Scams and Identity Theft
According to the web site of the Federal Trade Commission, personal information can be obtained from yearbook publishers, companies that make class rings or photograph school portraits, a driver's license, magazine subscriptions, book clubs, SAT preparation firms, formal wear companies that outfit students for their school proms, student directories, or any other activities that supply names, addresses and ages to companies who can make lucrative profits by selling the information.
If you are contacted by someone claiming to be from the Department of Education and you are offered a grant and asked for your bank account information, you should follow the outline below. The Department of Education suggests if you are the a victim of this or a similar scam should take the following steps:
- Immediately contact your bank, explain the situation, and request that the bank monitor or close the compromised account.
- Report the fraud to ED's Office of Inspector General hotline at 1-800-MIS-USED (1-800-647-8733) or email@example.com. Special agents in the Office of Inspector General investigate fraud involving federal education dollars.
- Report the fraud to the Federal Trade Commission (FTC). The FTC has an online complaint form at www.ftc.gov/, a hotline at 1-877-FTC-HELP (1-877-382-4357; teletype for the hearing impaired: 1-866-653-4261). The FTC will investigate if the fraud is deemed widespread; therefore, it is important that every student contacted by the person or people in question lodge a complaint so the FTC has an accurate idea of how many incidents have occurred. The FTC also has an Identity Theft Complaint Form and a Scholarship Scam Page.
- Notify the police about the incident. Impersonating a federal officer is a crime, as is identity theft. When filing complaints, you should provide detailed information about the incident, including what was said, the name of the person who called, and from what number the call originated (if the you were able to obtain it via Caller ID). Additionally, if unauthorized debits have already appeared against your bank account, you should mention this fact in your complaint. Records of such debits could be useful in locating the wrongdoer.
For additional information about scholarship scams, visit: Scholarship Scams - Don't be fooled! If there is a fee, it is probably a scam.
Contact Better Business Bureau or Federal Trade Commission
To check out companies that are contacting students, contact the Better Business Bureau, for a reliability report on any company before you respond to any request.
Or, visit Federal Trade Commission
The FTC monitors and prosecutes financial aid fraud and presents Congress with an annual report as required by the College Scholarship Fraud Prevention Act of 2000. The FTC's Spanish language Web site is https://www.ftc.gov/es. Their consumer help line is (877) 382-4357.
To obtain legitimate information on scholarships or financial assistance, federal student aid and free assistance in applying for it is available at the U.S. Department of Education Website, or by calling (800) 433-3243.
Phishing and Pharming
We would like to take this opportunity to ensure that all of our students and parents are aware of the worldwide growing identity theft scams such as Phishing and Pharming.
What is Phishing?
Phishing is a fraudulent, spoofed e-mail that looks like someone you do business with sent it. It will usually include official logos and look very authentic. The body of a Phishing e-mail may contain a message requesting that you update, validate, or verify your personal/Privacy Act protected information. The purpose of the e-mail is to get you to disclose personal/Privacy Act protected information such as PINs, social security numbers, account numbers, mother's maiden name, passwords, etc. Some e-mail may also contain links that take you to an "official looking" web site that set up a scenario in which personal/Privacy Act protected information is requested. These web sites may not be legitimate!
Protecting Against Phishing E-mails
To minimize risk to yourself, if you receive phishing e-mail:
- Never give out personally identifiable information in an e-mail or to a website that has a link in an e-mail without validating it with the legitimate source.
- Do not open email with attachments or enclosures if they are from unknown sources.
- Do not reply to the e-mail.
- Do not type or paste any information into the e-mail.
- Do not click on any links contained within the e-mail from any unknown source.
- Use an open source tool. There are many commercial as well as free open source tools that con protect one from phishing. A web search for "spoof guard," "phishing protection," and "password hashing security" will reveal many of these tools. SpoofGuard and Netcraft Toolbar are only examples of the numerous products available to the public.
What is Pharming?
Pharming is the next generation of e-mail phishing attacks. However, it is not spoofing an email, it is a URL that redirects you to a fraudulent URL without your knowledge. There are several methods the pharmer uses to accomplish this, all of which are very hard to detect. You might type a valid URL in your browser only to end up at a fraudulent site that looks just like the one you thought you were going to access.
Protecting Against Pharming
To minimize risk to yourself, if you receive a Pharming URL:
- Use anti-virus software and a firewall. AVG and Zonealarm are only examples of the numerous products available to the public.
- Ensure that your browser is kept up to date and security patches are applied.
- Install a spyware detection and removal program. Ad-aware is only an example of the numerous products available to the public.
- Consider installing a Web browser tool bar to help protect you from known fraud websites. IE 7 and Netcraft Toolbar are only examples of the numerous products available to the public.
- Limit the number of websites and amount of personal information you share on the Internet.
- Look for misspelled words and bad formatting. This may be an indication of a pharming site.
- If a password is needed, enter an incorrect password first.
- Use a reputable Internet Service Provider.