecting nothing in return.
Whenever there is a disaster, charity scams begin to pop up on the Internet. Sometimes, letters will arrive to your e-mail (spam). Other times, scammers will buy Internet domain names that seem to be related to the charity to fool you into believing there is an associate (spoofing). Still other times, scammers will e-mail you with a fake confirmation letter for your donation, asking you to verify your credit card number (phishing). No matter what their method, it adds up to you losing at least the amount you originally donated. That is the best-case scenario. Chances are they have stolen your credit card information as well and will make off with a lot more than your donation.
It is sad to have to look out for fake charities, but as a point in case, after Hurricane Katrina, scammers everywhere began buying domain names with the word “Katrina” in them. The same thing happened after the tsunami, and before that, the same thing happened after 9/11.
Here is what a common e-mail from a charity scammer will look like. This could be sent directly to you or posted as a message on a Web site.
Dear Concerned Citizen,
In light of the HORRIBLE tragedies that have befallen our country, we are collecting money to help the innocent victims recover their lives. Your donation can really make a difference!!!
Notice how this reads more like a sales letter than a request for donations. It is not addressed to you specifically, and the multiple exclamation points should be an indication of a scam. If you want to donate, try working with a company you know is trustworthy, like the Red Cross or a local church. If you have not heard of them, stay away.
Remember, charity scams sometimes take another form. The charity might be legitimate, but that does not mean that the person in charge is honest. Every day, people are stealing money from their employers. Unfortunately, this dishonesty is hard for us to catch. In fact, it is impossible for the average consumer to know which charity presidents, board members, and presidents are honest and which are looking for information to steal. The best we can do is attempt to prevent it and continuously check to ensure that our credit history is not showing anything strange.
A Few Offline Methods of Identity Theft
While this guide primarily helps you prevent identity theft online, it is important to remember that identity theft is commonly stolen in the real world as well. We may be a society in which having a computer is the norm, but thieves are not going to give up on tried-and-trued methods of identity theft that have been working for decades. In fact, online identity theft is just a very small part of the problem.
Identity theft is complex. Think of your identity as a puzzle. The completed puzzle will be a picture of you, with each tiny piece representing a sliver of information. The more pieces of the puzzle an identity thief can find, the more you are worth to him or her. The end user in an identity theft does not want to have to do a lot of work. It is going to be enough work covering his tracks when he has depleted you as a resource. So, to make more money, identity collectors try to find more and more information. While your name and driver’s license number may only go for $5 or so, a file complete with your social security number, home address, health insurance information, credit history report, and more could be worth big bucks. Depending on how desirable you are (i.e., how easy of a target you will be compared to the total profit a thief can expect), your profile could sell for $500 or more. That is 100 times the price of the driver’s license number. As the world is changing, people are taking extra care to protect their identities, so it is becoming harder for thieves to research you. The price of your information is ever increasing.
In order to find all this information, an identity thief will probably use both online and offline methods. That is where the following bits of information come in handy. Protecting yourself online will not do any good unless you are also savvy about the ways people can steal your identity offline. Most of these methods should not come as a surprise, yet millions of people across the United States fail to protect themselves from these dangers.
Phone Thieves
Phone thieves are really no more than phishers, but because they are talking to you instead of e-mailing you, many people more readily believe them. It is much easier to delete a suspicious e-mail than to say no to someone who has called you. Unfortunately, phone conversations are not commonly documented. You may save your e-mail to report a problem, but you probably do not record a phone conversation or even make a note of the number on your caller ID, if the number was not blocked in the first place. Phone thieves can wreak havoc without leaving a single trace behind.
A typical phone conversation may go something like what follows:
Mrs. Henry: Hello?
Caller/Scammer: Hello, may I please speak with Mrs. Henry?
Mrs. Henry: This is she.
Scammer: Hi, Mrs. Henry. This is George Perry with The Yourtown National Bank. We’re having a problem with your savings account here with us.
Mrs. Henry: What’s the problem? I was just in there yesterday and everything was fine!
Scammer: It appears that someone has been attempting to access your bank account online, but has failed to enter the correct password seven times in a row. We’ve temporarily locked down your account, as we think a hacker is trying to break into it. Do you use our online banking services, Mrs. Henry?
Mrs. Henry: No, no, I don’t even have a computer. I don’t even have my account set up for online banking.
