Identity Theft is Too Easy – Phishing with a Fax Number
January 25, 2008
Have you ever faxed over a copy of your name, address, and social security number to an identity thief? I thought for a brief moment today I might have fallen victim to a savvy phishing/fax scheme that originated with the email below:
2nd Notice! – Important! – W-9 tax form
This is just a reminder. We request that you assist us in updating our records, therefore expediting the delivery of your 1099-MISC (Statement of Earning for Non-Employees) for 2007. Please print out the W-9 form then complete and sign it. Please fax completed form into our office ASAP at xxx-xxx-xxxx. Please make sure that the name, address, and Tax ID Number are the same which are used when filing your tax return.
If this form is not completed and faxed back to us by the end the business day Thursday 1/24/2008, the Internal Revenue Service requires us to begin backup withholding at the current applicable rate allowed.
Internal Revenue Service! Backup withholding! I faxed that W-9 over as fast as I could. As I replied to the email to confirm receipt of the fax I had a sinking feeling in my stomach.
Was this a legitimate email? Had I just sent my information to a scammer? Luckily, it turns out it was all above board but the more I thought about it, the more I realized how a technically savvy person could pull off a scam like that.
Misrepresenting a Legitimate Company
I won’t go into detail but a person could find enough information on most any personal blog to spoof an email that would appear legitimate but actually contain a fax number with an identity thief waiting on the other end. Revealing your social security number, name, and address could leave you vulnerable to identity theft, especially combined with the information revealed on some blogs.
Of course many people would probably sense something wasn’t right for a variety of reasons. But all it takes is for one person to fall for it and their personal information could be compromised and exploited. The reason I bring this up is that this approach is a sneaky derivative of the standard phishing emails many people have come to ignore. We’ve seen enough phishing emails that we can mouse over the link and see it doesn’t go to paypal.com but instead some obscure web domain so we simply delete the email.
Phishing with a Fax Number
In this hypothetical instance, instead of listing a disguised link the scammer simply lists a fax number and creates a sense of urgency with the recipient. With no hyperlink to trigger my internal scam filter, I didn’t pick up the potential danger of this one until after the information had been sent. I’m fortunate that it was a legitimate request and will be more careful in the future.
Identity Theft Evolving
What this reminded me of is that identity thieves and scammers will continually come up with ways to defraud people of their hard earned money. Fraud awareness, education, and a common sense filter have served me well so far to date, knock on wood, but “they” will always be out there looking for ways to get into my wallet. Of course I don’t lose sleep over it but I do hear horror stories about people whose identity was stolen and I definitely don’t want to go through the mess they have.
Protecting Yourself Against Identity Fraud
For now, I continue to rely on common sense but lately I’ve been giving thought to signing up for a program like LifeLock that helps protect your identity and also provides you money to help clean up the mess in the event someone does take your information and abuse it. I haven’t done a cost/benefit analysis yet on the price of the service vs. the value of protection & cleanup coverage but it’s on my to-do list. Has anyone had any experience with the LifeLock service?
However you decide to protect your identity, make sure to think twice before clicking that link, sending that fax, or giving out information over the phone. It may be a legitimate request like it was for me today but you certainly don’t want to find out down the road that you’ve been scammed.
Last updated by.
All posts by Ben Edwards