Internet Safety Tips & Email Scams
Public Advisory: Special Report for Consumers on IDENTITY THEFT
From the U.S. Department of Justice & Solicitor General Canada
The United States Department of Jusice and the Department of the Solicitor General of Canada are jointly issuing a Special Report to advise the public on current trends and developments in Identity Theft.
Identity theft refers to all types of crime in which someone wrongfully obtains and uses another person's data in some way that involves frad or deception, typically for economic gain. United States and Canadian law enforcement agencies are seeing a growing trend in both countries towards greater use of identity theft as a means of furthering or facilitating other types of crime, from fraud to organized crime to terrorism. This Public Advisory will highlight some of the most significant forms of identity theft in Canada and the United States, and explain how to recognize them and respond if you become a victim of identity theft.
Identity theft has become one of the fastest-crowing crimes in the United States and Canada. In the United States, identity theft complaints to the Federal Trade Commission have increased five-fold in the last three years, from 31,117 in 2000 to 161,819 in 2002. In Canada, the PhoneBusters National Call Centre received 7,629 identity theft complaints by Canadians, that reported losses of more than $8.5 million, and an additional 2,250 complaints in the first quarter of 2003 that reported total losses of mote than $5.3 million. In addition, two major Canadian credit bureaus, Equifax and Trans Union, indicate they receive approximately 1,400 to 1,800 Canadian identity theft complaints per month, the majority of which are from the province of Ontario.
One reason for the increase in identity theft may be that consumers often become victims of identity theft without having any direct contact with the identity thieves who acquire their personal data. Simply by doing things that are part of everyday routine - charging dinner at a restaurant, using payment cards to purchase gasoline or rent a car, or submitting personal information to employers and various levels of government - consumers may be leaving or exposing their personal data where identity thieves can access and use it without the consumers' knowledge or permission.
How Identity Theft Occurs
Here are just a few examples of how identity theft is committed:
Theft of Payment Cards and Documents
Identity thieves often steal purses or wallets, and steal newly issued cards or credit card applications from your residential mailbox. Some, known as "dumpster divers" will even rummage through trash to pick out bank and credit card statements. Letters that contain "pre-approved credit-card" offers, if not shredded or destroyed, can be sent back to the issuing bank requesting that the card be sent to the recipient (i.e., you), but at a new address of the identity thief's choosing.
Some identity thieves also engage in "shoulder surfing": looking over your shoulder or from a nearby location as you enter your Personal Identification Number (PIN) at an ATM machine. By installing a fake ATM device that reads your cards encoded data, or by distracting you while your card is taken or switched with another, an identity thief can then use your PIN to drain your bank account without your knowledge.
Identity thieves also "skim" or "swipe" customer credit cards at restaurants or cash stations, using an electronic device known as a skimmer. The skimmer records the personal information data from the magnetic stripes on the backs of cards. Identity thieves then transfer or transmit this data to another location, sometimes overseas, where it is re-encoded onto fraudulently made credit cards.
E-Mail and Website "Spoofing"
Many criminals who want to obtain personal data from people online use a technique known as "spoofing": The creation of e-mails and websites that appear to belong to legitimate businesses, such as financial institutions or online auction sites. Consumers who receive e-mails claiming to be from a legitimate business are often directed to a website, appearing to be from that business, at which the consumers are directed to enter large amounts of personal data. In fact, the criminals who created these e-mails and websites have no real connection with those businesses. Their sole purpose is to obtain the consumers' personal data to engage in various fraud schemes.
Theft From Company or Government Databases
Law Enforcement agencies in both Canada and the United States have noticed a significant increase in efforts by identity thieves to access large databases of personal information that private companies and government agencies maintain. Criminals have broken into offices to steal computer hard drives, bribed or compromised employees into obtaining personal data for them, and hacked into databases.
What You Can Do Today to Minimize Your Risk of Identity Theft
- Sign all credit cards when you receive them and never lend them to anyone.
- Cancel and destroy credit cards you do not use and keep a list of the ones you use regularly.
- Carry only the identification information and credit cards that you actually need. Do not carry your social insurance card (Canada) or social security card (U.S.); leave it in a secure place. This applies also to your passport unless you need it for traveling out of country.
- Pay attention to your billing cycles and follow up with your creditors and utility companies if your bills do not arrive on time.
