As this comic strip illustrates, we can be our own worst enemy when it comes to exposing ourselves to risks of identity theft and crime. Increasingly, scammers will provide you with significant valid information such as your name, credit card number and issuing bank in order to gain your trust and solicit additional information such as the 3 digit card security code (CSC) with which they can more easily perpetrate various types of financial fraud.

Through twitter, we connected with the good people at Broadband for America to bring you this article about three common online identity theft myths.

Thanks to identity theft awareness programs, many people are now exercising increased caution when online. Most folks understand the danger in revealing too much personal information on the Internet, or falling for phishing scams. However, there are still some persistent myths that may be keeping you from protecting yourself and your identity. Here we will look at just three of these myths, and the facts that lay behind them.

Myth 1: I know what those scams look like, bad spelling and terrible English- who falls for those things anyway?

Fact: Indeed, many people are familiar with the obvious signs of a scam. So many people are wise to these frauds that scammers have begun to outsource their products and develop corporate-like organizations to work…(continue reading)

I noticed today that the email address we have set up to take inquires and message regarding our twitter account has been hit with a few spam emails that clearly phishing emails. I thought I would share them here for your amusement and enjoyment. Please do NOT click on any links or visit these websites as they main contain harmful content. If you receive emails such as these do not click on any links or download, preview or click on any attachments. Mark them as junk or spam in your mail and delete. If you wish, you may report them to the FBI’s Internet Crime Complaint Center at ic3.gov

***

From: HSBC Support Holding plc [helpdesk@hsbc.co.uk]

Subject: YOUR ONLINE ACCOUNT HAS BEEN DEACTIVATED

Dear customer:

After the week verification of your online activity we have determined to suspend your online account.

Your online account has been deactivated (reason: suspicious activity on this account).

Even if your online services has been disabled, the data may still be available for up to 10 days, after which it will be deleted.

If you feel this deactivation is in error, please fill the active contact customer form as soon as possible at the next link: http://www.hsbc.co.uk.hsbc-deactivated.com/1/2/

Thank you,

HSBC Support Holding plc

http://www.hsbc.co.uk

helpdesk@hsbc.co.uk

Toll-Free: 08457 400 004

***

From: HM Revenue & Customs [help.desk@hmrc.notify-online.co.uk]

Subject: HM Revenue & Customs [help.desk@hmrc.notify-online.co.uk]

NOTE: There is an attachment called “attached_form.pdf.html” 24KB

TAX RETURN FOR THE YEAR 2009

RECALCULATION OF YOUR TAX REFUND

HMRC 2008-2009

LOCAL OFFICE No. 3819

TAX CREDIT OFFICER: David Craig

TAX REFUND ID NUMBER: 381716209

REFUND AMOUNT: 327.54 GBP

Dear Applicant,

I am sending this email to announce: After the last annual calculation of your fiscal activity we have determined that you are eligible to receive a tax refund of 327.54 GBP

You have attached the tax return form with the TAX REFUND NUMBER ID: 381716209, complete the tax return form attached to this message.

After completing the form, please submit the form by clicking the SUBMIT button on form and allow us 5-9 business days in order to process it.

Our head office address can be found on our web site at http://www.hmrc.co.uk/

Sincerely,

David Craig

HMRC Tax Credit Office

Preston

PR1 0SB

http://www.hmrc.co.uk/

ID Experts on KATU News:

A few news stories have been circulating about the looming identity theft threat to couples who have decided to tie the knot. Thieves prey on our deepest and strongest emotions, and two people madly in love and about to take the plunge are certainly full of emotions and stress. Stress makes us more apt to decide quickly, without thinking the situation through. The sense of relief we feel may encourage us to accept an offer that seems “too good to be true” when we might otherwise hesitate. Our families and friends may also be targeted, for much the same reasons. Think like a thief- on average weddings cost over $20,000 and guest gifts range between $50-150 each. That places a rather large bulls-eye on anyone involved. Here is just a small list of the kinds of scams that are lurking out there:

• Fake vendors- these are identity thieves or card frauders. They are online, at bridal shows, and call individuals out of the blue. You may be even approaching them for a genuine service advertised in the classifieds or a bridal magazine, or it may be a “sweepstakes”. As part of the “contract” or “application” you answer personal questions in great detail or provide a credit card number that is later used to defraud you.

• Fraud vendors- this category is not technically identity theft, but still leaves you stung. Often you are promised a “free” sample and hand over your credit card for shipping and handling, and then find yourself with outrageous charges. Vendors take a deposit for renting you an item as pictured on their site, and when the big day comes, nothing arrives or what arrives bears little resemblance to the model. Sweepstakes and Giveaways should be especially scrutinized if you get a call and you “won” – there may be strings attached.

