Identity Theft Prevention: Staying Safe Online
Walking the Line
There is a thin line between trust and stupidity. We must walk that line carefully, for on the one hand, we do not want to fall victim to paranoia, becoming afraid of our own shadows, while on the other hand, neither do we want to willingly hand out personal information to anyone who asks for it.
Verification is needed to be certain that the person or organization asking for our personal information is
- a legitimate company
- has the right to require the data
- has its own security measures in place
Too often, we hear stories of gullible people losing their life savings to some scam or other. Most of these scams are positively ancient, and have simply been adapted to modern technology. It is very sad to see this happen to people, but at the same time, I have to shake my head in disbelief that in this day and age of instantaneous communication that there are still people who fall for this kind of garbage. While shaking my head, I usually mutter, "Anyone that stupid deserves what happens."
According to the FTC, the fastest-growing type of crime is identity theft. This scam is a major problem across the Internet, and it shocks me no end that people still have not wised up.
The most common approach is the e-mail contact from some important-sounding person in another country, soliciting assistance to get hold of their rightful inheritance as a prince, or some other such nonsense. The theme varies, but the approach is usually almost identical.
They want your personal information. They want you to send them a 'good faith' sum of money by wire transfer, in exchange for opening a bank account in their name, and as a reward, they will share their fortune with you.
Seriously? First of all, their so-called "title" is no doubt invented by the person themselves. Secondly, have you ever heard of this person, in the news? Probably not. Third, do you even know who this person is? Are they a personal acquaintance? Again, very unlikely. So why would anyone send them any money?
This scam is one of the oldest around, and is known as the Pigeon Drop. In the original version, a stranger comes up to someone on the street, holding a large, over-stuffed envelope. They claim they found it, and it is full of cash. Wanting to do the "right thing," they believe they should turn it in to (insert choice of a bank or law enforcement). But, they want a witness, and a guarantee of faithful intent. So, they ask their intended victim (the pigeon) to go into their bank and withdraw a specified (usually substantial) sum of money. This, they are to put into another envelope, as a 'good faith deposit' and give it to the perpetrator.
Then, the perp uses sleight-of-hand to switch envelopes, supposedly handing over the envelope they "found," and takes off with the pigeon's money, to do who knows what--the excuses vary. Supposedly, once the "found" funds are turned in, the two of you will share the reward money. Right. What happens is, the "found" envelope is full of cut up worthless newspaper or other stuffing, and the victim never sees their real money or the perpetrator again.
This is an increasing problem. I imagine the spelling comes from blending of the words "phoney" and "fishing"--"phishing." These types of scams normally also arrive via e-mail, and may claim to be from your bank or a credit card company. They provide a link for you to "verify" your information. If you do, you are sunk--congratulations--you've just entered the ranks of victims of identity theft!
These folks have extremely sophisticated graphics as well as hacker abilities and manage to make the site to which their link leads look just about identical to the real website for that institution. There will usually be something "off" about it, if you look closely enough. But, you don't want to do that. Even if you decide (wisely so) not to enter any information, by the very act of clicking on their "convenient" link, you have already verified your e-mail address as active and valid. Now, they can keep coming at you with other fraudulent offers or requests.
You SHOULD ABSOLUTELY re-type the address (URL) of your bank or credit provider as you normally would, instead of clicking a link or using cut/paste, if you get one of these links in an e-mail that claims to have anything at all to do with your personal information such as bank accounts or passwords.
NEVER click such a link, most especially if it claims to be from a site you do actually use!
Again: Manually type the address of the website or institution, as you normally would (do not copy it as it appears in the e-mail), and look through your messages or settings there to find out if it is valid.
If there is nothing there, contact the company by telephone to inquire. If they did not send it, then forward that e-mail to them so they can trace the bad guys who are going "phishing." It will usually be a mailbox like "spoof@.." or "abuse@..."
DO NOT EVER give out your personal information, social security number, account numbers, or any other such information to anyone asking in an e-mail. Your bank will not do this, and most companies will not, either. You will more likely get a letter in the postal mail if they have a legitimate reason to contact you to verify anything.
Creating a Sense of Urgency
Some common words in e-mail subject lines that should make you suspicious:
- (No Subject)
- Dear Sir or Madam
- You Have Won...
- Western Union (or other financial institution) Funds Transfer
- Seeking business partner
- Limited time offer!
This is an incomplete list--these scammers are quite clever and inventive. The newest one claims to be from the U.S. Postal Service, claiming to notify you of a parcel delivery failure. Think back--did you actually send any parcel? Probably not. I had not, anyway.
However, there are some companies (the U.S. Postal Service is one) that do not offer help or maintain any address to which to forward the abusive e-mail. They simply claim that "they are aware, and ... working on it." You can, however, send a report to the Postmaster General.
When you see these kinds of things, it is best to just delete the e-mail right from the inbox list without even opening it. Sometimes, they have some kind of back-feed tracker (I don't know the exact technical term) that lets them know the e-mail was opened, so they have verified an active e-mail address.
There's a sucker born every minute.— David Hannum
Some of the e-mail we get is just plain annoying--that "spam" stuff. You can't totally eliminate it, because you have given your e-mail address out, it is bound to be "out there," and on some site that the marketing or scamming spiders will crawl, and "Bingo!" you're on their list.
However, some of our online behavior can help reduce the amount of such mail. For instance, you may click a sidebar ad on Face Book, claiming to offer a "free horoscope," or a "free analysis of what character you'd be" in some popular movie.
Most of the time, you do not get that information by landing on the site from the link. You will be asked to fill out a form, with some degree of personal information required, and a promise of "the results by e-mail."
No thanks, I'll pass! That's a red flag for me--you're inviting them to put you on a list, at the very least for them to pester you with spam, and who knows--maybe they also sell lists of e-mail addresses, so you are opened up to great volumes more of spam.
You'll notice most large websites such as Face Book run a policy statement saying that they have certain standards, and will not do certain things, such as selling your information, but also in that fine print is a disclaimer saying that they have no control over what third-party sites will do with your information--if you are stupid enough to give it to them after clicking on their ad.
So, mind your P's and Q's out there, and enjoy the technology--but don't let it outsmart you!
The best way to stay safe is to be aware, and be alert. Use your head! One of the biggest tip-offs to a scam is the language. Most of the offenders show a very poor concept of proper English usage. The grammatical structure will be "off," or words misspelled.
Overly formal salutations, "My dear and valued friend..." etc. Friend??? Who the hell are you? You're not my friend--I never heard of you! If you have that reaction, delete the e-mail.
Have fun online--the Internet is a great resource for both information and entertainment, but pay attention to what you're doing, and what kind of information you're handing out.
© 2012 Liz Elias