Chapter 4 – Responding to Emails and Phone Calls

Crime Number 2 – Do not respond to information requests

You’ve got mail You should not, must not respond to any emails or phone calls requesting any information!

This subject gets some press, but not enough. When any email or phone call asks for any information there can be only one reaction: Do Not Respond unless you know substantially beyond a reasonable doubt it is legit. Substantially beyond a reasonable doubt is the faith you have the sun will rise in the east tomorrow morning. Anything less is not acceptable.

Fake (called phishing – as in fishing for suckers) emails and web sites are widely reported. Yet, the problems go on. Thieves can send millions of emails for virtually no cost. If just a few dozen people respond, the thieves make huge profits. As the internet is global, at some point the money and information will cross borders which hinders prosecution and recovery of damages.

In all emails, look at any links you are requested to click on. The email may claim to be ebay.com or yourbank.com but the actual link is only numbers such as 10.10.10.10. These emails are 99% fake and are designed to get your personal information in to the hands of a thief. If a domain name is used, it will likely not be .com; .org; or .net. They already have one brick in your Identity – an email address and maybe a name. Now they need the next brick and they need your help to get it. Don’t help them. Unfortunately many banks, while preaching warnings about fake emails that pretend that they came from the bank, are also sending out emails telling you that you can apply for a car loan, a mortgage refinancing or other credit quickly and easily on the web. It was reported that one USA bank recently sent emails to customers that contained both (1) a warning about fake emails and (2) a link to apply for a Home Equity Loan. Now would you trust this email? Would you ever trust anything from this bank?

An extremely common fake email is one that appears to come from EBAY, in which a “seller” is demanding payment for an item that you have bid on and won. The email is 100% legit looking, only the links to log into EBAY or PAYPAL are bogus. If you click the links, the website pages are 100% copied from EBAY and appear real. If you buy and sell on EBAY, always log directly into EBAY, never from an email and always validate the URL is http://www.ebay.com and nothing else.

In 2005, the Federal Deposit Insurance Corporation {FDIC} learned of a scam involving emails directing consumers to an FDIC looking site to confirm information regarding a recent transaction. As per normal for this type of targeting, {phishing} the goal is to get the consumer to a website to provide financial information. Some of the emails may have also contained a computer virus which may have infected the computers of users who opened the files.

How do you know which email is real and which is fake? There can be many clues but mostly the links contained in the email. The only safe and sane thing to do – delete, and fast. Other Red Flags to an email being a problem:
A) The requesting bank or company has never before sent you anything via email. If you have never, ever received an email from your bank and you suddenly have one asking for your address – Do Not Respond. Don’t argue, Don’t respond. Call the bank and ask to speak to someone about the matter.

B) The Email asks for any sensitive information. Obviously any email asking for Credit Card Numbers, Social Security Numbers, Birthday, Employment information etc, should not be responded to, or even acknowledged. But sometimes the request may seem a little less obvious. You might be asked about the make and model of the car you drive. Of the names of a relative. If you do not know the sender, or if you do know the sender but they have no reason to need this information, do not respond. Example: A co-worker leaves email signed on and goes to lunch. You then get an email in which you are asked information this co-worker would not need – say your home address. No big deal, you know this person. What you do not know is that the information in not going to your friend, but to someone else who is sitting at your friend’s computer.

C) If the offer sounds too good to be true – “You have just won a Free Color TV, etc.” Yea and Billy Gates is your long lost Uncle and is putting you in his will! Do not respond to any unsolicited requests for any information. Remember – even if they just want your address. They already have some information on you and now they are trying to get more information to add to whatever they already have in your file. Lazy thieves will want all the information at once. Some smart ones may build files with bits of information on 1,000s of people slowly – brick by brick by brick. First an email account, then a name, then an address.

These tips also apply to telephone calls. As telephone long distance costs have come down, it has also become increasingly easy – and cheap – for thieves to call targets and just ask for information. The best way to handle these calls is to find out what bank or business they are calling from, what their extension is, then hang up and call them back. Stop. Do not call them at the number they give you. Get one from your account statement or from the telephone company’s information service (411 or 555-1212). If a thief is calling you and you tell them you want to call them back, they are going to give you a number that they control and will be answered by someone who will make it official sounding.

The caller may tell the person answering the phone that they are pre-approved for a credit card, but first they just need to confirm the information on file. Normally the first things asked for is the Social Security Number and Birthday. If you think the call is legitimate, hang up and call back. But again, don’t ask them for a number, look it up yourself. The thief is counting on you being lazy or so excited about the offer that you let your guard down. The only way you should give out information on the phone is if you can independently verify that the people requesting the information work for a business you want to do business with.

Another recent twist has been with consumers receiving telephone calls in which the caller claims to be either a bank representative or a federal regulator. Ironically, the callers frequently pretended to be investigators who are investigating cases of Identity Theft and/or Bank Fraud. In either case, the objective is to get account numbers, account holder name(s), addresses and other sensitive information. The result, an empty bank account. The fake investigators are the actual thieves.