Prevent ID Theft

A while ago I made a post discussing how dangerous it is to accept Paypal payments for items that you’re selling on Craigslist and today I have come across another Craigslist scam while trying to sell my car. Last night I posted an ad for my car on both Craigslist and Kijiji and have received a number of replies. One of the replies came from a seemingly nice lady named Rose. After answering all of her questions about the vehicle she sent me this message

Hi There,
Thanks for mailing back, Can you assure me that is in good state and that i will not be disappointed with it? I am an oceanographer, am satisfied with your advert price and ready to purchase it asap,as am requesting this transaction should be done via PayPal so the PayPal charges is on me, i can only pay through PayPal at the moment because i do not have access to my bank account online, but i have it attached to my PayPal account, and this is why i insisted on using PayPal to pay,If my offer is accepted all i will need is your PayPal email address to make the payments, if you don’t have a PayPal account yet,its pretty easy to set one up at www.PayPal.com, i will be expecting your email. I have a pick up agent that will come for the pick up after payments has been sorted,so no shipping. I will like to see more pics of it.

Your PayPal email id
Your zip code for pickup
Firm Price

God bless you .

This is basically a larger version of the typical Craigslist Paypal scam. How this one works is she will send a fraudulent payment to my Paypal account and then someone will show up to pick up the vehicle. Shortly after leaving with my vehicle, the Paypal payment will turn out to be fraudulent and will be reversed. In the meantime, the car thief will likely be driving my car onto a shipping container to be shipped overseas, or chopping it up for parts.

If someone tries to buy anything from you on Craigslist or Kijiji using Paypal, don’t do it. It is always best to deal with sellers in person with cash. Remember, Paypal is designed to protect buyers, but does nothing to protect sellers. Accepting Paypal for a purchase like this is like accepting a check from a stranger.

A few days ago I discussed the rental of PO boxes for the purposes of securing your mail. If you have decided to go ahead and rent a PO box, you’re probably wondering whether or not you should get it from the actual post office, or whether you should go with a private company such as a UPS store. There are pros and cons to each of the options, however after evaluating PO boxes and UPS store mail boxes, I think that there is a clear winner.

PO Boxes

PO boxes are located at the post office or other postal outlets and are offered by Canada Post in Canada and USPS in the United States. PO boxes in both countries have pretty much the same characteristics, so I will discuss both of them together. Generally speaking, PO boxes are reasonably priced and available at many convenient locations across the country. They can be found in big cities, as well as in remote rural locations. Here are some of the Pros and Cons of PO boxes

Pros
- Conveniently located virtually everywhere across the country
- Comparatively cheap. The prices are often the same even in a downtown location

Cons
- PO Boxes cannot receive parcels from couriers such as UPS or Fedex
- In most cases PO boxes can only be accessed when the post office is open

UPS Store

The UPS store offers private mailbox rentals at almost all of their locations across North America. Each UPS store is a franchise and differs slightly store to store based on the owner. For example, while the price of a mailbox rental in Kingston may be $150 per year, it could cost as much as $300 in downtown Toronto. Here are some other pros and cons

Pros
- You can receive mail and courier packages from UPS and Fedex
- Most stores offer 24/7 access

Cons
- Most costly than PO boxes

Overall, I have found that despite the slightly higher cost, the UPS store is far superior to a traditional PO box. Not being able to receive packages from Fedex and UPS seems to defeat the entire purpose of having a mail box, as you can only receive some of your mail. If you never receive any packages through Fedex or UPS, and you never purchase anything online, then a PO box might be a better option. However for everyone else, the UPS store mailboxes are definitely worth the added cost.

One major concern that has existed over the years in terms of identity theft is mail theft. Basically, the concern is that a scammer will steal your mail, which contains credit card applications, then fill them out for his own use. Since many of these credit card applications are pre-approved, it won’t be too hard for the scammer to get approved using your credit profile. To make things worse, they’ll often use your other mail (such as current credit card bills and bank statements) to figure determine the answers to personal questions that are asked by the banks when applying for such an account. As a result, many people, particularly those who live in rural areas and have a mailbox at the road, have considered opening a up a PO box to protect their mail. PO boxes are also of interest to those who live in large cities where their mailbox is easily accessible by others, and those who frequently go on vacation and don’t like their mail piling up at their front door.

