Do you love a discount? You’re not alone. Most people do. And that’s just what Facebook is banking on with their new “Facedeals” project, which sends coupons and discount offers directly to your phone. The only catch: when you use your coupon they snap your picture.

Facebook dealThe program essentially functions as follows: a camera is installed in a business. The camera scans your face as you enter, checks you in on Facebook and sends your phone a text message offering you a targeted discount. A “targeted” discount or deal is a coupon for an item or service that’s viewed as within your range of interests, based on your Facebook “like” history. Merchants use this data to selectively advertise to you, making it more likely you’ll be interested and less likely that they will waste time and resources sending you a coupon for a product you’d never use.

Of course, in order for this program to take effect you must choose to sign up for it, and let Facebook scan and store facial recognition data about you based on your tagged Facebook photos. As more pictures are approved, the app gets more precise in its ability to identify you based on what you look like. Once you sign up for this program you will be automatically identified and tagged at any store or shop you frequent that has a Facebook Camera installed.

No doubt this is another impressive new development in our ever more rapidly advancing technological society. What’s the harm in offering you targeted deals seamlessly and easily right? Well, perhaps none, but certainly there is a potential for misuse and dangerous privacy implications. Mum’s been the word on how this data will be stored, what will be permissible uses for the data, and what if any third parties could request access to such data? Could the government access it under the right circumstances? What about retailers, marketers, or various merchants? You can see that without defined rules, the line could easily be blurred to a dangerous point.

Now everywhere you go, you could potentially be checked in without your knowledge. Every store you visit, every time you leave your house. Once you’ve signed up for this technology there isn’t a way yet to select where you do and don’t want to be checked in, or under what circumstances you feel comfortable broadcasting your whereabouts and purchasing habits to the general public. Once you sign up, it’s entirely plausible that your friends, family, and yes those ultra-aggressive creepy Facebook stalkers can track your daily movement and purchasing habits with a click of a mouse. It’s a spooky thought.

No doubt many will disregard the near certainty of significantly diminished privacy in favor of 50% off a sweet new smart phone cover. But when that creepy ex that you’ve been avoiding since high school just “happens” to bump into you at the mall, don’t say we didn’t warn you.

“Facebook Facedeals Raise Serious New Privacy Concerns” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC_Blog.

In today’s age of electronic commerce it’s sometimes hard to tell what’s the best way to make purchases that don’t require cash. Should you charge it on your credit card, or should you use your debit card and not have to worry about paying it back? For many people the convenience of a debit card is the deciding factor. Also, they feel safe knowing their information is protected by the pin code that they set up when the card was activated. But there are some things that most consumers may not know about the difference between debit card and credit card transactions. Things they should consider when making purchases.

  • Most places do not check IDs anymore when purchases are made using a card. So,anybody can swipe any card when making a purchase and becredit card relatively certain that they won’t need to prove their identity to finish the purchase.
  • A pin code does not have to be used when making a purchase with a debit card. Most card readers will give you the option of running your debit card as a credit card, making the need for a pin code authentication meaningless. You can tell if your debit card will allow this option if it has the Visa or Master Card logo on it.
  • Most credit card companies will give you 30 to 60 days to report fraudulent activity on your card. Since it is a charge account, no actual money has left your bank account and once you successfully dispute the fraudulent charges you will not be held responsible for them.
  • Most debit cards give the user only a 2 to 7 day window to report fraudulent charges. Also, since the card is attached to your bank account, the fraudulent transaction must be completed before the money can be refunded to your account. This process can take up to two weeks. In that time, overdraft charges may be incurred and will have to be disputed with the bank.

Yes, debit cards do offer many conveniences to consumers when making purchases. But those conveniences may leave you vulnerable to fraud and reduce your protections in case your information falls into the wrong hands. When making purchases follow these helpful tips:

  • Use credit cards to make purchases and transaction, especially online.
  • Do not use debit cards when making purchases online. All purchases with a debit card come directly from your bank account. If your debit card number is compromised online you only have a short amount of time to catch and report the fraud. Then, it can take several weeks to recover the money and put it back into your account.
  • Avoid carrying a debit card that carries the Visa/Master Card Logo. These cards can be used exactly like credit cards without the need of a pin code.
  • Use an ATM Only card to access your bank accounts. This card can only be used at ATMs and does require a pin code to access.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Tennessee’s safety department is creating a new unit to investigate identity theft crimes that local law enforcement agencies don’t have the time and resources to effectively investigate. The 14-person unit will include personnel from the Tennessee Highway Patrol and the Tennessee Office of Homeland Security.

