News & Events

Be careful with your passwords to prevent identity theft

When we were first moving here to make our former weekend place into our primary residence, we received an important phone call. It was a credit card company, asking if we had applied for credit recently. We said that no, we hadn't. And then we heard that news that no one wants to hear: someone was trying to "steal our identities," a term that is heard often now but was still relatively new then.

We were told that someone obviously had a lot of information about us, and had submitted at least one - more than likely more - applications for new credit. Something about the application this company had received tipped them off that it might not be legitimate, and that's why we were called. And then we were told the steps to take to protect us, which was to call the three major credit rating companies to put a fraud alert on our accounts so that if anyone at all tried to take any actions, we would be called.

We were provided with copies of our credit reports from all three companies. Those reports showed all recent activity. Most interesting was that the inquiry which initially prompted the call listed an address; it was in Lincoln, Neb., the city where we had been living, but of course it wasn't our address. So we called the local police to report this crime and were told to contact the police in Nebraska. We did that, and were told we had to report it where we were now living. Dead end there, but the fraud alerts did work.

Now there is another kind of identity theft scam "in the air." This weekend we received an e-mail supposedly from our local telephone company, which is also our e-mail server. The message said that it (the company) is "upgrading our data base and e-mail center. We are deleting all unused xxxxxx.xx e-mails to create more space for new xxxxxx.xx e-mail accounts." (Of course these would-be thieves used the actual server name!)

It went on to say that we "are required" to update our account by confirming our e-mail identity. And we needed to send details of our account to "prevent your e-mail from been(sic) closed during this exercise." At the end there was a warning that any "user that refuses to verify and subsequently update his or her e-mail within Seven(sic) days of receiving this warning will lose his or her email permanently." And it attempted to look official by including a warning code, and a line indicating an available disclaimer and privacy statement.

The first red flag for me was that this message arrived on Sunday of a holiday weekend. That just might be possible because maybe a message blanketing all of a server's users would cause a high surge of traffic, so it would make sense to do it at an off-peak time. But that would mean in the wee hours of the morning, not in the middle of a Sunday afternoon!

Other red flags were misspellings and bad grammar. The return address was suspicious, an address on a totally different server. And of course a real alarm was that I was being asked to send my password.

When I have had similar bogus e-mail messages in the past, usually from someone claiming to be a bank and wanting me to confirm my account information, I have simply gone to the bank's website and easily picked up the address of their fraud department to forward the message. In this case I called the company to find out if it was a legitimate message. It wasn't.

I told the agent that I knew others had gotten the same message, and asked to what address I could forward it. I was put on hold for almost four minutes. Then we had more conversation and I was put on hold for another three minutes. Finally I got an address to whom to forward this bogus request.

I was puzzled, and told the employee that I assumed they would be sending out a correcting e-mail to all of their users. He seemed very unsure and tentative. I explained that, having spent a portion of my career in crisis management, I would expect that everyone had instructions of what to do in cases like these, and he said no, he had to call to find out.

Well, of course I forwarded that e-mail to the address I had been given, along with a letter explaining that everyone in customer contact needs to be aware of procedures to follow in crises, even smaller ones not involving life and limb such as this one. After all, if I gave out my password, a lot of other kinds of damage could be done! I stressed that it was very important to send a message out immediately to all users. I added that I and others will be watching for it.

It is now 24 hours since I sent that e-mail and had that conversation. I haven't received anything yet. Another dead end. But at the least, this is a good wake-up call to all of us to be really careful to whom we send information that needs to be kept confidential. The electronic information age makes our lives easier in many ways, but it also makes it easier for dishonest people who prefer to make their living from our hard work.
By Dr. Jan Meyer

9/15/2010 - When we were first moving here to make our former weekend place into our primary residence, we received an important phone call. It was a credit card company, asking if we had applied for credit recently. We said that no, we hadn't. And then we heard that news that no one wants to hear: someone was trying to "steal our identities," a term that is heard often now but was still relatively new then.

We were told that someone obviously had a lot of information about us, and had submitted at least one - more than likely more - applications for new credit. Something about the application this company had received tipped them off that it might not be legitimate, and that's why we were called. And then we were told the steps to take to protect us, which was to call the three major credit rating companies to put a fraud alert on our accounts so that if anyone at all tried to take any actions, we would be called.

We were provided with copies of our credit reports from all three companies. Those reports showed all recent activity. Most interesting was that the inquiry which initially prompted the call listed an address; it was in Lincoln, Neb., the city where we had been living, but of course it wasn't our address. So we called the local police to report this crime and were told to contact the police in Nebraska. We did that, and were told we had to report it where we were now living. Dead end there, but the fraud alerts did work.

Now there is another kind of identity theft scam "in the air." This weekend we received an e-mail supposedly from our local telephone company, which is also our e-mail server. The message said that it (the company) is "upgrading our data base and e-mail center. We are deleting all unused xxxxxx.xx e-mails to create more space for new xxxxxx.xx e-mail accounts." (Of course these would-be thieves used the actual server name!)

It went on to say that we "are required" to update our account by confirming our e-mail identity. And we needed to send details of our account to "prevent your e-mail from been(sic) closed during this exercise." At the end there was a warning that any "user that refuses to verify and subsequently update his or her e-mail within Seven(sic) days of receiving this warning will lose his or her email permanently." And it attempted to look official by including a warning code, and a line indicating an available disclaimer and privacy statement.

The first red flag for me was that this message arrived on Sunday of a holiday weekend. That just might be possible because maybe a message blanketing all of a server's users would cause a high surge of traffic, so it would make sense to do it at an off-peak time. But that would mean in the wee hours of the morning, not in the middle of a Sunday afternoon!

