Identity Theft, Fraud & Scams

Identity theft, or fraud, is a crime in which someone wrongfully obtains and uses another individual's personal data in some way that involves fraud or deception, typically for economic gain. It usually results in the loss of personal data, such as passwords, user names, banking information, or credit card numbers.

Preventing Identity Theft

Guard your personal information. Don't provide your credit card or bank account number unless you are actually paying for something. Your social security number should not be necessary unless you are applying for credit. Be especially suspicious if someone claiming to be from a company with whom you have an account asks for information that the business already has.

Keep your social security number and personal information confidential. Never disclose your personal information; this includes your address, Social Security number, and telephone number to people or companies you don't know or trust. Don't give this information to anyone unless you're sure who it is and why it's necessary to provide it. If prompted for it, practice due diligence: investigate who is gathering the information, why they are collecting it, and how they will use it.

Beware of impostors. Someone might send you an email pretending to be connected with a business, or create a website that looks just like that of a well-known company. If you're not sure that you're dealing with the real thing, find another way to contact the legitimate business and ask. Crooks pretending to be from legitimate companies may call or send an email, claiming they need to verify your personal information. Be especially suspicious if someone contacts you and asks you to provide information they should already have. Things that indicate a bogus message may be fraudulent are misspellings, poor grammar, odd phrasings, website addresses with strange extensions, website addresses that are entirely numbers where there are normally words, and anything else out of the ordinary. Some messages will often tell you that you have to act quickly to keep your account open, update your security, or urge you to provide information immediately or else something bad will happen. Don't take the bait. Before responding, contact the company directly to confirm the call or email is actually from them.

Don't respond to email messages that ask for personal information. Phishing is when crooks send fake emails that scare you into giving them private information, credit card numbers and online passwords, for example, then use that information to steal from you.
For example, you may receive an official looking email that looks like it's from your bank, your mobile phone company, your credit card company or even the IRS. Open it and you'll see a warning that your account is about to expire or worse. To fix it, they say you need to click on a link to update your information, usually a web-based form for entering your social security number, credit card or bank passwords. Don't do it. When in doubt, contact the company by phone or by typing in the company's web address directly into your web browser. Don't click on the links in these messages as they make take you to a fraudulent, malicious websites.

Protect your personal information. Since not divulging any personal information is rarely possible, exercise caution when sharing personal information such as your name, home address, phone number, and email address online. To take advantage of many online services, you will inevitably have to provide personal information in order to handle billing and shipping of purchased goods.

Get off credit marketing lists. Credit bureaus compile marketing lists for pre-approved offers of credit. These mailings are a gold mine for identity thieves, who may steal them and apply for credit in your name. Get off these mailing lists by calling The Federal Trade Commission at 1-888-5-OPTOUT (1-888-567-8688) (your social security number will be required to verify your identity). Removing yourself from these lists does not hurt your chances of applying for or getting credit.

Memorize your passwords and PIN numbers. Don't leave them in your wallet or on your desk where someone else could find them.

Lock it up. Keep your personal information locked up at home, at work, at school, in your car, and other places where you might keep it so others won't have easy access to it.

Stay safe online. Don't send sensitive information such as credit card numbers by email, since it's not secure. Look for clues about security on websites. At the point where you are asked to provide financial or other sensitive information, the letters at the beginning of the address bar at the top of the screen should change from "http" to "https."

Pay attention to user agreements and privacy policies. They will tell you what information is being collected from you and how that information is being used. Most companies have an online privacy policy to inform users of their information collection practices. Always check this privacy policy before disclosing any personal information. If you are unable to locate a privacy policy, inquire about one. Refuse to submit any personal information without reading a privacy policy first. It is important to understand how an organization might collect and use your personal information before you share it with them.

Online offers that look too good to be true usually are. The old saying "there's no such thing as a free lunch" still rings true today. Lots of free software and services are bundled with advertising software ("adware") that tracks your behavior and displays unwanted advertisements. You may have to divulge personal information or purchase something else in order to claim your supposed content winnings. If an offer looks so good it's hard to believe, ask for someone else's opinion, read the fine print, or even better, simply ignore it.

The old rule of thumb still applies - if something sounds too good to be true, it probably is.

Check your credit reports annually. Credit reports allow you to review your credit and see if any accounts have been opened in your name. Everyone can request free copies of their credit reports once a year. Federal law entitles all consumers to ask each of the three major credit bureaus for free copies of their reports once every 12 months. If you notice any errors, contact the credit agencies to report the error.
NOTE: Do not contact the credit bureaus directly for these free annual reports. They are only available by calling 877-322-8228 or going to www.annualcreditreport.com. You can make your requests by phone or online, or download a form to mail your requests.

