Perhaps you've received an e-mail from someone claiming to be a Nigerian government official. He asks for help in placing a large sum of money in an overseas bank account like yours for safekeeping. If you help, you'll share in a percentage of millions of dollars. All you need to do is provide your bank name and account numbers -- and pay some bribes and incidental charges that'll be repaid once the money is deposited. But, if you do as he says, you'll find yourself the victim of online fraud.
Or, maybe PayPal or your bank has sent an official-looking e-mail questioning whether someone else is dipping into your account. For verification, they ask that you click on a link, go to what seems to be their site and type in bank or credit card account numbers. "That's odd," you may think "they already have all that information." And you would be right. Once again, you're staring at potential online fraud.
Before the Internet, fraud attempts were more direct. A stealthy hand in your pocket or purse left you without a wallet and making fast calls to banks and credit card companies to prevent fraudulent charges. Thanks to the Web, and usually a little unknowing help from you, thieves can take your virtual wallet and pilfer its contents without you even realizing it's gone.
In fact, the problem had become so widespread by 2000 that the U.S. Federal Bureau of Investigation (FBI) and the National White Collar Crime Center launched the Internet Crime Complaint Center (IC3) as a clearinghouse to receive and refer Internet-related fraud complaints and reports of other cyber crimes.
By June 2007, IC3 had logged its 1 millionth consumer complaint. The vast majority of cases were fraudulent and involved financial loss, according to the clearinghouse. The total dollar loss for all reported complaints since 2000 was estimated at $647.1 million. However, because only an estimated one in seven incidents is reported, actual losses probably are much higher. Victims of the Nigerian money scam, by the way, lost an average of $5,100 each [source: IC3 press release].
Fortunately, you don't have to wait until your account is drained to discover you've been taken by Internet thieves. Online fraud alerts can give you swift notification about unexpected account activity.
In this HowStuffWorks article, we'll identify the most common types of online fraud, explain how online fraud alerts work and describe the steps to take if you've been taken.
The Internet: Thieves' Playground
The Internet has become a great source of information for everyone -- including identity thieves and fraud artists. You can find anything on the Web, and that includes consumers willing to be conned and unknowingly share private information. Anyone who uses the Internet is susceptible. The IC3 has received complaints from victims ages 10 to 100, including men and women in every state.
Fraud means misrepresenting the truth or concealing important facts to encourage victims to do something that will harm them or cost them money. IC3's Web site for consumers lists these common types of Internet fraud:
Online pharmacy fraud: consumers respond to e-mails by buying drugs from Internet pharmacies that may not meet industry standards.The danger is that consumers may receive counterfeit, tainted and diluted drugs.
Auction fraud: an item is purchased but never delivered.
Sweepstakes or lottery fraud: participants pay to play or to receive their winnings.
Identity fraud: Internet thieves steal money through identify theft -- by pretending to be the victim and using their name, Social Security number, account numbers or other information. The thieves may access the information by:
- Hacking into industry or individual computer databases.
- Phishing, or sending e-mail or pop-up messages that deceive consumers into disclosing personal or financial information.
- Spoofing, or directing consumers to a "spoofed" or fake Web site that looks just like one they know, such as their bank's, to type in personal information.
- Downloading spyware from the Internet onto a computer to collect its owner's personal information.
Financial fraud: the promise of a guaranteed loan if a fee is paid in advance, appeals from fraudulent charities, work-at-home jobs that require large upfront payments and requests for financial assistance that will pay off with more money later.
Financial institutions and credit card issuers are well aware of the magnitude of online fraud. Most offer a variety of services to help their customers avoid fraud and reduce financial loss. One of those services is usually some form of online fraud alert.
Next, let's look at how online fraud alerts work to help reduce financial losses and the possibility of a damaged credit rating.
Identity Theft and Fraud
It doesn't take much to become an identity fraud victim. If you throw a bank statement in the trash without shredding it, or forget to arrange to have your mail picked up while you're on vacation, personal data can be stolen.
People can have their identities stolen even when they're being careful: the Federal Trade Commission warns about a process called skimming where an electronic device is used to illegally store and retrieve credit card information used in legitimate purchases. This can be done by an employee without a store owner's knowledge, often undetected until it's too late.
Pretexting is another tactic used. In pretexting, you receive a phone call or e-mail from someone claiming to represent a company. The caller asks for your personal data to update files or change passwords. Never give out personal information during an incoming call or e-mail that you didn't initiate.
Identity fraud is the next step after identity theft. If your driver's license number is stolen, a fake ID can be created; once the ID is ready the thief can open new accounts in your name, apply for loans, even get medical care. There are as many ways to use your personal information illegally as there are legitimate uses.
