The growing problem of phony government websites run by crooks outperforming real government websites in search engine results led the FBI on Tuesday to issue a warning to consumers to avoid being victimized.
The pretend government sites are set up to both collect "fraudulent fees" and personal information from victims that can be used for identity theft and a host of other crimes, according to the FBI's Internet Crime Complaint Center.
Victims end up on the phony sites when searching for such things as replacing a Social Security card or getting an Employer Identification number. On the site they are asked to fill out forms to obtain what they are looking for, the FBI said.
Information requested on these sites typically includes name, address, phone number, e-mail address, Social Security number, date of birth and mother's maiden name -- pretty much anything a crook would need to apply for credit in your name or even create a phony tax return.
It gets worse.
After turning over all that information, the victim is then asked to pay $29 to $199 for the purported government service. Pay them and the phony sites will then ask for more: a copy of a birth certificate, driver's license or other document that will pretty much allow the thieves to become you.
After paying and sending the information, victims are then told to wait (up to a few weeks) while their request is processed. During that time, the FBI said, additional charges can post to their credit or debit cards.
As a first line of defense, the FBI suggests taking note that federal government websites end with ".gov" rather than ".com."
Here are some further tips from the FBI:
Use search engines or other websites to research the advertised services or person/company you plan to deal with.
Search the Internet for any negative feedback or reviews on the government services company, their Web site, their e-mail addresses, telephone numbers, or other searchable identifiers.
Research the company policies before completing a transaction.
Be cautious when surfing the Internet or responding to advertisements and special offers.
Be cautious when dealing with persons/companies from outside the country.
Maintain records for all online transactions.
If you have been victimized by such a scam, you're asked to contact the FBI's Internet Crime Complaint Center at www.IC3.gov.
You Thought You Were Safe? The Myths and Realities of Your Online Security
FBI Warns of Thieving Phony Government Websites
For years, security professionals have emphasized the importance of shredding your personal documents before you throw them out. But Holland notes that shredding isn't as much of a priority as it used to be. "There aren't nearly as many documents with personal information out there as there were even just two years ago," he explains. "These days, it's much easier to get your information off your computer."
Passwords are your first line of defense against intruders. But, as Holland points out, even the most careful people sometimes have password breaches. "I've helped chief privacy officers from health care and security firms," he notes. "If they're getting hit, then anyone is vulnerable." While Holland notes the importance of having a good password, he emphasizes that the most important thing is paying attention to password breach notifications. If you hear that one of your passwords may have been breached, he counsels, change it immediately. And, because many of your accounts may be linked, he notes, it's not a bad idea to change the rest of your passwords as well.
One piece of advice that you don't often hear is to keep on top of software updates. But, Holland argues, updating your operating system, your software, and your security programs is one of the easiest and most important ways to ensure your security. Software companies spend a lot of time and money trying to stay ahead of online intruders -- it only makes sense to take advantage of their work.
Even if you are convinced that your security is state-of-the-art and your password is unbreakable, it never hurts to double-check your most sensitive accounts. Holland suggests regularly checking your bank and credit card statements to ensure that there aren't any inappropriate charges on your accounts. As a side benefit, this is also a great way to catch any unexpected fees that your bank may try to spring on you.
When a breach happens, a fast response can mean the difference between a minor annoyance and a major pain in the neck. With that in mind, Holland suggests talking to your bank about having transaction alerts placed on your account. Every time your account is credited with a transaction over a particular amount -- $50, for example -- your bank will send you an e-mail or text notification. If it's an expected transaction, you can discard the message; if not, you'll be able to respond immediately.
Every year, you are entitled to a free credit report from each of the reporting bureaus. Holland suggests taking advantage of this free service, noting that your credit report is a great way to track your outstanding debts and ensure that nobody is trying to open false accounts in your name. He emphasizes, however, that the best way to get your free report is by going to AnnualCreditReport.com, not FreeCreditReport.com. "That site's a scam," he laughs.