I consider myself a very aware consumer, so I was surprised when very recently, I was the target of a minor but relatively sophisticated online scam. (No, I didn't front the Nigerian prince several thousand dollars in return for millions once his fortune was released.)
I consider myself a very aware consumer, so I was surprised when very recently, I was the target of a minor but relatively sophisticated online scam. (No, I didn’t front the Nigerian prince several thousand dollars in return for millions once his fortune was released.) I received an e-mail from Starbucks thanking me for the purchase and delivery of two gift cards—transactions I did not make to a “person” I did not know. Seconds later, I received notification from the online payment service PayPal that I had recently changed my transaction preferences to make it easier to make transactions without logging in (!), and that my recent purchase of two Starbucks gift cards was authorized.
I immediately contacted PayPal to close my rarely-used account and open a dispute of the transactions, and I also contacted Starbucks to let them know of the breach. The Starbucks representative, though friendly, claimed to have never heard of such a thing, despite that fact that this has been happening for some time. The scam is covered in greater detail here. Even that account isn’t 100% accurate, however, because I don’t frequent Starbucks and don’t have the Starbucks app on any of my devices—yet I was still targeted.
The convenience of electronic currency and transactions is obvious, but so too are the opportunities for significant financial damage. Anyone—regardless of how vigilant or street-smart you may be—can potentially be a victim. In this four-part series, we’ll look at some common-sense defenses to ensure that you avoid the scam, limit the spam (Part 2), examine the importance of password protection (Part 3), and then cover what actions to take if you are a victim of a scam or spam (Part 4).
Avoiding the Scam?
While companies that can protect you from identity theft are plentiful and generally effective, there is no foolproof method or service that will protect you from every scam. The only deficiency I can uncover in the above-referenced scam was having a PayPal password that was perhaps too easily deduced with one of the algorithms nefarious operators employ.
Once my log-in and password became known, it was easy enough to change my transaction preferences. That account, even though seldom used, authorizes funds to be taken directly from my bank account.
While you may not be able to avoid scams you’ve never even heard of, you can ensure that you’re hyper-vigilant about who has access to your personal information, your passwords, and your accounts. Look closely at all of your financial statements to make sure there are no transactions that look unfamiliar. Today, thieves and hackers don’t need to physically have your credit or debit card to make transactions on your behalf. Find out from your creditors, your bank, and anyone else with whom you have a financial relationship, what their policies are in the event of unauthorized transactions and what notification systems they have in place should there be suspicious activity in your accounts.
Take Immediate Action
I was checking my e-mail at a traffic light when I learned of my “transactions” with Starbucks. I parked the car immediately and notified first PayPal and then Starbucks about the theft. If you notice anything suspicious, don’t sent an e-mail inquiry, assume a family member must have authorized the transaction (although it is certainly helpful to check with family members immediately if they have access to the accounts), or take it for granted that the transaction will be canceled because it was unauthorized.
Notify the involved companies immediately, and shut off access to the account, even temporarily, to make sure no further damage is done. In my case, while I have yet to hear back from the Starbucks dispute resolution team, PayPal has resolved my case and refunded the withdrawal. If I do decide to re-open my PayPal account, it will be with a more secure password, beefed up notifications and transaction confirmation steps, and a regular check of the activity in the account.
We’ll discuss these and other steps in the next articles in the series.