If you were considering this, there are some things that should be mentioned before you rush out and spend a couple hundred dollars per year on a potentially unnecessary PO box. First, ask yourself these questions

- Will it be a hassle to go pick up my mail from a PO box?
- Do I even receive sensitive documents in the mail anymore? Many people receive all of their bills online.
- Is my mailbox in a location where someone is likely to steal my mail?
- Would it be cheaper to buy a locking mailbox to put on the house?
- Overall, is it worth it?

In my opinion, for those who are simply worried about having their mail stolen, I wouldn’t worry. In most of North America, this type of credit card fraud has become surprisingly less popular. The way the scammers look at it, it isn’t really worth the risk of physically stealing mail when they could probably receive comparable information for a fraction of the cost by buying it on the black market. So the odds of someone actually stealing your mail for the purposes of applying for credit cards or other financial products in your name is quite low.

The are however a few reasons why I would recommend getting a PO box

- If you move frequently. Changing addresses all the time is a hassle.
- If you are often on vacation. When mail builds up at your door, you’re not only at risk of having it stolen, but you’re basically broadcasting to the entire world that you’re not home.
- If you receive particularly sensitive business documents. For those who are receiving confidential and valuable mail on a regular basis, a PO box is definitely a good idea.

Personally I have a UPS store mail box for the purposes of receiving mail because I travel a lot, and I prefer to have my business mail go to a commercial address rather than my home. However for most people, a PO box really isn’t necessary. Instead it is a product that is promoted using fear and other tactics with the intention of scaring people into buying.

Its been a good 10-20 years since most hotels switched over from traditional keys to magnetic keycards and electronic locks. During this time, you would think that they would have made security a top priorty and ensured that everything surrounding these keycards was perfected, to ensure the safety, security and privacy of hotel guests.

In terms of security, hotel keycards are substantially more secure than traditional locks. With traditional locks, someone simply had to make a copy of the room key to be able to continue accessing a room, even weeks or months after they had checked out. By contrast, electronic locks and magnetic strip keycards ensure that rooms can only be opened during one’s stay, and the key becomes useless after they checkout.

With that said, many hotels seem to have forgotten privacy in this successful attempt to increase hotel security. Many hoetls, despite a multitude of studies and warnings, include private information on keycards. The most common form of private information is: credit card numbers, names, ID numbers and birthdates. While many hotel chains have realized that it isn’t a bright idea to encode credit card numbers on a keycard that will likely be re-issued to another guest in the future, there remain a number of hotels that continue to disregard this breach of privacy. In a recent test, we found that more than 20% of hotels still include some private information on the keycards, which could be accessed by guests who obtain the keycard in the future.

So how can you protect yourself?

Unfortunately there really is only one way that you can protect yourself from the incompetence of hotel management. Keep your key. When you check out, rather than depositing your keys in the “Key drop,” or with the front desk, you can simply keep them.

While some hotels frown upon this, most aren’t bothered. They purchase keycards in stacks of thousands, so issuing a new keycard to each new guest costs only a few cents, and I think most would argue that your privacy is worth more than a few cents.

When connecting to the internet via a unsecured public wifi connection, theres always the risk that a hacker can hack into the router and see what you’re doing. Assuming you’re not connected to your favourite websites via SSL, the information that you are sending is being sent unencrypted. This means that if a hacker wants to see what you are doing, they can pretty much watch everything that you’re doing in real time. Whether you’re typing an email, chatting over msn, or browsing Facebook pictures, they can see it all. The good news is that this type of attack is incredibly rare, but the risk still exists. The way I look at it, its like leaving your car door unlocked. The odds of someone stealing the change from your cup holder are relatively small, but there is a chance that it might happen.

