Home    Victim´s Story   Fraud Prevention    Project GSO   Hall of Shame   LINKS  

Global Scambaiting Forum  

 
 

 

 

 

 

 

 

 






Phishing Scam



How to Protect Your Identity?


 

Public Warnings - Shield Yourself From Swindles


Phishing

Fifty-two million U.S. Internet users received phishing e-mail during the past 12 months.


Phishing incidents take center stage in Internet scams as they've increased dramatically in popularity in the past year. Phishers use the Internet to steal money and personal identities.


Victims usually receive fraudulent e-mails containing authentic looking company logos and familiar graphics and are asked to divulge financial information.


A study research firm shows 52 million U.S. Internet users received phishing e-mail during the past 12 months, from which 1.8 million consumers divulged information and one million fell victim. While consumers at banks and credit unions are prime targets, AOL and eBay users also are victims of frequent attacks.


Phishers develop new ways to scam their victims. Many phishers now are trying techniques that have worked well for virus writers. The newest phishing scam is activated when you simply open an e-mail, no clicking required. Once infected, the scammers change the IP (Internet Protocol) address in your PC's Hosts file to their choosing. The fraudsters then associate the IP address with bogus bank/credit union Web sites, which forces your browser to go to fake Web sites that look like your financial institution's site.


A phisher using the name Robotecteur is responsible for sending out the e-mail to million people. The virus recorded user names and passwords when the user visited any of 30 online banks and payment Web sites programmed in the virus. Robotecteur then received e-mails containing the sensitive information.


This form of phishing is different because the scammers don't have to lure you to a specific Web site. Instead, they get your username and password once you log in to a banking Web site. A keylogger then records your information and takes screen shots of your PC activity.


Unfortunately, most PC users will not detect a problem until it's too late, because most are not knowledgeable with Hosts files. While the attacks have only occurred in Brazil, Australia, and the United Kingdom, security experts expect to see the scam soon in the U.S. However, experts also say all phishing scams, these included, are preventable. As always, run and update antivirus software frequently and, if you don't have one already, install a firewall.


While phishing remains a high concern, experts also caution consumers against high-risk Internet use. The FTC (Federal Trade Commission) reports 55% of filed complaints are related to Internet fraud. The median loss for an Internet attack is $195. While online banking is safe, consumers still are more fearful of online banking transactions than giving out financial information for online shopping.


Experts advise consumers to monitor their accounts regularly rather than wait for the monthly mailed statement.
Experts say it's also a good idea to change your online banking and shopping account passwords every three to six months. And to avoid being led to fraudulent Web sites, retype the Web address in your browser rather than click through e-mail links. These simple steps can protect you from serious hassles down the road.



Check scams


The most common check scam is the "Nigerian Advance Fee Fraud," with 100 victims daily.


While scammers increasingly turn to the Internet, consumers still are targets of check scams. During a five-month period from January to June 2006, check scams collected an average $5,000 loss per consumer. Fraudsters increasingly use e-mail to contact their victims.


There are several variations of the check scam; the most common strategy is the "Nigerian Advance Fee Fraud," with 100 victims daily. The scammer proposes to send the victim a check for an extra sum and requests the victim wire back the excess money. The scammers often are from--or at least claim to be from--other countries, which explains why it is too difficult for them to make direct payment. Scammers offer to buy something you have for sale, offer you collection of a sweepstakes you won, or pay you to work at home.


Victims often send the product or money to the scammer once they receive payment. However, the realistic looking checks sent to victims are forgeries and, unfortunately, the victims are responsible for the money they withdraw against the bad check. Experts advise sellers to not send refunds or deliver goods in the period it takes cashiers' checks to clear.



ATM scams (automated teller machine)


Fifty-five percent of filed complaints are related to Internet fraud.


