In recent months, there’s been a rash of huge data breaches in which customer information has been stolen from retailers. Target. Home Depot. Staples. There are more.
And with all the spending you’ve done this holiday season, let’s hope all the retailers you’ve patronized have been able to keep private customer information secure.
But hacks aren’t the only way scammers get their grimy little hands on your information. They often employ trickery so you’ll hand over what should stay private.
You might laugh out loud when you receive paper or email communication saying you won a prize for a contest you never entered. Or when the sender says, in broken English or with poor grammar, that you must make a payment to avoid arrest for overdue taxes or missing jury duty.
But what happens when you receive a communication that maybe, just maybe, could be authentic?
Red flags went up when Pete and Sylvia Loscalzo of Lebanon received a paper letter from a doctor’s office, on stationary with the local medical practice’s logo and contact information.
The letter said: “We are writing to inform you of a recent incident regarding some of the information we have in your file.”
The practice learned, the letter said, that it accidentally sent to a wrong email address a spreadsheet containing Sylvia Loscalzo’s name, date of birth, telephone number, preferred contact information, email and address.
When the office learned of the error, it said, it emailed the person back and asked that the correspondence be deleted.
But the receiver of the email never responded, the practice said. It wasn’t sure if it’s even a valid email account.
“Out of an abundance of concern, however, we are notifying you of this incident,” the letter said. “Because we value your privacy and want to do everything possible to alleviate any concern, we are providing you with credit monitoring.”
It then provided an activation code and a web site address for a free credit monitoring program.
The Loscalzos were understandably concerned, and not just because they feared Sylvia’s information could have landed in the wrong hands.
“It just looks completely phony to me,” Pete Loscalzo wrote in an email to Bamboozled. “My wife never went the doctor it came from.”
Pete Loscalzo visited the link provided for the credit monitoring service, and he didn’t like what he saw.
“It looks like a phony web site that gets you to put in all kinds of info for ‘free’ protection,” he said. “What do you think?”
Forget what the credit monitoring service web site looked like. We wondered, first, why they’d receive that letter if Sylvia Loscalzo wasn’t a patient of the sending doctor’s office.
We suggested they contact the medical practice, but not by using the contact information on the letter they received. We told them to search online for the practice’s phone number.
That bit of caution was because it was possible that a scammer borrowed the address and logo of the doctor’s office, but inserted his own phone number there, hoping to fool callers into thinking they were calling the real doctor’s office.
Later that day, Pete Loscalzo reported good news.
“Apparently this is real, and the practice of the doctor that my wife actually went to was sold to this group,” he said. “They actually did accidentally send some info to a incorrect email and the offer is real.”
THE REAL FROM THE FAKE
It’s pretty unfortunate that the doctor’s office sent out private information to an unknown email address. Careless, perhaps, but not anything with the intention to defraud consumers, and at least the practice is offering free credit monitoring just in case.
Still, the Loscalzo’s experience raises important privacy issues of which you need to be aware.
It’s not always easy to tell what communications are real and which are phony.
To protect yourself, you need to be proactive.
If you receive an unsolicited communication, you could always just throw it away or hit the delete button. But it may be worth a little research, just in case it’s real.
All it takes is a phone call.
Like we suggested to the Loscalzos, don’t use the number provided to you on the communication. Search online on an independent site — not the sending organization’s web site, because the site could always be a fake — and look for the phone number. Call and see what you can learn.
Don’t offer much of your own information when you call, again, just in case. If it’s legit, the organization you’re calling should be able to look you up.
If you’re unable to verify the information in the communication, hang up and report it to authorities.
Start with your local police department, which may have received similar complaints from others in your area.
Then, report it to the Federal Trade Commission (FTC), which takes all kinds of consumer complaints, at (877) ID-THEFT.
If you received a communication from someone impersonating a company, contact the real company to let it know. Most company web sites — again, the real ones — have contact information for the corporate offices.
If you think scammers have gotten hold of any of your private information, contact the three major credit bureaus — Equifax at (800) 525-6285; TransUnion at (800) 680-7289, and; Experian at (888) 397-3742 — and ask that a fraud alert be put on your credit file.
Then, check your credit report to see if there are any new accounts that don’t really belong to you. You can get a free copy of your credit reports once a year through AnnualCreditReport.com.
You should also contact the fraud departments of your banks, credit card companies and other financial institutions. If you think certain accounts have been compromised, ask the institution to close your account and open a new one with a new account number.
Here’s to hoping the new year is one with fewer scams.
A girl can dream, can’t she?
Have you been Bamboozled? Reach Karin Price Mueller at Bamboozled@NJAdvanceMedia.com. Follow her on Twitter @KPMueller. Find Bamboozled on Facebook. Mueller is also the founder of NJMoneyHelp.com.