The unit will also work with U.S. Secret Service in Memphis and Nashville as well as the Federal Bureau of Investigation. The idea for the new unit came about Tennesseeafter a top to bottom review of state operations and needs. It was apparent to officials that relief available to victims of identity theft and financial fraud in the state was not at the level it needed to be.

The ITRC applauds the creation of units such as this one. As Commissioner of Safety and Homeland Security Bill Gibbons aptly put, “Very few police departments have investigators that have the expertise to investigate these types of crimes. When you go to local law enforcement agencies across the state, they will pretty much tell you that identity crime is one of the toughest types of crimes for them to investigate.”

Gibbons went on to explain that Tennessee law gives the Tennessee Highway Patrol authority to investigate identity theft, though their primary duties are primarily relegated to traffic enforcement. Often the most difficult part of solving these crimes is the fact that they transcend traditional jurisdictional boundaries. In many cases these crimes originate out of state or even sometimes overseas, which is why they are partnering with federal agencies that have wider areas of jurisdiction.

According to Gibbons, they won’t be handling all identity theft cases in the state. Instead, they plan to look at each case individually for certain factors such financial loss, connections to homeland security issues and violation of a state felony theft law, to decide whether to take the case.

The department has also posted a resource kit online for identity theft victims. It can be found at www.tn.gov/safety .

“Tennessee’s New Identity Theft Unit” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC_Blog.

State of Tennessee – Federal and State Resources

When surfing the internet in the privacy of your own home, one might think they are safe from prying eyes, and free to surf the internet without anyone knowing what they’re doing. Unfortunately, this couldn’t be further from the truth. What you do on the internet is information that every retailer and marketing firm wants to know. Why? It’s because these companies use that information to create targeted advertising, which increases sales and thus profits. Targeted advertising simply means that when a company pays for an advertisement they want that advertisement to go to people who will be most likely to purchase whatever the advertisement is selling. For example, sending an advertisement for an expensive boat to someone who is unemployed would most likely be a waste of money.

being watchedCompanies pay for information about your online habits to companies called data brokerage firms or information aggregators. These companies set up thousands of servers specifically to monitor people’s activity on the internet, organize the information to fit a retailer or marketing firm’s needs, and then sell it to the highest bidder. This type of information gathering has set off alarms within the privacy advocacy community as the information collected can at the very least have personal information about you, including age, race, sex, weight, height, marital status, educational level, politics, buying habits, household health worries, vacation dreams and more.

So far, the retail industry has for the most part been self-regulating when it comes to what is right or wrong when tracking you online. According to the World Wide Web Consortium (W3C), an international community where Member organizations, a full-time staff, and the public work together to develop Web standards, privacy advocates and retailers have come to a cautious agreement that an option called “Do Not Track” on web browsers should be available to consumers. When a consumer clicks the “Do Not Track” option, retailers would honor their request and stop their websites from tracking everything that a consumer does on their website. The problem is that all of this is voluntarily and the W3C has no power to enforce any of the standards they promulgate.

Microsoft has added to the controversy over this issue by declaring that their next web browser, Internet Explorer 10, will have the “Do Not Track” option activated as the default setting for their new browser. Retailers and marketers rebuked this idea, threatening not to comply because they believed the standard of complying with the do not track request is only valid if the consumer actively selects it themselves. This latest battle in the protracted war between privacy advocates and the retailing industry has many calling for legislation so that there is some method of enforcing companies to respect the “Do Not Track” option. Surprisingly, several bills have been introduced in both the Senate and the House regarding tracking online consumers. Not surprisingly, all of these bills have been languishing in Congressional committees since 2011. With the attention Microsoft’s move has garnered, the possibility of these bills gaining traction in Congress is becoming more likely.

A bill submitted by Rep. Jackie Speier, the Do Not Track Me Online Act of 2011, requires the Federal Trade Commission (FTC) to create new rules that establish standards for the required use of online opt-out mechanism to let a consumer choose to prohibit anyone from tracking them online. The standards must include a rule requiring covered companies to disclose to the consumer how they collect information and what they do with it, as well as a rule obligating companies to not track consumers if they elect to not be tracked. The FTC would also be given the authority to conduct random audits of covered companies to ensure that they are in compliance with the established standards. For companies not in compliance with these standards, any state attorney general would be permitted to bring a civil action imposing fines up to $11,000 per day with a $5,000,000 maximum cap.