Like all scammers, those who target ATM users use the latest technology to their advantage. The newest ATM scam involves skimming. Fraudsters make counterfeit ATM cards by using a skimmer, which is a card-swipe device that reads the information on a consumer's ATM card. Scammers take a blank card and encode all the information from an ATM card when they swipe immediately after the machine's last transaction. The skimmer catches the PIN (personal identification number) through a small camera mounted on the ATM. The consumer is unaware they've been scammed because the ATM card has not been stolen and still works at other machines.


The "Lebanese Loop" is another popular ATM scam. Scammers insert a portable steel loop into an ATM card slot. The scammer usually approaches the victim while at the machine, and poses as the person next in line. Victims are advised to enter their PINs three times and then hit cancel to get the machine to accept the cards. The scammer is able to memorize the PIN for future use and the machine keeps the card because of the excessive number of attempts to enter the correct PIN. Victims leave in frustration because they couldn't get any money and they've lost their card. Once the loop is taken out of the ATM the scammer has the card and the PIN number for future transactions. This is a relatively new scam that many experts believe will be short-lived due to fast technology upgrades.


While it is difficult to guarantee protection from ATM scammers, there are security tips that lessen the risk. Be on the lookout for anything out of the ordinary at the ATM, such as odd-looking equipment or wires. As always, monitor your accounts regularly to make sure there is no unusual activity.


If you've been scammed, the FTC Web site, http://www.consumer.gov/ has information on the steps you need to take to clear your name and protect your identity.



Public Warnings - PROTECT YOUR IDENTITY


How can someone steal your identity?


They use your name, Social Security number, credit card number, or other personal information to commit fraud or theft. They might:

• Run up charges on your credit card accounts,
• Open new credit accounts or cellular phone service using your name, or
• Open a bank account in your name and write bad checks on it.
Problems that result, such as unpaid bills, are reported on your credit report. See Credit Reports and Scores.


You can reduce the chance a con artist can go on a spending spree with your money or steal your identify by taking these precautions:

• Give your Social Security number only when absolutely necessary. Ask to use other types of identifiers when possible. If your state uses your SSN as your driver's license number, ask to substitute another number.
• Sign credit/debit cards when they arrive. No one can forge your signature and use them.
• Carry only the cards you need. Extra cards increase your risk and your hassle if your wallet is stolen.
• Keep your PIN numbers a secret. Never write a PIN on a credit/debit card or on a slip of paper kept with your card.
• Avoid obvious passwords. Avoid easy-to-find names and numbers like your birthday and phone number.
• Store personal information in a safe place. Lock up your driver’s license and other cards at home and at work.
• Don’t give card numbers to strangers. Confirm whether a person represents a company by calling the phone number on your account statement or in the telephone book.
• Watch out for “shoulder surfers.” Use your free hand to shield the keypad when using pay phones and ATMs.
• Beware of blank spaces. Draw a line through blank spaces on credit slips. Never sign a blank slip.
• Keep your receipts. Ask for carbons and incorrect charge slips as well.
• Destroy documents with account information. Stop thieves from finding information in the trash by tearing up or shredding receipts, credit offers, account statements, expired cards, etc.
• Protect your mail. Ask your local U.S. Postal Service to put your mail on hold when you are traveling and can’t pick it up.
• Make life difficult for hackers. Install firewalls and virus-detection software on your home computers. If you have a high-speed Internet connection, unplug the computer’s cable or phone line when you aren’t using it.
• Keep a record of your cards and accounts. List numbers, expiration dates and contact information in case there is a problem.
• Pay attention to your billing cycles. A missing bill could mean a thief has taken over your account.
• Promptly compare receipts with account statements. Watch for unauthorized transactions.
• Check your credit report once a year. Check it more frequently if you suspect someone has gotten access to your account information. (See Credit Reports and Identity Theft).


Despite these precautions, problems can still happen. If a card is missing or you suspect another problem, notify the company immediately. See Lost and Stolen Credit Cards and ATM/Debit cards.


If you become an ID theft victim, file a report with your local police. Keep a copy of the police report, which will make it easier to prove your case to creditors and retailers. Contact the credit-reporting bureaus and ask them to flag your account with a fraud alert, which asks merchants not to grant new credit without your approval.


