Sunday, June 26, 2005
By JOHN BRANTON, Columbian staff writer

Crystal Beairsto is 22 years old and knows a thing or two about computers, but she got snookered into an identity theft scam earlier this month.

Beairsto, who lives in the Sifton area northeast of Orchards, sells vintage clothing, shoes and accessories on the eBay Internet auction site, and uses PayPal to handle the financial transactions.

So when she received an e-mail that appeared to be from PayPal, she wasn't alarmed, according to a Clark County Sheriff's Office report.

"Everything looked legit and there was a link," she told The Columbian.

She clicked on the link, which took her to a Web site, and she filled in the blanks with her name, Social Security number and other personal information.

Afterward, however, she started feeling uneasy and contacted officials at PayPal.

"PayPal told me they had not sent me an e-mail," Beairsto said.

It was a classic theft of Beairsto's personal information in the computer scam called "phishing."

Sometimes arriving via e-mail, and sometimes on "pop-up" advertisements, the phony messages typically use the logo and language of a legitimate company, including Internet service providers, banks and online payment services.

PayPal, eBay, CitiBank and Washington Mutual are among the companies that phishing artists have pretended to represent.

A typical phishing message claims there is a security problem or threatens to close your account if the information they want isn't "updated." Anyone who receives spam e-mails is likely to receive phishing messages.

Clicking on a link within these normal-looking messages, gullible computer users are led to a Web site that looks legitimate but isn't. One tip-off, according to the Federal Trade Commission: Legitimate companies won't ask for personal information by e-mail, which isn't a secure way to send it.

In the past two or three years, phishing, a form of identity theft, has mushroomed.

"It's huge here," said Vancouver police Detective Ed Hewitt, a fraud specialist. "They use an authentic logo because they can pick it up off the Web site."

Experts don't recommend clicking on links found on e-mails or popups.

"You don't know who crafted that pop-up ad and where your information is going," Washington State Patrol Detective Jesse Regalado said in a recent identity theft forum in Vancouver.

"If it comes in your e-mail, don't believe it," Regalado added. "Don't click on links within your e-mail because you don't know where it will take you."

In Beairsto's case, she said she traced the message to its origins in Asia.

Realizing she'd been scammed, Beairsto wanted to take action before the fraud artist emptied her accounts or ruined her credit. She immediately followed the advice of the FTC, found at www.consumer.gov/idtheft.

She notified the sheriff's office and took measures to block the scam artist from her money.

"In the last few days it's been hectic, going to the banks and closing accounts," she said. "It's pretty horrible."

The FTC also recommends that victims contact one of the three major credit bureaus, Equifax, Experian or TransUnion, and put a fraud alert on their credit file. Once that is done, creditors must contact the victim before opening new accounts or changing existing accounts.

With that accomplished, Beairsto said, "If someone tries to access my Social Security number in the next 90 days, it'll be unapproved."

So much verification is "a real awkward runaround," Beairsto said, but it's better than being victimized.

A way to check one's account without clicking on a phishing artist's link is to contact the company directly, the FTC says. To do that, use a phone number you know to be genuine or start a new Internet browser session and use the company's correct Web address, not the potentially bogus one supplied on the e-mail or pop-up.

Nationwide, fraud perpetrators used e-mails, Web sites and other Internet routes to contact 57 percent of their victims last year, the FTC says.

"Almost every case we see, somehow, some way, has methamphetamine tied to it," WSP Detective Dave Startup said in the identity theft forum. He added, "Eighty percent of the victims have no idea how the criminals obtained their information."

The FTC recommends that citizens check their bank and credit card statements as soon as they arrive for unauthorized expenditures.

Scrubbers and blockers

There are ways to remove adware, another term for pop-up ads that can contain phishing ploys, and "spyware," WSP Detective Regalado said.

Spyware can sneak into a person's computer, monitor the victim's information and send it off to who knows where. It's also called malware, trackware and hijackware.

Several good products are on the market to remove adware and spyware from computers, and some of them offer free scans for spyware, Regalado said. They can be found at www.lavasoft.com, www.webroot.com, www.zonelabs.com and www.safer-networking.org.

The FTC also says computer users should obtain up-to-date anti-virus software and firewalls for protection.

Firewalls can be either devices or software that computer users can buy and install, and they can stop hackers from entering home computers and causing problems.

Another device that provides protection against hackers is a router. Many experts consider a router better protection than a software firewall, according to searchnetworking.techtarget.com.

SCAM AND IDENTITY THEFT RESOURCES

To learn more about scams, visit www.ftc.gov, www.fbi.gov or www.idtheftcenter.org.

If identity theft is suspected, notify local police and any one of the three nationwide credit bureaus:

Equifax: 800-525-6285 or www.equifax.com.

Experian: 888-397-3742 or www.experian.com.

TransUnion: 800-680-7289 or www.transunion com.

For a free credit report each year, visit www.annualcreditreport.com or call toll-free 877-322-8228.

To file a complaint, visit www.consumer.gov/idtheft; or call toll-free 877-438-4338.

Fraudulent phishing e-mails should be forwarded to spamuce.gov and to the company the scam artist was pretending to represent.

Washington attorney general's consumer protection office in Vancouver: 360-759-2150.