Monday, August 27, 2007

Dial an Identity Thief: a story from the front lines

A co-worker was kind enough to share his story of attempted identity theft today:

I received a interesting phone call on my office phone this morning.

The caller claimed to be with the 'recovery department' of a company in New York. The caller spoke English very poorly and the connection was noisy, so I never did figure out the name of the company he supposedly represented.

The caller claimed to be calling about $650 that was supposedly withdrawn from my account (not sure what kind of account, or where) several years ago, apparently without my permission. He wanted to confirm some information, so he could return the money to me. He was difficult to understand, but I am fairly certain that he said he needed my credit card number.

We went around and around for several minutes, as I tried to figure out who he supposedly represented and how much information he already had. I finally told him that if he knew how to reach me by phone, he should also know how to reach me by mail, and he should simply send me a check.

Callerid on my phone reported that the call originated from 1234567890. That number is completely bogus. The caller was probably using an internet phone; it is relatively easy to fake callerid with an internet phone.
My thanks to the co-worker for giving permission to post his story. The moral of the story here is to always ask questions, to not give up information without verification, and to always know the identity of your callers. How would you respond to a call like this? What would you do if the callerID had matched a local bank instead of a number you didn't recognize?

I normally advise people to call the company back - ask for a number that you can verify in their website and call that number. If they can't provide that information, ask them to send you more information using your contact information on file. And, as always, the FTC identity theft website is a great resources. While you're at it, you may also want to check out the Privacy Rights Clearinghouse.

No comments: