Ask Slashdot: What Should You Do If Someone's Trying To Steal Your Identity? 146
Long-time Slashdot reader shanen "just got the darnedest phone call..."
The caller knew my name and the name of a bank that I've done business with, and obviously my phone number, but beyond that I have no idea what was going on... There is no problem with my account. She was quite clear about that, but she had no clear reason for calling. As I got more and more suspicious, she asked me to wait and she eventually transferred the call to a man, who claimed to be a manager at the bank, but the entire thing stinks to high heaven.
All I could think of was to suggest that I call him back, but he was apparently unable to provide a phone number that I could independently verify. Why not give me the bank's phone number that I could check on the Internet? One would think that I could then transfer to his extension. After almost nine minutes I just hung up, and now I realize that I have the caller's phone number, but that isn't definitive evidence of anything. A scammer might know that blocking the phone number would have made things more suspicious...
So what should I have done? Do you have any similar experiences to share? Or have I missed warnings about some new scam that's going around? Now I realize that they could start from names and phone numbers and just guess for the largest banks. Maybe I got suspicious too quickly, before she could start asking for the personal information she was really after?
The original submission also includes this question: "If it's an identity theft in progress, then I want to stop it and fast, but how can I tell what's going on?" So leave your own thoughts in the comments.
What should you do if you think someone is trying to steal your identity?
All I could think of was to suggest that I call him back, but he was apparently unable to provide a phone number that I could independently verify. Why not give me the bank's phone number that I could check on the Internet? One would think that I could then transfer to his extension. After almost nine minutes I just hung up, and now I realize that I have the caller's phone number, but that isn't definitive evidence of anything. A scammer might know that blocking the phone number would have made things more suspicious...
So what should I have done? Do you have any similar experiences to share? Or have I missed warnings about some new scam that's going around? Now I realize that they could start from names and phone numbers and just guess for the largest banks. Maybe I got suspicious too quickly, before she could start asking for the personal information she was really after?
The original submission also includes this question: "If it's an identity theft in progress, then I want to stop it and fast, but how can I tell what's going on?" So leave your own thoughts in the comments.
What should you do if you think someone is trying to steal your identity?
Identity theft is not a joke (Score:2, Funny)
Fact: Bears eat beets.
Re: (Score:2)
https://www.urbandictionary.co... [urbandictionary.com]
Re: (Score:2)
Bear showed up at neighbours, ripped up and ate the carrots and ignored the beets.
Re: Identity theft is not a joke (Score:2, Flamebait)
Why does slashdot make me scroll through this crap. Why cant there be a link near the trolls name that I can click on to collapse the long spam.
Re: Identity theft is not a joke (Score:4, Funny)
Re: (Score:3)
I need a printer that can print in two ply so I can put shit like this to a proper use.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Too bad /. doesn't have a lameness filter anymore.
Re: (Score:2)
So your a ace at confusing and bamboozling?
Proof of Identity (Score:5, Informative)
I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained. This is because of privacy laws. So not immediately disclosing the reason for the call is not a sign it's a scam - what if someone else picks up your phone? You don't really want a bank or government agency blabbing your situation or details to a random stranger if someone else picks up or if you changed your phone number.
However, not giving you a phone number that you can call back on IS a red flag. If they're calling you, you should ask for their full name and the city their located in at least, if they're legit. Also ask them if they work directly for the bank or if they're a third party contractor. Many if not most call center staff are contractors, even if they're in the US. Also, caller ID can be easily spoofed with software. Never trust the veracity of caller ID.
Re:Proof of Identity (Score:5, Informative)
To give you an idea of *typical* scams, they don't tend to go in all wishy-washy about what the call is actually about, they're very specific because they want to create an urgency of action. i.e. there are tax scammers who will ring you and without doing any ID checking say they're from the IRS and you owe $11,000 and you have to pay RIGHT NOW because the police are literally on their way around to your house to arrest you. And you have to pay by Google Play Cards or Bitcoin, because these are, apparently, the only forms of currency the IRS accepts.
Usually, phone scams play on either greed or fear. Pure phishing scams tend to be via email, not the phone. It just takes too much time to call people manually for the results, vs spamming millions of emails and seeing who replies.
Comment removed (Score:5, Interesting)
Re: (Score:3)
I once got a callback number to their call center (I made sure it was a US number before calling it back), and spent the next 90 minutes calling again and again and fucking with them.