So with that in mind, you’re probably wondering how you can protect yourself when using a public wifi connection, such as those found in Starbucks and other coffee shops. There are two methods that I am going to explore, each other their own pros and cons.

The first, and more rudimentary method of protecting yourself when using a public wifi connection is to ensure that every site you visit uses SSL (The Secure Socket Layer). While sites such as your bank would use SSL by default (You can confirm this by looking at the url. If it begins with https, it is using SSL), most sites do not. The easiest way to do this is to install a firefox plugin which will force all websites to use SSL. The best plugin for this can be downloaded directly from the Mozilla website here. This plugin will make sure that all websites, instead of just banking websites, uses SSL. This encrypts the traffic between your computer and the website that you’re visiting, making it nearly impossible for a hacker to see what you’re doing.

The other method is to use a VPN service (A virtual private network). This works by routing your entire connection through a secure encrypted server, and prevents the wifi that you’re using (or an hackers) from seeing what you’re doing. While this method is more secure, it also has the downside of being a paid service. VPN providers generally charge between $10 and $50 per month to use their service, depending on the bandwidth and other features offered. While this may seem expensive, if your job requires you to protect sensitive information, its definitely worth it. Losing corporate secrets or company access codes to a hacker could cost you your job. To learn more about VPN services, click here.

With all that said, most public wifi connections are fairly secure and free from hackers. The odds of a hacker sitting in the same coffee shop as you are relatively low and the odds of a coffee shop employee setting up spy software on their network are also slim. Nevertheless, it is important to know how to protect yourself, especially if you’re dealing with sensitive or valuable information.

This may sound like it should be common sense, but as I always like to say, common sense isn’t all that common. Frequently I see people, in particular elderly people, writing their PINs on their debit and credit cards. With the introduction of chip and pin credit cards, it has made this practice incredibly more common. While chip and pin credit cards were designed to help minimize fraudulent purchases, in some cases they have resulted in incredibly large losses. For example, in the past if someone were to steal your regular credit card, they would have to make purchases at a store, which is somewhat risky. However, if you have a chip and pin card and you write your pin on your card, all the scammer has to do is go to an ATM, insert your card and type in your pin, and they have access to thousands of dollars in cash advances. Furthermore, since the card has a chip and pin, the banks have less reason to believe that the transaction is fraudulent, making it harder to detect. To make matters worse, if someone were to use your card to make fraudulent purchases, you would be refunded (as per both Canadian and American laws), however if your card and pin is compromised due to your failure to protect it, you will be liable for all of the fraudulent charges. While the extent to which banks hold clients liable varies, there have been many cases where the banks deem it the card holder’s fault for revealing their pin.

Today’s post is simple: Never write your pin on your card.

Over the years, Research in Motion has been applauded and criticized for providing its blackberry users with an entirely encrypted instant messaging system. To businesses seeking security, the instant messaging system is ideal. Instead of insecurely transmitting messages through SMS, or through insecure email applications on third party wifi systems, Blackberry users have been able to send encrypted messages to all of their contacts, in a format that couldn’t be decrypted by anyone, even the government.

Unfortunately, the world is changing, and such a system no longer seems acceptable to the nosey Big Brother governments of the world. This past month was a turning point for BBM, when Research in Motion announced that they would be providing a backdoor to the Indian government, which had requested access. While some argue that this is necessary in order to ensure the safety of the greater public, it opens up the door to a plethora of opportunities for hackers. While the system is designed only to allow access to the government which was granted access, the existence of a backdoor means that there is an intentional flaw in the programming of the encryption software, meaning that its only a matter of time before hackers also gain access to the backdoor, and are capable of decrypting BBM messages with ease.

For the average teenager sending “lols” and “brbs,” this isn’t much of an issue. But for large corporations transmitting industry secrets, patent information and other sensitive corporation information, this is huge. Its only a matter of time before the hackers figure out how the governments are decrypting BBM messages, and when that happens, BBM will be no more secure than email. For a company that has lost such a great amount of marketshare in the past few months, its surprising to see them shoot themselves in the foot for another round.