To simplify the lengthy credit-repair process, the FTC now offers an ID Theft Affidavit you can use to report the crime to most of the parties involved.


Request a copy of the form by calling toll-free 1-877-ID-THEFT or visiting www.consumer.gov/idtheft. All three credit bureaus and many major creditors have agreed to accept the affidavit.


You can also use this web site to file complaint with the FTC.


When dealing with ID theft, you can also get advice from the Identify Theft Resource Center at www.idtheftcenter.org.



DEFEND: Take Action Immediately


Defend against identity theft as soon as you suspect it.


- What are the steps I should take if I'm a victim of identity theft?
- What is a fraud alert?
- What is an identity theft report?
- What do I do if the local police won't take a report?
- How do I prove that I'm an identity theft victim?
- Should I apply for a new Social Security number?



*What are the steps I should take if I'm a victim of identity theft?


If you are a victim of identity theft, take the following four steps as soon as possible, and keep a record with the details of your conversations and copies of all correspondence.


1. Place a fraud alert on your credit reports, and review your credit reports.


Fraud alerts can help prevent an identity thief from opening any more accounts in your name. Contact the toll-free fraud number of any of the three consumer reporting companies below to place a fraud alert on your credit report. You only need to contact one of the three companies to place an alert. The company you call is required to contact the other two, which will place an alert on their versions of your report, too. If you do not recieve a confirmation from a company, you should contact that company directly to place a fraud alert.


Equifax: 1-800-525-6285 ; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241


Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013


TransUnion: 1-800-680-7289 ; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790


Once you place the fraud alert in your file, you're entitled to order free copies of your credit reports, and, if you ask, only the last four digits of your Social Security number will appear on your credit reports. Once you get your credit reports, review them carefully. Look for inquiries from companies you haven't contacted, accounts you didn't open, and debts on your accounts that you can't explain.


Check that information, like your Social Security number, address(es), name or initials, and employers are correct. If you find fraudulent or inaccurate information, get it removed. See Correcting Fraudulent Information in Credit Reports to learn how.


Continue to check your credit reports periodically, especially for the first year after you discover the identity theft, to make sure no new fraudulent activity has occurred.


2. Close the accounts that you know, or believe, have been tampered with or opened fraudulently.


Call and speak with someone in the security or fraud department of each company. Follow up in writing, and include copies (NOT originals) of supporting documents. It's important to notify credit card companies and banks in writing. Send your letters by certified mail, return receipt requested, so you can document what the company received and when. Keep a file of your correspondence and enclosures.


When you open new accounts, use new Personal Identification Numbers (PINs) and passwords. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your Social Security number or your phone number, or a series of consecutive numbers.


If the identity thief has made charges or debits on your accounts, or has fraudulently opened accounts, ask the company for the forms to dispute those transactions:


• For charges and debits on existing accounts, ask the representative to send you the company's fraud dispute forms. If the company doesn't have special forms, use the sample letter to dispute the fraudulent charges or debits. In either case, write to the company at the address given for "billing inquiries," NOT the address for sending your payments.

• For new unauthorized accounts, ask if the company accepts the ID Theft Affidavit (PDF, 56 KB). If not, ask the representative to send you the company's fraud dispute forms. If the company already has reported these accounts or debts on your credit report, dispute this fraudulent information. See Correcting Fraudulent Information in Credit Reports to learn how.


Once you have resolved your identity theft dispute with the company, ask for a letter stating that the company has closed the disputed accounts and has discharged the fraudulent debts. This letter is your best proof if errors relating to this account reappear on your credit report or you are contacted again about the fraudulent debt.


3. File a complaint with the Federal Trade Commission.


By sharing your identity theft complaint with the FTC, you will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them. The FTC can refer victims' complaints to other government agencies and companies for further action, as well as investigate companies for violations of laws the agency enforces.


You can file a complaint with the FTC using the online complaint form; or call the FTC's Identity Theft Hotline, toll-free: 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261 ; or write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.