I think the one I really got them with was the one where I kept sobbing uncontrollably and begging them not to take my money since I could barely afford "my medication". The person on the other end actually sounded really depressed by the end and said he'd take care of it and my "tax bill" would be written off. I'm really hopin
Re: (Score:3)
They get extremely angry, and I'm hoping I can make one of the bastards rupture an aneurism someday.
-jcr
I got a call along the lines of "your computer is put out error message packet we need your password", a few years ago. Usually I tell them they've called a Buddhist monastery, we don't have any computers, and they hang up; this guy was persistent and i made the mistake of taunting him. He gave my number to all of his friends, and I got scam calls daily for about six months. Then I took out the land line phone.
Re: (Score:2)
I jerk the tax scammers around a bit, and then I make sure to call them a "chandala". It takes them a couple of seconds to recognize that I've just called them "untouchable" in their own language. They get extremely angry, and I'm hoping I can make one of the bastards rupture an aneurism someday.
I'll chit-chat for awhile, acting a little confused, then ask them if their mother is proud that her son is a thief.
Re: (Score:2)
Identity theft from a data breach (Score:2)
Yeah if the scammer is trying to get you to send money, they tend to be pretty clear about that.
I'm thinking this may be a different scam, one based on data breach that didn't have passwords or other key data. With just names and phone numbers breached from a bank, a good scammer can call people and sound like they are calling from the bank. Just the bit of using your name right off and using the name of the bank makes it sound different from most scams. The goal of the scammer is get more information fro
Re: Identity theft from a data breach (Score:3, Interesting)
Re: (Score:2)
Usually, phone scams play on either greed or fear. Pure phishing scams tend to be via email, not the phone. It just takes too much time to call people manually for the results, vs spamming millions of emails and seeing who replies.
When it comes to "spear-phishing" a phone call is often times ideal.
Re:Proof of Identity (Score:5, Insightful)
I had some trouble with my ISP a while ago, and at one point they had to call me back. They tried to do the usual identification thing, asking for name, address, etc.
I stopped them and told them I wouldn't give those details to anyone who'd called me. The person I was speaking to was surprised and actually thanked me for pointing out a problem with their call-flow.
In these situations, when you are called and then prompted for personal details, you should not give them until YOU can identify who is calling. In the call above, I wound up getting an extension number to use on their main line, so I could call them and establish security.
Since then, they've changed their policy such that you can verify them, and then safely give details (and of course, calling number ID is NOT verification).
Re: (Score:2)
You reminded me of a particularly hideous "security" practice from my former phone company. Each time I called them, even when the problem wasn't specific to my account, and even though they could see my phone number, they insisted going through a flimsy proof-of-identity process with several vulnerabilities. But the cherry on top was insisting on hearing my PIN spoken out loud.
No longer my phone company. But it's still one of the top three, which says something about the customers.
And now I've reminded mys
Re: (Score:3)
"You reminded me of a particularly hideous "security" practice from my former phone company. Each time I called them, even when the problem wasn't specific to my account, and even though they could see my phone number, they insisted going through a flimsy proof-of-identity process with several vulnerabilities. But the cherry on top was insisting on hearing my PIN spoken out loud."
Funny thing about an Apple TV (the physical device). You can speak your password into the remote...but yet it'll still bullet th
Re: (Score:2)
I've had a similar comedy conversation with my bank's fraud prevention team.
They seemed bewildered that I was refusing to give them ID verification information on the call they made to me, so when I rang back I left them some helpful feedback too.
Re: (Score:3)
My niece got one of those calls on her voicemail. My brother called them back, on speakerphone in his office, and they quoted IRS code to him. He asked why does the death return filing requirements apply to him. They threatened to come to his office and arrest him. He gave them his office address, at his IRS field office. He is an auditor for the IRS.
Re: (Score:2)
Man, I had one of these just the other day, they pronounced my name so perfectly that I should have known 100% they were a scammer!
Call went:
Me: Hello speaking.
Scammer: We are HM something or other. We are calling to tell you you are being investigated for tax fraud.
Me: OK can you verify who you are or I won't be able to give you any info.
Them: (pissed off big time already) we are sending out a warrant for your arrest.
Me: Like wtf, that's it?
Them: Hung up
Me: Rather worried since I just got a new passport t
Re: (Score:3)
Well if you called me and refused to disclose what the call is about I would immediately hang up.