Review bank and credit card statements monthly. The impact of identity theft and online crimes can be greatly reduced if you can catch it shortly after your data is stolen or when the first use of your information is attempted. One of the easiest ways to get the tip-off that something has gone wrong is by reviewing monthly statements provided by your bank and credit card companies. If a charge looks suspicious, contact your credit provider to have it removed to help avoid future losses.
Additionally, many banks and services use fraud prevention systems that call out unusual purchasing behavior. In order to confirm these out of the ordinary purchases, they might call you and ask you to confirm them. Don't take these calls lightly - this is your hint that something bad may have happened and you should consider looking into help with identity theft.

If You Are a Victim of Identity Theft

There are several steps you should immediately take if you feel your identity has been stolen or used without your permission. Most credit card companies will not hold you responsible for charges made by a thief, but you need to act quickly.

  • For any accounts that have been fraudulently opened or accessed, contact the security departments of the appropriate creditors or financial institutions and explain what happened. Close these accounts. Put new passwords on any new accounts you open.
  • Contact the fraud departments of each of the three major credit bureaus (Equifax, Experian, and Trans Union) to report that your identity has been stolen. Ask that a "fraud alert" be placed on your file and that no new credit be granted without your approval. Here are the numbers for reporting fraud:
    Equifax - 1-800-525-6285
    Experian - 1-888-EXPERIAN (397-3742)
    Trans Union - 1-800-680-7289
  • Contact your local police department to file a report. The report may be filed in the location in which the offense occurred, or the city or county in which you reside. When you file the report, provide as much documentation as possible, including copies of debt collection letters, credit reports, and your notarized ID Theft Affidavit.
  • File a complaint with the Federal Trade Commission (FTC) by calling the ID Theft Hotline: 1-877-IDTHEFT (1-877-438-4338)

Help for victims is a phone call or a click away. Call the Federal Trade Commission toll-free, 877-438-4338, or go to www.consumer.gov/id theft for step-by-step advice about what to do if you're a victim of ID theft.

Resources

Federal Trade Commission - Identity Theft
Federal Trade Commission - Taking Charge: What to do if Your Identity is Stolen
McAfee's Identity Theft Protection
Department of Justice - Identity Theft and Identity Fraud
Privacy Rights Clearinghouse

Victims of Identity Fraud

Please be aware that the RISP CCU is generally not a first responder agency and RISP CCU's investigative strategy regarding Internet fraud focuses on losses that are greater than $10,000 or if the target is located in Rhode Island and has multiple complaints against them.

The RISP CCU recommends filing a full report with your local police department. You may want to contact the police department and/or Sheriff's office where the suspect resides and file a full report with that office. While we will not open an operational case, the RISP CCU is available to local law enforcement agencies to assist with the technical aspects of any computer related crime.

Additionally, you might consider contacting the Internet Crime Complaint Center (IC3). The IC3's mission is to address fraud committed over the Internet. For victims of Internet fraud, IC3 provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected civil or criminal violation.

Take immediate action. Notify your credit card companies, financial institutions or other online service accounts about the fraud immediately. Be sure to report the fraud to one of the credit reporting agencies (Equifax, Experian and TransUnion), which will prevent the identity thief from opening additional accounts in your name. Call only one - each is legally required to contact the others. That fraud alert then entitles you to free copies of your credit report, which you can use to identify and correct any fraudulent charges and make sure those charges won't smear your good name. After the first credit report, keep checking regularly to make sure no new identity theft crimes take place.

Reclaim your personal identification. Contact the agency that issued any of your accounts or personal information that has been compromised. Follow its procedures to cancel and replace your identification. Ask the agency to flag your file so that others cannot get any other identification documents in your name.

Close any accounts you suspect are compromised. Contact the security or fraud department of each business, then follow up in writing and include copies of supporting documents.

Contact the local police to file a report. Ask for a copy of the report, since you will need it to work with creditors to fix your credit.

If you spot bad charges, dispute them. Ask for the forms you need to dispute bad transactions. Once your dispute has been resolved, request a letter that shows your account has been closed and the fraudulent debts removed. This letter will also help if further disputes come up.

File a complaint with the Federal Trade Commission. By sharing your experience, you help law enforcement track down identity thieves and cyber crooks. The FTC also investigates businesses that violate consumer privacy laws.

Resources

US Department of Justice's Fraud Section
FBI's Common Fraud Schemes
National Consumers League - Fraud.org

Internet Auctions, Online Advertisements & Buying Online

Things to Remember When Shopping Online

Make sure to use a secure browser. Most browsers are capable of SSL encryption and other security features. Features such as the Secure Sockets Layer (SSL) encrypt your personal information as it is sent over the Internet.

