Posts Tagged ‘identity theft’

Leave no print

Monday, February 3, 2014
No Gravatar
card info

I’m sorry, too.

Last week, I received a letter from the Neiman Marcus Group stating that my payment card was used fraudulently.  The President and CEO was very sorry and deeply regretted what had happened, noting that it was a most unfortunate intrusion. During the months of November and December, I made purchases at Target more than 30 times. I hadn’t noticed any illegal activity associated with that hacking scandal, but I did discover that unapproved iTunes purchases were connected to my user name and password.  It’s a rough time to be a frequent shopper.

Just this weekend, my family and I spent a couple of days at Easton Mall near Columbus. Every time I thought about buying something, I didn’t question the price.  I questioned whether the stores had proper security measures in place to protect my debit or credit card information.  My husband despises the barrage of questions that he’s hit with at the check-out counters.

“Email address?”

“Home telephone number?”

“Contact information so we can send you news about upcoming sales?”

“What is your full name and address for our customer loyalty program?”

His face turns the color of a hothouse tomato, and he politely — but directly — informs the sales associates that they don’t need that stuff to sell him a New York Yankees hat.  In this sporting goods store, he turned over two twenties and walked out of the mall leaving no trace of himself.

“Leave no print, Katy,” he said, patting me on the back as if I were his young son.  “Leave no print.”

On our next stop, I was in a gourmet cooking supply store and confronted with the same line of questioning.

“Are you in our system?” the associate asked.  I nodded yes and announced that I receive catalogs.

“Let’s update that address, shall we?” he asked.

The pressure was on.  Do I…or don’t I?

“What will it be used for?” I asked quietly.

“So we can email you the receipt,” he said. “And, if you have any problems with your purchases, we’ll have the transaction on file so you won’t have to bother with that receipt.”

Ok, so you want my information to email me a receipt that I won’t need anyway — to return dish towels?

I stammered and then confirmed my email address, speaking in hushed tones so the woman behind me wouldn’t hear.  This had become ridiculous!

After bagging four striped towels and an apron, the associate handed me a printed receipt.

Damn! Fooled again!

Retail stores train their associates to be tricky little suckers. Yet, I’m in control of my own information, and I don’t have to offer one single piece of data if I don’t want to.  Now that my daughter is becoming a consumer of apps and a user of different academic websites, I need to teach her how to “leave no print” as her father coaches.

  1. Never post personal contact information on websites or blogs, such as cellphone numbers, home and/or email addresses.
  2. Never allow a social networking site to post the user’s location, such as a “sent from” notification that accompanies uploaded photos and text messages or posts.
  3. Never disclose the activities of other people or where other people are located, unless it’s to identify the company of a parent or guardian. Posting their activities could put them at risk, too.
  4. Never post a password or a user ID online, or in the body of an email — not even to a trusted recipient.
  5. Apply all privacy blocks and locks on social networking sites.
  6. Be mindful of student directories or other type of campus publications that publish specific information, such as email addresses or physical locations such as apartment numbers.
  7. Leave application lines or categories blank that are used for solicitation purposes.  This includes physical addresses, cellphone numbers, and email addresses.
  8. Unless you have no choice, never volunteer credit or debit card information on a cellphone, and only provide account information to companies in which you have initiated business of some sort.
  9. Never leave receipts behind or toss them carelessly in trash cans.  Destroy all personal information, even if the receipt reveals only the last four digits of the account.
  10. Protect your social security card and never carry credit or debit cards that aren’t used on a regular basis. Keep cards in a safe location at home until they are needed for use.

My daughter doesn’t have a checking account yet, but she does have an online presence by way of email and school-based websites.  Since our run-ins with identity theft, first with a Kroger Card, then with iTunes, and now Neiman Marcus, we’ve been preaching the importance of “just say NO” to requests for personal information. While it may be impossible to “leave no print”, it is possible to teach our kids to be more secretive. And we’ll be keeping close tabs on their accounts as well as our own.