Scammer: That’s quite all right, Mrs. Henry. We’ve locked out your account so that no one can access it. What I need to do is go into your account and reactivate it, changing your personal information so that the person trying to access your account can’t get in.
Mrs. Henry: Should I come into the bank?
Scammer: Actually, we can do it right over the phone to save you the trouble if you’d like. You can either bring a photo ID to the bank or verify your personal information over the phone.
Mrs. Henry: I was just there yesterday, and I don’t want to drive back there again.
Scammer: That’s fine. I want to quickly verify with you that I am from the bank. Your account number is 2098128970. Is this correct?
Mrs. Henry: Let me grab my checkbook…yes.
Scammer: Let’s see here. I just need you to verify your birth date for me to confirm that I am, in fact, speaking with the right Mrs. Henry.
Mrs. Henry: June 2, 1959.
Scammer: Okay, great, and your social security number?
Mrs. Henry: 123-45-6789.
Scammer: Perfect. And you said that you don’t have an online account set up with that checking account?
Mrs. Henry: No.
Scammer: Okay, it must be on default settings, which uses your PIN as your password and your account number as your user name. Can you confirm your PIN for me?
Mrs. Henry: 5555.
Scammer: Great. I’m on the Internet, looking at your account now and it seems that no one has broken into it. I’m going to set up a new password for you, should you ever need to get into your account. Do you have a piece of paper?
Mrs. Henry: Yes, go ahead.
Scammer: Okay, your new username is imscammed and your new password is naïve. Got that?
Of course the scammer is not going to use that as your username and password to tip you off, but can you see how easy it would be for someone to smooth talk his or her way into all sorts of personal information? Like Mrs. Henry, millions of people have been scammed this way, and the result is definitely not a good experience. Once “George” hangs up the phone, Mrs. Henry has a false sense of security. She believes there was a problem, but that someone is currently fixing it. In addition, since she just revealed that she had recently been to the bank, the scammer knows that he has even more time to play. He got her bank account number from somewhere, which is easy enough to do – it is on every check you write. By confirming with her that one bit of information, he got Mrs. Henry to tell him her birthday, social security number, and PIN number all in a few minutes. With that information, he can drain her account, and because he has the proper information, the bank will not suspect anything strange or alert Mrs. Henry. She might not know anything is wrong until she gets her next bank statement or tries to write a check that bounces.
Grab and Run
No real mystery here – some identity thieves still just grab your purse or wallet and run. Pickpockets are still common, especially in larger cities and tourist areas. Because most people carry all their personal information in their wallet, it is an easy target for thieves. You may initially be upset about losing your money, but losing your credit card, social security card, passport, and driver’s license is much worse.
These kinds of thieves are smart. They do not just pick someone out of the crowd, grab your purse, and run. That is a good way to get caught, and fines are just the beginning of a thief’s worries. Getting caught could also mean jail time, and most have had prior convictions or are wanted on other charges. So, they plan.
A grab-and-runner will start by looking at your purse or wallet. For a purse, they want something falling off your shoulder or held loosely in your hand. Bigger is not always better, but if it looks big without being heavy or awkward, that is a plus. Also, a thief will more likely strike someone carrying a designer purse, in which case the purse itself can also be sold. For a wallet, they look for someone who puts it in a back pocket. They will also check to see if the wallet is sticking above the pocket line, which makes reaching for it much easier. In fact, they might be able to wiggle it free without you even knowing.
You are most at risk if you are alone. If there is a big, beefy bodyguard watching your every move, the thief knows that he or she will probably get caught rather easily. Instead, if you are alone, the thief can take you by surprise and run away, leaving you with no one to help you. Having a crowd to run into is crucial, and tourists are the best targets. Tourists are usually so focused on seeing the sights that they are not paying attention to their surroundings.
People have been picking pockets since clothes first started having pockets. It is not a new trend, but unfortunately, not one that will die soon either. I have not included pickpocket tips in the long list of identity theft prevention tips in Chapter 4 simply because this is not an online issue. However, to help keep you safe, here are a few common pickpocket prevention tips to keep in mind:
• You do not have to use a fanny pack, but carry a bag that makes sense in a pickpocket-prone area. Instead of one that you wear on your back or that slings over your shoulder, look for a bag that crosses over your chest or securely sits under your arm. The bag makes all the difference.