Other red flags were misspellings and bad grammar. The return address was suspicious, an address on a totally different server. And of course a real alarm was that I was being asked to send my password.

When I have had similar bogus e-mail messages in the past, usually from someone claiming to be a bank and wanting me to confirm my account information, I have simply gone to the bank's website and easily picked up the address of their fraud department to forward the message. In this case I called the company to find out if it was a legitimate message. It wasn't.

I told the agent that I knew others had gotten the same message, and asked to what address I could forward it. I was put on hold for almost four minutes. Then we had more conversation and I was put on hold for another three minutes. Finally I got an address to whom to forward this bogus request.

I was puzzled, and told the employee that I assumed they would be sending out a correcting e-mail to all of their users. He seemed very unsure and tentative. I explained that, having spent a portion of my career in crisis management, I would expect that everyone had instructions of what to do in cases like these, and he said no, he had to call to find out.

Well, of course I forwarded that e-mail to the address I had been given, along with a letter explaining that everyone in customer contact needs to be aware of procedures to follow in crises, even smaller ones not involving life and limb such as this one. After all, if I gave out my password, a lot of other kinds of damage could be done! I stressed that it was very important to send a message out immediately to all users. I added that I and others will be watching for it.

It is now 24 hours since I sent that e-mail and had that conversation. I haven't received anything yet. Another dead end. But at the least, this is a good wake-up call to all of us to be really careful to whom we send information that needs to be kept confidential. The electronic information age makes our lives easier in many ways, but it also makes it easier for dishonest people who prefer to make their living from our hard work.
By Dr. Jan Meyer

9/15/2010 - When we were first moving here to make our former weekend place into our primary residence, we received an important phone call. It was a credit card company, asking if we had applied for credit recently. We said that no, we hadn't. And then we heard that news that no one wants to hear: someone was trying to "steal our identities," a term that is heard often now but was still relatively new then.

We were told that someone obviously had a lot of information about us, and had submitted at least one - more than likely more - applications for new credit. Something about the application this company had received tipped them off that it might not be legitimate, and that's why we were called. And then we were told the steps to take to protect us, which was to call the three major credit rating companies to put a fraud alert on our accounts so that if anyone at all tried to take any actions, we would be called.

We were provided with copies of our credit reports from all three companies. Those reports showed all recent activity. Most interesting was that the inquiry which initially prompted the call listed an address; it was in Lincoln, Neb., the city where we had been living, but of course it wasn't our address. So we called the local police to report this crime and were told to contact the police in Nebraska. We did that, and were told we had to report it where we were now living. Dead end there, but the fraud alerts did work.

Now there is another kind of identity theft scam "in the air." This weekend we received an e-mail supposedly from our local telephone company, which is also our e-mail server. The message said that it (the company) is "upgrading our data base and e-mail center. We are deleting all unused xxxxxx.xx e-mails to create more space for new xxxxxx.xx e-mail accounts." (Of course these would-be thieves used the actual server name!)

It went on to say that we "are required" to update our account by confirming our e-mail identity. And we needed to send details of our account to "prevent your e-mail from been(sic) closed during this exercise." At the end there was a warning that any "user that refuses to verify and subsequently update his or her e-mail within Seven(sic) days of receiving this warning will lose his or her email permanently." And it attempted to look official by including a warning code, and a line indicating an available disclaimer and privacy statement.

The first red flag for me was that this message arrived on Sunday of a holiday weekend. That just might be possible because maybe a message blanketing all of a server's users would cause a high surge of traffic, so it would make sense to do it at an off-peak time. But that would mean in the wee hours of the morning, not in the middle of a Sunday afternoon!

Other red flags were misspellings and bad grammar. The return address was suspicious, an address on a totally different server. And of course a real alarm was that I was being asked to send my password.

When I have had similar bogus e-mail messages in the past, usually from someone claiming to be a bank and wanting me to confirm my account information, I have simply gone to the bank's website and easily picked up the address of their fraud department to forward the message. In this case I called the company to find out if it was a legitimate message. It wasn't.

I told the agent that I knew others had gotten the same message, and asked to what address I could forward it. I was put on hold for almost four minutes. Then we had more conversation and I was put on hold for another three minutes. Finally I got an address to whom to forward this bogus request.

I was puzzled, and told the employee that I assumed they would be sending out a correcting e-mail to all of their users. He seemed very unsure and tentative. I explained that, having spent a portion of my career in crisis management, I would expect that everyone had instructions of what to do in cases like these, and he said no, he had to call to find out.

Well, of course I forwarded that e-mail to the address I had been given, along with a letter explaining that everyone in customer contact needs to be aware of procedures to follow in crises, even smaller ones not involving life and limb such as this one. After all, if I gave out my password, a lot of other kinds of damage could be done! I stressed that it was very important to send a message out immediately to all users. I added that I and others will be watching for it.

It is now 24 hours since I sent that e-mail and had that conversation. I haven't received anything yet. Another dead end. But at the least, this is a good wake-up call to all of us to be really careful to whom we send information that needs to be kept confidential. The electronic information age makes our lives easier in many ways, but it also makes it easier for dishonest people who prefer to make their living from our hard work.

GET FREE QUOTES



© Copyright 2015 Shred King & SK Record Storage . All rights reserved. Website Design by Interactive Palette


Boston Massachusetts Paper Shredding Service & Record Storage Company

Shred King Corporation

12 Mear Rd Holbrook, MA, 02343
(617) 221-1600