Scam Aware
The other day I got an innocuous-looking piece of mail from a company - CS Stars - that I had never heard of. It looked like a standard "why you should open a complimentary membership in our security/credit monitoring business" letter, and I almost tossed it out.
For some unknown reason, I actually read the first sentence - if I even both to open such a letter, I'll usually just scan and toss it as unsoliticited junk. The first sentence read: "I am writing to inform you about a possible security breach that may affect you involving your personal data."
I was still going to toss it, but decided it might be worth learning whether this was a scam, and then sharing it with my readers.
Googling the name of the company, I learned that indeed, a computer had been stolen from this company that contained the names of people who had - at some point in history - filed a claim with (evidently) Workers Compensation. The letter, in other words, was genuine.
The trouble wasn't so much that the claim information was now open to prying eyes, it was that each individual's data file contained all that personal info you really don't want dishonest people getting access to - like your name and social security number, which, taken together, can do you a lot of damage.
The company offered a free membership in a fraud/identity theft program for a period of 12 months. Nice, but not terribly reassuring.
If someone chooses to steal your identity, there isn't much that anyone can do to help you. And of course, while the company does offer $25,000 in Identity Theft insurance, that is hardly compensation for what you could end up going through should your identity be stolen.
Still, getting the letter reminded me of two very important security issues.
First: check out any offer like this that arrives - however it arrives (snail mail, email, phone). There are many good websites out there (like hoaxbusters.com) that will help you sort out the real from the phishing.
Second: don't give out personal information - particularly your social security number - unless you are absolutely sure of the person/organization to whom you are giving it, and the necessity of doing so. Often, responding that you don't give out your social security number is sufficient.
The other day I got an innocuous-looking piece of mail from a company - CS Stars - that I had never heard of. It looked like a standard "why you should open a complimentary membership in our security/credit monitoring business" letter, and I almost tossed it out.
For some unknown reason, I actually read the first sentence - if I even both to open such a letter, I'll usually just scan and toss it as unsoliticited junk. The first sentence read: "I am writing to inform you about a possible security breach that may affect you involving your personal data."
I was still going to toss it, but decided it might be worth learning whether this was a scam, and then sharing it with my readers.
Googling the name of the company, I learned that indeed, a computer had been stolen from this company that contained the names of people who had - at some point in history - filed a claim with (evidently) Workers Compensation. The letter, in other words, was genuine.
The trouble wasn't so much that the claim information was now open to prying eyes, it was that each individual's data file contained all that personal info you really don't want dishonest people getting access to - like your name and social security number, which, taken together, can do you a lot of damage.
The company offered a free membership in a fraud/identity theft program for a period of 12 months. Nice, but not terribly reassuring.
If someone chooses to steal your identity, there isn't much that anyone can do to help you. And of course, while the company does offer $25,000 in Identity Theft insurance, that is hardly compensation for what you could end up going through should your identity be stolen.
Still, getting the letter reminded me of two very important security issues.
First: check out any offer like this that arrives - however it arrives (snail mail, email, phone). There are many good websites out there (like hoaxbusters.com) that will help you sort out the real from the phishing.
Second: don't give out personal information - particularly your social security number - unless you are absolutely sure of the person/organization to whom you are giving it, and the necessity of doing so. Often, responding that you don't give out your social security number is sufficient.
Comments