Illustrations by Mark Matcho
|
Scams Unmasked!
By Sid Kirchheimer, May & June 2006
Identity thieves have more tricks than ever—and so should you. Here are the best and latest ways to keep crooks from stealing your name and your money (adapted from Scam-Proof Your Life)
|
Spreading the word on how to sidestep scams is my business. And sometimes I
get to practice what I preach.
I had just finished speaking with one fraud victim—a retired
salesperson from Georgia bilked out of $4,500 in a bogus work-at-home
scheme—when my telephone rang.
"Hello," said a pleasant voice. "I'm calling from your
mortgage company. And I see from our records that you may qualify for a lower
loan rate."
Interestingly, she did not mention the name of the company that gets my
monthly mortgage check. Even more telling was the fact that I had refinanced
just two months earlier—and mortgage interest rates had climbed since
then.
"Really?" I replied, glancing at the caller ID gizmo on my desk.
"Tell me more." The incoming call was marked private. It was about
8:00 in the evening, a time when most mortgage-loan officers are home digesting
dinner.
"Well, sir," she said, "based on your excellent credit
history, I think we can save you hundreds of dollars a month with our much more
attractive rate."
"Is that right?" I encouraged her. "What's the
rate?"
"Before I can answer," she replied, "I just need to verify
some information—your Social Security number and bank account
numbers—to make sure they match our records and that you really qualify
for this great mortgage rate."
Hmm. "Do you know my name?" I asked her, since she hadn't used
it yet.
She gave the one listed in the phone book—which is not Kirchheimer. To
spot telemarketers, who continue to phone my home despite my enrollment in
the National Do Not Call
Registry, I use a pseudonym as my white pages listing (having an unlisted
number costs extra).
"Seriously," I said, "do you expect me to fall for
this?"
She gave a harsh little laugh. "You'd be amazed how many people
do," she sneered. And then she hung up.
Actually, I wouldn't be amazed—and neither should you. Last year
almost 9 million Americans were robbed of private financial information, and
half didn't know how the damage was done—their credit cards maxed
out, bank accounts cleaned out, or credit ratings sunk after criminals took out
loans in their names.
Yes, the national epidemic of identity theft is still with us, courtesy of
telephone and email scams, card "skimming" at cash machines and
merchants, wayward checks, stolen wallets, and wholesale downloading of company
data.
The biggest source of U.S. consumer fraud, identity theft takes an enormous
toll. Criminals posing as other people last year ripped off a record $56.6
billion in cash, goods, and services. While two thirds of victims had no
out-of-pocket expense (because banks and credit card companies seldom ask
victims to cover any charges), for about 3 million folks the average cost of
repairing their credit was nearly $1,200. And for all victims the average time
to set the record straight was 40 hours.
Fortunately, the growth of ID theft seems to be slowing. After cases reported
to the Federal Trade Commission (FTC) nearly tripled from 2001 through 2004,
last year's increase was just 3 percent. And the biggest annual survey on
the subject, by the Better Business Bureau and Javelin Strategy & Research,
showed the number of victims declined slightly for a second consecutive
year.
But that doesn't mean you can let down your guard. On the contrary, with
consumers getting wise to the ways of identity thieves and altering habits to
thwart them, you can bet the scamsters will do their best to sabotage your
basic protective measures. Which is why, in addition to the time-tested actions
everyone should take, I recommend an additional layer of safety that even the
wiliest crook will find tough to crack.
Your Documents
Good Move: Lighten the Wallet The most frequent source of information for ID
thieves is you. According to the Javelin survey, among victims who knew how
their numbers were pilfered, 30 percent of frauds began with a lost or stolen
wallet, checkbook, or credit card. So rule number one is "Leave home
without it." Don't carry a crib sheet with PIN codes for your plastic;
don't carry your Social Security card. And that check you tote everywhere
"just in case"? It's a needless risk. One credit card will pull
you through most emergencies—and is easy to cancel in case of theft.
Better Move: Lock 'Em Up Here's a statistic that may surprise you:
one in seven cases of ID theft traced to a source turns up a family member or
other trusted associate the victim shouldn't have trusted. So it's no
use leaving things home if they're vulnerable there, too. Your checkbook,
cards, and any important papers (such as mortgage, insurance, and investment
records) should be under lock and key wherever they are. A locking metal file
cabinet or desk drawer may be the answer.
Your Credit
Good Move: Monitor All Accounts Though some banks alert you to unusual
activity on a credit card, it's more likely you'll detect a crime
before your bank does. In 2005, Javelin found, frauds first noticed by victims
were uncovered a month sooner than those financial institutions fingered.
