Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime

Ask Slashdot: What Should You Do If Someone's Trying To Steal Your Identity? 146

Long-time Slashdot reader shanen "just got the darnedest phone call..." The caller knew my name and the name of a bank that I've done business with, and obviously my phone number, but beyond that I have no idea what was going on... There is no problem with my account. She was quite clear about that, but she had no clear reason for calling. As I got more and more suspicious, she asked me to wait and she eventually transferred the call to a man, who claimed to be a manager at the bank, but the entire thing stinks to high heaven.

All I could think of was to suggest that I call him back, but he was apparently unable to provide a phone number that I could independently verify. Why not give me the bank's phone number that I could check on the Internet? One would think that I could then transfer to his extension. After almost nine minutes I just hung up, and now I realize that I have the caller's phone number, but that isn't definitive evidence of anything. A scammer might know that blocking the phone number would have made things more suspicious...

So what should I have done? Do you have any similar experiences to share? Or have I missed warnings about some new scam that's going around? Now I realize that they could start from names and phone numbers and just guess for the largest banks. Maybe I got suspicious too quickly, before she could start asking for the personal information she was really after?

The original submission also includes this question: "If it's an identity theft in progress, then I want to stop it and fast, but how can I tell what's going on?" So leave your own thoughts in the comments.

What should you do if you think someone is trying to steal your identity?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: What Should You Do If Someone's Trying To Steal Your Identity?

Comments Filter:
  • Fact: Bears eat beets.

  • Proof of Identity (Score:5, Informative)

    by Cipheron ( 4934805 ) on Saturday November 16, 2019 @08:15PM (#59421520)

    I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained. This is because of privacy laws. So not immediately disclosing the reason for the call is not a sign it's a scam - what if someone else picks up your phone? You don't really want a bank or government agency blabbing your situation or details to a random stranger if someone else picks up or if you changed your phone number.

    However, not giving you a phone number that you can call back on IS a red flag. If they're calling you, you should ask for their full name and the city their located in at least, if they're legit. Also ask them if they work directly for the bank or if they're a third party contractor. Many if not most call center staff are contractors, even if they're in the US. Also, caller ID can be easily spoofed with software. Never trust the veracity of caller ID.

    • Re:Proof of Identity (Score:5, Informative)

      by Cipheron ( 4934805 ) on Saturday November 16, 2019 @08:27PM (#59421554)

      To give you an idea of *typical* scams, they don't tend to go in all wishy-washy about what the call is actually about, they're very specific because they want to create an urgency of action. i.e. there are tax scammers who will ring you and without doing any ID checking say they're from the IRS and you owe $11,000 and you have to pay RIGHT NOW because the police are literally on their way around to your house to arrest you. And you have to pay by Google Play Cards or Bitcoin, because these are, apparently, the only forms of currency the IRS accepts.

      Usually, phone scams play on either greed or fear. Pure phishing scams tend to be via email, not the phone. It just takes too much time to call people manually for the results, vs spamming millions of emails and seeing who replies.

      • Comment removed (Score:5, Interesting)

        by account_deleted ( 4530225 ) on Saturday November 16, 2019 @08:37PM (#59421584)
        Comment removed based on user account deletion
        • by The Rizz ( 1319 )

          I once got a callback number to their call center (I made sure it was a US number before calling it back), and spent the next 90 minutes calling again and again and fucking with them.

          I think the one I really got them with was the one where I kept sobbing uncontrollably and begging them not to take my money since I could barely afford "my medication". The person on the other end actually sounded really depressed by the end and said he'd take care of it and my "tax bill" would be written off. I'm really hopin

        • They get extremely angry, and I'm hoping I can make one of the bastards rupture an aneurism someday.

          -jcr

          I got a call along the lines of "your computer is put out error message packet we need your password", a few years ago. Usually I tell them they've called a Buddhist monastery, we don't have any computers, and they hang up; this guy was persistent and i made the mistake of taunting him. He gave my number to all of his friends, and I got scam calls daily for about six months. Then I took out the land line phone.

        • by shess ( 31691 )

          I jerk the tax scammers around a bit, and then I make sure to call them a "chandala". It takes them a couple of seconds to recognize that I've just called them "untouchable" in their own language. They get extremely angry, and I'm hoping I can make one of the bastards rupture an aneurism someday.

          I'll chit-chat for awhile, acting a little confused, then ask them if their mother is proud that her son is a thief.