Re: (Score:2)
Sure, but that's not my problem, it's yours.
I still get paid per hour.
Re: (Score:2)
... whereas the people I'm calling end up getting penalties or fines if they don't do whatever it is that the government agency wants them to do. Sure, I'll do my best to let the people know what it's about, but if they hang up, it's not my problem anymore.
Re: (Score:2)
What communist country government do you represent? Remind me never to do business with anyone from that country.
Re: (Score:2)
Re: (Score:2)
Apart from the phrase being "malice aforethought" (meaning premeditated) - why are you blaming the state government for you not concluding your affairs in the state before, or as you moved? Why would you "throw out" your old plates instead of returning them and (perhaps only in sane states) getting the registration refund? Take responsibility for your own actions here.
Re: (Score:2)
PA doesn't forward either and its because your registered address with then is to be your current, valid address.
It's not their fault you screwed up and didn't do what you are required to do. This also helps avoid those who try to register their car in another state they don't actually reside in just to avoid certain requirements of the state they actually do reside and have the vehicle in.
Re: (Score:2)
I still get paid per hour.
Not if you don't make your quota. You get fired.
Re: (Score:3)
They are welcome to steal my identity... all they'll get is arrested for all my crimes and misdemeanors :-) The joke's on them Ha ha ha !
Re: (Score:2)
Well if you called me and refused to disclose what the call is about I would immediately hang up.
As would most people. This scheme is indefensibly stupid.
Re: (Score:3, Insightful)
I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained.
How do you prove your identity to the person you're calling? If I receive a phone call from someone claiming to be from a government agency, bank, phone company, etc, asking me to provide personal information to prove MY identity, I assume that it's a scam, unless the caller can first prove THEIR identity. I don't blab my details to a random stranger that rings me up.
Re: (Score:2)
How can you actually "prove" your identity however? Certainly not on a single call. We could give all the details and you can google them and they check out. However, how would you know that I didn't just google the same details?
Conversely we could prove we have YOUR details by disclosing them over the phone before we've confirmed who we're speaking to, but that would be a *serious* legal breach right there. It's a sackable offense.
What we do in practice is ask the ID questions and if the person is happy to
Re: (Score:2)
Anyone calling me that I don't know I don't affirm my name. They ask, I ask for theirs and info. I don't get it, I tell them to screw off and hang up.
They never talked to me. Nondisclosure can work both ways. If you say "We can prove we called.", I say, you cannot prove you spoke to *me*.
It is not hard. (Score:2, Insightful)
First, ask for a callback number, write that down. Then make sure you know exactly who they represent. Is it your bank? The IRS? A police department for a specific city? Find out exactly who they claim to be.
Then, hang up, and look up the official phone number for that institution. You should already know a phone number for your bank. All your credit cards have customer service numbers on them too. The IRS, every police department, etc., all have official websites that have phone numbers.
Call them u
Re: (Score:2)
Uh... That is exactly what I tried to do after the manager came on the line. The inability to make progress was why I hung up.
Re:Proof of Identity (Score:5, Interesting)
Deeper threat of fake voices (Score:2)
I'd give you the other insightful mod point if I could. That really does go to the heart of the issue. I only spotted your comment because of my "extra" interest in the topic.
The fractured answer is that I prefer to be called by people I know, but that makes me accessible to anyone who can get the phone number. I accept that there are cases when there are legitimate reasons for someone I don't know to call me. I focused on the distinction between illegitimate and legitimate reasons for someone to call me. I
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm accustomed to tedious (and often automated with annoying recorded menus) proof-of-identity procedures when I call a bank or other business to ask about my account. After all, I could be anyone calling in from anywhere.
However in this case the caller was working with a strong presumption of knowing who I was, and my identity was "established" quite early in the call. By the time I started to wonder what was wrong I was already getting fuzzy about how the call had started.
Upon reflection, I think my next
Re: (Score:2)
"However it's possibly they will be able to say something about the phone number the call seemed to come from."
It is unlikely that anyone will go to the trouble and expense of finding out the circuit from which the call originated. The information displayed to you, the "Caller ID", is an advertizing euphemism for "whatever the caller wants to display" and has nothing whatsoever to do with identification of the caller.