The Do-Not-Track Online Act of 2011, submitted by Sen. John Rockefeller, largely mirrors Rep. Jackie Speier’s legislation; however, his bill lacks any language giving the FTC authority to conduct random audits of companies. While it lacks audit authority for the FTC, Sen. Rockefeller’s bill calls for fines up to $16,000 per day with a $15,000,000 maximum cap.

Lastly, Rep. Edward Markey has put forth the Do Not Track Kids Act of 2011 putting extra emphasis on the protection of children from being tracked online. This bill provides for the same kind of enforceable standards as above, but adds extra standards for minors. This bill would require covered companies to not track children unless receiving parental permission, stop companies from requiring children’s personal information in exchange for allowing the child to play a free online game, and to create an “eraser button” allowing users of a website to erase any current or past information already collected on a minor. While providing a multitude of protections for minors on online, this bill does not provide any recommendations on fines or damages to be paid by companies in violation of its rules.

While it is unlikely that any of these bills will be signed into law in the near future, it is a good idea to keep them in mind as the discord surrounding privacy on the web escalates. For now, the war between retailers and privacy advocates will continue as the struggle for meaningful self-regulation of online tracking makes slow progress. In the meantime, click that “Do Not Track” option if you feel uncomfortable having your online activity monitored and hope that companies are courteous enough to oblige.

“You Are Being Tracked” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Most people would think that the person or people who know them best are family members, close friends, or significant others. Unfortunately, one more category must be added to that list and it may be one that knows you better than anyone else: an information aggregator. Information aggregators, or data brokers, collect information regarding individuals and look to sell this information to marketers seeking to advertise their products to the best targeted audience possible.

watchingThis sounds fairly innocuous until one looks at the actual breadth and scope of information these aggregators are collecting. Reps. Edward J. Markey and Joe Barton along with six other congressman sent letters to nine major information aggregation companies citing an article in the New York Times (“A Data Giant is Mapping, and Sharing, the Consumer Genome”) which explains what exactly these companies do. The article focuses on a company called Acxiom which collects information on nearly “500 million active consumers worldwide, with about 1,500 data points per person. That includes a majority of adults in the United States.” Among these data points include “your age, race, sex, weight, height, marital status, educational level, politics, buying habits, household health worries, vacation dreams – and on and on.” The article goes on to state that Acxiom has 23,000 computer servers processing more than 50 trillion data transactions a year.

Just the data points mentioned are disturbing enough, but to think that these companies have up to approximately 1500 is downright problematic. The Congressmen writing the letters to these companies express their concern that, in addition, to the privacy concerns involved with this so called “data mining”, how companies use this information may lead to another process called “weblining.”

Weblining is a process by which companies will grade each individual and base decisions about them solely in regard to the information they buy from companies like Acxiom. Privacy advocates warn that this way of profiling consumers can lead to different classes of individuals which will receive different offers and attention from different companies. Health insurance, higher education, employment, and financing could all be decided before you ever get in contact with an insurance agency, school, potential employer or lender, all based upon the information gathered and collated by information aggregators. The Congressmen behind these letters are especially concerned with what and how these aggregators are collecting information on children and minors, as this method of profiling could impact them the most.

The lack of transparency and the volume of legally collected information on consumers is not the only concern as these data brokerage firms are extremely attractive to criminal hackers. While it is unsettling to know that a corporation has such intimate details about you and your habits, they are at least following the law (as lacking as it may be) regarding privacy. They take measures to encrypt and protect your data to minimize any information reaching any unintended parties. A criminal hacker who successfully hacks one of these data brokerage firms would potentially have personal information on hundreds of millions of people.

With Congress struggling to pass any meaningful cybersecurity laws regarding protecting or collecting personal information from online consumers, it seems that, for now, the individual consumer can only hope his or her information profile doesn’t exclude them from opportunities in life or end up in the hands of a criminal.

“What is Information Aggregation and Why Should You Care?” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Either through a failed attempt at renewing your driver’s license, an unexpected failed background check during a pre-employment screening, or through some event more traumatizing, like being informed at a traffic stop that you have a criminal record you were not aware of, you’ve discovered that someone has successfully made a fraudulent driver’s license (or state id card) with your information. Now what? I interviewed ITRC’s senior advisor Wilma to get the best tips for resolving driver’s license or state ID fraud.

governmental id theftITRC: What is the most important first step for any victim of driver’s license fraud to take in order to mitigate their case?

