Aug 2004
User-Friendly Identity Theft
08/26/2004 01:06 Filed in: Technology
Trust no one..especially on the Internet...
Criminal attempts to steal your identity on the internet are getting more and more sophisticated. Take for instance an email I received a few minutes ago.
In this email, which according to the return address came from eBay, I was told that my account had been compromised and until I verified my identity, I would not be allowed to make any transactions on the site.
Take a look at this message closely:
If you want to compare the originators of this email to counterfeiters, these guys are professionals. Even I thought this was real at first. And actually, I've had faked eBay emails before, where they asked for my account information, but they were obvious fakes. But not this one. All of the links in this email will actually take you to the the genuine ebay website (http://www.ebay.com) with the exception of ONE. If you click on the "Need Help" link in the top right hand corner, it takes you right to a genuine eBay help screen on their website.
So, according to the letter, if I want to begin using my eBay account again, I have to click on the link, http://signin.ebay.com/aw-cgi/eBayISAPI.dll?Verify. But when I click, it doesn't take me to eBay. This is just merely linked text that actually takes me to another site. When I clicked this link in the email, this is what I got:
This looks like, I'm officially on the eBay website. The average person may not even notice that the URL is not right. Notice that although the URL has the word, "eBay" in it twice, I've actually been taken to a website called "pornosin.com."
If a person attempts to login, thinking they're on the eBay site, they will unwittingly give away their login name and password to these creeps. What that means is that someone can offer an item for sale on eBay under your name, collect the money, and then never deliver the goods which probably didn't exist anyway. Pretty scary, huh?
Well, actually, it gets scarier. Let's say someone gets this email who is not an eBay member (the senders don't really know; they're just sending them out to every email address they have). Let's say someone who is not a member decides to go with the option on the left and sign up for a new eBay membership. Then you're taken to THIS SCREEN:
This is SO scary. All someone needs to steal your identity is your Social Security number, your birthday, and your mother's maiden name. On the above form, not only are you giving that information to these scum, but you're also giving them a gold key to your credit card and your bank account. They would have your accounts wiped out in a matter of minutes.
I really feel for people who fall for this kind of stuff. It can happen to anyone, but especially if you aren't being extra careful. So what can you do to make sure you aren't being duped? Start with these steps:
1. If you get a message like this, never click on the link and then give away personal information on a website it takes you to. If you have an account with eBay or some other company that you feel is in jeopardy, go directly to that website. If possible, dig through the contact screens for an actual phone number so that you know you are talking to a real person and verify anything that sounds out of the ordinary.
2. Never send personal information such as credit cards, social security numbers, banking information in an email. Never. Not even to someone you know. It's VERY easy to intercept mail.
3. Check your credit report regularly--one or two times a year. A couple of weeks ago, I paid about $30 to see what my credit report looked like from all three of the main bureaus. This is the quickest way to see whether or not anyone has stolen your identity. Fortunately I didn't see any indication that someone is pretending to be me, however I did come across a number of mistakes on the report which I am now in the process of correcting.
4. Finally, when you get something by way of internet that you know is definitely a scam, file a complaint with the FBI at http://www1.ifccfbi.gov/index.asp
In fact, guess what I have to do RIGHT NOW...
Criminal attempts to steal your identity on the internet are getting more and more sophisticated. Take for instance an email I received a few minutes ago.
In this email, which according to the return address came from eBay, I was told that my account had been compromised and until I verified my identity, I would not be allowed to make any transactions on the site.
Take a look at this message closely:
If you want to compare the originators of this email to counterfeiters, these guys are professionals. Even I thought this was real at first. And actually, I've had faked eBay emails before, where they asked for my account information, but they were obvious fakes. But not this one. All of the links in this email will actually take you to the the genuine ebay website (http://www.ebay.com) with the exception of ONE. If you click on the "Need Help" link in the top right hand corner, it takes you right to a genuine eBay help screen on their website.
So, according to the letter, if I want to begin using my eBay account again, I have to click on the link, http://signin.ebay.com/aw-cgi/eBayISAPI.dll?Verify. But when I click, it doesn't take me to eBay. This is just merely linked text that actually takes me to another site. When I clicked this link in the email, this is what I got:
This looks like, I'm officially on the eBay website. The average person may not even notice that the URL is not right. Notice that although the URL has the word, "eBay" in it twice, I've actually been taken to a website called "pornosin.com."
If a person attempts to login, thinking they're on the eBay site, they will unwittingly give away their login name and password to these creeps. What that means is that someone can offer an item for sale on eBay under your name, collect the money, and then never deliver the goods which probably didn't exist anyway. Pretty scary, huh?
Well, actually, it gets scarier. Let's say someone gets this email who is not an eBay member (the senders don't really know; they're just sending them out to every email address they have). Let's say someone who is not a member decides to go with the option on the left and sign up for a new eBay membership. Then you're taken to THIS SCREEN:
This is SO scary. All someone needs to steal your identity is your Social Security number, your birthday, and your mother's maiden name. On the above form, not only are you giving that information to these scum, but you're also giving them a gold key to your credit card and your bank account. They would have your accounts wiped out in a matter of minutes.
I really feel for people who fall for this kind of stuff. It can happen to anyone, but especially if you aren't being extra careful. So what can you do to make sure you aren't being duped? Start with these steps:
1. If you get a message like this, never click on the link and then give away personal information on a website it takes you to. If you have an account with eBay or some other company that you feel is in jeopardy, go directly to that website. If possible, dig through the contact screens for an actual phone number so that you know you are talking to a real person and verify anything that sounds out of the ordinary.
2. Never send personal information such as credit cards, social security numbers, banking information in an email. Never. Not even to someone you know. It's VERY easy to intercept mail.
3. Check your credit report regularly--one or two times a year. A couple of weeks ago, I paid about $30 to see what my credit report looked like from all three of the main bureaus. This is the quickest way to see whether or not anyone has stolen your identity. Fortunately I didn't see any indication that someone is pretending to be me, however I did come across a number of mistakes on the report which I am now in the process of correcting.
4. Finally, when you get something by way of internet that you know is definitely a scam, file a complaint with the FBI at http://www1.ifccfbi.gov/index.asp
In fact, guess what I have to do RIGHT NOW...
|