You can protect yourself from identity theft and fraud in many ways. Start by shredding your mail and receipts that you don't need to save. Add an extra layer of protection by getting a private mail box or a post office box, and keep your mail under lock and key. If you're worried about credit card skimming, MSN Money writer Jeff Wuorio says you should pay cash instead, unless you can keep the credit card in your hand for the entire transaction.
Keep your personal data safe by refusing to give your information out. Have you ever been asked for your phone number at the checkout counter? Tell the sales clerk the number is private, and do the same with your home address. Have you ever called a credit card company to ask a question? Does the rep ask for your credit card number? Be aware of where you are when reciting those numbers. If someone is nearby to overhear you, they could be committing those numbers to memory.
MSN.com reports 750 thousand people a year are victims of identity theft and fraud. A lot of people become instant experts on how to protect their data, but only after becoming one of those victims. Protecting your information may not save you from a determined thief, but you can make yourself a much less appealing target for identity fraud.
On the next page, find out about a growing form of identity theft -- health insurance fraud.
Health Insurance Identity Fraud
You arrive at the hospital for an X-ray, only to be told you have an outstanding balance for an emergency room visit. Or, you go to get a prescription filled and find out that you've maxed out your drug benefits. Only in both cases you weren't the one who used the service.
These are cases of health insurance fraud, a growing type of identity theft. According to an ABC.com news story, about 20,000 cases of health insurance identity fraud have been reported nationwide over the last 15 years.
If your insurance card is lost or stolen, it can be used illegally. In recent years, insurance identity fraud has become more sophisticated. A 2004 arrest made headlines when three people were charged with running a bogus insurance company, collecting premiums for services that were never provided. A May 11, 2004, story published at News-Medical.net reported the perpetrators allegedly left $30 million in unpaid insurance claims.
It's easy to be tricked into insurance identity fraud through spam e-mails or telemarketing phone calls offering extremely low rates for health insurance. If you refuse to sign up for insurance based on a phone call or e-mail, you won't be taken in by a scam artist who tries to sell you on their scheme. Always contact a reputable insurance agency yourself instead of responding to an incoming call or e-mail.
Sometimes health insurance agencies are victims of disgruntled employees. An October 10, 2007, report at ScienceDaily.com includes a warning about a scheme where fake medical records are created in an innocent patient's name, creating a trail of misleading information.
Imagine accidentally learning you're wrongly on record with a history of Viagra prescriptions or painkillers like Vicodin. You can prevent this type of fraud by carefully reading all health insurance statements and benefit explanations. If you see anything in these reports you don't recognize including payments, billing or descriptions of services you didn't receive, report it to your health insurance company's special investigations department.
The U.S. Department of Justice advises people to keep their medical records, insurance information and other paperwork in a locked box, safe or other secure location. Some thieves break into houses or apartments to get this information; others go through trash cans and dumpsters to get account numbers from discarded bills or statements. Always shred anything with insurance claim numbers or other sensitive information that can be used without your permission.
The FBI says you should never sign blanket approval to health insurance companies or health care providers to bill you for services rendered. Always get the information in advance and know what you'll be expected to pay out of your own pocket. If something suspicious shows up on your insurance statement, you'll be able to dispute the charges right away.
Check out the next page for information on how to report identity fraud.
Notification to Reduce Damage
An online fraud alert can make you aware of suspicious activity on your bank or credit card accounts. By being notified early, you can let the financial institution know quickly if an unauthorized person is using your accounts. And you can find out about that activity without having to wait to receive a bank statement or credit report.
A fraud alert is a specialized type of electronic notification. Here's how it works. First, you, as the account holder, and the bank or other organization set parameters on when you want to receive notification. This could be each time more than $200 is withdrawn from your checking account, whenever a charge of $500 or more is made to your credit card, or when the bank receives a change of address request for you. You also indicate how you want to be notified: e-mail or SMS message (text message).
Once parameters are set, the bank or other organization monitors activity in your account electronically. A transaction that exceeds the set amount automatically triggers the command to send you a fraud alert. If no unauthorized activity has taken place, you can ignore the alert. But if there's a problem, you can respond quickly.
If the fraud alert is an interactive notification, you'll be given a way to respond immediately to approve or deny a suspicious transaction. For example, an interactive notification might say, "Mr. Smith, a $500 charge occurred on your credit card on May 3. If you did not perform this transaction, press 1 now."