To determine if a website encrypts data before it is sent over the Internet, check to ensure that the URL displayed in the address bar begins with the abbreviation "https". This stands for Hypertext Transfer Protocol Secure. Web pages that do not encrypt data only display "http", without the "s."

Shop only with companies you are comfortable with. Never deal with an online merchant whose policies are not explicitly clarified.

Get all the details. Before you buy something, get a complete description of the item, the total price including shipping, the delivery time, warranty information, the return policy, and who to contact if you have problems. Legitimate companies will almost always provide this information.

Ask about delivery, returns, warranties and service before you pay. Get a definite delivery time and insist that the shipment is insured. Ask about the return policy. If you're buying electronic goods or appliances, find out if there is a warranty and how to get service.

Pay by credit card. Using your credit card online ensures that you will be protected by the Fair Credit Billing Act. This law provides consumers with the right to dispute charges made to their accounts.

Keep records. Keep a record of confirmation numbers and purchase orders. Print them out and keep personal copies. Online orders are covered by the Federal Mail, Internet, or Telephone Order Merchandise Rule. This rule states that merchandise ordered must be delivered within 30 days unless otherwise noted. Your records will be able to provide proof of the date and time of purchase.

Resources

Better Business Bureau - Sitps for Smart Shopping Online

Internet Auction & Online Classifieds Fraud

A common type of fraud is auction and classified fraud. This involves a seller failing to send an item or sending an item that is significantly different from what was promised in the listing. This type of fraud occurs on websites like eBay, Craigslist, local online yard sale pages, and other auction and classifieds sites.

The best protection you have against fraud is your own common sense. If you are meeting someone to buy or sell something, meet in a public place. It is a good idea to bring another person with you for safety reasons.

Tips to Avoid Fraud When Making Purchases Online

Transfer money through an online escrow service. Most auction sites maintain lists of these services, such as PayPal.

Use a credit card. Under federal law, you can dispute the charges if you paid the seller with a credit card and the goods were never delivered or if they were misrepresented. If you are paying through an intermediary service, ask what happens in the case of disputes.

Never buy anything from a seller who asks for payment to be wired to them.

Know who you're dealing with. If the seller is unfamiliar, check with your state or local consumer protection agency and the Better Business Bureau. Some websites have feedback forums, which can provide useful information about other people's experiences with particular sellers. Be sure to get the name of the seller or business, physical street address, email address, and phone number are helpful to have for checking the seller out and following up later if there is a problem. Don't do business with anyone who refuses to provide that information.

Check out the seller before you bid. Some auction sites have feedback forums with comments about the sellers based on other people's experiences. Negative information is a good warning sign, but a clean complaint record doesn't guarantee that your transaction will go smoothly.

Be careful if the seller is a private individual or in a different country. Many consumer protection laws don't apply to private sales, though government agencies may take action if there are many complaints the same individual or criminal fraud is involved. Also, be especially cautious when dealing with sellers outside of the United States. Sellers outside the U.S. are not bound by U.S. laws, therefore, if you have a problem, the physical distance, difference in legal systems, and other factors could make resolving it very difficult.

Beware of "shills." Shills are phony bids placed with the intent to drive up the price of the item. The seller may try to raise the price artificially by making bids under fictitious names or recruiting other people to make bids, leading to a bidding war. Using bogus bidders is illegal and a violation of online auction policies. Be sure to inform auction sites about suspected fraud, as they may have policies to remove sellers from their sites if they use "shills" or don't live up to their obligations.

Look for information on the auction site about insurance. Some auction sites provide insurance that covers buyers up to a certain amount if something goes wrong. Others may have links to third-party programs that offer insurance for a fee. Read the terms of the insurance carefully. There is often a deductible, and there may be other limitations or requirements that apply.

Scams on Craigslist and Other Classifieds Websites

Scams

Many scams usually originate outside of the United States, and American law enforcement has great difficulty in pursuing the criminals. In addition, many of these email solicitations contain computer viruses, making them even more of a menace. Be sure to maintain current anti-virus software. If you receive a letter from anyone asking you to send personal or banking information, do not reply in any manner.

Nigerian Scams

A letter or email from Nigeria (or sometimes another African country) offers the recipient the "opportunity" to share in a percentage of millions of dollars that the author is trying to transfer illegally out of Nigeria. The recipient is encouraged to send the scammer information such as blank letterhead stationery, bank name, account numbers, and other identifying information using a fax number provided in the letter.

