Package Fraud: How To Protect Yourself | Antivirus

The police are warning of a new scam: criminals order expensive goods on the Internet under a strange name. Upon delivery, they intercept the parcel carrier and receive the goods. The invoice will be sent to the address given in the order. This form of fraud is also called identity theft.

This Is How To Parcel Fraud Works

A prerequisite for parcel fraud: the mail-order company offers to purchase on account. Because for this variant of payment you often only have to enter your name and date of birth when ordering on the Internet. And it is precisely this data that criminals can use with a few tricks to get hold of.

Types of Identity Theft

There is no clear definition of identity theft as a criminal offense. Depending on the design, various types of cases are grouped together. The most important:

• Someone logs into online shops on your behalf and orders goods to a different address. The bill goes to you.
• Someone gains access to your e-mail inbox or Facebook profile. Then he will appear on your behalf to discredit or harm you towards others. For example, perpetrators may insult others on your behalf or even announce a rampage.
• The "grandchildren's trick" has also arrived in the virtual world: You receive a call for help via the Internet from a supposed friend who - often abroad - is in a sudden emergency and urgently needs money to get home. Behind it are then scammers who have hacked or faked your friend's email account or Facebook profile.
• In the broadest possible definition, identity theft occurs when hackers steal massive amounts of login information without it having necessarily been misused.

Even if identity theft as such is not a criminal offense, stolen identities can then be used to commit crimes - for example forging documents or stalking.

How Perpetrators Can Get Hold of The Data

Again, there are several options:

• Your online account is deliberately hacked by hackers.
• You will be lured to a fake company website by email where you are supposed to enter your customer data ( phishing ).
• Your computer is infected via the Internet with a Trojan horse, software that can intercept and forward your data.
• Online shops lure with (counterfeit) goods - these are apparently delivered without any problems. But your customer data provided there will be used by the perpetrators.
• Enterprise vulnerabilities that steal customer data on a large scale.
• You (unintentionally) disclose data yourself: This can be the case, for example, if you divulge details on the Internet with which you can identify yourself elsewhere (for example with the popular security question about pets). Or if fraudsters steal your photos on a social network to create a profile in your name elsewhere.
• The perpetrators only used data that they already know from the real world or that are publicly available: what your first and last name is is known to many people - and that is enough for some abuse. Everyone who was in a school class with you knows your exact date of birth. Whoever comes by your mailbox or your garbage can find out which companies you are receiving mail from.

Detect Identity Theft

If someone orders parcels on your behalf acting as a buyer on eBay or even opens your own online shop in your name to cheat customers in good faith, you have little chance of recognizing this in advance.

If you fear that your data is already being misused, there are several ways to investigate this suspicion:

• You can Set up Google Alert for your name. This is an automatic search query. Then you will be informed by e-mail every time Google finds your name in a new place on the net. This also works without registering with Google. However, only publicly accessible pages are found.
• You can also use Google Image Search to see if your images are being used on other pages.
• Search internet registries for your name: Using a so-called "Whois" query (for example here with the service domain tools or for com addresses DENIC ) you can find out to whom an Internet address is registered. Normally you need to know this internet address (domain) for this. For several Internet addresses - unfortunately not for those with the ending .de - you can find out where your name was used with a trick: Use certain search commands (so-called operators) on Google. This allows the search engine to search the registries' website for your name. With the operator "site: whois.domaintools.com + your name"In the search field, for example, only this service can be searched for hits relating to your name. If Google finds a result here, take a close look at whether you really have registered the Internet address given on the page. Unfortunately, some hits are only displayed for a fee.

When massive amounts of thefts from large online companies become public: See if you are affected. Ideally, the hacked company sets up a website for this. The Hasso Plattner Institute maintains one comprehensive database with hacked profiles. Offers a similar service to this English language site.

Identity Theft Protection

The same applies online: It is difficult to protect yourself against criminal energy if you don't want to spend your life in an uncomfortable fortress. However, you should take a few precautionary measures to avoid making it easy for malefactors.

• Always log out of all Internet sites when using public Internet access.
• Do not click on links and attachments in emails from unknown senders. Before you enter user data: Check the links in the browser address bar to make sure that they really contain the correct Internet address, or that they are fake pages with a slightly different address.
• Carefully consider where to use your real name and where a pseudonym is sufficient as a username.
• Do not accept random friend requests from strangers on social networks. Be careful if a friend sends you another friend request because their account information has been lost. Occasionally check such requests outside of the digital sphere.
• Protect your digital identities: Do not use the same e-mail address everywhere to log in (and of course not the same password, but a different and as complex as possible). You can set up several different free email addresses for this. This will avoid a chain reaction if your email account has been cracked. See if you can protect your user account with a so-called double authentication with a mobile phone code.
• If a website offers you security questions - something like "What was your first job?" - choose a question that cannot be researched on the internet.

Identity Theft: What Victims Can Do

• When customers receive an invoice for goods that they have never ordered, Julia Rehberg from the Hamburg Consumer Center advises against filing a criminal complaint with the police. Because the suspicion is obvious that a criminal is misusing the data.
• The customer does not have to pay for goods that he has not ordered since the mail-order business is obliged to prove the purchase of the supposed customer.
• Report a fake profile in a social network to the operator immediately. Warning: You may need to provide proof of ID that you are the correct owner. This can be difficult if you have signed up under a pseudonym.
• Inform friends, colleagues, and acquaintances about the fake (the most important also by telephone or in-person). Ask them to report the counterfeit to the operator as well.
• Immediately contact the operator of a website that has someone on your behalf and report to the police. If things get complicated, seek advice from a lawyer.
• Check your computer for possible Trojans with an antivirus program or have it done by a specialist.
• Change your passwords immediately and check your other user data so that a fraudster has not entered his own email address there.
• Check your bank statements and request information from Schufa. Repeat this more often over the next few weeks.
• With the introduction of the "Second European Payment Services Directive", all online payment systems are obliged to use what is known as two-factor authentication. This means that in addition to registering with an e-mail address, further authentication of the identity is required to complete an online purchase on account. This can be done, for example, using a code that is sent to the user of the online account to a stored mobile number via SMS. Only when the code is entered on the website can the deal be made.