Goods ordered, parcel intercepted – this is how fraudsters get hold of expensive goods.
Police are warning of a new scam: criminals order expensive goods on the Internet under someone else’s name. During delivery, they intercept the parcel carrier and take delivery of the goods. The invoice is sent to the address given when the order was placed. This form of fraud is also called identity theft.
This is how parcel fraud works
A prerequisite for the parcel scam: The mail order company offers purchase on account. For this type of payment, you often only have to enter your name and date of birth when placing an order on the Internet. And it is exactly these data that criminals can get with some tricks.
Types of identity theft
There is no clear definition of identity theft as a separate crime. Depending on the interpretation, different types of cases are grouped under it. The main ones:
Someone logs into online stores in your name and orders goods to a different address. The invoice is sent to you.
Someone gains access to your e-mail box or Facebook profile. Then he appears in your name – with the aim of discrediting or damaging you in relation to others. For example, perpetrators may insult others in your name or even announce a rampage.
The “grandchild trick” has also arrived in the virtual world: You receive a call for help via the Internet from a supposed friend who – often abroad – is in a sudden emergency and urgently needs money to get home. Behind this are then scammers who have hacked or faked your friend’s email account or Facebook profile.
In the broadest possible definition, identity theft already occurs when hackers steal credentials en masse without necessarily having misused them yet.
Even if identity theft as such is not a crime, stolen identities may then be used to commit crimes – for example, document forgery or stalking.
How perpetrators obtain the data
Again, there are a number of possibilities:
Your online account is specifically cracked by hackers.
You are lured by e-mail to a fake company website where you are supposed to enter your customer data (phishing).
Your computer is infected via the Internet with a Trojan, software that can intercept and forward your data.
Online stores lure you with (counterfeit) goods – these are apparently delivered without any problems. But the customer data you provide there is used by the perpetrators.
Security gaps at companies through which customer data is stolen on a grand scale.
You (unintentionally) disclose data yourself: This can be the case, for example, if you divulge details on the Internet that can be used to identify yourself elsewhere (such as the popular security question about your pet). Or when scammers steal your photos on a social network to use them elsewhere to create a profile in your name.
The perpetrators only use data that they already know from the real world or are publicly accessible: Many people know your first and last name – and that’s enough for some people to misuse you. Everyone who was in your class at school knows your exact date of birth. Anyone who passes your mailbox or trash can can find out which companies you receive mail from.
Detect identity theft
If someone orders packages in your name, acts as a buyer on eBay, or even opens their own online store in your name to rip off bona fide customers, you have little chance of detecting this in advance.
If you fear that your data is already being misused, there are several ways to investigate this suspicion:
You can set up a Google Alert for your name. This is an automatic search query. Then you will be notified by email every time your name is found by Google in a new place on the web. This also works without registering with Google. However, only publicly accessible pages will be found.
With Google Image Search you can also find out if your images are used on other sites.
Search Internet registries for your name: By means of a so-called “Whois” query (for example, here with the Domaintools service or for de addresses at DENIC), you can find out to whom an Internet address is registered. Normally, you need to know this Internet address (domain) to do this. For a number of Internet addresses – – you can use a trick to find out where your name has been used: To do this, use certain search commands (so-called operators) on Google. This way the search engine can search the registries’ website for your name. For example, with the operator “site:whois.domaintools.com + your name” in the search box, only this service can be searched for hits to your name. If Google finds a result here, take a close look there to see if you really registered the Internet address given on the page. Unfortunately, some hits are also only displayed for a fee.
If mass thefts from large online companies become public: Check whether you are affected. Ideally, the hacked company sets up a website for this. The Hasso Plattner Institute maintains a comprehensive database of hacked profiles. This English-language site offers a similar service.
Protection against identity theft
The same applies online: it’s hard to protect yourself against criminal energy if you don’t want to spend your life in an uncomfortable fortress. However, you should take a few precautions to heart to avoid making it too easy for malefactors.
Always log out of all Internet sites when using public Internet access.
Do not click on links and attachments in e-mails from unknown senders. Before entering user data: When looking at links in the browser address bar, check carefully to see if it really is the correct Internet address, or if it is a fake site with a slightly different address.
Carefully consider where you use your real name and where a pseudonym is sufficient as a user name.
Do not randomly accept friend requests from strangers on social networks. Be cautious if an acquaintance sends you another friend request because his or her account data has been lost. Check such requests occasionally outside the digital sphere.
Protect your digital identities: Don’t use the same email address everywhere to log in (and, of course, don’t use the same password, but a different one each time, as complex as possible). You can create several different free email addresses for this purpose. This way, you will avoid a chain reaction if your email account is hacked. See if you can protect your user account with a so-called double authentication with a cell phone code.
If a website offers you security questions – such as “What was your first job?” – choose a question that can’t be researched on the Internet.
Identity theft: what victims can do
If customers receive an invoice for goods they never ordered, Julia Rehberg from the consumer advice center in Hamburg advises them to file a criminal complaint against an unknown person with the police. The suspicion is that a criminal is misusing the data.
The customer does not have to pay for goods that he has not ordered, because the mail order company is obliged to prove that the alleged customer has purchased the goods.
Report a fake profile in a social network immediately to the operator (how to do this on Facebook is explained here). Note: You may have to prove that you are the real owner by means of identification. This can be difficult if you have registered under a pseudonym.
Inform friends, colleagues and acquaintances about the forgery (the most important ones also by phone or in person). Ask them to report the forgery to the operator as well.
Immediately contact the operators of a website where someone appears in your name and report it to the police. If things get more complicated, consult a lawyer.
Check your computer for possible Trojans with an anti-virus program or have a professional do it.
Change your passwords immediately and check your other user data to make sure that a fraudster has not entered his own e-mail address there as well.
Check your bank statements and request information from Schufa. Repeat this more frequently over the next few weeks.
With the introduction of the “Second European Payment Services Directive”, all online payment systems will be required to use so-called two-factor authentication. This means that in addition to logging in with an email address, further identity authentication is required to complete an online purchase on account. This can be done, for example, by means of a code that is sent to the user of the online account by SMS to a stored mobile number. Only when the code is entered on the website can the transaction be made.
- hp with reports from news agencies/picture: pixabay.com
This post has already been read 1079 times!