Wilma: They should call the DMV Fraud Department in the state where the fraudulent license was issued and inform them that a license was issued in their state using their stolen information.

ITRC: What can be done if the victim needs a new license in the state where as a result of the fraud, someone else already is in possession of a current and active license?

Wilma: When the victim contacts the issuing state’s DMV, the process will vary slightly depending on the state. The victim should ask that particular DMV what they require to be sent to them in order to get the current license suspended or revoked so that the victim can get a valid license issued in his home state.

ITRC: Ok, what next?

Wilma: The victim must file a police report for criminal impersonation/identity theft at their local police dept. They should also check with their local Social Security Office to determine if SSA issued a replacement social security card and how many were issued.

ITRC: And what if the SSA informs the victim that replacement cards they didn’t request have been issued, potentially to the identity thief?

Wilma: In that case, the victim should submit their police report to the Social Security Administrations, and inform them that the prior requests were fraudulent. Request them to furnish you a Work History Report to make sure no one is employed using your Social Security Number. Then check your Credit Reports, and issue fraud alerts. In the event that any fraudulent financial information appears on the Credit Report, the victim will need to contact each of those creditors, inform them that the debt is fraudulent, and submit to each creditor a copy of your police report, along with a written dispute of the charges.

Identity theft is an ever-growing problem. What follows are 5 simple steps anyone can easily take to reduce their risk of becoming a victim of identity theft.

  1. Get that Social Security Card and birth certificate OUT of your wallet/purse/car: I can’t stress this enough, if you’re not going to get a passport or open a bank account, or process your new-hire paperwork for your next job TODAY, then why are your most sacred identity documents still floating around in your purse or wallet? I can’t tell you how often the ITRC works with confirmed identity theft victims whose cases began out of a lost or stolen purse or wallet. Without an SSN or birth certificate, the theft of a wallet is a temporary inconvenience. You’ll have cancel a few credit cards, maybe close a bank account or two, and get yourself a new license from the DMV. If on the other hand if either or both of those documents were inside the wallet or purse when stolen, congratulations; you’ll now be at an exponentially greater risk for identity theft, and numerous other types of fraud….for the rest of your natural existence. That’s not an exaggeration, once a birth certificate or SSN is compromised or exposed; there is NO perfect solution to putting humpty dumpty back together again. You’ve now forced yourself to become the paranoid, mildly panicky consumer you previously may have made fun of.
  2. Shred Your Mail: Most consumers don’t pay attention to the plethora of personal information we throw away in our discarded mail. Our mail often contains vital information that is best protected from the public. Everything from account numbers, contact information, SSN’s, dates of birth, tax id numbers, all can be found in your mailed correspondence. Invest in a shredder and make sure that any document that contains sensitive personal data makes it through the cross cutters before it goes to the trash. Having a locking mailbox is also a good idea.
  3. Check Your Credit Reports: I know you hear this all the time, from a thousand different places right? But do you really understand WHY checking your credit is a good idea? Think of it being similar to a financial X-ray – if you broke your ankle, you would go to the doctor to get it checked out. Chances are a medical professional knows your ankle is broken just from feeling it, but he orders the X-ray anyway. Why? Because the X-ray allows the doctor to identify precisely where the damage is, and hence the best/most appropriate remedy. A credit report is no different. It will show you if damage to your credit worthiness might exist, and may point out where the damage is coming from. Knowing that someone else is using your credit worthiness, and identifying the SOURCE of bad/fraudulent information is obviously the first step in getting it corrected. Checking your credit is the easiest way to find out if someone else is using your financial good name to acquire benefit, at your cost.
  4. Don’t Send Personal Identifying Information (PII) to an Online Employer: Never give your SSN, bank account numbers, or any other personally identifying information (PII) to an employer you’ve never met in person. Searching online for jobs is a fast, convenient way to job search, but consumers should understand that this convenience is not without added risk. If you haven’t had an in person meeting or at least a few phone conversations with your perspective employer, than why does he need your SSN? Make sure you know the organization that may be hiring you before giving any information. Job scams are a very common way for thieves to capitalize on the desperation of others, so make sure you’re careful with what information you send and to whom you send it. A legitimate organization will almost always want an in-person interview before offering a job position.
  5. Don’t Be Lazy with Passwords: Is your password to your online bank account the same as the one to your email, which is the same as the one to your social media page, which is the same as the one to your fantasy sports team? Password laziness is a key way scammers take advantage of you. They find a way to get access to a piece of information that on its own is harmless (maybe a name and the last 4 digits of your social). This seemingly harmless info may be enough to request a password for an online banking account. Now they have access to one account. From there, if you’re not serious about your password selections, you might’ve just made it that much easier for a thief to gain access to your entire life online. Use capital letters and numbers, and change your passwords at regular intervals.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Especially in today’s age of accessible information, parents are more and more protective of their children’s information. This is a wonderful thing because the more aware parents are of the risks to their children for identity theft, the less likely their children will become victims themselves.