        • Oddly, whenever a Hindi accented caller reaches my number they wind up talking to Apoo.
      • Yeah if the scammer is trying to get you to send money, they tend to be pretty clear about that.

        I'm thinking this may be a different scam, one based on data breach that didn't have passwords or other key data. With just names and phone numbers breached from a bank, a good scammer can call people and sound like they are calling from the bank. Just the bit of using your name right off and using the name of the bank makes it sound different from most scams. The goal of the scammer is get more information fro

        • I read of a good one a few months back, on here i think, where they say they are the bank and will send an sms for you to verify. They then trigger the 2 factor auth on your account with stolen credentials, you give them the sms code, and they log in without you realising and they transfer the money from your account. It could have been one of those, but they couldnt get the conversation to the point where the receiver of the call was ready to read back a 2fa sms code.
      • Usually, phone scams play on either greed or fear. Pure phishing scams tend to be via email, not the phone. It just takes too much time to call people manually for the results, vs spamming millions of emails and seeing who replies.

        When it comes to "spear-phishing" a phone call is often times ideal.

      • by Barny ( 103770 ) on Sunday November 17, 2019 @12:21AM (#59422056) Journal

        I had some trouble with my ISP a while ago, and at one point they had to call me back. They tried to do the usual identification thing, asking for name, address, etc.

        I stopped them and told them I wouldn't give those details to anyone who'd called me. The person I was speaking to was surprised and actually thanked me for pointing out a problem with their call-flow.

        In these situations, when you are called and then prompted for personal details, you should not give them until YOU can identify who is calling. In the call above, I wound up getting an extension number to use on their main line, so I could call them and establish security.

        Since then, they've changed their policy such that you can verify them, and then safely give details (and of course, calling number ID is NOT verification).

        • by shanen ( 462549 )

          You reminded me of a particularly hideous "security" practice from my former phone company. Each time I called them, even when the problem wasn't specific to my account, and even though they could see my phone number, they insisted going through a flimsy proof-of-identity process with several vulnerabilities. But the cherry on top was insisting on hearing my PIN spoken out loud.

          No longer my phone company. But it's still one of the top three, which says something about the customers.

          And now I've reminded mys

          • "You reminded me of a particularly hideous "security" practice from my former phone company. Each time I called them, even when the problem wasn't specific to my account, and even though they could see my phone number, they insisted going through a flimsy proof-of-identity process with several vulnerabilities. But the cherry on top was insisting on hearing my PIN spoken out loud."

            Funny thing about an Apple TV (the physical device). You can speak your password into the remote...but yet it'll still bullet th

        • by Cederic ( 9623 )

          I've had a similar comedy conversation with my bank's fraud prevention team.

          They seemed bewildered that I was refusing to give them ID verification information on the call they made to me, so when I rang back I left them some helpful feedback too.

      • My niece got one of those calls on her voicemail. My brother called them back, on speakerphone in his office, and they quoted IRS code to him. He asked why does the death return filing requirements apply to him. They threatened to come to his office and arrest him. He gave them his office address, at his IRS field office. He is an auditor for the IRS.

      • by MrL0G1C ( 867445 )

        Man, I had one of these just the other day, they pronounced my name so perfectly that I should have known 100% they were a scammer!

        Call went:
        Me: Hello speaking.
        Scammer: We are HM something or other. We are calling to tell you you are being investigated for tax fraud.
        Me: OK can you verify who you are or I won't be able to give you any info.
        Them: (pissed off big time already) we are sending out a warrant for your arrest.
        Me: Like wtf, that's it?
        Them: Hung up

        Me: Rather worried since I just got a new passport t

    • Well if you called me and refused to disclose what the call is about I would immediately hang up.

      • Sure, but that's not my problem, it's yours.

        I still get paid per hour.

        • ... whereas the people I'm calling end up getting penalties or fines if they don't do whatever it is that the government agency wants them to do. Sure, I'll do my best to let the people know what it's about, but if they hang up, it's not my problem anymore.

          • What communist country government do you represent? Remind me never to do business with anyone from that country.

          • What shit stain of a country do you live in where you are responsible for the government not making good efforts to contact you?
        • by Dunbal ( 464142 ) *

          I still get paid per hour.

          Not if you don't make your quota. You get fired.

      • They are welcome to steal my identity... all they'll get is arrested for all my crimes and misdemeanors :-) The joke's on them Ha ha ha !

