Saturday, December 21, 2013
Could phishing emails for credit cards you don't have be a sign of identity theft?
Recently, I’ve gotten what appear to be spam or phishing emails from banks with whom I do not have accounts or credit cards.
These are often European banks (like the Royal Bank of Scotland), come with attachments, and have obvious spoofs (the sender can be determined to not be from the bank). That last observation is not true of all spoofs.
The question would come up, is this just identity theft? Probably not in this case, because there are such obvious signs of spoofing. But real identity theft would mean that the institution “thinks” that I have an account with it, bills me, and then reports non-payment to credit bureaus and hires collection agencies.
I have proposed NCOA as a way to control identity theft, because it would entail consumer notification. In some postings I have said that email notification could suffice, but because of the possibility of phishing, it probably should not. Notification of pins and opening accounts should probably start with physical mail.
I’ve discussed the Target breach situation on my Internet Safety blog.