• Never carry your social security card or passport with you when you are seeing the sites or when you are not traveling. If you must bring that sensitive information, such as may be the case if you are traveling overseas, keep it in the hotel room. Additionally, make use of the hotel safe. Maids, room service employees, and other hotel personnel may not be trustworthy, and it is hard to prove who stole your stuff if you have that problem. Lock up anything valuable, and remember – your identity is valuable.
• Do not carry cash on vacation, especially in another country. You cannot track down cash if it is stolen; plus, it is annoying to have to convert everything into the foreign currency if you are abroad. Instead, opt for traveler’s checks and your credit card. Yes, your credit card will still work in many foreign countries. Before you leave on vacation, call your company to see if this is the case. If possible, you might even want to consider getting a prepaid “smart” card just for your trip. That way, thieves have less to gain from stealing the card, and you do not have to worry about overspending.
• Travel with others and stick close. Thieves are less likely to strike a group because there are more eyes watching each person in that situation.
• Use bags with zippers, not snaps, Velcro, ties, or other loose fixtures. You are more likely to feel someone from behind unzipping the bag than you are to feel someone just reaching into the bag. Keep in mind that these thieves have been stealing identities for years in some cases. They know how to move carefully so you do not notice.
• Use a smaller wallet, especially if you will not be carrying it in a purse. Men often get their wallets stolen when they stick out of the pocket a bit and can easily be seen and gently grabbed. Instead, use a wallet that is sleek and fits completely in your pocket, or do not use a wallet at all. Have your female travel companion carry your money in a secure purse.
• If you are going to carry items in a pocket, do not use a back pocket. Even side pockets on jeans or trousers do not work very well. Instead, wear cargo pants with pockets that close. You will be more likely to notice someone trying to steal something out of your pants that way.
• Do not carry all your credit cards at once. Keep a “back up” in the hotel safe so that, if your things are stolen, you have a way to survive while you sort out the mess.
Dumpster Divers
Who would have ever thought that we would live in a world where our trash should be under lock and key? That seems a bit ridiculous, right? Ridiculous, yes, but it is also true. Our garbage gives up all sorts of secrets for people who understand how to make the most of it. Dumpster divers are not just looking for fixer-upper furniture and thrown-out clothing that still has a bit of life in it. Today’s dumpster divers are on the prowl for information.
Your trash is full of all sorts of sensitive information. Here are just a few of the things you can find in the average person’s dumpster:
• Credit Card Offers: This is the big one, because most of us get dozens of credit card offers every month. They can really be dangerous if you do not shred them. While credit card offers usually do not include your social security number on them (although some might, so always check), what thieves can do is send them in with a “change of address.” So, since you are pre-approved for the credit card, the thief can get some new plastic in the mail in only a matter of days. With other information that can be stolen from other sources and a bit of fast talking, anyone can take that theft to the next level. Just imagine: It all started with a credit card offer.
• Bank Statements: While bank statements usually don’t include your social security number or your PIN, they do include your account number and balance as well as other clues in piecing together information about you.
• Expired Driver’s Licenses and ID Cards: Although expired, some clerks never look at that and are simply interested in making sure that the face in the picture matches the name. If an identity thief looks similar to you, it can be easy for him or her to pass of the driver’s license as his own. In addition, this also contains your signature and driver’s license number.
• Expired Passports: This is as dangerous as an expired driver’s license or ID card because it is a document proving your identity.
• Credit Reports: This is the jackpot for an identity thief. Your credit report contains just about every piece of information that someone needs to totally become you, from your social security number to your banking information. Referring to the request number on the document, the thief can also call to inquire about even more information on your credit report. Yet, thousands of people throw these in the garbage without thinking twice.
• Luggage Tags: These tags alone are not worth much, but paired with other information can help an identity thief put together a profile of you.
• Old Resumes: Using your resume, a thief can put together a work history for you, as well record your address, phone number, and e-mail address. In addition, on federal resumes, you are often required to list your social security number, which can be a goldmine for an identity thief.
• Medical Records: Most people don’t realize just how much information someone can get from a medical record of any kind. Depending on the document, it may or may not include things like your social security number, address and phone number, doctor’s name, list of prescriptions, family history, medical history, hospital stays, blood type, and so forth. This can all be used against you.