If a situation occurs that could put your child’s social security number in danger (stolen wallet, information breach, etc.) It is natural for a parent to protect their child using the steps that an adult would use on themselves. The thing that is important for all adults to understand is that the process for children is very different and can have negative results if attempted.

check

It is important to keep in mind that the credit reporting agencies do not know that a person exists until a credit report is started under their social security number. This usually occurs when credit is applied for, like for a credit card, cell phone, student loans, etc. Another way this can occur is if a parent requests a credit report on their child too often. By frequently inquiring into your child’s social security number with Equifax, Experian, and Trans Union, you run the risk of them viewing your credit checks like those done by a creditor. Checking once a year or even once every two years can start a credit history for your child at an age where they should not and cannot be applying for credit. The longer your child has inquiries but not credit on their credit report, the lower their perceived credit score goes. This will make it tougher for your child to apply for credit when they do turn 18 because it will appear that they have inquired for credit, but never received it.

In order to prevent this from happening:

  • Do not check on your child’s credit report unless there is evidence that fraud may be taking place. This can include:
    • Receiving bills or statements under your child’s name
    • Being told your child already has a bank account when you go to open one
    • Problems claiming your child on your taxes
    • Personal information is lost or stolen.
  • Check your child’s credit report when they turn 16 ONLY if one of the above scenarios have occurred. Checking at 16yrs of age allows you time to clear up any fraud that may be occurring before your child turns 18.

Child identity theft is definitely becoming more prevalent on parents’ radars as cases start to be revealed in the media. It is understandable for this concern, but as stated above a parent can do more harm than good if they are overzealous. For more information on child identity theft you can read the Identity Theft Resource Center’s Fact Sheet on Child Identity Theft. If you still have questions you can always call our victim advisor center toll free at 888.400.5530.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

When most people think of identity theft, they only imagine the financial implications of someone opening up credit cards or writing bad checks. However, there is a whole world of ways that these creative thieves can use a victim’s personal information. One of those ways is medical identity theft and even within this subset of crime there are even more typed of crimes to be committed. One of those is what is called financial identity theft.

Examples of this type of fraud would include a hospital or a doctor billing you for medical services given to another person. The thief may or may not have a copy of your private insurance card. Here are the following steps you should take if you believe you have become a victim of this particular crime.

Ambulance

  1. Contact the billing department of the medical facility or doctor requesting payment. If you are receiving this notice from a collection agency, then contact the collection agency first. Explain that this is a case of identity theft or mistaken identity. If the billing department is reluctant to help, then contact the attending doctor, or the medical facility’s fraud or legal department.
  2. Ask what proof they have that this person is you. There is almost always a physical description of the patient. Does it match you? You might be able to show that your height, weight, skin color, age, blood type, or sex is not the same as the “patient.”
  3. Ask when service was provided. You might be able to prove you were somewhere else during that period.
  4. What service was provided? If surgery was done or a condition was diagnosed, you might be able to prove you don’t have a scar or that condition.
  5. Ask if your Social Security Number (SSN) was used or just a name and address. If your SSN was used, you will need to follow the information in ITRC Fact Sheet 100 – Financial Identity Theft: the Beginning Steps and check your credit reports. This thief may be affecting your credit status in other ways. They may be opening new lines of credit or leaving other collection actions behind.
  6. Ask if this person used your medical insurance card or number. If so, contact your insurance company and report the problem. Ask for a new number on the replacement card. They may also have a fraud department that tracks cases.
  7. File a police report in your city and state of residence. You are a victim of a crime. At your earliest opportunity, obtain a copy of the police report.
  8. Send copies of your affidavit of fraud, the police report, any other supporting documentation proving identity theft to the medical billing department and any additional collection agencies which may be involved. Please remember to mail this documentation certified, return receipt requested.
  9. Once the provider agrees this is a case of fraud or identity theft, get that agreement in writing and keep it in a safe place forever. This is called a Letter of Clearance.

