Identity Theft: What Not To Do
As some of you know, I’m a moderator for AccessifyForum. Basically what this entails is trying to delete spam posts from the forum, and attempting to prevent the more heated debates from turning into blazing arguments and personal attacks. I’m probably moderately successful on both counts.
Except today, I noticed a rather odd piece of spam.
It was a set of details about someone who claimed they were “Seeking Good Paying Work”. It was in the “Commercial Events & Services” forum, so that’s initially in the right place. However, it didn’t appear to have anything to do with web design or accessibility, so I thought it was probably spam.
Even more bizarrely, I thought the person was possibly giving away too much information, with all of the following being listed in full:
- Name
- Date of Birth
- National Insurance Number
- Name as shown on bank account
- Bank sort code
- Bank Account Number
- Bank Address
- Home Address
- Mobile No
- Father’s Name
- Mother’s Name
- Employer
- Employer’s Address
- Current Earnings
- Qualifications
Erm…? Hadn’t they heard of identity theft? Surely no-one’s that stupid…?
On second thoughts, perhaps they are. It could really be any of the following:
- Someone is actually that stupid
- Some sort of attempt by the banks and/or police to try and ferret out who is involved in identity fraud (although if this is the case, aren’t they laying it on a touch thick?)
- Someone maliciously putting someone else’s bank details on line
- Some thinks-he’s-clever chap making up the details for a laugh
- Some other nefarious plot involving passing bank information about
So I’ve got it pegged somewhere between absolutely fucking stupid and some form of evil plot. Whatever, it’s a bad thing.
So I phoned up the relevant bank and had a quick word with one of their customer service advisors, suggesting that they might like to take a look at the account and/or block it:
Err… this is going to sound a bit stupid, but I’m a moderator for an online forum and it looks like someone’s posted their entire bank details online. I’ve marked the post so it is no longer publicly available, but obviously someone might already have the details, so I thought I’d better warn you…Me
Oh… I’m not really sure what to do here: I’ve not come across this sort of thing before. Can you hang on a minute while I speak to my supervisor?Call centre lady
So anyway, I gave them the details — including the IP address that the post had been made from, allowing them to track it back to an individual PC — and they said they would pass it onto their fraud team.
I’ve got to admit though, I’d really like to know: was it someone just making up details for a laugh (i.e. not a real account), was it some nefarious scheme, or was someone actually that stupid?
…and no, I wasn’t tempted!
But if it turns out I have foiled some nefarious plot, then some form of large financial reward would seem appropriate, don’t you think?
Hello. I am 
I’m glad you go the bank to at least pretend to be interested and take details (the way banks are treating people’s data these days I’m sceptical they will do anything about it).
When we started getting letters addressed to someone who didn’t live in the next door flat (it’s been empty since it was built 5 years ago) from the bank that clearly said payment overdue warning of court action through the plastic address window, I tried calling the bank in question to let them know someone may be trying to defraud them. They were not at all interested. They kept on send more and more letters and eventually we started getting debt collection and solicitors letter too, despite more futile attempts to stem the flow. Apparently, because of the Data Protection Act, they have to keep automatically sending letters and cannot do anything about it. Complete waste of paper, postage, etc.
[...] there was the story of the bizarre spam on AccessifyForum, where someone claiming to be looking for work seemed to think it necessary to post his name, [...]
“Even more bizarrely, I thought the person was possibly giving away too much information, with all of the following being listed in full”
Many of the “best” scams involve people who have created elaborate websites and or using the new and cheap voip phone systems to make them appear like large and legit companies.
The best pieces of advice I can give you are the following:
1. If you have never contacted the company before, do not give them personal information.
2. If you have never heard of the company before, do not give them personal information.
3. If they ask you to verify your password or personal information for “security” reasons, do not give it to them.
The easiest way to confirm if an email is a scam is that the “to” line will not be addressed directly to you. This is not always the case, but more than 95% of the time, phishing emails (phishing is the attempt to get you to give up your personal information) are sent to huge distrubiton lists. If you don’t see your email address in the to line, it is definitely a scam.
If someone calls you with some kind of legit sounding offer, ask them for their name, department name, phone number and extention. Most of the time they will hang up immediately. If they give you the information, DO NOT use it. Use your favorite search engine to find the 800 number for the company in question. Call that number and ask for the name of the employee or the extension number. If the person or extension exists, then the offer is legit.
If you would like some more information on how to prevent identity theft, I have written a guide for Top Internet Guides.com
Thanks,
Steve Warshaw
[Edited to remove email address]