• Travel Itineraries: Sometimes, you create an itinerary for a trip and print and extra copy or decide that you do not need it. When you throw it away, however, you are not only telling thieves when you will not be at home (and thus when you will be most susceptible to identity theft), but you are also telling them where you will be at all times. By calling a hotel and pretending to be you, a thief can learn all sorts of information. It just takes a little creativity.
• Old Tax Information: Again, by using old tax documents, or even copies of them, an identity thief can learn lot of information about you. By fitting these pieces of the puzzle together, your identity will be worth a lot more money to any end user who wishes to purchase an identity.
• Utility Bills: By grabbing old copies of your utility bills, an identity thief can infiltrate your account, set up new accounts, and add pieces of information to your complete identity package.
Any document that contains account numbers, your name and address, your signature, personal information about your whereabouts, medical information, employment history, or social security number needs to be shredded. Thieves are versatile – they will work with what you give them. Invest in a shredder and use it whenever needed. After all, it only takes a few seconds to shred a document, but it can take years to recover from identity theft.
Skimming
Identity theft is not always as easy to detect as you might think. Skimming is something that is done through what would otherwise be legitimate reasons. These kinds of occurrences happen when a person has access to credit cards of others. This might happen with employees who are not trustworthy and who might steal from others.
There are several ways it works. The basics of the scam are simple. A person must gain access to your credit card through legitimate means, and then copy down the numbers or otherwise keep track of the credit card numbers to use later. In order to have the credit card number, a person must have the credit card. This happens in stores, hotels, and restaurants. Most of the time, it is found in situations where an employee has access to a credit card when the customer is not looking. This might very well be at a restaurant, after someone has given the credit card to the person to pay for their meal. When they can take the card away from the customer, this could be the chance to write down the numbers. In order to use a credit card later on, a person will have to have the numbers off the front of the card, as well as the numbers that are found on the back of the card. They will take these numbers and then return the card to the owner. The person will not know that their number have been stolen – and will not find out until the thief uses their card.
There are other ways that skimming can be pulled off. Sometimes, a thief might use photographs of credit cards as others use them. This is something that has been done a couple of times. An employee will take a photograph of the credit card so that they can get the numbers off of it later on.
There are also devices that can be used to steal these numbers. Sometimes, skimming is done when an electronic device is attached to a card reader itself. This device is not put onto the card reader by the people who own the card reader. It is attached by a thief, who then has the access to all of the numbers that they got off of the card reader. This is something that can cause a lot of damage because a person can put their device on something like an ATM, and get hundreds of numbers that they can use later on.
Skimming is something that is difficult to protect yourself from, because you aren’t doing anything that could be considered dangerous with your credit card. You are using it just as you should be using it. However, you still have to worry about skimming taking place in just about any situation.
The best way to protect yourself against skimming is to be vigilant with your credit card statements and with your bank statements. Be sure that you are checking them regularly, and that you are reporting problems to your bank.
A Few Scenarios: How One Slip-Up Could Be Worth Thousands
No one is trying to scare you, but one tiny mistake can cost you thousands of dollars and ruin your credit. It does not help matters to be paranoid that every person you meet is going to try to steal your identity. At the same time, that is absolutely something to worry about – while most people will not try to steal your identity, almost everyone in your life has the chance to do so. Feeling overwhelmed? That is not a bad thing. Preventing identity theft is only effective if you go at it full force, and to feel passionate about identity theft prevention, you have to feel a little scared about the possibilities. Read through the following scenarios. These are not far-fetched ideas – they show you how just one mistake can make for your ultimate demise. While the names and exact events of the following scenarios are fictional, versions of these situations have happened to millions of people across the country. These scenarios are why identity theft prevention education is important for everyone.
Scenario #1: From Junk Mail to Jail
Mary worked the night shift at the local gas station, so before she headed into work she left a note for her husband to put out the trash before he went to bed. She got home to find that the neighbor’s loose dog had ripped the bag apart. Garbage was scattered all over her lawn, and Mary, tired from a night of work, slowly picked up the litter. This was only the beginning of her bad luck, however.
When Mary’s trash was scattered across the lawn, an opportunist (we will call him Mark) walking by peeked into the bag and saw some pieces of junk mail that had not been shredded. Stuffing the envelope into his pocket was easy, and because it was so late at night, he did not draw any attention to himself. Once home, Mark opened Mary’s mail to see how he could make use of the pre-screened credit card offers.
