Over the Christmas holiday in Florida, I got "Phished." I never heard the term before, and learned it when I called American Express to notify them that I had--incredibly stupidly--given personal information on a fake eBay website, in response to what I quickly discovered was a phony eBay suspension letter. This is part of how they pull an identity theft. It turns out that when phony spam--called "spoof"--hooks a sucker, the sucker has been "fished". "Oh, I'm so sorry," said the operator, "you got fished." Who then told me about a new American Express identity protection insurance plan that I could get for six dollars a month, that would pay up to $15,000 in legal expenses.
I had notified eBay immediately, via a LiveAdvisor popup email exchange.And eBay were pretty good about it. They referred me to the eBay identity theft webpage. I stopped filling out the phony form before putting down my credit card numbers or bank accounts, but unfortunately did give out my social, driver's license, and some other personal info. To a fraudster! Ebay said they thought they may have wanted to use my account to order thousands of dollars of merchandise to someone else, and that they could be stopped without closing the account. We'll see. I got an email from their security office later, to confirm my report, very quickly. After all, their business surely would collapse if anyone could just steal anyone else's account...
So, I went down the eBay checklist. I notified the local police in Winter Park, in order to file a police report. When I called , they wanted to send a cop to our house, but it seemed to me that it might ruin the Christmas Cheer, so instead I went down to what I thought was the station house. Now, Winter Park, Florida is a classy place. So classy that the police station is unmarked. I drove around for a while until I realzed that it looks like an ordinary office building. It was nighttime, the front door was locked. So I picked up the phone by the door, and then got buzzed into the entrance. Where I sat and waited for about ten minutes in a nice Spanish-style office park lobby, until a patrolman emerged from somewhere. He didn't seem too excited. He said he used eBay himself. Told me not to cancel my eBay account, just change my password. And don't go crazy getting a new social or driver's license, either. The policeman, who didn't seem to feel my pain, said that until something was charged to my credit card, no big crime had really been committed. I told him that I thought that fraud had been committed, someone pretending to be eBay had gotten my personal information under false pretenses. He said anyone could get the information that I gave out from a number of places for $40 (I didn't know that...). So long as I didn't give out my credit card numbers, or bank accounts, which I didn't, they probably wouldn't be interested. Too much trouble, he indicated. I hoped he was right. He did agree to give me an "event number" but not to file a full police report. How would you find them anyway, he concluded, they're probably in the United Kingdom. Now, why he thought it was a British gang, I don't know, except that a local Orlando barber shop owner had just been arrested for wire fraud. They have a pretty laid-back attitude in Winter Park. But I guess at least so far, the policeman was right.
So, that's how I came to call American Express, and learn that I had been caught in a "phishing" scam.
In any case, when I got home, the people I were staying with laughed and laughed. They had heard about it on TV, someone had reported on a similar scheme with Pay Pal. And the person I was travelling with had already deleted her spam. And how did they get this information about you? my hostess asked. "I gave it to them." More laughter.
Of course, I went through the recommended eBay steps, notified the relevant parties, changed my passwords, and was sure to file a "fraud alert" with the credit agencies. That's so anyone trying to open a phony bank account, get a credit card, or buy something on eBay--"One guy bought a house with a phony identity," my AmEx operator told me--would be double-checked.
It may have been a coincidence, but when I got to the airport to take my flight home a couple of days later, I was pulled aside by security, who noted that my boarding pass had a big "S" for special search (not "sucker", I hoped). I was guided to a special area where a team went through my bags as I was patted down and frisked by a man with rubber gloves.
Locking the barn door after the horse is gone, here's a link to the Federal Trade Commission's helpful website How Not to Get Hooked in a Phishing Scam.