      • Well if you called me and refused to disclose what the call is about I would immediately hang up.

        As would most people. This scheme is indefensibly stupid.

    • Re: (Score:3, Insightful)

      by takespfs ( 6182592 )

      I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained.

      How do you prove your identity to the person you're calling? If I receive a phone call from someone claiming to be from a government agency, bank, phone company, etc, asking me to provide personal information to prove MY identity, I assume that it's a scam, unless the caller can first prove THEIR identity. I don't blab my details to a random stranger that rings me up.

      • How can you actually "prove" your identity however? Certainly not on a single call. We could give all the details and you can google them and they check out. However, how would you know that I didn't just google the same details?

        Conversely we could prove we have YOUR details by disclosing them over the phone before we've confirmed who we're speaking to, but that would be a *serious* legal breach right there. It's a sackable offense.

        What we do in practice is ask the ID questions and if the person is happy to

        • Kind of different from your post upstream where you basically said "Fuck 'em."

          Anyone calling me that I don't know I don't affirm my name. They ask, I ask for theirs and info. I don't get it, I tell them to screw off and hang up.

          They never talked to me. Nondisclosure can work both ways. If you say "We can prove we called.", I say, you cannot prove you spoke to *me*.
      • It is not hard. (Score:2, Insightful)

        by Brain-Fu ( 1274756 )

        First, ask for a callback number, write that down. Then make sure you know exactly who they represent. Is it your bank? The IRS? A police department for a specific city? Find out exactly who they claim to be.

        Then, hang up, and look up the official phone number for that institution. You should already know a phone number for your bank. All your credit cards have customer service numbers on them too. The IRS, every police department, etc., all have official websites that have phone numbers.

        Call them u

        • by shanen ( 462549 )

          Uh... That is exactly what I tried to do after the manager came on the line. The inability to make progress was why I hung up.

      • Re:Proof of Identity (Score:5, Interesting)

        by Dunbal ( 464142 ) * on Saturday November 16, 2019 @11:04PM (#59421908)
        Living in a 3rd world country where many people are too stupid to dial their phones properly I get a lot of wrong numbers from peasants who say "who am I speaking to?". I answer back with "Who did you want to speak with?". "Which number is this?" "It's the number you dialed...". The best ones are the wrong numbers that immediately hit redial, because redial magically transforms a wrong number into a right number. I despair for humanity sometimes. But no, if you're going to call me then you better know who you are calling, I don't have to give anyone any information let alone "prove" something over the phone. You need to see me I'll come to your office.
      • I'd give you the other insightful mod point if I could. That really does go to the heart of the issue. I only spotted your comment because of my "extra" interest in the topic.

        The fractured answer is that I prefer to be called by people I know, but that makes me accessible to anyone who can get the phone number. I accept that there are cases when there are legitimate reasons for someone I don't know to call me. I focused on the distinction between illegitimate and legitimate reasons for someone to call me. I

    • You would be fucked calling me or any of my family as I will never verify identity from someone that called me,, not ever. I would also advise anyone else to never verify identity when you are called. Get the details of the department/bank or whoever and offer to call them back when you can verify you are talking to the right party.
      • by Dunbal ( 464142 ) *
        Yep that's the smart way to be. If you're calling someone you're expected to know who the fuck you're calling and why. You absolutely need positive ID I'll come to your branch office with my passport, my concealed carry permit and my gun.
    • by shanen ( 462549 )

      I'm accustomed to tedious (and often automated with annoying recorded menus) proof-of-identity procedures when I call a bank or other business to ask about my account. After all, I could be anyone calling in from anywhere.

      However in this case the caller was working with a strong presumption of knowing who I was, and my identity was "established" quite early in the call. By the time I started to wonder what was wrong I was already getting fuzzy about how the call had started.

      Upon reflection, I think my next

      • "However it's possibly they will be able to say something about the phone number the call seemed to come from."

        It is unlikely that anyone will go to the trouble and expense of finding out the circuit from which the call originated. The information displayed to you, the "Caller ID", is an advertizing euphemism for "whatever the caller wants to display" and has nothing whatsoever to do with identification of the caller.