Besides regularly checking credit card and bank statements, it's good to
scan your credit history for inquiries on existing accounts and applications
for new loans. You can get one free credit history annually from each of the
three major bureaus (Experian, Equifax, and TransUnion) at
www.annualcreditreport.com. By rotating your requests, you can receive a report
every four months.
For a monthly fee you can also get credit-monitoring services to notify you
of activity. These services mushroomed in recent years as identity theft
reached critical mass, but some take a week or longer to alert you. Sift
through the competition until you find one with daily alerts via email.
Better Move: Freeze Access Recent laws in eight states let you freeze access
to your credit file to keep anyone—legit or not—from reviewing your
standing or opening loans in your name. A burgeoning trend, freeze laws have
been under consideration in at least 18 other states. For consumers who
don't plan to apply for new credit anytime soon, it's a mighty shield,
and convenient, too. The rest of us can benefit with just a few extra
steps.
Freezes that used to be applied by credit bureaus only after ID thieves
struck are available free by law to any citizen in Colorado (starting in July)
and New Jersey. Consumers in California, Connecticut, Louisiana, Maine, Nevada,
and North Carolina can stop credit tampering cold for a small
fee—generally up to $10. And for another $5 or $10 the same eight states
allow a credit thaw when you need a new loan. Freezes are also available by law
to ID-theft victims in Illinois, Texas, Vermont, and Washington.
Your Trash
Good Move: Shred the Evidence Rather than merely folding, spindling, or
mutilating your unwanted mail, feed anything bearing sensitive information into
a crosscut (or "confetti") shredder. This makes it virtually
impossible for garbage divers to read your data or use credit card
"convenience checks" and new offers. While assiduous tearing by hand
can do the job, $75 or less will get you a decent shredder. Heavier-duty models
run to $200.
To make sure mail isn't diverted before it reaches the shredder, get
your letters delivered to a secure location. A street-side mailbox doesn't
make the grade. Police say these boxes are favored targets of ID thieves
looking for checks to steal. A box by your door is a safety improvement; a mail
slot into the house is better still. For even more security, consider renting a
box at the local post office.
Better Move: Opt Out of Offers Spend less time sorting and shredding by
opting out of solicitations for new credit cards, mortgages, or other loans. To
eliminate future trash at its source, call the credit bureaus' dedicated
line at 888-567-8688 from your home telephone or register at www.optoutprescreen.com.
If you call, an automated voice-response system will request your name,
telephone number, and Social Security number; don't worry, the credit
bureau has it already as part of your credit history. You can opt out for five
years or forever. (And if you haven't done so already, by all means
register your phone numbers with the National Do Not Call Registry maintained
by the FTC at 888-382-1222 or www.donotcall.gov. Unless
they're from charities, political groups, surveys, or companies with which
you have ties, telemarketers are barred from calling registered numbers. So
you'll know any call you do get is suspect.)
Your Checks
Good Move: Frustrate Forgers All it takes to empty your bank account, says
fraud fighter Frank W. Abagnale (the former con artist portrayed by Leonardo
DiCaprio in the 2002 movie Catch Me If You Can) is a signed check and a pan of
acetone, the active ingredient in nail polish remover.
Here's the scam: a crook tapes over your signature front and back, then
soaks the check in acetone to wash away everything but the printer's ink
and your John Hancock. Dried and carefully peeled,
it's—presto!—a blank check signed by you. And thanks to
"bounce protection" from banks, the scamster can even overdraw your
account.
Abagnale's cure? He tested major pen brands as part of his second career
advising banks and law enforcement on how to fight check fraud and found only
Uni-ball gel pens resist washing; now the pens carry his endorsement.
Better Move: Use a Blanker Check Even tamperproof checks offer thieves
valuable tidbits—various account numbers—if you obligingly add them
at the payee's behest. "A check can be handled by dozens of people
from the payee's company, its bank, your bank, and various vendors who
process checks," Abagnale notes.
The solution: skip the numbers or just write the last few. "If you
return that payment stub—and you always should—there's no
reason to write your account number," he says. Crooks can use the
information to acquire cell phones and open utility accounts at other
addresses, helping them establish an entire separate identity with your
name.
Your printed checks can also say less. When you order a new batch, have just
your initials and last name printed, and keep phone numbers off them
altogether. Order checks from your bank, not from independent vendors, and seek
out security features such as paper that acetone stains.
Your Monthly Bills
Good Move: Mail Safe As you've probably gathered by now, there's a
lot not to like about checks. Mari J. Frank, a California attorney who became
an identity-theft expert after being victimized herself, suggests you stop
writing checks altogether. Even if you don't, drop bill payments at a post
office or U.S. Postal Service mailbox. That's safer than just putting the
flag up on your own box or leaving letters in an open mail bin at your
workplace.