Beyond free fraud alerts, some financial institutions offer more customized online alerts as part of add-on fraud protection programs. JP Morgan Chase, for example, offers the Chase Fraud Detector program to account holders for an additional $8 per month. Users can choose to receive additional online alerts about account activities including:
- International transactions (outside the United States)
- Cash advances
- Internet transactions
- High-dollar single transactions ($1,000 or more)
- Change of address requests
- New PIN requests
- Balance transfer requests
- New credit card requests
- Authorized users added
[source: Chase Online]
Credit card companies also offer online fraud alerts and protection against identity theft. Discover card customers can pay a monthly fee for an identity theft and fraud-protection plan that sends e-mails or text messages detailing suspicious account activity [source: Discover Card].
The three main credit agencies -- Equifax, TransUnion and Experian -- also offer subscriber-based, online fraud alerts. Subscriber fees are about the same for the Equifax program as for the Discover card plan.
The most important thing to remember about online fraud alerts is that you have the ultimate responsibility for acting on the information. Your account is designed to notify you of activity in your file, but you -- the customer -- must file a complaint, report suspicious activity and take direct action.
Finally, let's look at the steps you should take if you are a victim of account fraud.
Taking Action if You're Taken
Being stung by Internet thieves can go beyond emptying your wallet to damage your credit rating. If an online fraud alert shows that you've been hit, start by responding immediately to halt the thief's activity on the account.
After that, place a fraud alert of your own on your credit report. You can do this with a toll-free phone call to Equifax (1-800-525-6285), TransUnion (1-800-680-7289) and Experian (1-888-397-3742). The fraud alert will appear during any request for new lines of credit. This warns potential creditors to verify your identity before opening a new account in your name.
Equifax and TransUnion require fraud alerts by phone, but Experian also offers an online form.
Once your fraud alert is active on your credit report, request a copy of the report to review. Depending on your state's laws, you may be entitled to a free report after filing the fraud alert. Study the report for any activity that you don't recognize, including new accounts you don't remember opening, and changes of account information like a new address or phone number. Report any suspicious activity by calling the credit agency.
You also have the option of placing a "credit freeze" on your credit report. This restricts access to your report. While it's not a foolproof measure, it makes life difficult for anyone trying to create new accounts in your name. A credit freeze is done in the same way you initiate a fraud alert on your credit report.
Consumers have access to a growing list of fraud-protection options, and financial institutions have increasingly sophisticated anti-fraud technology. The credit protection industry grows larger by the year with online fraud insurance, aggressive investigation of fraud complaints and an expanding range of services, but online fraud itself is a growth industry. For each of us, staying a step ahead of Internet thieves probably requires actively protecting our personal information and regularly monitoring our credit ratings.
On the next page, we'll talk about identity fraud and theft.
Reporting Identity Fraud
If you're the victim of identity fraud, you should act quickly to help authorities find the culprit. The sooner you act, the faster you can control the use of your personal information.
There are additional benefits to acting quickly such as limited liability. The Federal Trade Commission says the most you're liable for on a stolen credit card is $50 -- if you report as soon as you know something is wrong.
The first step to reporting identity fraud is contacting the fraud departments of the three major credit bureaus: Equifax, TransUnion, and Experian. Let the credit agencies know you want a fraud alert placed on your file to help stop an identity thief from opening a new account in your name. The reporting procedures are different for each of the three agencies, and you should call them first to learn the latest reporting requirements, and if you're allowed to file online. You should also request a free copy of your credit report to check for suspicious activity.
The next step is to report identity fraud to law enforcement. If your wallet or purse was stolen, or if your home was broken into, file a local police report. Then contact the Federal Trade Commission's ID Theft Hotline at 1-877-IDTHEFT (438-4338). You can also report ID theft to the FTC online [source: Federal Trade Commission].
If your Social Security card was stolen, report it to the Social Security Fraud Hotline at 1-800-269-0271, or file an online report. [source: Social Security Administration]. If your driver's license is also missing, contact your local Department of Motor Vehicles.
One of the most important steps in the reporting process is contacting each of your credit card companies and your bank to tell them you're the victim of identity theft. You may have to deal with the inconvenience of getting new account numbers, passwords, or other data, but this is better than disputing a string of purchases made on your card without your permission.
Also make sure to contact your phone company. Whether you have a cell phone or regular telephone line, if you're the victim of identity fraud, contact the phone company to let them know and to call you for authorization for any changes or to question unusual calling patterns connected with your phone number.
According to an analysis of 2006 identity fraud statistics, Biometrics Direct writer James Childers says one in three Americans is at risk of identity theft and fraud. It can take more than a year to learn your information has been used illegally unless you pay close attention to your accounts. Fight identity fraud by carefully reading all your monthly statements, monitoring your credit reports, and acting quickly when you know your personal data has been stolen.
For more information on identity fraud, identity fraud alerts and related topics, check out the links on the next page.