Marc Breitsprecher has an interesting tale to tell about an identity theft perpetrated against him recently on Facebook. A cyber-thief got control of his account and tried to trick Marc’s Facebook contacts into sending money. Fortunately, he had some savvy friends who alerted him to the situation, and he was able to block the perpetrator out.
Many people know that dangers lurk on the Internet, but they may think that they could not fall prey to them. Recently, a local businessman nearly had his identity stolen from right under his nose, and he uses the Internet to do business every day.
Marc Breitsprecher of Grand Marais met a lot of community members in the 10 years he greeted people from the front desk of the Grand Marais Post Office. He now runs an online business from his home. When he was in Baltimore, Maryland on business in late June, he received a call from his wife Melissa, who said a friend of his in London had called her saying he had received an odd email from someone claiming to be Marc. That email contended that Marc’s wallet and cell phone had been stolen and he needed 1,000 British pounds before taking his flight out of Heathrow Airport.
Someone had send Marc a spoof email with a link that decoded his Facebook password, giving the identity thief access to Marc’s Facebook page, contacts and private information.
Marc explained that Facebook is a social networking website where subscribers set up individual pages where they post newsy messages for their friends. Only people to whom a subscriber gives permission can access the subscriber’s Facebook page.
In Marc’s case, the identity thief probably copied the home page of a Facebook subscriber on his list, giving him or her access to Marc’s email address. Marc believes that a “spoof ” email might have arrived on his computer, looking like a Facebook email with a link to a friend’s homepage but originating from a slightly different (but easily overlooked) email address. When Marc (or his wife while he was out of town) clicked on the link, the thief ‘s decoding software captured his Facebook password. The thief then changed the password and locked Marc out of his own account.
Facebook subscribers have recourse for notifying the company when unauthorized people have tampered with the account, but the thief locked Marc out on a Saturday morning, giving him or her two days – between then and the beginning of the work week on Monday morning – before Facebook would take action.
According to Marc, two of his friends were ready to wire the money to “him” in London. Fortunately, they got the feeling something was amiss.
One of Marc’s friends caught the thief by asking a couple of bogus questions that the thief tried to answer – things like “How’s your brother Fred?” (knowing Marc doesn’t have a brother Fred) and “Is he still working for the electric company?” Another asked questions only the real Marc could answer, questions that could not be answered from the personal information on Marc’s Facebook page.
When Monday came around, Marc talked to the people at Facebook. “This happens on Facebook all the time, evidently,” he said. A Facebook employee told him that 90% of identity thieves on Facebook are located outside the United States, but they prey on Americans.
Marc is a professional online businessman, but he was still victimized. Some hackers steal, and some destroy, he said, and to prevent either one of those, he offered some good advice to others.
Cyber criminals have a strategy that often works:
They create a crisis (Hey, this is Marc and I’m stranded at Heathrow without money or I.D.).
They create a dilemma that demands an immediate reaction before people have much time to think (I have a plane to catch in three hours and I need the money now.).
“The best advice is to never click on any links,” Marc said. If you think you are receiving an email from a source you trust, you need to make sure it is authentic. An authentic website for your favorite pet lover’s club might be something like “blacklab.org,” but a cyber thief might try to lure you into clicking on something like “blacklab.com” – a difference you might not notice offhand.
A lot of bogus lures arrive in poor English, with spelling and grammar mistakes not common among English-speaking Americans, Marc said.
Thebest way to know if it’s truly your friend contacting you on Facebook is to ask him or her to answer questions to which only they and you know the answer. “What did we do that day I visited you last August?” “What did we have for lunch when you were in town last week?”
Marc said your banking institution will never email you saying their computer system crashed and they need you to send them your social security number, password, or account number.
Never use the same password for different accounts, whether they are email addresses, bank accounts, or ATM cards. Even if you have an account that wouldn’t hurt you to have someone access, a hacker who steals the password from that account might find other accounts using your name, birth date, phone number, email address, or mailing address, and try to access them using the password on that “unimportant” account.
Some things like PayPal, an online money transfer system, can be accessed with a person’s email address and password, Marc said. A hacker who knows what town a person lives in could find banks he or she is likely to use and plug in information from his or her Facebook account to gain access to that person’s bank accounts.
A good password should include random small letters, capital letters, numbers, and punctuation marks, such as 1gZ39!rH45. Write your passwords down on paper, Marc said, and put that piece of paper where no one else would ever think to look for it. Set the cookies on your computer to not remember your passwords.
Is online banking safe? While information transmitted online is not secure, Marc said, it can be done with relative safety if done right. Banking online requires that the account holder log into the bank’s own website. The North Shore Federal Credit Union has some good safeguards set up, Marc said. Every computer connected to the Internet is assigned a unique number called its “Internet Protocol” or “IP” address. When you try to access your account information, its computer finds out the “IP” number from where the request was generated. While you can still access account information from other computers in other places (for example, if you are traveling), the credit union will lock out the person requesting the information if something doesn’t add up. Banks encrypt confidential information such as credit card numbers for the brief time that information is being transmitted over the Internet, Marc said.
The payment system for Marc’s online business encrypts confidential financial information for the fraction of a second it takes to get through the lines with such a complicated code that a decoding system could never capture it before the data is gone.
When stolen credit cards are used, Marc said, the rightful owner can have payments stopped if he or she notifies the credit card company in time. If that happens, though, the business owner ends up eating the bill. This has happened to Marc only three times in over a decade because he checks with banks when a large transaction takes place. He has made calls to India, Turkey, Greece, Russia, and Argentina to verify credit cards. When he says, “I speak English,” the person on the other end of the line usually says “Just a moment” in English and transfers the call to an English speaker.
Marc has also had his credit card number stolen at Heathrow Airport, which resulted in $24,000 of charges to his account, laundered through brothels in Dubai. Fortunately, his credit card company stopped the theft before he lost any money.
Thieves hang around airports watching for people who input credit card numbers or PIN numbers into telephone pads and ATM machines, Marc said. He advises travelers to always cover their hands or shield the number pads with their bodies so no one can see the numbers they are punching in.
Another scam is when thieves install unseen wires into ATM credit card slots, trapping people’s cards and keeping them from calling up their accounts. Unsuspecting victims often punch in their passwords even though nothing shows up on the screen. They eventually leave when they can’t get their card out, after which the thieves use the wire to pull out the card and then use the password they saw the cardholder punching in to take money out of the account.
When he’s traveling and needs to access money from an ATM, Marc makes sure to have a friend stand beside him to discourage any would-be muggers.
“There’s rashes of it overseas,” Marc says of this kind of theft. “Much, much more than you see here.”
Hopefully, Marc’s brushes with disaster will help us all become a little safer.
Leave a Reply