Better Move: Bank Online Here's another, possibly stronger, incentive
for reducing your dependence on checks: they're on their way out. More than
a third of U.S. households with bank accounts bank online, and because
paperless transactions are cheaper, expect banks to do everything in their
power to launch your accounts into cyberspace, too. The benefits aren't
just the savings on postage, the ease, and the convenience. Financial services
are adding more security—and protections from liability for customers in
the case of fraud—as electronic payments of all kinds become more
common.
Your Computer
Good Move: Scrub That Software Some measures against online ID thieves are
high tech and some are common sense. All are best applied early and often.
Every home computer should have security software that updates regularly; every
user needs to resist the bait from con artists "phishing" for suckers
via email.
The unseen danger comes from "spyware," which sneaks onto your
computer to track your actions online. One kind, known as adware, merely gauges
your interests to help websites predict what advertising might grab your
attention. A more sinister sort of spyware monitors your every keystroke and
reports back to a waiting attacker.
How does spyware infiltrate your computer? By hiding inside a downloaded
program. It can even worm its way in from an email you open or Web link you
click on.
"You should think twice about installing freebie software, no matter
how enticing it appears," says Doug Tygar, a professor of computer science
at the University of California, Berkeley, "and scan your computer once a
week or more with a good anti-spyware program."
Tygar recommends Ad-Aware, itself a free
download—but one you can trust. In an impromptu test I conducted,
Ad-Aware quarantined more than ten intruders that had escaped the notice of a
brand-name $50 anti-spyware program.
To avoid helping crooks invade your computer, remember that messages from
strangers always pose a risk—and that strangers sometimes pose as
friends. Real banks never send emails asking for your account information. Nor
will an Internet service provider. Rather than click on a Web link within
email, type the address yourself or link to it from a search engine. Secure
sites display the padlock icon in the frame surrounding the Web page, not
within it, and have addresses preceded by https—the s stands for
"secure."
Better Move: Evade and Escape The most popular Web browser is
Microsoft's Internet Explorer, which comes installed on most personal
computers along with Microsoft's Windows operating system. Small wonder,
then, that most viruses and spyware are geared to infiltrate it. One way of
ducking the scamsters, Tygar suggests, is using other browsers such as Firefox
or Opera. (Download these for free at www.getfirefox.com and www.opera.com.)
Another maneuver that leaves thieves in the lurch is to get a second (and
sometimes third) free email account from MSN's Hotmail, Yahoo!'s Mail, or Google's Gmail so you can segregate your
online shopping from banking and private correspondence. And don't use your
name or a familiar word as part of any address. Scramble some letters and
numbers instead. These measures will make it a lot harder for phishers to find
you by chance and lure you to scam websites.
Your Pass Codes
Good Move: Guard the Cards About 9 percent of traceable ID thefts in 2004
occurred during transactions offline, the cyberspace term for being out and
about. Perhaps you sent a credit card away with your waiter, who skimmed its
numbers in a magnetic reader, noted the security code on the back, and
duplicated the plastic later. Or maybe the skimmer was installed over the card
slot of a cash machine. Or a perp behind you in line peeked at your
card—that's known as shoulder surfing.
Though I can tell you to never let a credit card out of your sight, paranoia
has its own costs to your quality of life. While it's good to be alert to
unnecessary risks, let your liability be your guide. Credit (though not debit)
card issuers must by law pick up any fraud tab over $50; monitoring your
monthly bill will limit any damage.
At cash machines the basic defense is physical—obstruct the view. When
possible, go inside the bank branch to use the automated tellers—or the
human ones. To reduce the hazard posed by a pirated cash card, call your bank
and request a per-day limit on ATM withdrawals from your accounts.
Better Move: Try Disguises Two can play at switching identities. While you
can't slough off your Social Security number, you can and should obscure
other facts, because using your real birth date as a PIN code, or reciting your
mother's maiden name to every bank, invites trouble. Thieves can ferret out
public records online, notes ID-theft expert Mari Frank. Instead, she says,
"fabricate a maiden name and pick a bogus birthday—ones you can
easily remember, of course."
The same goes for your listing in the telephone directory (it can be changed
with a quick call to your phone carrier). Just as dropping your name from
email addresses helps you fly below thieves' radar, a listing under a name
other than your own allows you to spot junk mail and telemarketing calls in a
snap—as I did with the "mortgage lender" who had my name wrong
when she phoned.
Sometimes a good offense really is the best defense.
Read more about Sid Kirchheimer’s book, Scam-Proof Your Life.
|