- Carefully check each of your monthly credit-card statements. Immediately report lost or stolen credit cards and any discrepancies in your monthly statements to the issuing credit card company.
- Shred or destroy paperwork you no longer need, such as bank machine receipts, receipts from electronic and credit card purchases, utility bills, and any document that contains personal and/or financial information. Shred or destroy pre-approved credit card applications you do not want before putting them in the trash.
- Secure personal information in your home or office so that it is not readily accessible to others who may have access to the premises.
- Do not give personal information out over the phone, through the mail, or over the internet unless you are the one who initiated the contact and know the person or organization with whom you are dealing. Before you share such information, ensure that the organization is legitimate by checking its website to see if it has posted any fraud or scam alert when its name has been used improperly, or by calling its customer service number listed on your account statement or in the phone book.
- Password-protect your credit card, bank, and phone accounts, but do not keep a written record of your PIN number, social insurance or social security card number, or computer passwords where an identity thief can easily find them. Do not carry such information in your purse or wallet.
- Order a copy of your credit report from the major credit reporting agencies at least once every year. Check with the credit bureaus to see whether there is a charge for this service. Make sure your credit report is accurate and includes only those activities that you have authorized.
If You Are A Victim
The United States Department of Justice and the Department of the Solicitor General (Canada) advise that if you have become a victim of identity theft, you should take three immediate steps. First, contact your bank or credit card compnay if you have had your checks or credit cards stolen or wrongfully obtained, or if you lose them. Second, report the matter to your local police of jurisdiction. Police authorities often will take police reports even if the crime ultimately may be investigated by another law enforcement agency. In addition, a creditor who mistakenly believes that you are the person responsible for a fradulent transaction may want to see a copy of a police report before correcting your credit account or credit report. Third, report your identity theft case immediately to the appropriate government and private-sector organizations listed below. Canadian and American agencies such as these are compiling information on identity theft to identify theft trends and patterns, and using the information to assist law enforcement agencies in possible investigations.
Resources For American Victims of Identity Theft
Federal Trade Commission Identity Theft Hotline
Toll Free: (877) IDTHEFT (438-4338)
Credit Report Agencies: Place fraud alerts on your credit reports by contacting the credit bureaus that operate in the United States.
Report Fraud: (800) 525-6285
Report Fraud: (800)-EXPERIAN (397-3742)
Report Fraud: (800) 916-8800
If you need other information or have other questions concerning identity theft, please contact the FTC as listed above.
Resources for Canadian Victims of Identity Theft
PhoneBusters National Call Centre (PNCC)
Credit Reporting Agencies: Place fraud alerts on your credit reports by contacting the credit bureaus that operate in Canada.
Report Fraud: (800) 465-7166
Report Fraud: (877) 525-3823
Dialing Up to the Internet: How to Stay Safe Online
Most Americans who use the Internet from home access it thorugh a "dial-up connection" that uses a modem to call into a server over a regular telephone line. A dial-up connection to the Internet may be lower-tech (and slower-tech) than a broadband connection, but there's one thing they share: they both depend on the user to keep them operating safety and securely.
If your computer is attacked by a virus or a hacker, it really doesn't matter what type of connection you use: the damage is done. You could lose important personal information or software that's stored on your hard drive, as well as valuable time trying to make repairs. And your computer could be used without your knowledge to attack other computers, including those that protect our national security.
If you use a dial-up connection, a few "do it now" tips can help you minimize - and perhaps even avoid altogether - the damage that a virus or hacker can wreak on your computer.
- Regularly update anti-virus software. To be effective, anti-virus software must be updated routinely with antidotes to the latest "bugs" circulating through the Internet. Most commercial anti-virus software includes a feature to download updates automatically when you are on the Internet.
- Don't fall for fibbing email. Most viruses won't damage your computer unless you open the email attachment that includes the virus. So hackers - people who use the Internet to access computers without permission - often lie to get you to open the attachments. The email may appear to come from a friend or colleague, or it may have an appealing file name, like "Fwd: FUNNY TEXT" or "As per your request." It could appear to link to a website or promise to clean a virus off your computer if you open it. Don't open an email attachment - even if it looks like it's from a friend or co-worker - unless you are expecting it or know what it contains. If you send an email with an attached file, include a text message explaining what it is.
In addition, don't forward any email warning about a new virus. It may be a hoax and could be used to spread a virus. If you receive a chain letter or hoax virus alert, let the sender know so they can stop spreading the virus.