Within a week, the thief had applied for four different cards, making sure to change his address on each of them. That is when the real fun began. With each of the cards, he set up online accounts to track his spending in Mary’s name. Mark then decided to dig a bit deeper. Using Mary’s home address, he sent her a letter printed on the credit card’s company letterhead, easy enough to create from online images. The letter stated that he was an employee of the credit card company and he believed that someone had opened a fraudulent account in Mary’s name. Could she please use the enclosed number or e-mail address to contact him right away?
When Mary e-mailed him the next day, Mark “verified” that she had an account with the company by giving her the login information for the very account he had set up. He then asked Mary to confirm her social security number to see if it was the one that matched the account, which she could clearly see was working and using her information. Mary, hoping to clear up the information right away, gladly e-mailed Mark her social security number. He confirmed the fraudulent account and said that it would be cleared up in a few days. He said that she may want to wait a few months before checking her credit history report because it would still show the weird charges, but that he would be in close contact with her and the authorities during this time.
Mary took that advice and, since she was not checking her credit score, Mark had a field day with her social security number. He had his girlfriend use it to apply for a car loan, took out a personal loan at the bank, and opened six more credit cards in Mary’s name. After about two months, he cashed in all that he could with the credit cards using their “fast cash” options, sold the car to an unknowing private buyer, and skipped town. Before he was done, he also sold her social security number to an immigrant in the area whose visa was soon going to expire so that she could use it to get a job. By the time Mary figured out something was wrong, the police were knocking on her door, as she had not paid bills, returned phone calls, or responded to lenders in over three months.
She was also wanted on drug charges. Mark’s girlfriend, using Mary’s identity, was caught selling cocaine to an undercover police officer. Mark used money from the fraudulent loans and credit cards to bail her out of jail and, when the couple drove away, the police had no way to find them again. Mary was a criminal, but not really. It will take Mary a lifetime to fix the problems caused by Mark and his girlfriend, and it all started with one piece of junk mail.
Scenario #2: The Perfect Date
Frustrated with trying to meet men at bars, Susan decided to give online dating a try. She signed up for both free and paid services on some of the most popular dating services and, after a few weeks, had formed casual friendships with a number of other users looking for love on the Internet. One guy stood out to her more than all the others. His name was Jeff, and after just one e-mail, Susan knew that Jeff was someone she wanted to get to know.
Over the course of about a month, Jeff and Susan’s friendship blossomed to the point where Jeff was talking to Susan every single day on instant messenger, via e-mail, and even with phone calls. Susan was from New York and Jeff from Kansas, but he told her that he had grown up in New York City, so they quickly found things to talk about. Jeff was coming out of a bad relationship with a girl who took him for granted, and, like Susan, he was tired of going to bars to try to find a nice girl. Susan had known Jeff for about six weeks when he started to send her gifts at work and home. They were small trinkets, as Jeff did not have a lot of money, but it made Susan feel special when Jeff sent her flowers in front of her co-workers.
They never seemed to run out of things to say, and by the time their friendship hit the two-month mark, Jeff admitted he was falling in love with Susan. Both agreed that the next step was a face-to-face meeting to talk about possible relocation, but there were two problems. Jeff did not have the money for a plane ticket and Susan did not have vacation time at work so she could not travel. Jeff suggested that Susan pay for his ticket to travel to her and he would pay her back for half when he could. After all, they were going to be spending a lifetime together, probably. Jeff hinted that he was ready to settle down and have children in the near future.
So, Susan logged online, beaming from ear to ear, and loaded her credit card information into the airport’s system. She then e-mailed Jeff her username and password so that he could buy the airplane ticket. She logged on to make sure things had gone well and, sure enough, Jeff had purchased one round-trip ticket as they had agreed. The couple continued to chat online, and Susan felt more and more anticipation as the day of Jeff’s travels to her neared.
Susan waited at the airport for Jeff’s flight, nervous and happy at the same time. They announced that the flight had landed and she waited by the gate, looking for a face that was similar to the pictures Jeff had sent. Susan did not see anyone that fit the description. Confused, she wandered to luggage claim – perhaps he had slipped past her and was waiting there. No one seemed to be looking for her. Jeff’s cell phone was turned on and rang when she called, but he did not pick up the phone. So, Susan went to the service desk. Perhaps he had missed his flight.
What the customer service rep told Susan made her gasp in horror. Not only had Jeff not made the flight, but he had also changed the ticket the night before to be heading to Mexico the next day. In addition, using Susan’s account, there had been another ticket purchased to Mexico, and it had landed about an hour ago, meaning that Jeff and his traveling friend were probably already long gone. A call to the Mexican airport confirmed just that. There was no way for the police to know where they had gone.
Susan immediately called her credit card company to see if there was anything they could do, and she found that Jeff had also used her card and information, found in the airport Web site’s profile, to make thousands of dollars worth of other online purchases. She would not be held accountable for those purchases, but she would not be refunded for the airline expenses, because she had authorized his use of that account by giving him the credit card. Susan never heard from Jeff again, but she spent the next year working overtime to pay off the fees for the two plane tickets and the hundreds of dollars in fees that she was charged for changing the tickets at the last minute, as well as the interest on her credit card for not being able to pay off the full balance right away. Jeff – if that really was his name – stole over $3,000 from her and will probably never be caught.
Scenario #3: Connecting the Dots
Craig, an avid Internet user, was an active member at a number of online forums, Web sites, and so forth. One day, he decided to subscribe to an online newsletter for a hockey Web site. The site required him to register using his e-mail address, a password of his choice, and some personal information like his address, sex, and phone number. So, our hockey-lover signed up, not even thinking twice about why an online hockey newsletter would need that information.
In fact, because the registration form had him use his e-mail address as his username, Craig just naturally used the same password that he used for his e-mail. What Craig did not know is that this was exactly what the Web site’s owner, Heather, was hoping would happen. When Craig hit “submit” on the registration online, he was not signing up for a hockey newsletter. He was sending his e-mail address and password to Heather. Although not everyone signing up at this site used the same password as they used for their e-mail, many did as an automatic response to the e-mail username. Of those who did not, many used a similar version. If their e-mail password was hello123, for example, their password on the site might be 123hello.
From that, it was not hard for Heather to take information sent from Craig and other users to log into their e-mail accounts. Once there, it was not hard to figure out where Craig had online accounts. She saw that he used PayPal for eBay purchases, did online banking, and even paid his credit card online. Although Craig did not save his e-mails with passwords to any of these sites, Heather did not have to break a sweat figuring them out.
Go to any site and pretend you do not know the password. These login sites all have built-in password protection, but they also have ways to find a lost password. Usually, one of the most basic ways to retrieve your password is to have it e-mailed to you. All Heather had to do was submit that help ticket, sign in to Craig’s e-mail, and retrieve the password. Even the “secret questions” did not help protect Craig. For someone who wants to steal your identity, doing a bit of research to find your mother’s maiden name, your paternal grandmother’s name, the town you were born in, or your elementary school is worth that extra time. So, really, it is not very hard. Online resources list this information about just about everyone. All you need is an address to confirm that the information is really about the person in question. Heather had everything she needed from Craig’s registration form.
She did not get very far because Craig caught the weird online transactions fairly quickly. However, in just a few days, Heather had spent over $1,000 on eBay purchases and even more using his credit card number. Unfortunately, Craig did not even have a name to give the police. Even if he could have tracked the culprit to the online hockey newsletter, he had no idea that a girl named Heather was behind the scam. Furthermore, the site was wiped clean and parked at a generic advertising site. Heather had also registered it privately. In 48 hours, she got away with money and ruining Craig’s credit, all because he wanted the latest in hockey news sent straight to his inbox.
Scenario #4: A Good Cause
Jan was the type of girl who would do anything for just about anyone. She worked a 40-hour workweek to provide for her sick mother and then spent nights at the soup kitchen. She went to church every Sunday and always remembered to send her siblings and college friends’ birthday cards. Jan was just one of those ladies who you wanted to know, and she wanted to know you, too.
Jan was horrified to learn about the widespread destruction in the south due to Hurricane Katrina, so she saved up for weeks to be able to give her donation. She planned to give her $1,000 donation straight to the Red Cross, but she received an e-mail from an organization called Help Katrina that asked if she would consider donating. She checked out their Web sites, which had a lot of great Katrina-related facts, and they allowed her to use PayPal to submit a donation, which was very convenient for Jan, since she often sold items on eBay and had a balance in her PayPal account that she wanted to spend. Help Katrina was the perfect option.
