720-891-1663

Return to the list of client alerts

 

Not Using Online Accounts May Be More Dangerous Than Using Them

NOTE:  This alert applies to both businesses and their employees equally.

I’ve heard the story many times before: “I don’t do online banking because I don’t think it is safe” and “I don’t pay my bills online because I don’t trust it”.  or 7 different variants of this.

It turns out that the crooks have heard you and feel your pain.  Well sort of.  More like they abuse your pain.

Lets assume that you don’t do online banking or online shopping or online something else.

Is there anything to stop a crook from setting up an online ID tied to your credit card or electric company or whatever?

The short answer to this is no.

Over the last few years the U.S. Postal Service has created a service where you can create an account and request that they send you scanned images of all of your envelopes (just the outside;  they do not open your mail).

The U.S. Secret Service has issued a warning that the bad guys are signing up for this service in your name and then doing things like ordering credit cards.  The watch the images of the mail to see when the credit card or whatever is coming and then swing by and pick it up.  This reduces the chance of them getting caught because they only have to visit your mailbox once per scam.

I just signed up for the service.  I picked a random email address for the account and then it “verified” me.  Verification consists of a combination of out of wallet questions (which county have you lived in) to credit file questions (in 2014 you opened a car loan with ).  Of course with the theft of all of this information for 145.5 million Americans courtesy of Equifax, this information is not hard to come by and certainly does very little to prove anything.

After I did that, it took me to the “dashboard”.  It actually showed me the mail that I received for the past week, meaning that they are scanning the mail anyway, whether I (or a crook) sign up or not.

In this particular week there were new health insurance cards (the insurance company’s name is on the envelope).  That could be useful for medical ID fraud.

It also showed the packages I received and who they came from, including several from Amazon and one from a prescription drug service.  All the better to figure out when to swing by and steal your stuff.

While the Secret Service is picking on the Post Office right now, this applies to any online business.  Either you sign up or a crook can.

What should you do?

Whether you like it or not, sign up for an online account.  For every vendor that offers it.  EVERY. SINGLE. ONE!

Make the password complicated (write it down and store it securely if you need to or use a password safe software).

Turn on two factor authentication, if available.

Sometimes companies allow you to opt out or disable online services.  This is an alternative as long as the bad guy can’t easily turn it back on.

The Secret Service arrested seven people in Michigan in September who used this scheme to run up $400,00 in bogus credit card charges in unsuspecting victims names.  In this case, eventually, the victims were made whole, but they probably had to prove they were innocent.  Depending on the service the bad guys are attacking, this could be easy or hard to clear up and unlike credit cards, in many cases there is no federal or state law protecting you.  You could get charged with a crime and have to pay to defend yourself.  This is an example of where identity theft insurance comes in handy (I get it with my homeowner’s policy – $25,000 of coverage for, I think, $6 a year).

Information for this post came from Brian Krebs.