• Crooks- these people take advantage of the fact you share so much about your event. They may rob your house while you’re exchanging rings, or wait until you’re away on honeymoon. While everyone at the reception is distracted, they snatch purses or sneak into hotel rooms. Honeymooners are easily targeted by pickpockets, camera snatchers, and hustlers.

• Disappearing act- this can be anything from a deposit you paid disappearing from the books to a company suddenly going bankrupt. Bankruptcies are up 47% from last year, so this is a big concern. While insurance can help protect you, it is important to purchase coverage carefully.

• Malware – There are tons of “free” applications out there to help out couples. Cost calculators, dress design software, websites, countdown clocks, reminders, calendars, the list goes on… Then there are the flash animations and videos of weddings, decorations, crafts, flowers and more. However, some of these may contain harmful code that could harvest your information and place you at risk for identity theft and fraud.

• Robocalls and junk mail – While shopping around online or in person, you’re often asked to leave your contact information. This can result in an increase in junk mail offers and robocalls. Some of these are likely phishing attempts, and are cleverly disguised. Another risk with increased junk mail is the possibility of mail theft going unnoticed for a longer period of time. Pre-approved credit card offers may inflate your mailbox, also increasing your risk of fraud.

• “In distress” scam- this is commonly used while a couple is on honeymoon, but can strike at any time. Fraudsters may call, email, or take over your email or social networking accounts to contact your friends and family claiming to need emergency money. Excuses range from medical emergencies, to being kidnapped. Often they have “been robbed” and need the money to get home. The rest is ALWAYS to wire money or send Western Union.

• YOU – of all the threats, YOU might be your own worst enemy. Many couples have wedding announcements; send emails, e-vites, wedding websites, social networking pages, online gift registries with their personal information, personal details, family details, and wedding, reception and honeymoon specifics available to the public at large. Brides and grooms alike tend to become excited and may share greater detail about themselves, their partners and the event with coworkers and friends… and florists, photographers, DJs (or anyone else who will listen).

With a few minor changes and some awareness, you can still have all the bells and whistles to your big day while keeping your friends, family and your identity safe.

• Assume the numbers and addresses you are using to contact vendors, get quotes, order catalogs are going to be stolen, traded and sold over and over. Set up a PO Box and a separate number to use for your contact information.

• Contact the Better Business Bureau in your area about any vendor, sweepstakes, or service you are going to fork over a large amount of money to, or that you are unfamiliar with. Do this before you provide them any personal or contact information.

• Always assume that calls you receive are compromised and never reveal any personal information. You may trust calls you initiate to a trusted business more, but still exercise caution.

• Read ALL fine print carefully. TWICE.

• Keep all receipts; require everything in writing and document, document, document. Go over all your credit card and bank statements monthly and notify your financial institution right away if you notice any unusual activity.

• Quarantine. Don’t use the same passwords or email account for your social networking sites, registry, and wedding webpage. You should never attach your “trusted” email account you have been using to communicate with your friends and family to another site. A compromise of a social networking site can easily lead to an email compromise, and makes it easier for fraudsters to contact your entire address book for money. If your quarantined email is hacked and messages sent to all your friends, they should be more cautious since it is a different email than they are used to communicating with you. This will buy you enough time that you can then use your “trusted” email account to notify them all of the fraud (or better yet- call them!).

• Never send money Western Union- this is one of the few ways you can send money and never get it back. Provide contact information to their nearest consulate if you are met with this scam online.

• Limit access to personal information- If you are going to list the details of your big day and honeymoon, look for websites that allow you to create a wedding website for friends only, or that is password protected so you can control who has access.

• Be careful of accidentally revealing personal information like your mother’s maiden name (which may be derived from guest lists or online friend list on social networking sites) and your date or place of birth. Also, you will be asked a lot of questions so people can “get to know you” before your big day- make sure none of these questions and answers correspond to the security questions of any account you have. Go through each online account and determine what questions are asked if you click “I forgot my password”. You may wish to change those answers.

• Find gift registries that allow you to control privacy, and insist on revealing as little about yourself as possible. Gift registries often offer a disturbing amount of detail about you, and often are generally open to the public.

Check your credit reports regularly with www.annualcreditreport.com or by calling 1-877-322-8228.  If you do experiance fraud or a scam, report it to your Better Business Bureau and the FTC and place fraud alerts with the major credit bureaus.

Scammers and identity thieves often take advantage of fears, hopes and dreams. This is what makes some of their crimes so emotionally devastating to victims. Often the fraud or scam they are running appears to be the only hope in the victim’s life, until the true intentions are revealed.