The telephone companies did this deliberately when they introduced the feature because the
Re:Proof of Identity (Score:4, Informative)
I'm accustomed to tedious (and often automated with annoying recorded menus) proof-of-identity procedures when I call a bank or other business to ask about my account. After all, I could be anyone calling in from anywhere.
Exactly but YOU initiated the call, you knew the number you dialed. In these cases it is perfectly fine to identify ones self. It doesn't work the other way around.
Never verify personal details on an incoming call.
Re: (Score:3)
I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained. This is because of privacy laws.
The trouble with this approach is there's no way one should go through any kind of proof-of-identity process for a call originated by the bank/business/government/scammer. The most I'll do in those circumstances is ask for a name and department at the organisation, then say I'll call them back on a published number (not one given by the caller) and ask to be transferred within the organisation.
No security conscious organisation would ever call you, then ask you to reveal your security information.
Re: (Score:3)
I work in a call center for a government client. We're not allowed to disclose what a call is about until after proof of identity is obtained.
And I'm not about to give to you the details to prove who I am, when _you_ called _me_ and I don't know who you are. How is the bank proving _their_ identity? If I answer all those "prove your identity" questions to a scammer who calls me, then that scammer can "prove" he is me.
Stalemate.
Re: (Score:2)
I've just gotten in the habit of never answering calls that are not on my contacts list. If the call is important, they can leave a message, and I can google the calling number and any number they leave to see if its official or a scam. This has solved 98% of the problem calls.
I moved from one state to another 5 years ago, but kept the number. Nobody I know calls me from my old location. So people spoofing my area code and prefix to make it look like a neighbor I automatically know are spammers and scam
Change Your Name (Score:5, Interesting)
Keep in mind, indentity theft is a lie put out by scummy credit card companies. The criminal is targeting the seller and not you, they scam the seller and not you, they misrepresent themselves and trick the seller into allowing that credit purchase. Reality is, as far as you are legally concerned, the seller is trying to defraud you, cheat you, steal money from you. By law, the seller is guilty of fraudulent credit charges until they can prove they were cheated. Hence the credit card company lie, who would accept credit card if the law was properly applied, so the BIG LIE. You are fully entitled to make legally claim against all individuals and companies who accepted the false indentity, who cheated you, how falsely applied charges against you. Expect nothing from corporate main stream media, they are fully 100% in support of the lie. Honestly, lawyer and police up and demand those who accepted the false identity be charged with credit fraud until they can prove in court they were cheated. It is not up to you to prove anything, they have to prove you authorised the payment and they can not, then they are charged with fraud, you do not have to prove someone falsely tricked them with your identity.
The alternate have a globally unique name and any attempt at false use stands out immediately. Your name can not be at two places at once. Really though, going nuts with the lawyer and target everyone who defrauded you by being greedy gullible idiots, pays the price of the harm THEY CAUSED YOU (the person who used your identity did nothing to you, they tricked the seller, well at least that is the sellers claim, by law they defrauded you and illegally applied false charges to your credit card.)
Re:Change Your Name (Score:5, Interesting)
If credit card companies actually gave a rat's ass about fraud, it would have been solved ten years ago. Everything from having an e-Ink display on credit cards that functions as an OTP code generator for card-not-present transactions to actual chip-and-PIN which is enforced everywhere. We would have seen a universal payment system like Apple Pay, built into SIM cards, instead of phones, (ironically that tech is baked into every SIM card since 2014 due to SoftCard), which used with NFC, would guarentee that skimmers would not work.
The tech is out there. It is a matter of "security has no ROI", or "won't" than "can't".
Re: (Score:2)
This goes right back to what OP posted. The credit card companies don't give a rat's ass about fraud because they've successfully managed to shift all the cost of fraud onto the merchants. When you dispute a charge with the credit card company, they don't give you your money back. They ask the merchant to prove the purchase was actually made by you. If the merchant can't, they simply take the money a
Re: (Score:2)
Chip and pin is equally a scam to get rid of liability. The US is enforcing chip transaction and Europe is rife with Chip and PIN clones and scams that make the credit card holder liable for fraud.
Destroy the chip, after three times you can swipe and get back the protection against fraudulent charges.
Re: (Score:2)
Sure they do...
It's only in backwards third world countries where they still just have you make a random mark with a pen. Anywhere else you actually have to enter the correct PIN for the card or the transaction won't process.
