Thursday, April 28, 2011

Irony, Scams, Theft, and Protection

Identity theft is one of those buzz phrases that you constantly hear passed around the office, on TV, your parents, friends, etc, etc… It is also one of those buzz phrases that you casually ignore until “you or someone you know” goes through the experience- although usually it takes you being the one. As a 24 year old I am one of those people who doesn’t learn vicariously through other people, but rather, I wait to “experience” things myself (hints of sarcasm?). In other words I can be hard headed and naïve, and in this case it was to the reality of account theft.

Last Sunday I go to check my bank account and I see a $15.62 hold on my account at McDonald’s. I have not visited or bought anything at McDonald’s but maybe once in the past year. So I called up my bank and they told me to hang in to see if the charge actually goes through- maybe it was a gas station or other restaurant or something. Again insert naïve Aaron- “hmm well must have just been some gas station or bar.” No red flags or anything.

On Tuesday I had to fill up on gas on the way to drop a printer off for work. My card was denied at every pump at the station. I knew I had money on it. Strange. Once again I called up my bank. I am transferred over to fraud protection and told that my card had been “compromised,” and that my card was shut down and a new one was on the way. Very strange. But, I inquire and apparently it was shut down because I reported the McDonald’s charge. So, at this point I just had to wait for a new card, but all was ok.

On Wednesday I attended a “Fraud Protection and Identity Theft Seminar” presented by Synovys. I learned a lot of cool things about the present state of identity theft (a couple of which I will cover below), but one in particular was the importance of password choice. Basically- don’t use the same password for your all of your logins, mix lower case and uppercase characters, use “$%&@” characters, and numbers. Upon reflection I realized that I couldn’t violate these rules any better if I was trying. Same passwords across my accounts, simple words, and few if any non-letter characters.

When I got back to the office, in light of what I had learned, I at least decided to change my Online Bank Account password to be different from my Facebook Password. Well, good timing because as soon as I logged in, I saw that my account had been spent down to $10. Oh the irony! I go to an Identity Theft Seminar and come back to see that my identity had been theft-ed.

Back on the phone with the bank. After being passed between departments for a while, I landed in the fraud department. “Sir, this card was used in person for all of the charges that you are citing.” Me: “There is no way I made those purchases! And, I have my card right here; I just used it to give you all my number!” (**internally questioning myself. “Wait. Did I spend $150 bucks at Exxon on Sunday?”**) Fraud Dep.: “Sir have you been to Chicago anytime recently?” Me: “Whaaat?! I live in Charleston, SC!”

Frad Dep.: “Well these things happen, counterfeit cards are becoming a common occurrence.”

While I still have no idea how my number got out, luckily the fraud department is working with me and will be crediting my account. Needless to say I think it is appropriate and enlightening to consider some of the dangers out there. Here are the top 10 scams for 2011 that I learned about at the seminar. Some are quite surprising. I will also show you what a good password is and a way to remember it.

Top Scams for 2011

From scambusters.org

1. Phishing and identify theft. The growth of malware mentioned above, coupled with hijacking of social networking accounts and more sophisticated hacking technology, means that identity theft will remain the Number One Internet crime for the foreseeable future.

2. Malware. As many as 60,000 new pieces of malicious software appear every day, says McAfee. The growing use of USB drives to store and transfer data may also contribute to the spread of malware.

3. Economy related scams. The economy is taking much longer to recover than hoped, so expect to see foreclosure and load modification scams to continue. Plus, as mentioned above, we now include work-from-home scams in this category.

4. Nigerian scams. In their report referred to earlier, PandaLabs points out that the latest version of the Nigerian scam claims that a compensation fund has been set up and invites previous victims to put in a claim. Then, of course, the scammer requests a fee before the supposed compensation can be released. Nigerian crooks are also muscling in on the bogus girlfriend scam previously dominated by the Russians. Victims, befriended online, end up paying supposedly for airfares and other expenses for their new but non-existent sweetheart.

5. Lottery and gaming scams. We've also broadened this category to include online gaming scams, featured in an earlier Scambusters report. We expect to see significant growth in bogus gambling-related sites, and a continuing stream of phony lottery schemes.

6. Bogus and fraudulent Internet sales. As mentioned above, this category now embraces bogus retail sites selling nothing but thin air, as well as online auctions and classified ads. We think this will be more than enough to push this category up one further place in our Top 10 scams list.

7. Skimming. European banks report a huge increase in debit and credit card information theft, especially at ATMs that have been rigged either to collect card details or to trap the card so the crook can use it. Expect to see a similar trend in the US during 2011.

8. Doorstep scams. With the Census out of the way, this crime drops two places, but bogus contractors, charity collectors, utility workers and others who knock at your front door bent on crime keep it strongly in the charts. And, of course, a major natural disaster, such as hurricane, earthquake or floods, could push this higher.

9. Investment scams. Investors have become more cautious about Ponzi schemes, which draw in new money to pay earlier investors until the whole scheme collapses. But low interest rates will continue to push investors into high-risk and shaky projects. Expect also to see more computer trading programs with dubious claims that they can "beat the market."

10. Travel and vacations. Americans are still vacationing at home in the weak economy and amid safety fears about traveling to Mexico. But with the world economy still unsteady, scammers are more desperate than ever to catch out those who do journey abroad. Watch out especially for a huge ticket scam for the forthcoming London Olympics 2012.

Another great site that I learned about is fightidentitytheft.com. Its got great resources and information regarding how to protect against scams and the steps to take once you think that you have a problem.




Here is another good article from CNBC on the riskiest places to use your Credit Card.

What makes for good password protection?

1. Don’t use the same password across multiple accounts! Especially between Facebook and your Bank account for example.

2. Make it at least eight characters long.

3. It should not contain your user name, real name, or company name.

4. It should not contain a complete word.

5. Is should be significantly different from previous passwords.

6. Make sure that it contains characters from each of the following four categories:

Character category


Uppercase letters

A, B, C

Lowercase letters

a, b, c


0, 1, 2, 3, 4, 5, 6, 7, 8, 9

Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces

` ~ ! @ # $ % ^ & * ( ) _ - + = { } [ ] \ | : ; " ' < > , . ? /

NOTE: A password might meet all the criteria above and still be a weak password. For example,Hello2U! meets all the criteria for a strong password listed above, but is still weak because it contains a complete word. H3ll0 2 U! is a stronger alternative because it replaces some of the letters in the complete word with numbers and also includes spaces.

So, how the heck am I going to remember these passwords?

Try using pneumonic devices:


1. A sentence you would remember:

a. I Attended North Carolina State University For My Undergraduate Degree

2. From that we can assemble:

a. iancsufmud

3. Now we can replace some of the letters which logically look like numbers:

a. 1anc5ufmud

b. i = 1 and s = 5

4. Next we can add non-numeric and non-letter symbols

a. 1@nc5ufmud

b. a = @

5. Finally, capitalize a couple of letters

a. 1@NC5ufmuD

b. NC- the natural abbreviation for North Carolina

c. D- just the last letter, easy to remember to capitalize

6. Done!

a. We now have a strong password that is easy to remember:

b. 1@NC5ufmuD

Here is some more info from Microsoft.

As always let us know if we can assist you with anything. Michaele, our Debt Management Director is very knowledgeable on scams and very accessible. Email her at mpena@fsisc.org

No comments:

Post a Comment