BUFFALO, N.Y. (WIVB) – Identity theft is the number one complaint each year at the Federal Trade Commission and the latest government figures show it costs Americans and U.S. businesses as much as $25 billion a year.
The Internet seems to making it easier for criminals to steal your good name, and the FBI’s Special Agent in Charge for Buffalo, Brian Boetig offered his take on why cybercrime is so pervasive, and seems to be getting worse by the day. “People seem to feel safer on the Internet, but really, they should not,” he warned.
A growing menace on the Internet is also getting Boetig’s attention. It is called “email spoofing”; crooks sending out phony emails, posing as popular retailers such as Amazon.com, Walmart, or Cosco.
According to Boetig, these emails “are sent to masquerade as a legitimate business, when in fact they are some type of fraudulent activity,” and opening a spoof could be disastrous for the unsuspecting web surfer.
Hackers will offer a reward or special offer to entice a user to click on a link within the email, but falling for this spoof is no laughing matter.
Boetig says just clicking on that link will take the user to another website, allowing hackers at that alternate site to hijack your computer with “phishing” malware, stealing more of your identity with every keystroke.
One form of malware is known as a “keylogger”, which Boetig explains would allow a hacker “to see passwords that are being typed in, personal information, dates of birth, Social Security Numbers, passwords, credit card numbers,” usually without the victim’s knowledge.
The New York State Thruway recently warned consumers of an E-ZPass email spoof, which has also surfaced in several other states. The email imitates a reminder from E-ZPass to pay a delinquent E-ZPass bill.
Thruway officials displayed a sample of that spoof with a link that could lead the unsuspecting user down the road to disaster, with a click.
Sandra Acevedo, a Richmond, Virginia driver, actually fell for the realistic looking email, and said she is concerned about turning over her highly sensitive personal information to a fake website. The fake website told Acevedo she owed money on the account, which she didn’t understand. “So it wanted me to make a payment and I went ahead and did so,” she said.
Acevedo now has a very real reason to fear identity theft.
Authorities warn, the most obvious clue that an email might be a spoof is the sender’s email address. The sender’s email should match the business.
The FBI’s Boetig said, “It should be a key to you. If you are getting an email from a particular company and the email address does not even have that company’s name in it, that should be an initial clue that something is wrong.”
New York City attorney Steven Weisman, founder of the website, Scamicide.com, has a reputation for exposing Internet scams and said before clicking on any link within an email, check it out first.
Weisman advises email users, “If you get an email with a link, you never click on the link no matter how legitimate it looks until you have actually contacted that company.”
But if you are still tempted to click on a link within an email, the FBI’s Boetig said there is one sure way to check it out yourself. Instead of clicking on the link, go directly to your account and the reward should be there.
“The best thing to do is go to their website, type in the address yourself, and then access your account from in there,” said Boetig. He added, if the business is offering you free rewards, those free rewards should be in your account somewhere, you should not have to click on a link to get them.
According to the U.S. Bureau of Justice Statistics, nearly 17 million Americans were victims of identity theft in 2012, with direct and indirect losses, amounting to $24.7 billion. That is about 7% of all Americans, 16 years or older.