        The telephone companies did this deliberately when they introduced the feature because the

      • Re:Proof of Identity (Score:4, Informative)

        by Ryzilynt ( 3492885 ) on Saturday November 16, 2019 @10:16PM (#59421810)

        I'm accustomed to tedious (and often automated with annoying recorded menus) proof-of-identity procedures when I call a bank or other business to ask about my account. After all, I could be anyone calling in from anywhere.

        Exactly but YOU initiated the call, you knew the number you dialed. In these cases it is perfectly fine to identify ones self. It doesn't work the other way around.

        Never verify personal details on an incoming call.

    • by johnw ( 3725 )

      I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained. This is because of privacy laws.

      The trouble with this approach is there's no way one should go through any kind of proof-of-identity process for a call originated by the bank/business/government/scammer. The most I'll do in those circumstances is ask for a name and department at the organisation, then say I'll call them back on a published number (not one given by the caller) and ask to be transferred within the organisation.

      No security conscious organisation would ever call you, then ask you to reveal your security information.

    • I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained.

      And I'm not about to give to you the details to prove who I am, when _you_ called _me_ and I don't know who you are. How is the bank proving _their_ identity? If I answer all those "prove your identity" questions to a scammer who calls me, then that scammer can "prove" he is me.

      Stalemate.

    • I've just gotten in the habit of never answering calls that are not on my contacts list. If the call is important, they can leave a message, and I can google the calling number and any number they leave to see if its official or a scam. This has solved 98% of the problem calls.

      I moved from one state to another 5 years ago, but kept the number. Nobody I know calls me from my old location. So people spoofing my area code and prefix to make it look like a neighbor I automatically know are spammers and scam

  • Change Your Name (Score:5, Interesting)

    by rtb61 ( 674572 ) on Saturday November 16, 2019 @08:20PM (#59421534) Homepage

    Keep in mind, indentity theft is a lie put out by scummy credit card companies. The criminal is targeting the seller and not you, they scam the seller and not you, they misrepresent themselves and trick the seller into allowing that credit purchase. Reality is, as far as you are legally concerned, the seller is trying to defraud you, cheat you, steal money from you. By law, the seller is guilty of fraudulent credit charges until they can prove they were cheated. Hence the credit card company lie, who would accept credit card if the law was properly applied, so the BIG LIE. You are fully entitled to make legally claim against all individuals and companies who accepted the false indentity, who cheated you, how falsely applied charges against you. Expect nothing from corporate main stream media, they are fully 100% in support of the lie. Honestly, lawyer and police up and demand those who accepted the false identity be charged with credit fraud until they can prove in court they were cheated. It is not up to you to prove anything, they have to prove you authorised the payment and they can not, then they are charged with fraud, you do not have to prove someone falsely tricked them with your identity.

    The alternate have a globally unique name and any attempt at false use stands out immediately. Your name can not be at two places at once. Really though, going nuts with the lawyer and target everyone who defrauded you by being greedy gullible idiots, pays the price of the harm THEY CAUSED YOU (the person who used your identity did nothing to you, they tricked the seller, well at least that is the sellers claim, by law they defrauded you and illegally applied false charges to your credit card.)

    • Re:Change Your Name (Score:5, Interesting)

      by ctilsie242 ( 4841247 ) on Saturday November 16, 2019 @08:48PM (#59421620)

      If credit card companies actually gave a rat's ass about fraud, it would have been solved ten years ago. Everything from having an e-Ink display on credit cards that functions as an OTP code generator for card-not-present transactions to actual chip-and-PIN which is enforced everywhere. We would have seen a universal payment system like Apple Pay, built into SIM cards, instead of phones, (ironically that tech is baked into every SIM card since 2014 due to SoftCard), which used with NFC, would guarentee that skimmers would not work.

      The tech is out there. It is a matter of "security has no ROI", or "won't" than "can't".

      • If credit card companies actually gave a rat's ass about fraud, it would have been solved ten years ago.

        This goes right back to what OP posted. The credit card companies don't give a rat's ass about fraud because they've successfully managed to shift all the cost of fraud onto the merchants. When you dispute a charge with the credit card company, they don't give you your money back. They ask the merchant to prove the purchase was actually made by you. If the merchant can't, they simply take the money a

      • by guruevi ( 827432 )

        Chip and pin is equally a scam to get rid of liability. The US is enforcing chip transaction and Europe is rife with Chip and PIN clones and scams that make the credit card holder liable for fraud.

        Destroy the chip, after three times you can swipe and get back the protection against fraudulent charges.