Other Scams

There are several variations of the Nigerian Scam that criminals may use to exploit their victims. Here are some examples:

  • Beneficiary of a Will: The victim receives an email that claims they are the named beneficiary in the will of an estranged relative, and stand to inherit an estate worth millions. In order to complete the inheritance, the victim's personal financial information is needed to "prove" that they are the beneficiary and to "expedite the transfer of the inheritance."
  • "Over" Paying: The victim advertises an item for sale on the Internet, and is contacted by an interested buyer from Nigeria or another African country. The scammer then sends the victim a check or money order for an amount much larger than the asking price of the item. The victim is then asked to deposit the difference back to the scammer. If the victim does not wait for the bank to verify the check, they can end up losing thousands of dollars.
  • Donation Solicitations: The victim receives an email requesting "donations" to fight an evil government or dictatorship in Africa. The scammer requests that the victim provide bank account information so that the "donation" can be directly withdrawn from the bank.
  • Fake website: The scam artist sets up a fake online bank and "deposits" the amount of money referenced in the scam email. When the victim expresses any misgivings about the existence or size of the fund transfer that is to take place, they are directed to the site, which shows a multi-million dollar deposit.
  • American Soldier in Afghanistan or Iraq: The victim receives a letter purporting to be from an American soldier in Iraq or Afghanistan who has discovered a treasure of terrorist currency and needs help to embezzle the funds out of the country. The victim needs only to provide their personal and financial information for the soldier to deposit the funds into the victim's account.

If you have received an Nigerian Scam Solicitation:

Nigerian scam solicitations that come by email should be forwarded to the Federal Trade Commission (FTC) at spam@uce.gov
Any email that asks for personal financial information is likely a scam. The RISP CCU urges recipients of these emails not to respond to them in any way whatsoever.

Remember, if it seems too good to be true, it probably is.

Resources

Better Business Bureau - Scam Stopper
Federal Trade Commission - Scam Alerts
IC3's Internet Crime Schemes
IC3's Internet Crime Prevention Tips

Phishing Scams

Phishing is a scam where Internet fraudsters send spam or pop-up messages to lure personal and financial information from unsuspecting victims. Many of these "spoofed" email messages appear to come from banks, insurance agencies, retailers, credit card companies, and other legitimate businesses.

These fraudulent messages are designed to trick the recipients into disclosing personal information such as account user names, passwords, credit card numbers, social security numbers, and home addresses. Most of these emails look "official", and as a result, recipients often respond to them, resulting in financial losses, identity theft, and other fraudulent activity.

How to Avoid Phishing Scams

Tips from fraud.org

Watch out for "phishy" emails. The most common form of phishing is emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks to "confirm" your personal information for some made-up reason: your account is about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. Another tactic phishers use is to say they're from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft!

Don't click on links within emails that ask for your personal information. Fraudsters use these links to lure people to phony websites that looks just like the real sites of the company, organization, or agency they're impersonating. If you follow the instructions and enter your personal information on the website, you'll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, contact them directly or use a search engine to fine their website.

Beware of "pharming". In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your web browser. When you type in the address of a legitimate website, you're taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.

Protect your computer with anti-virus and anti-spyware software, a firewall, and keep them up to date. Also, protect your inbox with a spam filter, which can help reduce the number of phishing emails you get.

If someone contacts you and says you've been a victim of fraud, verify the person's identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually they only ask if you made particular transactions; they don't request your account number or other personal information. Law enforcement agencies might also contact you if you've been the victim of fraud.

Report phishing, whether you're a victim or not. If suspect phishing, notify the company or agency that the phisher is impersonating. You can also report the problem to law enforcement agencies through the National Consumers League (NCL) Fraud Center. The information you provide helps to stop identity theft.

Be suspicious of any email with urgent requests for personal financial information. Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately. They typically ask for information such as user names, passwords, credit card numbers, social security numbers, date of birth, etc. Phisher emails are typically NOT personalized, but they can be. Valid messages from your bank or e-commerce company generally are personalized, but always call to check if you are unsure.

Always ensure that you're using a secure website when submitting credit card or other sensitive information via your web browser.

The FTC warns users to be suspicious of any official-looking email message that asks for updates on personal or financial information and urges recipients to go directly to the website of the company to find out whether the request is legitimate. If you suspect you have been phished, forward the email to uce@ftc.gov or call the FTC help line, 1-877-FTC-HELP

Victims of Phishing

Act immediately if you've been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a "fraud alert" on your files at the credit reporting bureaus and other advice for ID theft victims, contact the Federal Trade Commission's ID Theft Clearinghouse or 877-438-4338, TDD 202-326-2502.

Visit the Anti-Phishing Working Group for information on fraud, crime, and identity theft that result from phishing, pharming, malware, and email spoofing of all types.