Re: Change Your Name (Score:3)
Try coming to Europe then... Both my credit and debit cards have been chip and pin with a requirement for using the pin for any cardholder present transaction for over a decade now. Actually that is not strictly true for the last few years you have been able to do contactless for limited value transactions (£30 here in the UK, was £20 originally) using both credit and debit cards. Apple pay and equivalents are attempts to fix a third world payment system. I have only ever seen one p
Re: (Score:3)
Re: (Score:2)
It is not up to you to prove anything, they have to prove you authorised the payment and they can not, then they are charged with fraud, you do not have to prove someone falsely tricked them with your identity.
Why does this sound like your fantasy of how the world should work, instead of how it actually works? The truth is that there's a huge abyss between "guilty beyond a reasonable doubt" and a provably false accusation "beyond a reasonable doubt" where the legal system will do nothing at all. If somebody tried to use your credit card, maybe they'll get caught and punished. But the store who took the credit card info and tried to collect? Not if hell froze over. Show me one court case where the vendor was convi
Re: (Score:2)
Precisely. There is no such thing as "Identity Theft". The crime is called "impersonation". And if someone impersonates you and a third-party relies on this "impersonation" then the fault and the risk and the liability lies solely and entirely with that third-party. You are not involved at all. However, if that third-party then makes claims against you, then that third-party is committing the crime of fraud and can be jailed of fined for that offence (not only that but you have cause for a civil action
Re: (Score:2)
In any event of the cause, the person who was "impersonated" is unaffected and not responsible for the actions perpetrated/carried out by the third-parties.
Not legally responsible, sure. Unaffected, that's just retarded.
Identity theft - impersonation if you prefer - can fuck up your life in all sorts of ways. That's kind of affected.
I tell them about Pete Buttigieg for President (Score:3)
Whenever I want to end a conversation, I bring up the potential presidential greatness of Pete Buttigieg. Some people actually run away.
Hope you didn't say "yes" to anything (Score:4, Interesting)
There are phone scams where phishers call you, already armed with some personal information, and ask you a series of Yes/No questions like this. They're not actually after any more information - they're after a recording of you saying "Yes" to something or "I understand".
How's that useful?
A growing number of over-the-phone services have a practice of playing a EULA/Terms and Conditions loop over the phone to you and then record you saying "Yes" or "I understand" in response as a voice authorization. The phishers just play back their recording of you saying "Yes" or "I understand" and hey, presto, suddenly you're on the line for some payments. Unless the call center records the entire conversation it's very difficult to extricate yourself from the problems that these services create.
Sorry to be the bearer of bad news. At this stage I'd recommend calling your regular bank(s) and alerting them to the call so that their Fraud Watch teams are more likely to act positively.
Re:Hope you didn't say "yes" to anything (Score:5, Interesting)
This is actually a myth - there's been no recorded cases of this ever being used for anything. There's a lot of breathless warnings, but no actual cases. There's not a lot of point anyway - that kind of evidence wouldn't hold up in any court since it'd be pretty obvious it's manipulated, the scammers would have to actually show up in court which isn't their goal (they just want to make a quick getaway) and if they wanted to try to use your voice recording to sign up for other services... why? Those other services wouldn't authenticate a voice anyway, and if they have enough personal info to sign up for them then they don't need a recording of you saying yes anyway.
The best guess for those "Can you hear me now?" calls is that it's mainly being used to authenticate that there's an actual person on the line and not one of the various scambait bots.
Re: (Score:2)
That's a stupid urban legend.
Re: (Score:2)
What exactly is a "legal signature" anyway? The idea that making a random mark with a pen proves anything is ridiculous, and even easier to forge than the voice recognition.
Just phishing (Score:2)
Same as any other scammer (Score:4, Insightful)
Either you play with them, keep them on the line as long as possible while feeding them more and more outrageous lies... or hang up on them.
Re: (Score:3)
Have some fun with them.
"Are you on a company line?"
"You're in violation of communication procedures, Condor."
"What's the level of the damage?"
"Are you armed?"
"Find a secure location. Avoid any place you are known. Surface again in two hours and call the Major."
hopeless (Score:2)
Even “good” banks have huge issues in establishing a trust relationship in communications. Chase has this miserable “secure” mail system... which essentially gives you a random third party link to click and no contextual information to decide if the request might be valid. The phone support agents don’t know security, they just have their procedures.
