Q: I use PayPal to accept credit cards for my online collectibles business. I recently received an email that my PayPal account was going to expire in five days if I didn’t click a link in the email and give them my PayPal account information. Being naturally paranoid I decided not to give this information and I’m happy to say that my PayPal account did not expire. Was this a scam? — Brenda A.
A: Be thankful that your paranoia kicked in, Brenda because you were about to fall victim to the scam of the week, this one aimed at the 35 million merchants and individuals who use Paypal.com as their online payment processor.
The email you received was not from PayPal but from an Internet bad guy behind a forged email address using the PayPal.com domain. You should understand that no reputable online company will ever ask you to provide your account information. Think about it. They already have this information. Why would they ask you to provide it?
Since I use PayPal for several of my online ventures, I, too, received the email in question. The email first seeks to instill fear in you by saying that your PayPal account will be closed if you do not provide personal information. You are then directed to open an attached executable file and enter your PayPal account information and other personal information that PayPal doesn’t even require, including your social security number, checking and savings account information, driver’s license number, and other personal information that can be used to clean out your PayPal account and perhaps even steal your identity.
If you’re not familiar with PayPal, it is a hugely successful, web-based company (purchased by eBay in 2002) that many online retailers and eBay sellers use to accept electronic payments for everything from newsletter subscriptions to consulting services to just about any product for sale on eBay.
The allure of PayPal is that it does not require the seller to have a bank merchant account through which to process credit cards. Anyone with a verifiable email address and bank account can use PayPal and the service can be implemented almost immediately after registering.
When someone places an order on a website that uses PayPal for online payments, that customer is directed to PayPal.com to complete the payment process using a credit card or electronic check. The merchant can transfer the money collected in his PayPal account to his checking account any time he likes. Since many larger merchants make this transfer just once a week or so, their PayPal accounts are ripe for the picking from those who have the cunning and lack of ethics required to gain access.
The sheer number of PayPal customers is one reason it has become a popular target of scam artists trying to steal personal information from individuals and businesses alike.
Identify theft is on the rise. Thanks to the Internet stealing someone’s identity has never been easier. At any given moment, there is any number of Internet thieves using all manner of high tech wizardry to steal personal and business information from unsuspecting souls, and many times they can gain access to this information simply by asking the person to provide it through fraudulent means.
The PayPal scam is just the latest in a long line of sophisticated attempts to steal personal information through online means, Amazon, eBay, Dell Computer, and many others have been the brunt of many such scams in recent years.
Identity theft is what’s known as a knowledge crime, which means that the criminal doesn’t have to break into your house to rob you blind. If you have a bank account and a social security number, you are susceptible to identity theft.
While most people are familiar with identity theft, most businessmen and women never think about it happening to them, at least on a professional level. Consider this: if a criminal can learn your business checking account number or the number of your company credit card, they can steal far more from your business than if they had simply knocked down the door and carted off your desk.
The Internet aside, most business and personal identity theft is still the result of stolen wallets and dumpster diving. You should guard your business records closely and be very careful what you throw away. Stop and think for a moment what a criminal might find in the dumpster behind your office.
There’s a good chance that dumpster has, at various times, contained scraps of paper with your social security number, driver’s license number, credit card number, old ATM cards, telephone calling cards, and other pieces of vital business information like bank statements, invoices, and purchase orders. A dumpster-diving thief could literally rob your business blind in a matter of hours.
Here are a few ways to protect yourself from business and personal identity theft.
* Never give out your first name, last name, business name, email address, account passwords, credit card numbers, bank account information, PIN number, social security number, or driver’s license number.
* Change your online account passwords every 30 days. Believe it or not, a hacker who steals your personal information can guess your online account passwords in about two minutes. If your Charles Schwab online account password is your birthday or the name of your firstborn or family pet, count on a hacker cracking that code faster than you can say ‘Bill Gates.’
* Never provide personal information in response to an email or telephone call. Just because someone calls and says they are from Dunn & Bradstreet and need to confirm your business information does not mean they are really from Dunn & Bradstreet.
* Never give your business credit card number over the phone to place an order with someone who has called you unsolicited. If you are interested in what they are selling get their number, check out their company, then call them back to place the order.
If you think that you have become the victim of identity theft or think someone is trying to steal your identity or personal information you should report them immediately to the Federal Trade Commission. You will find more information on their website at http://www.consumer.gov/idtheft/. For more information on what to do if identity theft happens to you visit http://www.privacyrights.org/fs/fs17a.htm.
So, if you ever receive an email from PayPal, Amazon, eBay, or any other eCommerce website asking you to update your account information by email you can pretty much bet the farm that it is a scam.
In business, as in life, a little paranoia is a good thing.