Your cell phone rings. You look at the little window to find out who it is and the little window reports back that it is your bank.
“Good afternoon, ma’am, this is Jonathan from Wells Fargo Bank. It seems there might be a problem with your ATM card account. We think the account has been compromised and we recommend you reset your PIN. If you like, I can take care of that for you right now.”
Jonathan’s calm, saccharine voice, combined with the facts that he has the correct last four digits of your ATM card number and that your caller ID recognizes the bank as the source, all seem very credible. Except for the fact the Wells Fargo would never call its customers on the phone (nor send them E-mail) to update a PIN.
“The first thing everybody should know,” says Cathyann Frank, director of operations at McGraw-Hill Federal Credit Union, “is that 99.9 percent of the organizations they do business with would never call or send E-mail to confirm personal or account information.”
Frank will present “Identity Theft: The Silent Crime — How To Prevent, Protect, and Recover” on Wednesday, August 24, at 5:30 p.m. at the credit union’s office at 120 Windsor Center Drive in East Windsor. For information about this free event, call 800-226-6428, ext. 6513.
The telephone scam above probably is as old as telephones themselves, except for the part about the caller ID giving a real company as the source. Sophisticated computer programs allow crooks to label outgoing calls with whatever company they want to pretend they are calling from, says Frank. It is a relatively recent style of consumer scam called “vishing,” a variation of “phishing.”
In phishing, scammers send highly convincing E-mail notices purporting to be urgent messages from real organizations that have a broad customer pool — national banks, major insurance companies, mortgage agencies, etc. The logos and letterhead are dead ringers for the real thing and the message usually involves something about a compromised account and the need to change information. Vishing, a.k.a. “caller spoofing,” is simply the telephone version.
The thing to do in either event, says Frank, is to disregard and delete the message. In fact, in some vishing cases all you get is a message, with an 800 call-back number. The message simply states that there is an issue with your checking account (or whatever) and asks you to call a real-looking number.
If you want to check on your account, Frank says, never call back the number anyone leaves you. Instead, get a number from a statement or any other piece of mail and call that one. Odds are, you will be told that no one from the organization has called you.
#b#Back to basics#/b#. Vishing and phishing might sound sophisticated, but they at heart are just variations on age-old scams. They just use newer technologies to help mask certain red flags.
But even these scams are not where the big money is for thieves. Simplicity is at the fore in identity theft these days, says Frank. Now that the word is out about things like phishing and the various Nigerian scams, crooks are turning to unsophisticated, low-to-no-tech tactics. And they succeeded to the tune of 10 million identity theft victims in the United States last year alone.
“If you manipulate the basic stuff,” she says, “it’s very effective.”
#b#Shoulder surfing#/b#. The basic stuff starts, literally, with looking over your shoulder. You go to the ATM to punch in your PIN — the guy behind you sees the whole thing, then picks your pocket. Or you pull out your debit card to pay for your groceries and the woman lurking at the end of the line gets the card number when you set it down for a second too long.
The basics continue with things like stolen mail or computer equipment left on the curb. “How many times have you seen on 60 Minutes or some show about dumpster diving?” Frank asks. “Think about what [thieves] have gained if they get a piece of mail with your check in it. They know your name, your address, and your bank account number.”
A big problem area in the stolen mail end of identity theft, Frank says, is the mailbox at the end of a long driveway. People leave mortgage checks or bill payments in them before they go off to work. No one is home during the day and thieves know it. It also creates a problem in the reverse — legitimate credit card offers or similar mailings delivered to an address hours before anyone comes home to get it.
The easiest solution for keeping anyone from snitching your own checks, of course, is to stop putting them in the mailbox at the end of your driveway. To combat mail theft in general, though, Frank recommends setting up as many accounts as possible online. Keep paper from coming to your house as much as possible.
“If you’re waiting for your monthly statement, you’re waiting too long,” Frank says. “Somebody can easily clean out your whole account in a month.” Better, she says, to keep an eye on your accounts often and online.
Doing so will keep you alerted to the beginnings of ID theft, which Franks says often start with small purchases — maybe $50 for sunglasses, just to make sure the credit card is active. From there, she says, it just snowballs.
Though Frank herself has not been a victim of identity theft, her husband was. A 22-year Navy officer who now is the director of facilities at Brookdale Community College, Richard Frank did what any serviceman would do when traveling — book the military rate. He finished his career as the inspector general of the Military Sealift Command, which meant that he rented a lot of cars to get to a lot of places.
As a member of the military, Richard’s Social Security number and date of birth were on all his orders, which he needed to present in order to get the military rate.
What he didn’t know was that a guy at a rental car agency in Virginia had taken that info and sold it to someone in Texas, who had set up credit card accounts. The phony Richard Frank in Texas had run up about $4,500 worth of stuff before moving on, Cathyann says. And the couple had no idea until they went to buy a house and learned that Richard’s credit was shoddy.
“The FBI got involved because it was the military,” Frank says. “It took lawyers about six months to straighten out his credit report.”
Frank, whose father was a 21-year Army man, pays special attention to how identity theft affects military families. “If you know anyone in the military on active duty, make sure they do some proactive things to protect themselves,” she says. The main thing is to call credit card companies or banking institutions and put an active duty alert on your accounts. This will keep companies from soliciting you for two years and will put them on alert for unusual activity.
Frank was born in Georgia, but grew up in and around Army bases all over the country. She graduated from George Mason University in the late 1970s with a bachelor’s in civil engineering and political science. But she had married a Navy man, which made it impossible for her to meet the five-year residency requirement needed to become a civil engineer anywhere.
Instead, Frank used her engineering degree in commercial banking in the late ’70s and early ’80s, when banks had in-house engineers on their staffs to review projects and applications. She was among the collection of bankers who set up the first ATM systems in Charleston, South Carolina.
From there she and her husband “moved around a lot, to a lot of states on the Atlantic seaboard,” she says. She worked for builders in Maryland and banks in New England and the northeast, including First Union (which became Wachovia), and TD. The Franks settled in New Jersey a few years ago and Cathyann has been with McGraw-Hill FCU for a little more than two years.
As can be expected, her ties to the military are not in jeopardy. “My husband attended the Naval Academy,” she says. “We have season tickets to all the Navy [football] games.”