So, Jan clicked on the PayPal button on the organization’s Web site, logged in, and designated $1,000 to the charity. She received a confirmation e-mail, which she printed for her tax records, and, feeling good about giving to a worthy cause, went to bed. All seemed well until the following week, when she got a call from a Help Katrina official. Identifying herself as Pamela, the caller referenced Jan’s donation and said that there had been a small problem – the donation had not gone through correctly. She told Jan that, if she would log onto her PayPal account, she should see that the money had bounced back to her PayPal account. While on the phone with Pamela, Jan did just that – and sure enough, the $1,000 was credited to her account. The payment had not gone through for some reason.
Would she like to donate via credit or debit card? Pamela assured her that a card payment would go through immediately. Jan agreed. She could simply withdraw the money from PayPal to pay off her credit card at the end of the month. It did not really matter to her how the money got to the charity. It just mattered that the money made its way to the people who really needed it. So, she gave Pamela her credit card information and asked that they send her a receipt. Pamela assured Jan that it was in the mail.
What Jan did not realize is that her original PayPal payment had not “bounced back” to her account. She had never paid it in the first place. The PayPal button on the “charity” Web site was nothing more than a redirect to a Web site page that simply looked like the PayPal login page, but it was not. The PayPal information was spoofed and Jan had given her login information to Pamela (whose real name was most likely something else). In addition, she had also given her full credit card information to this Pamela over the phone. It was only a matter of time before everything went up in flames.
Pamela and her fake Help Katrina site began by using Jan’s credit card for the $1,000 donation. That money, which should have been going to disaster relief, went into Pamela’s “big screen TV” fund. At this point, Jan did not suspect anything was wrong. After all, she had given Help Katrina the authority to take $1,000 from her credit card account. The indication that something was wrong did not happen until three days later. Suddenly, all at once, Jan’s entire PayPal account was drained and her credit card was maxed out buying big-ticket items online with rush delivery. Before Jan could stop them, the items were delivered to the PO Box and Pamela was gone.
Jan had to put her charity work on hold while she worked to pay off the fraudulent charges – with her card, they were not all covered by the consumer protection plan, especially since they were made online. Her total losses, not counting the lost $1,000 that did not go to her charity, were around $10,000 when the interest was added to that mix. It took Jan years to pay it off and even longer to rebuild her credit. Jan thought she was doing something good for the world, but because she was not a savvy Internet user, she was sucked into a horrible situation.
Scenario #5: Winning the Lottery
Joe never considered himself a lucky person. In fact, he always seemed to lose money when gambling, and after 40 years of playing the lottery, he never won more than a few dollars here and there. It did not really matter. Joe was a successful mortgage broker and he believed in making your own luck.
Until, that is, Joe got an e-mail one day telling him that he had won a Nigerian lottery and was eligible for over ten million dollars (TEN MILLION DOLLARS) in prize money. He was skeptical. Joe had heard about advanced fee scams and he did not want to be pulled into one because he knew that they did not end well for the so-called benefactor of the money. However, against his better judgment, Joe decided to respond to the e-mail. Replying would do no harm, right? He was not going to give them any money. Joe just wanted to see what this e-mail was all about.
He received an answer to his reply right away. Yes, Joe had won the lottery in Nigeria, and no, this was not one of those weird online scams. Joe was actually, unbeknownst to him, entered into the Nigerian lottery every week and his name just happened to get pulled this week for the big prize. There were no costs and nothing to worry about. Joe just had to confirm his identity and the prize money would be all his.
I am sure by now that you know Joe is going to get scammed. He replied to the e-mail, wanting to know more about the lottery, and all his questions were answered promptly. After he was urged to submit his information as soon as possible for fear of forfeiting the prize, Joe e-mailed the lottery organizers with his bank account information. The entire balance would be wired as soon as possible.
Before the week was up, Joe got another e-mail. Something was wrong with his lottery winnings. Another person with the same name and birthday had also come forward to claim the prize. Would Joe be willing to confirm his identity further by transferring a very minimal amount of money to the lottery’s bank account? If by chance there was a mix-up, they would wire that full amount back immediately, but they suspected that the other person was a scam artist out to steal Joe’s money, so they were sure that he would not even agree to the transfer. Not wanting to seem like a phony, Joe agreed and sent over the “small” fee of $5,000. Of course, that amount did not seem small to Joe at the time, but he was willing to make that sacrifice for now since he was going to be receiving over ten million dollars in a week or two.