    • by Kjella ( 173770 )

      It is not up to you to prove anything, they have to prove you authorised the payment and they can not, then they are charged with fraud, you do not have to prove someone falsely tricked them with your identity.

      Why does this sound like your fantasy of how the world should work, instead of how it actually works? The truth is that there's a huge abyss between "guilty beyond a reasonable doubt" and a provably false accusation "beyond a reasonable doubt" where the legal system will do nothing at all. If somebody tried to use your credit card, maybe they'll get caught and punished. But the store who took the credit card info and tried to collect? Not if hell froze over. Show me one court case where the vendor was convi

    • Precisely. There is no such thing as "Identity Theft". The crime is called "impersonation". And if someone impersonates you and a third-party relies on this "impersonation" then the fault and the risk and the liability lies solely and entirely with that third-party. You are not involved at all. However, if that third-party then makes claims against you, then that third-party is committing the crime of fraud and can be jailed of fined for that offence (not only that but you have cause for a civil action

      • In any event of the cause, the person who was "impersonated" is unaffected and not responsible for the actions perpetrated/carried out by the third-parties.

        Not legally responsible, sure. Unaffected, that's just retarded.

        Identity theft - impersonation if you prefer - can fuck up your life in all sorts of ways. That's kind of affected.

  • by hxnwix ( 652290 ) on Saturday November 16, 2019 @08:22PM (#59421536) Journal

    Whenever I want to end a conversation, I bring up the potential presidential greatness of Pete Buttigieg. Some people actually run away.

  • by scdeimos ( 632778 ) on Saturday November 16, 2019 @08:22PM (#59421538)

    There are phone scams where phishers call you, already armed with some personal information, and ask you a series of Yes/No questions like this. They're not actually after any more information - they're after a recording of you saying "Yes" to something or "I understand".

    How's that useful?

    A growing number of over-the-phone services have a practice of playing a EULA/Terms and Conditions loop over the phone to you and then record you saying "Yes" or "I understand" in response as a voice authorization. The phishers just play back their recording of you saying "Yes" or "I understand" and hey, presto, suddenly you're on the line for some payments. Unless the call center records the entire conversation it's very difficult to extricate yourself from the problems that these services create.

    Sorry to be the bearer of bad news. At this stage I'd recommend calling your regular bank(s) and alerting them to the call so that their Fraud Watch teams are more likely to act positively.

    • by Scoth ( 879800 ) on Saturday November 16, 2019 @08:49PM (#59421628)

      This is actually a myth - there's been no recorded cases of this ever being used for anything. There's a lot of breathless warnings, but no actual cases. There's not a lot of point anyway - that kind of evidence wouldn't hold up in any court since it'd be pretty obvious it's manipulated, the scammers would have to actually show up in court which isn't their goal (they just want to make a quick getaway) and if they wanted to try to use your voice recording to sign up for other services... why? Those other services wouldn't authenticate a voice anyway, and if they have enough personal info to sign up for them then they don't need a recording of you saying yes anyway.

      The best guess for those "Can you hear me now?" calls is that it's mainly being used to authenticate that there's an actual person on the line and not one of the various scambait bots.

    • That's a stupid urban legend.

  • Name and phone number are pretty easy to get, and if you have ever made an online post referring to your bank then they just made that connection. Maybe you just follow that bank on social media, but that's enough to put things together. Just keep a regular watch on your accounts, and if someone calls you do not believe they are whom they say they are.
  • by Local ID10T ( 790134 ) <ID10T.L.USER@gmail.com> on Saturday November 16, 2019 @08:28PM (#59421558) Homepage

    Either you play with them, keep them on the line as long as possible while feeding them more and more outrageous lies... or hang up on them.

    • by PPH ( 736903 )

      Have some fun with them.

      "Are you on a company line?"

      "You're in violation of communication procedures, Condor."

      "What's the level of the damage?"

      "Are you armed?"

      "Find a secure location. Avoid any place you are known. Surface again in two hours and call the Major."

  • Even “good” banks have huge issues in establishing a trust relationship in communications. Chase has this miserable “secure” mail system... which essentially gives you a random third party link to click and no contextual information to decide if the request might be valid. The phone support agents don’t know security, they just have their procedures.

