This week someone tried to steal my identity on #Twitter and #PayPal.
Come into my Get Smart (tv show) sound proof room as I tell the tale of thwarting this most neferious plot.
First I must praise #Google. Google has been my primary email account for last 20 years. Despite their collecting of personal data, NSA run ins and other controversies Google is top rated in my book for email security and search results. Only once have I had to go into the spam filter to find something that did not belong there. Maybe 2 times a year I will flag something as spam in my normal inbox. Multiple times Goggle has told me they stopped an email because of virus or malware. Their search results, despite my terse use of keywords rarely causes me to use the second result page. Google is my friend.
Ok, so with that background. In my mail box appears these requests to verify accounts created on #Twitter and #Paypal. Huh? I've had no interaction with these sites. Not even recently.
I'm no dummy. The oldest ID theft trick in the book is for someone to use your email to create an account hoping you the real owner will just click past it. This scam works very well. Recently a bank VP was fired for falling for the phone version.
Because I trust Google enough that clicking the email would not give me a virus I did so. I have to do something. I can't just delete these and pray.
As luck would have it I picked Twitter to view first otherwise this story would probably not be told. The user name on the account did not fit any of my motifs I use when creating a new account. Looking closely there near the bottom was a small almost not readable, badly colored, button labeled "this is not me". That is the one I clicked. Twitter sent a webpage thanking me for helping to identify a scam address. Good, I think's, they got the right message.
Next I brought up PayPal's email thinking that since this was a bank with even more security I'd find that Not Me button easier. I read, I looked, I scrolled, I read some more, I squinted at the fine print, I took my time, I'm on a quest, I played the Where is Waldo game. I lost! That sneaky Waldo eluded me. Drats! Now I have to call upon my computer super power skills.
I clicked a contact that was obviously not the type of contact I wanted. At least a PayPal webpage outside of my email stuff came up. I played Waldo some more. Rinse and repeat, Came across several pages proclaiming PayPals security is top stuff. Oh, the Irony I was seeing. About a dozen clicks later I found a link to report spoofing. BINGO! but how do I connect this URL to my email thingy??
Lights flash before my eyes. If I forward my neferious (i like that word it's like supercalafragalistic... ;-) email PayPal will at least get all the meta data that most people don't even know exist[1]. From that a savy tech can trace where the black hat dude is. PayPal seems to have got the message but truthfully I don't know for sure. They sent me this form letter about security that did not make it obvious what I was trying to tell them. I can only assume some grunt will eventually read the email and initate something.
Thats my story and I'm sticking to it.
[1] I'm sure when I clicked Twitter's Not Me buttom it forwarded all that meta data to them.