Be sure to call the Hotline to update your complaint if you have any additional information or problems.


4. File a report with your local police or the police in the community where the identity theft took place.


Then, get a copy of the police report or at the very least, the number of the report. It can help you deal with creditors who need proof of the crime.


If the police are reluctant to take your report, ask to file a "Miscellaneous Incidents" report, or try another jurisdiction, like your state police. You also can check with your state Attorney General's office to find out if state law requires the police to take reports for identity theft. Check the Blue Pages of your telephone directory for the phone number or check www.naag.org for a list of state Attorneys General.


When you go to your local police department to file a complaint, bring a printed copy of your ID Theft Complaint form and your supporting documentation. Ask the officer to attach or incorporate the Complaint into their police report. Also ask the officer to sign the “Law Enforcement Report” section of your Compliant. If the officer wants more information about the ID Theft Report, you can tell them it is available on the FTC’s Web site’s Section for Law Enforcement at the link for “Identity Theft Report”. Ask the officer to give you a copy of the official police report with your ID Theft Complaint attached or incorporated. (In some jurisdictions the officer will not be able to give you a copy of the official police report, but should be able to sign your Complaint and write the police report number in the “Law Enforcement Report” section.)


The ID Theft Complaint can be used to supplement an automated police report. If you can online file an automated report, complete the “Automated Report Information” block of the ID Theft Complaint. Attach a copy of any confirmation received from the police to you ID Theft Complaint.



What is a fraud alert?


There are two types of fraud alerts: an initial alert, and an extended alert.


• An initial alert stays on your credit report for at least 90 days. You may ask that an initial fraud alert be placed on your credit report if you suspect you have been, or are about to be, a victim of identity theft. An initial alert is appropriate if your wallet has been stolen or if you've been taken in by a "phishing" scam.


When you place an initial fraud alert on your credit report, you're entitled to one free credit report from each of the three nationwide consumer reporting companies.


• An extended alert stays on your credit report for seven years. You can have an extended alert placed on your credit report if you've been a victim of identity theft and you provide the consumer reporting company with an "Identity Theft Report." When you place an extended alert on your credit report, you're entitled to two free credit reports within twelve months from each of the three nationwide consumer reporting companies. In addition, the consumer reporting companies will remove your name from marketing lists for pre-screened credit offers for five years unless you ask them to put your name back on the list before then.


To place either of these alerts on your credit report, or to have them removed, you will be required to provide appropriate proof of your identity: that may include your Social Security number, name, address and other personal information requested by the consumer reporting company.


When a business sees the alert on your credit report, they must verify your identity before issuing you credit. As part of this verification process, the business may try to contact you directly. This may cause some delays if you're trying to obtain credit. To compensate for possible delays, you may wish to include a cell phone number, where you can be reached easily, in your alert. Remember to keep all contact information in your alert current.



What is an identity theft report?


An ID Theft Report can be used permanently block fraudulent information from appearing on your credit report. An ID Theft Report will also make sure these debts do not reappear on your credit report. An ID Theft can prevent a company from continuing to collect debts that result from identity theft, or selling them to others for collection. It’s also needed to place an extended fraud alert on your credit report.


An identity theft report may have two steps can be used to block fraudulent information from appearing on your credit report. It is also needed to place an extended fraud alert :


- Step One is a copy of a report filed with a local, state, or federal law enforcement agency, like your local police department, your State Attorney General, the FBI, the U.S. Secret Service, the FTC, and the U.S. Postal Inspection Service. There is no federal law requiring a federal agency to take a report about identity theft; however, some state laws require local police departments to take reports. The law requires the report to provide as much information as you can about the crime, including anything you know about the dates of the identity theft, the fraudulent accounts opened and the alleged identity thief. If you do not provide detailed information, it may be impossible for consumer reporting companies and creditors to comply with your requests.