    I am of the opinion that identity theft is not my problem if I have taken reasonable measures to protect my information. Account t

    • This is one reason why I find it reprehensible that Google's SMS replacement, RCS, is an insecure protocol, which (AFIAK) can be spoofed. We desparately need something end to end on all devices that has solid authentication, and preferably encryption. This way, if a bank sends a code to a user via their phone number, the user knows the number came from the bank, and that nobody in between could have obtained that number.

      A secure SMS replacement would greatly increase security overall.

  • Hmm... Well that was written in the heat of the moment, but looking it over, I see I wasn't clear about one important aspect. I had expressed my concerns about her apparent lack of a reason for calling me, which was her reason for passing the call she had initiated to her manager. I think it is obvious that I was even more clear about my increasing suspicions when talking to him. He still didn't come up with a reason to "greet" a random customer.

    At the time I couldn't decide what to do, so I wrote up these

    • by shanen ( 462549 )

      Whoops. Now I see that at the beginning of my comment about this topic I should have been more explicit than "that was written in the heat of the moment". When I started writing my reply this submission had just been posted and I thought my clarification was going to be close to the original submission, so the "that" would be an obvious reference to what I wrote several days ago.

      However, by the time I had finished collecting my tedious thoughts they wound up way down here.

  • by jeffsenter ( 95083 ) on Saturday November 16, 2019 @08:51PM (#59421636) Homepage

    If you have been a victim of identity theft you should talk to a lawyer. I am a lawyer barred in NY. This is not my specialty. Here is some information; this is not legal advice. Some options for actions include filing a police report, contacting the IRS to put a pin code for your taxes, contacting the FTC, contacting the Social Security Administration (in person unfortunately) to make sure nobody is working on your SSN, checking to make sure no other person is registered for health insurance under your identity.
    Some websites:
    www.identitytheft.gov [identitytheft.gov]

    www.ssa.gov/pubs/EN-05-10064.pdf [ssa.gov]

    • by Kjella ( 173770 )

      I am a lawyer barred in NY.

      I assume this means you've passed the bar exam or something. Tip: This is a very weird expression to a non-lawyer. On my first read it was like are you barred from practicing in NY and why would you be broadcasting that on the Internet. I'm sure it has a very cromulent meaning in legalese, but I wouldn't use it around laymen.

    • I am a lawyer barred in NY.

      To a lot of people this will sound like you're prohibited from practicing in NY, the opposite of what I think you intended to convey.

    • Sorry. Different way of saying I am admitted to practice law in the State of New York.

  • Geographic info would help here. If you're in the USA call your state Attorney General office. They might investigate, or you might add info to an existing investigation.

  • Hunt them down and kill them.

  • by burningcpu ( 1234256 ) on Saturday November 16, 2019 @09:00PM (#59421662)
    The data, is uh, out there. Take someone else's!
  • If I get a call from my bank, I take two steps... (1) before giving a single piece of information, I ask them to verify THEIR identity, by asking them to tell me the dollar value and paste of several transactions. This is step is just for fun. (2) then I tell them I'm going to hang up right now and call the bank's published number, and I am them which department I should ask to transfer to.

    I'm being a bit of a keen to ask the bank person to verify their identity when I plan to hang up anyway, but I think it

  • And never say the word "Yes" They record and play back later to prove you agreed to stuff.

    For this kind of thing I answer question they desire but provide false information. My middle name? Sure, it's Donald. My zip code? 90120.

  • Nobody can steal your identity. Your name is part of your identity. This is publically shared to begin with, and is not a theftable thing. The rest of your identity is you. This is not currently theftable either (though deepfakes is rapidly making inroads on a facsimile thereof). What people can steal are your credentials. Your credentials are not even your own property. Check your TOS fine print from the issuing institution.

    What can you do to prevent the theft of credentials that aren't even yours, but are

    • Nobody can steal your identity. Your name is part of your identity. This is publically shared to begin with, and is not a theftable thing. The rest of your identity is you. This is not currently theftable either (though deepfakes is rapidly making inroads on a facsimile thereof). What people can steal are your credentials. Your credentials are not even your own property. Check your TOS fine print from the issuing institution.

      What can you do to prevent the theft of credentials that aren't even yours, but are nevertheless somehow "about" you? Not nearly as much as you might wish to think. However, if we insisted on talking about credential theft, instead of identity theft, we might actually get a useful conversation off the ground.

      It's referred to as "identity theft" because it relate to personally identifiable information. Name, social security number, birth date, address, age, mothers maiden name, employer, etc. All used to open lines of credit or other financial accounts.

