Scamming of the innocent

by Dorothy Winslow Wright
*Archived January 2006 article

I never thought of myself as an innocent. After all, I'm a great-grandmother. I've been around. But the confidence that comes with longevity took flight the day I fell for a computer scam called "phishing." I didn't even know the word, but learned its meaning quickly as I repaired the damage created when I responded to a computer scam. I had to cancel my credit card, and inform those whose bills were to be paid by that particular card. It was also necessary to change my computer password. Today I feel a modicum of peace because I have taken the necessary steps to insure financial security, although I'm not sure I'll ever regain the comfort level I had before this happened.

The scamming came about so cleverly that I never suspected that I was being duped. The scammers, who had created a masthead so like the mail-order company I used frequently, informed me that someone had been trying to break into my account. For this reason, unless I registered again to verify my information, they would cancel my account in three days. When I read that, I panicked. Christmas was closing in, and I wanted to order gifts for my mainland family. I couldn't afford to lose that particular company. They had served me well for several years, and I trusted them. I thought I was behaving responsibly by correcting my registration in a timely fashion - but was I ever wrong.

Without giving a thought to security, I clicked on the link to the website where I could register again. It looked legitimate, so I filled in all the required spaces: address, phone number, credit card, password. However, when they asked for my banking PIN number, I was flummoxed. I didn't have one. When I closed the link, I worried about how I could find out what it was. Although my husband had one before he died, I didn't know where he kept it, and I wasn't sure it would be legal for me to use it anyway. I decided the best thing to do was to go to the bank and have them help me out.

Fortunately, my granddaughter, who lives in North Carolina, telephoned me just as I was about to leave. When I told her where I was going and why, she said in horror, "That's a scam, and you'd better cancel that credit card now." Then she added, "After you cancel the card, call Daddy." When her father, my eldest son and financial mentor, listened in studied silence as I told my tale, I knew I was in trouble.

"That's not good," he said. Although he was gentle with me as he led me through the steps I must take, I realized that my financial situation was in jeopardy, and that it needed to be corrected immediately. There was no time for shilly-shallying.

Once the credit card was canceled, I informed the company whose masthead had been faked. This wasn't easy because there isn't much of an opportunity to converse in computer correspondence. You have to search through all manner of menus to find the most appropriate area, and it took me half an hour to find the place where I could type in a message. It was similar to a chat room set-up where I would receive an answer while I waited. Their response made me even more uneasy. My story was not new to them. It was a problem they'd been addressing for some time, and informed me that no legitimate company will ask for a PIN number, and that the only time a credit card is requested is at the time of purchase.

As an extra precaution, I registered with Equifax, a national credit reporting organization, who put a fraud alert against my name. They also informed two other such agencies: Experian and TransUnion, to make sure I was fully protected. Next, a friend installed Spybot Search and Destroy on my computer, and made sure I had a firewall as well as anti-virus protection. I am now as protected as possible, and feel blessed that I acted before anyone had a chance to use my credit card. Yet I am still uneasy.

As I write this, the New Year is almost here, and my resolution is to be wiser in business matters. I now know that scamming, or phishing, is prevalent, and that I must remain aware of this to protect myself. I hope that my experience will be a warning to others who are as overly trusting as I was a month ago.


The Federal Trade Commission (FTC) suggests these tips to help you avoid getting hooked by a phishing scam:
  • If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser - phishers can make links look like they go to one place, but that actually send you to a different site.
  • Use anti-virus software and a firewall, and keep them up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
  • Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer's security.
  • Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
  • If you believe you've been scammed, file your complaint at ftc.gov, and then visit the FTC's Identity Theft website at www.consumer.gov/idtheft. Victims of phishing can become victims of identity theft. While you can't entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.

You can learn other ways to avoid email scams and deal with deceptive spam at ftc.gov/spam.

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261.