I am of the opinion that identity theft is not my problem if I have taken reasonable measures to protect my information. Account t
Re: (Score:2)
This is one reason why I find it reprehensible that Google's SMS replacement, RCS, is an insecure protocol, which (AFIAK) can be spoofed. We desparately need something end to end on all devices that has solid authentication, and preferably encryption. This way, if a bank sends a code to a user via their phone number, the user knows the number came from the bank, and that nobody in between could have obtained that number.
A secure SMS replacement would greatly increase security overall.
Re: (Score:2)
Additional information and lack thereof? (Score:2)
Hmm... Well that was written in the heat of the moment, but looking it over, I see I wasn't clear about one important aspect. I had expressed my concerns about her apparent lack of a reason for calling me, which was her reason for passing the call she had initiated to her manager. I think it is obvious that I was even more clear about my increasing suspicions when talking to him. He still didn't come up with a reason to "greet" a random customer.
At the time I couldn't decide what to do, so I wrote up these
Re: (Score:2)
Whoops. Now I see that at the beginning of my comment about this topic I should have been more explicit than "that was written in the heat of the moment". When I started writing my reply this submission had just been posted and I thought my clarification was going to be close to the original submission, so the "that" would be an obvious reference to what I wrote several days ago.
However, by the time I had finished collecting my tedious thoughts they wound up way down here.
This question calls for legal advice! (Score:3)
If you have been a victim of identity theft you should talk to a lawyer. I am a lawyer barred in NY. This is not my specialty. Here is some information; this is not legal advice. Some options for actions include filing a police report, contacting the IRS to put a pin code for your taxes, contacting the FTC, contacting the Social Security Administration (in person unfortunately) to make sure nobody is working on your SSN, checking to make sure no other person is registered for health insurance under your identity.
Some websites:
www.identitytheft.gov [identitytheft.gov]
www.ssa.gov/pubs/EN-05-10064.pdf [ssa.gov]
Re: (Score:3)
I am a lawyer barred in NY.
I assume this means you've passed the bar exam or something. Tip: This is a very weird expression to a non-lawyer. On my first read it was like are you barred from practicing in NY and why would you be broadcasting that on the Internet. I'm sure it has a very cromulent meaning in legalese, but I wouldn't use it around laymen.
Re: (Score:2)
I am a lawyer barred in NY.
To a lot of people this will sound like you're prohibited from practicing in NY, the opposite of what I think you intended to convey.
Re: (Score:2)
Sorry. Different way of saying I am admitted to practice law in the State of New York.
Call the state AG (Score:2)
Geographic info would help here. If you're in the USA call your state Attorney General office. They might investigate, or you might add info to an existing investigation.
What to do? (Score:2, Funny)
Hunt them down and kill them.
musical chairs (Score:3)
Ask them to verify their identity (Score:2)
If I get a call from my bank, I take two steps... (1) before giving a single piece of information, I ask them to verify THEIR identity, by asking them to tell me the dollar value and paste of several transactions. This is step is just for fun. (2) then I tell them I'm going to hang up right now and call the bank's published number, and I am them which department I should ask to transfer to.
I'm being a bit of a keen to ask the bank person to verify their identity when I plan to hang up anyway, but I think it
Provide false information (Score:2)
And never say the word "Yes" They record and play back later to prove you agreed to stuff.
For this kind of thing I answer question they desire but provide false information. My middle name? Sure, it's Donald. My zip code? 90120.
there is no such thing as identity theft (Score:2)
Nobody can steal your identity. Your name is part of your identity. This is publically shared to begin with, and is not a theftable thing. The rest of your identity is you. This is not currently theftable either (though deepfakes is rapidly making inroads on a facsimile thereof). What people can steal are your credentials. Your credentials are not even your own property. Check your TOS fine print from the issuing institution.
What can you do to prevent the theft of credentials that aren't even yours, but are
Re: (Score:2)
Nobody can steal your identity. Your name is part of your identity. This is publically shared to begin with, and is not a theftable thing. The rest of your identity is you. This is not currently theftable either (though deepfakes is rapidly making inroads on a facsimile thereof). What people can steal are your credentials. Your credentials are not even your own property. Check your TOS fine print from the issuing institution.
What can you do to prevent the theft of credentials that aren't even yours, but are nevertheless somehow "about" you? Not nearly as much as you might wish to think. However, if we insisted on talking about credential theft, instead of identity theft, we might actually get a useful conversation off the ground.
It's referred to as "identity theft" because it relate to personally identifiable information. Name, social security number, birth date, address, age, mothers maiden name, employer, etc. All used to open lines of credit or other financial accounts.
None of which are "credentials".
Re: (Score:2)
Nobody can steal your identity. Your name is part of your identity. ... What people can steal are your credentials.
That's a distinction without a difference in this discussion. For most transactions, your credentials ARE your "identity".
Re: (Score:2)
If they steal your Identity (Score:2)
Find them and kill them - no one has ever been convicted of suicide...
Simple (Score:2)
Find them.
Then kill them.
And don't be stupid and get caught. You have decent odds of getting away with it in a sort of 'strangers on a train' sense, as you have no actual connection with them.
I'm absolutely serious.
Until there's ACTUAL real consequences (since chance of them getting caught is nearly zero, and the punishments handed out are absolutely trivial) that they have to take into consideration ("In the news today, another identity thief was found apparently badly tortured before being decapitated in
Call the bank and ask if they called you (Score:2)
Log into your bank account daily, to check for activity. Make sure you use 2-factor authentication if your bank supports it. Many banks allow you to set up alerts to monitor activity
Do this (Score:2)
1. Carefully try to remember all your personal details and enter them in a Word document. Be sure to include your SSN, address, bio data, stuff like that.
2. Email me the document for safekeeping.
3. Take a vacation in Tahiti somewhere.
I just got a return to sender (Score:2)
I just got a return to sender with 8 marijuana vape cartridges in it. Someone on Ebay is using my name and address to ship MJ out. It's scary because my job requires clearance, which could be lost if I got wrapped up in some drugs by mail bs. I called the postal inspector, he came by my house and picked the package up.
Here are some suggestions that might help (Score:2)
Isn't it obvious? (Score:2)
Oh my (Score:2)
"now I realize that I have the caller's phone number"
Bless your innocent heart that you think this matters in a world of throwaway phones, phone cards and spoofing.
For legitimate problems ... (Score:2)
... my bank (Amazon, insurance, etc.) sends me an email and asks me to call the number of record for them or to bypass the email and simply log in to their website as I normally do.
For phone calls, I just ask that they email me at my email of record or send a letter to my address on record.
For suspicious emails, (mostly bank-related) I call the bank. Most times they tell me the mail is bogus and they've been getting a lot of calls about it.
It's a trap^h^h^h^h^h scam (Score:2)
No bank, government agency or other institution is going to call you up and ask you for information they already have. Period.
If you get a call from someone pretending to be from such an agency just hang up. If you think it might be legit, get their name then hang up and call them using their normal phone number you confirm from a past bill, statement, the phone book, internet, etc.
Depends on the circumstances (Score:4)
For drive-by scams like this, just report the information to whatever federal agency investigates it, I can't remember. Make sure you're following basic security practice. Don't reuse passwords or use weak passwords on important sites like your email or bank account. Make sure your recovery information is accurate and up to date. Make doubly sure your email is secure, as your email is usually the keys to the kingdom. Try not to use a phone as your second factor, as they're particularly vulnerable to port-out scams (which target your cell provider, not you) -- use a yubikey or something if the option's there. Even if you call your cell provider and try to tell them not to port out under any circumstances, there's no guarantee they'll bother honoring your request (and in fact I remember hearing about an incident where they didn't and a port-out scam happened despite precautions being taken).
If you believe that you are being individually targeted for some reason (e.g. you're a celebrity, CEO, government official, etc.), you really need professional help and any advice I could give would be insufficient. What I can say is that if someone is targeting you and knows what they're doing, basic security practice is necessary but insufficient. Even if you do just about everything right (and you should try to), there are often things beyond your control that can be exploited. You should still try to prevent compromise to the best of your ability, but don't rely on that alone -- come up with an "account compromise" recovery plan. Figure out how you're going to recover if X system gets compromised, if Y system gets compromised, etc. You may also want to make the trade away from convenience and toward security -- something like a credit freeze may help prevent people from taking out new lines of credit in your name. And again, get professional help.
Re: (Score:2)
Or they just guess randomly...
I've had phishing calls where they call claiming to be from a bank that's widely used here, but which i personally don't have an account with.
There's usually only a handful of big banks in each country, so you have pretty good odds of hitting someone who has an account.