Are you fed up with having your inbox full of spam? Like most people, if you’ve had the same email account for a while, you’ve likely gotten to the point that it fills up with spam on a regular basis. One of the main sources of spam is from websites that sell your name and e-mail address after signing up. This is particularly true for free services, blogs, and game sites.

So how can you avoid this? One of my favourite ways to avoid spam in your main email box is to use a temporary email address (or throwaway email address) when signing up to websites. Unless its something important, (such as online banking) there usually isn’t that much need to use your real email address. Temporary email addresses allow you to provide an email address to websites when they request them, and they can even be used to receive confirmation emails.

My favourite temporary email provider is mailinator. Mailinator.com basically allows you to instantly create an email address, without the hassle of filling out a long sign up form. All you have to do is create a random username (which will become your email address) and you’re ready to go. Now you can sign up to blogs, forums and other sites that require an email address, without giving out your personal email address. If the website decides to sell your personal information, all that the spammers will get is your temporary throwaway address.

One word of warning before using a temporary email service. Since there are no passwords, anyone with your username can log in and see the messages that have been sent to your inbox. Therefore, do not use the inbox for anything with sensitive information.

I’m a big fan of the concept of prepaid credit cards. There uses are endless. They can be used online when you don’t trust giving your real credit card number to a shady company. They can be used at parking meters, and they can be used with merchants that you think may try to rip you off with some sort of recurring billing scheme. Despite their fees and other associated issues, the concept of prepaid credit cards is great.

Recently I decided to try the new American Express Prepaid credit card. I bought it at Shoppers Drug Mart, here in Canada, and assumed that it would work the same way as other prepaid credit cards that I had tried. Unfortunately, this was far from the case. As it turns out, prepaid American Express cards are extremely restrictive and can only be used at a few places. Here is a short list of places where you CANNOT use a prepaid American Express card.

- Online
- At any merchant outside of Canada
- At any merchant that uses an Internet based processing system
- At most phone merchants

As you can see, the card is restricted at most of the places where you would be most likely to use it. In the end, I ended up using it mainly at parking meters, which seemed to be the one place where the card did work.

Overall I was not impressed and will not be buying an American Express prepaid credit card again. I’ll stick with Visa and Mastercard.

I’ve issued quite a few warnings regarding Paypal in the past, but I think its time that a new warning be issued regarding Paypal. This time, it is directed to those who like to sell items on Craigslist. When Craigslist was created, the main purpose was to be an online classifieds board, where people could list items for sale, and then meet with the buyer in person. The transactions would usually be conducted using cash, thus making it safe for everyone involved. However recently, there have been number of people who have been duped into selling items to non-local buyers, who offer to pay for the item using Paypal.

Unlike on eBay, where sellers are offered a level of Paypal seller protection, there is no such protection when accepting Paypal for an item listed on Craigslist. If the payment turns out to be fraudulent, the seller will be lose out and have very little recourse.

How the Scam Works:

- The seller lists an item on Craigslist. Usually a rather expensive item such as a laptop or jewellery.
- The buyer contacts the seller and informs them that they are very interested in purchasing the item, however they’re in a city half way across the country (or in some cases, half way around the world)
- The buyer informs the seller that they are willing to pay for the item using Paypal and will also pay any shipping and handling costs involved. They are also willing to pay full price.
- The seller thinks its great, accepts the Paypal payment and ships the item
- A few days later, the seller is contacted by Paypal and informed that the payment that they have accepted is fraudulent and has been removed from their account. At this point there is nothing that the seller can do

There are quite a few warnings about this type of scam online, even some that can be found directly not the craigslist site. However, many people choose to ignore the warnings. How can you protect yourself? The best way is to simply avoid accepting Paypal and to only deal with people that you can meet locally. This way you ensure that you get paid for the product, and stay paid!