      None of which are "credentials".

    • Nobody can steal your identity. Your name is part of your identity. ... What people can steal are your credentials.

      That's a distinction without a difference in this discussion. For most transactions, your credentials ARE your "identity".

    • Pedantry doesn't work most times. This is one such.
  • Find them and kill them - no one has ever been convicted of suicide...

  • Find them.
    Then kill them.
    And don't be stupid and get caught. You have decent odds of getting away with it in a sort of 'strangers on a train' sense, as you have no actual connection with them.

    I'm absolutely serious.

    Until there's ACTUAL real consequences (since chance of them getting caught is nearly zero, and the punishments handed out are absolutely trivial) that they have to take into consideration ("In the news today, another identity thief was found apparently badly tortured before being decapitated in

  • Did you get their names? What I would do is call your bank using a number you know is theirs, such as the toll free number from their website. Then ask if these people work there. The bank should also have a record of all phone calls they placed to you. I would ask them if they placed any such calls on such-and-such date.

    Log into your bank account daily, to check for activity. Make sure you use 2-factor authentication if your bank supports it. Many banks allow you to set up alerts to monitor activity
  • 1. Carefully try to remember all your personal details and enter them in a Word document. Be sure to include your SSN, address, bio data, stuff like that.
    2. Email me the document for safekeeping.
    3. Take a vacation in Tahiti somewhere.

  • I just got a return to sender with 8 marijuana vape cartridges in it. Someone on Ebay is using my name and address to ship MJ out. It's scary because my job requires clearance, which could be lost if I got wrapped up in some drugs by mail bs. I called the postal inspector, he came by my house and picked the package up.

  • I wrote this after suffering through several attempts, some successful, to get into my bank accounts. https://www.ghostwheel.com/201... [ghostwheel.com]
  • Steal *his* identity back!
  • "now I realize that I have the caller's phone number"

    Bless your innocent heart that you think this matters in a world of throwaway phones, phone cards and spoofing.

  • ... my bank (Amazon, insurance, etc.) sends me an email and asks me to call the number of record for them or to bypass the email and simply log in to their website as I normally do.

    For phone calls, I just ask that they email me at my email of record or send a letter to my address on record.

    For suspicious emails, (mostly bank-related) I call the bank. Most times they tell me the mail is bogus and they've been getting a lot of calls about it.

  • No bank, government agency or other institution is going to call you up and ask you for information they already have. Period.

    If you get a call from someone pretending to be from such an agency just hang up. If you think it might be legit, get their name then hang up and call them using their normal phone number you confirm from a past bill, statement, the phone book, internet, etc.

  • by twocows ( 1216842 ) on Monday November 18, 2019 @01:23PM (#59427128)
    This sounds like a drive by. They got a database of information from somewhere that has your name in it and they're calling every number in that database and trying this same scam on them. They're going for the low hanging fruit, which would be whoever falls for the scam, and ignoring everyone else as too much effort for not enough return.

    For drive-by scams like this, just report the information to whatever federal agency investigates it, I can't remember. Make sure you're following basic security practice. Don't reuse passwords or use weak passwords on important sites like your email or bank account. Make sure your recovery information is accurate and up to date. Make doubly sure your email is secure, as your email is usually the keys to the kingdom. Try not to use a phone as your second factor, as they're particularly vulnerable to port-out scams (which target your cell provider, not you) -- use a yubikey or something if the option's there. Even if you call your cell provider and try to tell them not to port out under any circumstances, there's no guarantee they'll bother honoring your request (and in fact I remember hearing about an incident where they didn't and a port-out scam happened despite precautions being taken).

    If you believe that you are being individually targeted for some reason (e.g. you're a celebrity, CEO, government official, etc.), you really need professional help and any advice I could give would be insufficient. What I can say is that if someone is targeting you and knows what they're doing, basic security practice is necessary but insufficient. Even if you do just about everything right (and you should try to), there are often things beyond your control that can be exploited. You should still try to prevent compromise to the best of your ability, but don't rely on that alone -- come up with an "account compromise" recovery plan. Figure out how you're going to recover if X system gets compromised, if Y system gets compromised, etc. You may also want to make the trade away from convenience and toward security -- something like a credit freeze may help prevent people from taking out new lines of credit in your name. And again, get professional help.

You know you've landed gear-up when it takes full power to taxi.

Working...