Q: I use PayPal to accept credit cards for my online
collectibles business. I recently received an email that my
PayPal account was going to expire in five days if I didn't
click a link in the email and give them my PayPal account
information. Being naturally paranoid I decided not to give
this information and I'm happy to say that my PayPal account
did not expire. Was this a scam?
-- Brenda A.
A: Be thankful that your paranoia kicked in, Brenda,
because you were about to fall victim to the scam of the week,
this oneaimed at the 35 million merchants and individuals
who use http://Paypal.com
as their online payment processor.
The email you received was not from PayPal, but from an Internet
bad guy behind a forged email address using the http://PayPal.com
domain. You should understand that no reputable online company
will ever ask you to provide your account information. Think
about it. They already have this information. Why would they
ask you to provide it.
Since I use PayPal for several of my online ventures, I, too,
received the email in question. The email first seeks to instill
fear in you by saying that your PayPal account will be closed
if you do not provide personal information. You are then directed
to open an attached executable file and enter your PayPal
account information and other personal information that PayPal
doesn't even require, including your social security number,
checking and savings account information, driver's license
number, and other personal information that can be used to
clean out your PayPal account and perhaps even steal your
identity.
If you're not familiar with PayPal, it is a hugely successful,
web-based company (purchased by eBay in 2002) that many online
retailers and eBay sellers use to accept electronic payments
for everything from newsletter subscriptions to consulting
services to just about any product for sale on eBay.
The allure of PayPal is that it does not require the seller
to have a bank merchant account through which to process credit
cards. Anyone with a verifiable email address and bank account
can use PayPal and the service can be implemented almost immediately
after registering. When someone places an order on a website
that uses PayPal for online payments, that customer is directed
to http://PayPal.com
to complete the payment process using a credit card or electronic
check. The merchant can transfer the money collected in his
PayPal account to his checking account any time he likes.
Since many larger merchants make this transfer just once a
week or so, their PayPal accounts are ripe for the picking
from those who have the cunning and lack of ethics required
to gain access.
The shear number of PayPal customers is one reason it has
become a popular target of scam artists trying to steal personal
information from individuals and businesses alike. Identify
theft is on the rise. Thanks to the Internet stealing someone's
identity has never been easier. At any given moment, there
are any number of Internet thieves using all manner of high
tech wizardry to steal personal and business information from
unsuspecting souls, and many times they can gain access to
this information simply by asking the person to provide it
through fraudulent means.
The PayPal scam is just the latest in a long line of sophisticated
attempts to steal personal information through online means,
Amazon, eBay, Dell Computer, and many others have been the
brunt of many such scams in recent years.
Identity theft is what's known as "a knowledge crime,"
which means that the criminal doesn't have to break into your
house to rob you blind. If you have a bank account and a social
security number, you are susceptible to identity theft.
While most people are familiar with identity theft, most business
men and women never think about it happening to them, at least
on a professional level. Consider this: if a criminal can
learn your business checking account number or the number
of your company credit card, they can steal far more from
your business than if they had simply knocked down the door
and carted off your desk. The Internet aside, most business
and personal identity theft is still the result of stolen
wallets and dumpster diving. You should guard your business
records closely and be very careful what you throw away. Stop
and think for a moment what a criminal might find in the dumpster
behind your office.
There's a good chance that dumpster has, at various times,
contained scraps of paper with your social security number,
driver's license number, credit card number, old ATM cards,
telephone calling cards, and other pieces of vital business
information like bank statements, invoices, and purchase orders.
A dumpster-diving thief could literally rob your business
blind in a matter of hours.
Here are a few ways to protect yourself from business and
personal identity theft.
Never give out your first name, last name, business name,
email address, account passwords, credit card numbers, bank
account information, PIN number, social security number,
or driver's license number.
Change your online account passwords every 30 days. Believe
it or not, a hacker who steals your personal information
can guess your online account passwords in about two minutes.
If your Charles Schwab online account password is your birthday
or the name of your first born or family pet, count on a
hacker cracking that code faster than you can say "Bill
Gates."
Never provide personal information in response to an email
or telephone call. Just because someone calls and says they
are from Dunn & Bradstreet and need to confirm your
business information does not mean they are really from
Dunn & Bradstreet.
Never give your business credit card number over the phone
to place an order with someone who has called you unsolicited.
If you are interested in what they are selling get their
number, check out their company, then call them back to
place the order.
If you think that you have become the victim of identity
theft or think someone is trying to steal your identity
or personal information you should report them immediately
to the Federal Trade Commission. You will find more information
on their website at http://www.consumer.gov/idtheft/.
For more information on what to do if identity theft happens
to you visit http://www.privacyrights.org/fs/fs17a.htm.
So, if you ever receive an email from PayPal, Amazon, eBay,
or any other ecommerce website asking you to update your
account information by email you can pretty much bet the
farm that it is a scam.