While this seems like an overwhelming amount of activity to clear your name, it is not. It will be difficult and you will be angry that this has happened to you, but it can be rectified. If at any time you need additional help or have questions you can always call the Identity Theft Resource Center at 888.400.5530 to speak with a live Victim Advisor who is trained to help you through this process. There is also additional information on the Identity Theft Resource Center’s website which may be helpful.

If you have scratched below the surface of the avalanche of articles on identity theft, scams, cyber-security, or related topics, you have probably run across the term “spoofing.” However, even many of us that work in the field are not very good at explaining to others what the term means, and the various ways the term might be used. So, here goes….

From www.dictionary.com:

spoof; noun

  1. a mocking imitation of someone or something, usually light and good-humored; lampoon or parody: The show was a spoof of college life.
  2. a hoax; prank.

In the context of cyber-security and related subjects, “spoofing” means providing false information in order to make the intended victim think the communications has come from either someone they know, or a business or entity that they would tend to trust. However, there are a number of types of “spoofing”, some more technical than others:

  • IP spoofing is a technique used to make a computer user think that a particular Internet IP being presented is a safe computer/server, and should be trusted. Most of us don’t directly confront this type of spoofing, and probably are unaware of how it works. Just like phone numbers, IP addresses are supposed to signal a unique address or location across the Internet, so faking an IP address can be used by criminals as a method of becoming part of a trusted network. A consumer is unlikely to be directly confronted with IP spoofing, unless they are working in a technical field.
  • Caller ID Spoofing is used to make an incoming call present a phone number that the intended victim might know or trust. However, the number appearing on the Caller ID is not the real calling number, and “spoofing” the number is used for exactly that purpose, to gain trust in a situation when none should be given. With the advent of VOIP or Internet-based phones, the ability to make an incoming call look like it was from San Diego, when the caller is in Russia, is a fact. Caller ID cannot be trusted to determine anything about the caller. Caller ID Spoofing is done quite often, and the average consumer is often in the dark as far as knowing who is really making the call. If in doubt, the best policy is to disengage from the call, then look up the company by name, and call a listed number for the company to inquire about the contact. It should be remembered that people who do business with you already have the information about you, your account number, etc. It is an entirely different situation if you call the company, and are asked for credentials before they will discuss your business with them. However, if the call is coming from them to you, they are the ones that need to prove who they are before you give them any information. Be warned!
  • Email Address Spoofing is probably the most common type of spoofing. Most of us have seen this many times on incoming email, although we may not have recognized it. All of us observe the senders name/address on incoming emails to see who the sender might be, and whether we think about it or not, we tend to give credibility to that email based upon any previous knowledge we may have of the purported sender. Spoofing the “From:” address is often done as part of a fraudulent scheme. If the “From:” address makes you think the email should be trusted, then you are much more likely to click on a link or take other action, or otherwise give some credibility to an email that is coming from a complete stranger, and possibly a thief. Many of the emails used in “Phishing” schemes will have spoofed sending addresses. In fact, a more deadly form of this attack, called “Spear Phishing” uses email addresses from someone recognized as an authority, such as a highly placed executive of your company, to make your response even more likely. You are not going to turn down a request from your Vice President are you? And, it’s a given that website links in these spoofed emails cannot be trusted: they are spoofed also, and will very rarely point your web browser to the address that the link purports to be. Altogether, it is wise for all of us to be wary of incoming email, unless we are very sure of the sender and the authenticity of the message.
  • SMS or Text Spoofing: In a similar fashion to Caller ID and email spoofing, it is also possible for a text message (SMS) to appear to be from a trusted source, while it really is from a quite different sender. In a manner similar to other types of spoofing, be very aware when a text message invites you to take actions, or strongly implies a course of action that you had not anticipated. Like other forms of spoofing, the best answer is to be suspicious and fact check, before you act.

Spoofing is a part of the world we live in now, and it is a key element of the “social engineering” used against consumers in attempts to commit fraud and identity theft. Being skeptical and checking information by other means is really the key to avoid becoming a victim.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.