- Use strong passwords. Hackers may try to steal your passwords to gain access to the personal information stored on your computer. To make it tougher for them, use passwords that have at least eight characters and include numbers or symbols. Avoid common words: Some hackers use programs that can try every word in the dictionary. Don't use personal information, your login name or adjacent keys on the keyboard as passwords. Don't share your passwords on-line or over the phone. Your Internest Service Provider (ISP) should never ask for your password.
- Take advantage of your software's security features. Chances are your web browser and operating system software give you some options for increasing your on-line security. Check the "Tools" or "Options" menus for built-in security features. You provably have several choices for what types of fils you want to accept from other computers. If you don't understand your choices, check them out using your "Help" function. Similarly, your email software may give you the ability to filter certain types of messages, such as some unsolicted bulk email or spam. But it's up to you to activate the filter.
- Back up important files. If you follow these tips, you'll reduce the chances of falling victim to a hacker or virus. However, no system is completely secure. If you have important files stored on your computer, copy them onto a removable disk, and store them in a safe place.
- If you computer is infected, take action immediately. If your computer has been hacked or infected by a virus, disconnect from the Internet right away. Then scan your entire computer with fully updated anti-virus software. Before your re-connect to the Internet, think about how your computer could have been accessed and what you could have done to avoid it. Did you open an email attachment and let loose a virus? Is your anti-virus software out-of-date? Take steps to minimize the chances of it happening again.
- Report serious incidents. If you think you've been hacked or infected by a virus, contact the Computer Help Desk, immediately at 282-4357.
If you have particularly sensitive information stored on your computer or you're planning to upgrade to high-speed internet access, don't forget to:
- Have a firewall installed. A firewall is software or hardware designed to block hackers from accessing your computer.
- Turn off software features that you don't use. You may want to turn off some software features - instant messaging, printer-sharing or file-sharing - that typically are on when a computer is shipped.
What you need to know about chain emails and letters
From: Northeast Netforce
To: Email Users
Date: November 2002
Subject: Chain emails and letters
- Chain letters that involve money or valuable items and promise big returns are illegal. If you start a chain email or letter or send one on, you are breaking the law.
- Chances are you will receive little or no money back on your "investment." Despite the claims, a chain letter will never make you rich.
- Some chain letters try to win your confidence by claiming they are legal, or even that they are endorsed by the government. Nothing could be further from the truth.
- If you have been a target of a chain email scam, contact your Internet Service Provider and forward the email to the Federal Trade Commission (FTC) at: firstname.lastname@example.org
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll free, 1-877-FTC-HELP (1-877-382-4357); TTY; 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the US and abroad.
Nigerian Email Scams
Should I help the people who are sending me email from Nigeria? They want to put some money in my bank account for a short time. They say they need to 'hide' it and will give me a percentage of the funds if I help. It sounds like a good deal and it will help me get a little cash for my trouble.
Absolutely not! The people running the 'Nigerian' email scam will clean out your bank account if you are foolish enough to send them your bank account number.
"There are a number of email scams that are taking place across the Internet. These scams ask for personal information such as social security numbers, bank account numbers, etc. Under no circumstances should you give out any personal or business information as a reply to unsolicited email.
"A prime example is the email going around that says they work for the government of Nigeria or they are a business-person from Nigeria. They go on at length, blathering about lots of money to be had or 'saved' if only they could hide it in a 'good' persons account. Of course, they'll 'give' you a percentage of the profits as the 'hook'. All you need to do is give them your bank acocunt number and they'll place the money there.
They reference 'available funds from over-invoicing and supplies from foreign contracts'. The email states the contractors are paid in full and that a portion of the remainder of the funds can be transferred to bank accounts in lieu of providing specific personal information. You provide them with bank information and instead of them putting money on it, they empty your bank account".
This scam, or one of many versions of it, have been running for over 20 years. Originally, it was a postal scam. It went to email because there is no postage involved. The fraud is also known as the "West African advanced fee fraud" or the "419 fraud" -- 419 being the relevant section of the Nigerian criminal code.
If you want to view the various scam examples, visit the The Nigerian Fraud Email Gallery . Scroll down the page to see the various scams running around the world.
nigerianscams.org has a site which publishes information on known scammers and scam websites.
For more information on Internet Fraud go to:
To File a cyber complaint go to: