Tag Archives: Identity Theft

Fraudulent Calls that Don’t Make Sense

I am going to present a few fraudulent phone call scenarios that exist in the real world and that claim numerous victims, and you see if you can determine what the scammers are doing that actually doesn’t make sense if you stop and think about it:

  1. A caller claims to be a Social Security Administration representative calls and warns you that your benefits are about to be suspended because of some problem or other. The caller ID shows the correct SSA customer service line. She needs you to verify your Social Security number in order to fix the issue.
  2. A caller claims to represent a credit card company. He says that your card has been deactivated due to suspicious activity. In order to get your card working again, he needs the card number, expiration date, and three-digit code from the back of the card.
  3. A caller claims to be a Medicare representative and informs you that your benefits are going to be suspended because of an issue. Before he can fix the problem, he needs you to verify your Medicare ID number.

Did you catch it?

In every case, the caller is asking for a piece of information that the claimed agency or company would already have…because they created that piece of information in the first place.

  • The Social Security Administration has your Social Security number. They’re the ones who assigned it to you.
  • Your credit card company assigned your card number and other details to you. They already know it.
  • Medicare already knows your ID number because they gave you that number. If there’s a problem with your account, it’s one piece of information they don’t need.

(You could also make the more general observation that these all involve a stranger attempting to alarm you and then asking for personal information, but these specific questions should really tip you off that the caller is not who he or she claims to be.)

Blood and Cocaine Discovered in Your Rental Car (in Texas)?

There are endless variations on the “scare someone over the phone so they give up personal information” scam motif, and most of them are pretty familiar at this point, but every now and then a new angle emerges. This is one.

The scam involves someone posing as a law enforcement agent (usually FBI), calling to inform the victim that they rented a car in Texas, and that the car was found with blood and cocaine inside. The victim is then pressed to give details such as his or her Social Security number, financial account numbers, and so on.

There appears to be another version in which the caller claims to be a Social Security Administration representative, and in addition to the car filled with evidence, they have also found an offshore account in the victim’s name holding a large amount of cash, and that his or her Social Security benefits are going to be suspended. The caller then proceeds to attempt to wheedle the same personal information from the victim.

Regardless of who the caller claims to be, these features appear to be repeated in every case:

  • The car was allegedly rented in Texas
  • Police found blood and cocaine in it
  • We need your Social Security number

These are the details currently used in the scam, but don’t be fooled if they eventually change Texas to Florida or cocaine to heroin (I have a feeling the “blood” part is going to stay…”you’re a murder suspect” is almost guaranteed to get a strong emotional reaction).

Remember these points:

  • If a stranger is trying to make you afraid, then asking for money or personal information to make the fear go away, something isn’t right.
  • The Social Security Administration already has your number. They’re the ones who gave it to you in the first place. Law enforcement agencies easy access to it, too.
  • If the FBI really finds blood and cocaine in a car associated with you, they’re probably not going to call you on the telephone.
  • While the SSA does make phone calls, it’s not generally the first point of contact, and it’s almost always going to be regarding an issue already known to the person receiving the call.
  • This scam hinges on fears about identity theft—most people’s first reaction is “I didn’t rent a car in Texas!” and then make the connection to identity theft themselves. Recognize the tactic for what it is.

Don’t Let Down Your Guard against Identity Theft

It’s just human nature: you hear about the same negative thing often enough for long enough, you’ll start to become a little numb to it. You may even check out entirely. And identity theft certainly crossed over into “Things We’re Tired of Hearing About” territory quite some time ago.

However, that doesn’t mean it has gone away. Identity theft is still happening to millions of people every year, and if anything, the thieves are becoming more sophisticated.

Some of the best ways to protect yourself have been written about thousands of times. Use a crosscut shredder to destroy documents containing personal information. Don’t click on links in an unexpected email, and completely ignore any email that says “click here to re-activate your card.” Use strong passwords, and never reuse them across different sites. Freeze your credit, then temporarily lift the freezes any time you need to apply for a loan or a credit card.

There are also some ways to protect yourself that don’t get as much attention (yet). If an account gives you the option of using Two-Factor Authentication, take that option. Beware of unfamiliar phone numbers that share the first six digits of your phone number. If a financial account allows you to set up alerts via text message or email, do it.

In any case, don’t become desensitized to information about identity theft just because you’ve heard about it a million times before. There might be a new threat, or a new twist on an old threat, or a reminder about a good habit you’ve let slip. And even if it is old news to you, remember that nobody is ever 100% safe from identity crime. Keep that in the back of your mind during any interaction where personal information is involved.

A Healthy Dose of Skepticism for 2019

2019 is going to be a lot like 2018, and a lot like every other year in recent memory: there will be a couple new ways to become a victim of some form of scam or fraud, there will be a boatload of old, tried-and-true scams still making the rounds (some with slight variations that make them seem new), a few “latest threats” frantically shared on social networks that turn out to be hoaxes, at least one or two major data breaches (and dozens of minor ones), and a whole lot of information, both accurate and inaccurate, about all of it.

And so, as we approach the new year, my advice is to stick to one basic principle, and to always ask yourself, “Is this the way the world really works?” That little bit of skepticism can be your best friend when it comes to avoiding scams and rip-offs, as well as not being the person who spreads false information and hoaxes online.

A lot of people make health-related resolutions this time of year. But before you spend money on a dietary supplement being hawked by some A-list celebrity, ask yourself how you think that A-lister got into the shape he or she is in. Does it seem more likely that they took a pill (that’s only been on the market for a few months, mind you), or could it be the full-time nutritionist on staff, the live-in chef, the million-dollar in-home suite of workout gear, the live-in personal trainer and the fact that their entire job description, when not actively working on a project, is to stay looking as perfect as possible?

When you read a story breathlessly shared on Facebook about robbers using fake perfume samples to subdue victims in parking lots (an urban legend that’s been repeated in various forms since around 1999), take a moment to notice how unlikely the whole scenario seems in light of how quickly most criminals prefer to operate (to say nothing of how ether and chloroform actually work). Notice how many of the “I narrowly escaped this!” stories boil down to, “I saw a man in a parking lot, and then nothing happened.”

When you get an email telling you that you’ve won the Powerball Lottery, remember how lotteries actually work in the real world. You buy a ticket and wait for some ping pong balls to pop out of a big tumbler. You don’t just “have an email address and wait until you win.”

When the phone rings and the caller claims that he’s from the IRS, you didn’t pay your taxes, and that you’re going to be arrested today unless you pay up immediately by purchasing some iTunes cards at the drugstore and calling back with the information, ask yourself if any one part of the situation squares with how the IRS actually functions. (Hint: none of it).

You don’t have to become a cynic, but just remembering to think about a new claim or information before you act on it can be a powerful ally. And remember this: if someone is trying to make you afraid of some immediate (or even abstract) threat, and they tell you the only way to make the fear go away is to give them something (money, personal information, etc.), they are probably not telling the truth.

Sign Up for Activity Alerts Everywhere You Can

Receiving and paying your bills online instead of through postal mail is a good idea. It’s not only convenient, but it also helps fight identity theft and other types of fraud (the fewer pieces of paper floating around in the world with your personal information on them, the better).

But your financial accounts may offer online features you’re not taking advantage of just yet. Most credit card providers and deposit institutions (i.e. credit unions and banks) that offer online access also offer alerts that let you know when activity has occurred on your account. Alerts can be an important tool in detecting unusual transactions or changes as early as possible.

Every financial provider is different, but many will offer alerts for new charges or withdrawals. Other options may include notifications for a change of address, phone number, email address or other contact information. Remember that identity thieves will sometimes attempt to change these details in an existing account in order to hide their activities from the victim. If you get an alert that your address has been changed (and you’re not the one who did it), it’s time to contact that institution and report the suspicious activity.

Fraudulent Customer Service Phone Numbers

By now you’ve probably heard about Tech Support Scams, where someone calls you out of the blue and tries to convince you that your computer is infected with a virus, that they have somehow detected it remotely, and that the only way to fix the problem is to hand over money, control of your computer, or both.

It’s one of those scams that can easily be avoided with the question, “Who initiated contact?” If they called you, it’s fraudulent.

But what about when you’re the one initiating contact?

When you need customer service from a large company like Amazon, Facebook or Netflix, it’s important to make sure you’re getting their contact information from a trustworthy source. Internet searches might lead you to a correct number, but the internet is also brimming with hundreds of examples of fraudulent customer service numbers, posted by criminals in hopes that you will call them instead of the legitimate phone number.

What happens if you call a fraudulent number? They may try to get your password information to take over your account and lock you out, they may ask you to reveal credit card or other financial account information, or they may take over your computer (with your help) and install malicious software or commit other crimes.

If you need to contact customer service, make sure you’re getting your information from a reliable source. Don’t trust phone numbers that appear in online forums. If you notice zeros replaced with the letter “O” (1-8OO instead of 1-800, for example), that’s a sure sign of a fraudulent phone number.

With some companies, Facebook being the most prominent example, there simply is no phone number you can call. Any problems have to be resolved using online tools. Every single phone number you see listed on the internet as a Facebook customer service line is false information.

The best way to find customer service contact information is to go directly to the company’s website and look for links like “Help” or “Contact Us.” Sometimes there will be options for help via email or chat and no option for telephone contact, other times the phone number will be front and center. It depends on the company you’re dealing with. In any case, to avoid a massive headache and potential losses to fraud, always make sure you’re getting the number from the official source before you even pick up the phone.

How to Freeze Your Credit

The recent Equifax data breach exposed the personal identifying information of at least 143 million U.S. consumers, which has led to a wider interest in placing a “security freeze” on credit reports (a.k.a. “freezing your credit”).

A security freeze prevents new credit accounts from being opened using your personal information, unless you lift the freeze in advance of applying for credit. This is accomplished using a PIN that either you or the credit bureaus create when placing the original freeze. This means that a freeze can stop an identity thief from creating new lines of credit, even if they already have all of your information.

A credit freeze is an important tool in preventing one type of identity theft, but does not prevent existing accounts from being accessed with stolen credentials, fraudulent credit or debit card transactions, employment or medical identity theft, or the filing of fraudulent tax returns. In other words, even after you place a security freeze, you still have to remain aware of the risks of identity theft.

There are three major credit bureaus and one minor. Here is where to go for each one, as well as some notes (information is accurate as of 10/2/2017, but websites may be updated in the future):

TransUnion: https://www.transunion.com/credit-freeze/place-credit-freeze2

Notes: use the “Click to initiate freeze process” link (last item under the “How Do I Decide What to Do?” table). Note that a “lock” is different from a freeze; what you want is a freeze. TransUnion requires you to create an account with a password, then you can place the freeze and create your PIN. To temporarily lift the freeze, log in at https://freeze.transunion.com.

Experian: http://experian.com/freeze

Notes: Experian is probably the easiest of the four to use, with the “Add a security freeze” option prominently displayed. You can create your own PIN, or have the site generate one for you. You can also choose whether to print your receipt or have it emailed to you. Double-check that your email address is correct if you choose this option! Visit the same site to temporarily lift the freeze.

Equifax: https://www.freeze.equifax.com

Notes: creates a “one-time PDF” which contains your PIN (the site generates it for you). Make sure you’ve got a PDF reader installed beforehand so you can view the file (Adobe and Foxit are popular free choices). Visit the same site to lift a freeze.

Innovis: https://www.innovis.com/personal/securityFreeze

Notes: Innovis sends your PIN via postal mail around 10 business days after you place the freeze. To lift the freeze, visit the same website and follow the instructions.

Prevent tax identity theft with an Identity Protection PIN

UPDATE 3/8/16: Or don’t get a PIN. According to KrebsOnSecurity.com, and as seen on the IRS site linked below, there have been some major security issues with the Identity Protection PIN system, and for now the service has been suspended. Once again, it took identity thieves around four seconds to figure out how to abuse a feature designed to protect your personal information and prevent tax return fraud.

I’ve written plenty of times about not opening emails that appear to come from the IRS (because of malware and/or phishing), but there is another type of crime that ramps up during tax season: tax identity theft.

Basically, it works like this: an identity thief already has your information, files a fake tax return in your name (from which a large refund will be due), then has the money directly deposited into an account controlled by the thief.

Most people’s first warning sign is when the IRS rejects their actual tax return because, according to their records, they already submitted one.

One step you can take to prevent this form of identity theft is to get an Identity Protection PIN from the IRS. You’ll have to use this PIN any time you file taxes (it’s not the same as your e-file signature PIN). The IRS will send you a new one every December or early January. Once you’re signed up, you’ll have to use a PIN every year to file your taxes, and you can’t opt out.

I can’t find any information about how long it actually takes to get your PIN from the IRS. If you’re ready to file your taxes now, or if April 15th is approaching (depending on when you read this), it might be better to wait until after you’ve filed this year’s return.

For more information, and to request a PIN, visit the official IRS page at https://www.irs.gov/Individuals/Get-An-Identity-Protection-PIN

Security freeze information for Indiana residents

The Indiana Attorney General’s office has information about security freezes, which are free for residents of Indiana (and some other states—you’ll have to check your own state’s laws if you don’t live here).

You can download the information here, or visit the Indiana Consumer website. I’ll put a link on the Fraud Prevention Resources page as well.

A security freeze (or credit freeze) prevents new lines of credit from being opened in your name, even if an identity thief has your Social Security number and other information, by adding an extra step to the credit application process.

Anthem Data Breach: Let the scams begin

News of the massive data breach at insurance giant Anthem Inc. isn’t even a week old, and already the phishing scams have begun.

Phone calls and emails are already circulating that claim to represent Anthem and offer free identity theft protection to victims of the breach. These calls and emails are not from Anthem, but scammers attempting to obtain personal and financial information.

Anthem has stated that they will contact customers affected by the breach by mail over the next couple weeks.

That means postal mail, friends. The kind that’s on paper and comes in an envelope, delivered by that person your dog completely freaks out at six time a week. The letters will give you information on identity theft protection, as well as the next steps you should take.

If someone calls you on the telephone, they’re not from Anthem.

If you get an email message, it’s not from Anthem.

If you get a text message, that’s not from Anthem, either.

If some weirdo shows up at your door, they’re not from Anthem.

Okay, I don’t really think that last one is going to happen, but you never know. I’m trying to me preemptive, here.

Watch your mailbox if you’re a former or current Anthem (or Wellpoint) customer. The old-school mailbox. Any other communications that claim to be from Anthem are fraudulent.

You can also get information online here.