Problem after problem arose with the transaction, and Joe continued to send relatively small amounts of money to help the proceedings along. Finally, the lottery representative asked Joe for a favor. They had been working closely for almost four months at this point, and Joe had even spoken to him on the phone on multiple occasions. The Nigerian government was holding the money for some reason. If they sent Joe the full amount for all their lotteries – over 100 million – could he take out what was owed to him, the ten million, and wire the rest to the next winner? It would make the process finished completely once and for all.
Luckily for Joe, he had the good sense (finally) to talk to his bank. As soon as he started explaining the proceedings, his banker stopped Joe and explained to him that he needed to call the FBI right away. He was being scammed. If the company did send a check, it was bound to be a fake one, and Joe could be held liable for any amount he cashed. Joe got out before he was in millions of dollars over his head, but he did lose about $12,000 in the process. That is not a small chunk of change.
Something even more horrifying came to light as Joe began to really look at the situation with a clear head. On many of their proceedings, Joe had used his social security number, birthday, and driver’s license number to take care of issues with the transactions. A quick call to the credit reporting bureaus confirmed it – these scammers were making good use of Joe’s identity. Over the next 20 years, Joe continued to find ways in which these scammers were ruining his life. His social security number and other personal information were sold and he could not get back the thousands he spent to try to retrieve his millions in lottery winnings. You might have already guessed it, but when Joe questioned them about it, poof. They were gone. Suddenly, the phone numbers, e-mail addresses, and names of the people he had known for four months now seemed to have never existed in the first place.
And that is how most identity thieves are. One hint that they might get caught and they will disappear forever with your money and your identity.
Straight from the Expert’s Mouth: IDTheftSecurity.com Talks about Prevention
In 1992, when Robert Siciliano started selling information videos, audio tapes, and non-lethal personal protection products, he could not have imagined how personal and business identity theft would evolve over the years, especially through use of the Internet. Today, Siciliano is the CEO of IDTheftSecurity.com, one of the world’s leaders in personal identity theft protection. IDTheftSecurity.com provides citizens, corporations and associations privacy and personal security information and practical solutions to prevent crime. With Siciliano at the helm, their business model has changed from one providing protection products to a full-blown informational company that provides personal security seminars and training across the country.
Says Siciliano, “We’ve witnessed greater media coverage and a major rise in fraud, scams and theft as information continues to become more available.” And that is a good thing. As the public becomes more and more aware of security threats and the tactics used by identity thieves, we can, as a culture, better learn to stop them in their tracks. Although Siciliano has seen lots of identity theft trends over the past decade, there is one he has not seen – a decline in popularity in any category. That means that there are more identity thieves out there, and that they are becoming smarter.
What is the most popular form of identity theft? There are no surprises here. “Phishing for dollars. Identity thieves send out millions of e-mails daily requesting victim’s usernames, passwords, cash and credit cards and countless ways,” says Siciliano.
However, the biggest mistake that people make regarding identity may surprise you, as it is not related to phishing. Says Siciliano, “Most people put up enough information about themselves on various social network sites that a thief can use it against them.” Web sites like MySpace and Facebook have given identity thieves a whole new way to attack their victims. Experts are seeing trends in this, but the public seems to be creating new and more detailed public profiles every day.
Another major problem with identity security that Siciliano and IDTheftSecurity.com are trying to combat is the unprotected status of many online shopping Web sites. Although there are thousands – probably millions – of online sites that are secure, Siciliano warns that there is no way to be completely sure. The key, as they teach at their IDTheftSecurity.com seminars and training sessions, is being proactive and suspecting identity theft before it happens. Customers are responsible for checking their credit card statements and reporting anything strange.
Like other security expert, Siciliano agrees that there are changes that need to be made in identity securities policies and laws. However, there are things that the average consumer can do to prevent theft on a high level. His number one identity theft prevention tip?
“Make sure your PC’s security definitions are updated and make sure there aren’t P2P programs installed on your PCs that can allow all your computers data to be shared with the world.”