- Step Two of an identity theft report depends on the policies of the consumer reporting company and the information provider (the business that sent the information to the consumer reporting company). That is, they may ask you to provide information or documentation in addition to that included in the law enforcement report which is reasonably intended to verify your identity theft. They must make their request within 15 days of receiving your law enforcement report, or, if you already obtained an extended fraud alert on your credit report, the date you submit your request to the credit reporting company for information blocking. The consumer reporting company and information provider then have 15 more days to work with you to make sure your identity theft report contains everything they need. They are entitled to take five days to review any information you give them. For example, if you give them information 11 days after they request it, they do not have to make a final decision until 16 days after they asked you for that information. If you give them any information after the 15-day deadline, they can reject your identity theft report as incomplete; you will have to resubmit your identity theft report with the correct information. You may find that most federal and state agencies, and some local police departments, offer only "automated" reports, reports that do not require a face-to-face meeting with a law enforcement officer. Automated reports may be submitted online, or by telephone or mail. If you have a choice, do not use an automated report.


The reason? It's more difficult for the consumer reporting company or information provider to verify the information. Unless you are asking a consumer reporting company to place an extended fraud alert on your credit report, you probably will have to provide additional information or documentation when you use an automated report.



What do I do if the local police won't take a report?


There are efforts at the federal, state and local level to ensure that local law enforcement agencies understand identity theft, its impact on victims, and the importance of taking a police report. However, we still hear that some departments are not taking reports. The following tips may help you to get a report if you're having difficulties:


• Furnish as much documentation as you can to prove your case. Debt collection letters, credit reports, provide a copy of your printed ID Theft Complaint and a copy of "Remedying the Effects of Identity Theft" which shows that police reports are necessary to secure your rights, and other evidence of fraudulent activity can help demonstrate the legitimacy of your case.

• Be persistent if local authorities tell you that they can't take a report. Stress the importance of a police report; many creditors require one to resolve your dispute. Remind them that consumer reporting companies will automatically block the fraudulent accounts and bad debts from appearing on your credit report, but only if you can give them a copy of the police report. In addition, a police report is needed to obtain the fraudulent application and other records the company has.

• If you're told that identity theft is not a crime under your state law, ask to file a Miscellaneous Incident Report instead.

• If you can't get the local police to take a report, try your county police. If that doesn't work, try your state police.


Some states require the police to take reports for identity theft. Check with the office of your State Attorney General www.naag.org to find out if your state has this law.



How do I prove that I'm an identity theft victim?


Applications or other transaction records related to the theft of your identity may help you prove that you are a victim. For example, you may be able to show that the signature on an application is not yours. These documents also may contain information about the identity thief that is valuable to law enforcement. By law, companies must give you a copy of the application or other business transaction records relating to your identity theft if you submit your request in writing. Be sure to ask the company representative where you should mail your request. Companies must provide these records at no charge to you within 30 days of receipt of your request and your supporting documents.


You also may give permission to any law enforcement agency to get these records, or ask in your written request that a copy of these records be sent to a particular law enforcement officer.


The company can ask you for:

• proof of your identity. This may be a photocopy of a government-issued ID card, the same type of information the identity thief used to open or access the account, or the type of information the company usually requests from applicants or customers, and

• a police report and a completed affidavit, which may be the ID Theft Affidavit (PDF, 56 KB) or the company's own affidavit.



Should I apply for a new Social Security number?


Under certain circumstances, the Social Security Administration may issue you a new Social Security number - at your request - if, after trying to resolve the problems brought on by identity theft, you continue to experience problems. Consider this option carefully. A new Social Security number may not resolve your identity theft problems, and may actually create new problems. For example, a new Social Security number does not necessarily ensure a new credit record because credit bureaus may combine the credit records from your old Social Security number with those from your new Social Security number. Even when the old credit information is not associated with your new Social Security number, the absence of any credit history under your new Social Security number may make it more difficult for you to get credit. And finally, there's no guarantee that a new Social Security number wouldn't also be misused by an identity thief.


 More


 
 
 

 Top

 
       
© 2006-2011 by GSO •  Contact