Current events are always a draw for scam artists, and exploiting consumers by playing on their most vulnerable emotions remains the most lucrative sources of income. Before you hand over information or money, stop and think about how emotional you are at that moment. If your emotions are running high, maybe it is time to cool it. Ask if you can come back tomorrow, or call them back at another time. If they insist that it must be done right away, or otherwise hurry you- it is probably a good sign that this is a scam. Scammers don’t want you to take the time to check with the Better Business Bureau or your local police- they want your money now, and they will tell you whatever you need to hear to believe that “time is running out” or it is a “limited offer”.

Particularly during this tough economic state, people are turning to others for help and are often taken in by crooks. When you combine this fear with a confusion about where to access legitimate resources, you are asking for trouble. Many Attorney General’s offices, privacy bloggers, and security professionals have made an effort to bring exposure to the real assistance available to those who are experiencing woes during this recession. Thanks to their efforts, I have compiled a Guide to Identity Theft and the Recession which can be found here.

Do you know of additional resources or scams I did not mention? Please comment below, or follow us on Twitter @idexperts

The newest phishing attack to hit Twitter yesterday was a type of cyberscam called typo-squatting. This falls under a more generic term, cybersquatting. This attack took advantage of the similarities between a double v (tvvitter) and a w (twitter) to scam you into revealing your login information.Other typo-squatting simply takes advantage of the pay-per-click system to rack in money that should be coming to your organization. According to a recent independent report, cybersquatting increased by 248% in the past year.

Fairwinds Partners, an internet strategy consulting firm, estimates that a company such as Myspace, who has 5.94 % of its traffic being diverted to its top ten typo pages stands to “lose the marketing equivalent of between $400,000 and $700,000 each month”. Although the Anticybersquatting Consumer Protection Act (ACPA) was intended to protect against these scams, they are still common enough to present a real danger to customers and companies.

There are several ways that users can try to protect themselves against typo-squatting. Microsoft has suggested settings to enhance your browser. They have even developed a download called Typo-Patrol. More simply, you can avoid clicking on links to navigate to websites and type carefully each web address you visit. As an organization, there are several companies that will help you prosecute typo-squatters and monitor for cybersquatting. You may also may use the Uniform Domain-Name Dispute-Resolution Policy website to lodge a dispute. You may also wish to visit the Coalition Against Domain Name Abuse for more resources.

Today I was asked several times about social networking and job hunting. The question on everyone’s lips is, “What do I have to watch out for?”

Computerworld reports that one in five companies search social networking sites during the hiring process, although many experts believe that number is much higher. You may think that you’re immune because you don’t have any MySpace, Twitter or Facebook accounts- but read on and you will find that is far from the truth.

• Do a search on yourself. Try Google and Pipl. Search for the same items that appear on your resume and application- name, addresses, phone numbers, user names, email accounts and professional groups are all gateways to finding your profile

• Be aware of professional name squatting and company squatting. There are those who scoop up usernames and create profiles using professional information belonging to you. You can usually get access to these profiles, but at a cost. You do not have to buy the impostor login from the squatter, but be aware that if you found it while searching for information about you, your employer will see it too. There are plenty of online reputation management companies that will help you change the order of appearance of your legitimate profiles in search rankings, and even some that will help you reserve your name and user profile on multiple social networking sites for a small fee. Others still will help you create positive chatter to help drown out any negative or misleading pages.

• Even if you delete the profile, page or photos they may not be gone. Internet archives are still searchable. Photos can be especially difficult to delete entirely.

• Who you keep company with says a lot about you. Your profile might be clean and professional, but if your buddy has pictures of the two of you on your last pub crawl, it can damage your chances of landing the job. Use the privacy settings on your profiles wisely!

• Many people are transitioning between being laid off and job searching maybe angry about the economy and the way they were shown the door. Keep a lid on negative comments about your former employer, just as you would during an interview.

• Be careful of professional identity thieves. I don’t mean people who steal identities for a living, I mean people who troll profiles like LinkedIn to create fake resumes to get hired at companies using real information from other people. The more personal information available on your profiles and resumes the easier it will be for a person to commit identity theft, professional identity theft or gain access to your online profiles by correcting guessing your secret questions. Consider removing details like the names of companies, schools and organizations as well as dates and addresses. Change your profiles slightly to use generic terms such as “Privacy officer for major health organization in Silicon Valley” instead.

• Social networking has become popular way to search for jobs as well. There are classifieds on MySpace, and the ever popular Craigslist- but these are often full of scammers lurking in wait. Offers that sound too good to be true probably are. Stay aware from offers that involve wiring money, processing money orders or otherwise acting as a “broker” for transferring funds. Check the company out using Better Business Bureau, your local police, or other methods before proving any personal information such as date of birth, social security number or showing up for an interview

• If you are offering your services, be careful of people who may be looking for an excuse to come to your home to “case” it for a robbery later. Also watch out for offers to pay you more than what you asked.  You may cash the check, but once the bank processes the phony funds, you will be left holding the bag. Be careful in responding to emails about your job posting as they may be from bots used by spammers or scammers trying to verify that there is a person on the other end of the email.

Bottom line: beware of what you post, delete does not always mean gone forever, use your privacy settings, and be aware of intential and unintential impostors. The last is a warning for both employers and employees. This is why it is so important to know what comes up out there under your name and details- if there is a person sharing your name, area, and has a similar address you may want to directly address that issue in a cover letter or interview. Don’t worry about bringing it up- It shows that you care about your reputation, and that you’re tech saavy.

Rebecca got the call, I got the call- almost everyone I know got the call. It starts with “Our records indicate that the factory warranty on your vehicle has expired or may be expiring soon….” Others reported auto dialers contacting them about lowering interest rates, or other services. The third or fourth time Rebecca got the call she asked me if she should hang on the line to try to talk to them, or press 0 for an operator. I explained that until more is known about the phone call, pressing any options or speaking to a representative may make the situation worse. According to the National Consumers League’s National Fraud Information Center, by responding to this obvious scam phone call by pressing a number, you are letting the dialer know that there is a live person on the other end of that phone. You could even be providing the proper tones or voice commands for them to record and use later for fraudulent authorizations. Diligently, we hung up every time. Likely, we got caught up in telemarketing call that has the Better Business Bureau and Federal Trade Commission flooded with complaints. Recently, it grabbed the attention of a politician in D.C..  The New York Times reports, “Mr [Charles E]. Schumer, Democrat of New York, was in a meeting on Capitol Hill last week when he picked up his cellphone, triggering a phony, prerecorded sales pitch, ostensibly for an extended vehicle warranty. Irate, Mr. Schumer became one of an estimated 30,000 Americans to make complaints about the robocalls with consumer protection authorities. He held a press conference to rail against the “’robo-dialed harassment.’” The Better Business Bureau offers the following advice when dealing with these companies: Never give personal information, including Social Security, bank or credit card numbers, over the phone to an unknown telemarketer. • Read your manufacturer’s warranty and contact your dealer or manufacturer to ensure that you are not purchasing duplicate coverage. • Consumers can place their phone numbers on the Federal Do Not Call List by visiting www.donotcall.gov. If a consumer is already on the list but continues to receive telemarketing calls, he or she can use the same Web site to report incidents to the Federal Trade Commission. • To find trustworthy auto warranty companies, consumers can check out BBB Reliability Reports online and free of charge at www.bbb.org. For more information or to schedule an interview with a BBB spokesperson, contact Alison Southwick at 703-247-9376.

A great blog by Beth at the Better Business Bureau reminds us that things are not always what they seem. According to Beth, she thought she was being smart. She would, “diligently check my email account for unwanted emails from businesses. I was ridding my inbox of random coupon offers, newsletters, etc.  and would happily sacrifice time surfing the web to visit every ‘opt-out’ page. I would even leave comments when prompted to do so.”

Until she found out that what she was doing was probably sending a message to a spammer or potential identity theft.  She writes:

The Spamhaus Project, an “international non-profit organization whose mission is to track the Internet’s spam operations”, confirms my friend’s advice.According to the organization, spammers send out millions of emails every day. They do not know which are active. And by clicking an opt-out link or responding with a “remove me from this list” message, they know

1.) that your email address is real and active;

2.) your ISP doesn’t use spam filters;

3.) you open and read spam;

4.) and that you’ll follow the directions given in the email, like “click here to remove”!

Spamhaus informs individuals to never respond to spam emails. They do recommend filing a spam complaint with the spammer’s ISP. The FTC also advises spam recipients to forward the email to the FTC’s spam address: spam@uce.gov. The agency compiles information received here to “pursue law enforcement actions against people who send deceptive email.”

A warm thank you to Beth, for sharing her revelation and keeping us on our toes. Remember that even the most educated and informed individual can mistake a spam email for a legitimate one, so exercise caution. Opening an email, clicking a link or forwarding the message could pose a security threat to you, your ISP and anyone you shared the email with. No spam filter is perfect, and thieves are clever. For more on keeping one step ahead of the scams, head over to the Better Business Bureau Top 10 Scams page here.