Identity Theft and Phishing

By Crystal Baldwin

When I presented on the topic of identity theft a decade ago, the concept seemed somewhat distant, impacting few individuals with identity thieves using dated and laborious tactics to steal identities.  A section of my presentation was devoted to informing about dumpster diving—the fact that people can get a lot of information about your identity from the trash you discard—and encouraging shredding as an identity theft prevention step.  Another section focused on phishing and educating about what phishing is; not to be confused with fishing, except metaphorically of course. 

Protect yourself from Identity Theft! Safeguard your personal information.  Verify requests for information. Shred documents using a cross cutting shredder.

In the age of the robocall and the internet, phishing and identity theft have become more sophisticated in that scammers can make the same automated call to many people at once and data security breaches expose consumers to widespread identity theft.   

Even with advances in technology, identity thieves can still obtain your personal information by rummaging through your trash and phishing.  To demonstrate, let’s take a quiz: 

What do you do with your expired credit card when a replacement arrives in the mail? 

A. Cut it down the middle and throw it out.  The card cannot be used once the magnetic strip is severed.  

B. Run it through a straight-line shredding machine. The card will be of no use when made into little strips.  

C. Cut it into as many small pieces as possible, either with scissors or a cross-cutting shredder. Throw out the pieces in different trash bags. It will be virtually impossible to decipher the card with it in so many pieces and places. 

D. Discard as it is.  Without additional instruction from the bank, no additional steps are necessary.  The card is of no use once it expires. 

My answer is C: Cut the card into a million pieces and discard in multiple places.  Why?  Because even though the card is expired, with card updates the card number stays the same.  Once a determined scammer has obtained the card, all they need to do is follow up with a strategic phishing phone call to you.  When they call, they may claim to be your financial institution and ask a series of phishing questions, which exposes other important numbers about the valid card in your possession: the expiration date and the CCV.   

What exactly is phishing?  

A. A sport of catching fish, using a fishing pole. 

B. A fun excursion with Vermont Phish Phans.  

C. The fraudulent attempt to obtain your personal information or data. 

D. Testing the water pH before ice fishing.  

Hopefully this quiz question was easier.  The answer is also C.   

Identity thieves phish for information about you, your Social Security number, your bank account number, your credit card and debit card numbers, your birthday, and more in order to use the information for their own financial gain.  When an email purports to be your bank, saying you have been locked out of your account and you must login using the enclosed link, a scammer hopes you provide them all of your personal information by completing their realistic-looking bogus form.  Once you have, they can access and use your account.  And, depending on the information you have provided, they may also open up new lines of credit in your name without your knowledge or consent.  Identity thieves have opened home loans, car loans and credit cards.  They usually don’t pay the bills they run up, creating a mountain of work for you to dispute debts you do not owe.  

Phishing scammers may contact you by email, phone, text message, and any other communication mechanism you use currently, including social media.  Phishing scams often present a problem that must be solved by you disclosing some personal information.  They may even pretend to be your computer company, warning about viruses that need to be repaired on your computer.  They offer to help you resolve your virus problem, if you grant them access to your computer and, unknowingly, your personal information stored on your computer.  Phishing scammers may also say a package will soon be delivered to you and you must reply if you did not order a product, or else your credit card will be charged. Then when you call, they ask for your credit card number. 

Protect yourself from phishing scams! Scammers claim to be someone you know. They present a problem that can only be resolved by providing personal info or money, they may contact you by phone, email, text, mail, and even social media.

Phishing scams can be tricky, because there are scenarios in which a bank institution may contact you, such as if there has been fraudulent activity on your credit card. Scammers take advantage of this and try to replicate it.  Rather than trying to determine the difference between a scam call and a call from your bank, take out the guesswork by disconnecting the contact and calling your bank directly on a number you know to be valid.   

Resist the impulse to reply to urgent requests of phishing scammers.  By slowing down and taking steps to verify, you can stop phishing scammers from reeling you into their trap. 

Help CAP prevent scams by sharing this information with your community.  Have a scam to report? Use CAP’s online scam reporting form

For more information about identity theft, visit our website

Help us stop these scams by sharing this information with those you care about. Get notified about the latest scams: Sign up for VT Scam Alert System alerts.  

Social Security Number Phishing Scams

Since August 1, the Consumer Assistance Program has received approximately 275 reports of the Social Security number phishing scam!

Here’s how the scam works:

  1. You receive a phone call stating that there has been criminal or fraudulent activity involving your Social Security number. The scammer may also claim to be a government agency or law enforcement, threatening arrest or serious consequences. The scam often begins as a robocall.
  2. If you “press 1”, you are connected to a live person, who claims to be a detective or law enforcement agent. They spin a detailed story about a crime committed involving your Social Security number.
  3. Then, the scammer attempts to obtain your personal information and money. Never provide your Social Security number or bank account numbers over the phone, especially to an unknown caller.

If you receive a Social Security number phishing scam call, hang up the phone! Do not press 1 or attempt to connect to a live person.

The Social Security Administration will contact you via official letters in the mail if necessary. If you receive a call threatening arrest, it’s a scam.

Take it SLOW: Scammers pressure you to act fast, demanding personal information and payment, while threatening extreme consequences if you do not comply. Don’t let them pressure you! Remember to slow down, hang up the phone, and log the call. All it takes is one call to someone in your life to talk it through. If you still need help identifying the scam, make an additional call to someone who cares. You can always call CAP, we care and can discuss scams with you.

If you do provide personal information to the scammers over the phone, here are some proactive steps you can take to protect your information and your finances:

  1. Report the scam to CAP: (800) 649-2424 or ago.cap@vermont.gov
  2. If you provided your Social Security number to the scammers:
    1. File an identity theft report with the Federal Trade Commission and your local police.
    2. Check your credit reports and place a fraud alert or freeze on your credit.
    3. Watch out for identity theft warning signs.
  3. If you provided financial information, such as bank account numbers or credit card numbers, contact the involved financial institutions right away.
  4. If you provided the scammers with a payment via gift card, call the phone number on the back of the card.

Extortion Email Scams

On April 27, 2020, our office issued a scam alert to warn about an email extortion scam that has been contacting Vermonters.

The email threatens exposure of compromising home video and pictures, unless you pay, usually in Bitcoin. The email claims you have been hacked and may reference a current or former password you may have used. The sender claims that they have access to your computer and webcam and threatens to release embarrassing photos and video unless you send them money.

These emails are scams. If you receive one of these e-mails, DO NOT send money. Do not click on any links or attachments. If you find that your current password is listed in the email, change your passwords from another computer and run virus scans. To learn even more about this scam, scroll to the “Sextortion Scam” section of our online relationship scams blog.

You can help stop these scams from hurting your community by sharing this information with people you know.

Call us at 800-649-2424 if you have questions, concerns, or need help determining if you have been a victim of a scam.

Report these scams to the FBI’s Internet Crime Center at ic3.gov

For more information about how to protect yourself from email phishing scams, visit the Federal Trade Commission’s website.