Leave no doubt.

 

 

Somebody’s Watching Me

Monday, May 20, 2013
No Gravatar

[You probably expected to read a story from Katy Brown today, but instead this is someone who has assumed her identity to take over her normal Monday post on this blog.  As described below, I am not the only one who has assumed her identity lately.  Heck, I’m not even a woman, but as Katy found out, identity theft is a big problem.]

My friend Katy recently posted a picture on Facebook of the bottom of her Kroger receipt.  Her intent was to show the portion of the receipt that tells how much money she saved with their sale prices.  However, at the very top of the picture, her Facebook friends could also glimpse that she had accumulated over 700 points towards gasoline discounts.  [Kroger gives you 10 cents off per gallon for every 100 points.]

Two days later, when she went to fill up her car, she discovered that she had no gas discount to use—her points were gone!  She posted to her Facebook friends that she had been robbed of her points, and wondered what she should do?  After all, it wasn’t like her purse had been stolen—these were merely shopping points.  Does one file a police report over stolen shopper points?  However, her friends encouraged her to at least contact Kroger about the situation.

She called the 800 number on the back of her Kroger card and talked to the recovery specialist/loss hotline representative, who was able to tell her the exact time the points were redeemed and at which gas station.  He also confirmed that the person typed in her home phone number as an alternative ID, rather than scanning the barcode on her card.  [Just like some other shopper loyalty programs do, Kroger provides this option of entering your phone number in case you happened to forget your card.]  He set her up with a new card and reloaded the points that were stolen, but left off the phone number option, which means that now the actual card must always be used when getting gas or groceries.

While her points were restored, her confidence in humanity was not.  Could it be that one of her Facebook friends did this to her?  She thought she had taken precautions to allow her Facebook account to only be seen by her friends.  She also was careful to only befriend people she really knew, instead of accepting friend requests from strangers.  To make matters worse, she had an unlisted phone number, so how did this thief know it?  As her busy mind worried about these things, she begins to wonder if someone is stalking her (if you know Katy, you can imagine how that might happen).

I’ve tried to reassure her that no one is stalking her.  However, there are lessons here from which all of us can learn.  Identity theft is a growing problem, and Facebook’s popularity is attracting more and more ne’er-do-wells.  We may never know the whole story, but my guess is that it wasn’t one of Katy’s friends—however, it might have been someone who is friends with one of her friends.

When she posted that grocery receipt and inadvertently revealed her 700-some gas points, several of her friends posted comments underneath the picture.   When they did so, it went out to their friends as “John Doe commented on Katy Brown’s picture”–allowing someone who isn’t a friend of Katy’s to notice the potential for a discount of 70 cents per gallon.  This thief also knew that even without her Kroger card, a phone number provides access at the gas pumps.

Although she has an unlisted phone number, the Internet provides ample opportunity to research people.  Her phone number has also appeared in business listings (not surprising for a stay-at-home mom and free-lance writer), the parents’ directory for the elementary school her children attend, and potentially other places.  Perhaps all the thief had to do was to find a friend that he had in common with Katy and ask that person.  Or then again, maybe the thief called the Daily Mail and asked for her number (some of the best hackers are experts at ruses such as this, which they refer to as “social engineering”).

The bottom line is that some people will steal anything—even gas discounts.  When using Facebook (or the Internet in general), one should always be skeptical, suspicious, and cynical.  There are more and more bad guys out there all the time, so take precautions.  Be discreet in what you post, don’t be promiscuous when accepting friend requests, and lock down your privacy settings.  Educate yourself on computer security issues.  Finally, always be thinking defensively!

Although it was only gas discount points, it is still troubling to be a victim of any type of identity theft—even if it is merely hijacking the Mommyhood Blog for the day!

[Actually, Katy allowed her friend David Kurtz to write this week’s story.  David writes his own blog at inquisineer.blogspot.com.]