I have always believed I am savvy enough online that I just would not be someone to get scammed... and then I did. I got scammed that is. I look back now thinking 'face palm', but in the moment I did not even think twice. And it is interesting because at The Good P.A we spend our time making sure we are keeping client information safe.
So how did I get scammed and what did the scammers get?
I followed a link from a Facebook post (1st red flag) to create a Bitcoin account. I have always been curious about Bitcoin and thought, what have I got to loose. I entered my name and email address and then next thing you know I had a Trading account all set-up ready to trade Bitcoin (2nd red flag). Now I note that this 'company' was an overseas company (3rd red flag), that didn't worry me, I'd never planned to put a lot of money in and really was more interested to see what happened and how it worked. In my account it mentioned that due to AML requirements I would need to provide ID and Address verification (4th BIG red flag), still here I was thinking this looks legit or not even thinking about it. So, I went ahead and uploaded my Drivers licence and an Address Verification document. I then downloaded an app directly from the website (5th red flag) to start trading.
And that is when it finally hit me, what am I doing? Is this a legit company, oh lord. As I quickly deleted the app from my phone and googled them to find out more.
For the first day I thought they were a legit company but as I googled more, I soon realised the pages that popped up on google were made by the same scammers. Fake 'reviews' from people who also had trading accounts with them. Even a different company site stating if you had lost money through investments with this comapny you could contact them and they will help you get your money back. Pretty sure the scammers made that one too, another avenue to scam people out of money. It is crazy the extent they will go to.
It is easy to look back now and think what the heck was I doing. At the time it just all seemed so legit and made sense. Bitcoin always looks a bit funny anyway (with my limited experience on the subject). But really I clearly had a moment.
I spent the next 48 hours worrying, feeling a bit sick and working out what I needed to do now. Somewhere in the world scammers had my ID and address verification. What next?
So, I went on a journey of discovering what to do when you get scammed, of course there are different types of scams, but this is what I learnt for Identity theft.
Step 1: I first renewed all my passwords and made them ALL different passwords. Luckily, I use LastPass and so resetting and checking my passwords was a relatively easy process.
Step 2: I called my banks and informed them my ID had been stolen and asked if they could put extra security measures in place.
Step 3: My second step was to contact Netsafe in NZ and log a case with them. They put me onto iDCare - an Australian and NZ based organisation set-up to help people that get scammed.
Step 4: I logged a case with iDCare and while waiting to hear from them read through their Learning Centre https://www.idcare.org/learning-centre to find out what I should be doing. iDCare say that if you suffer Identity Fraud, if it is to be used, it is often within the first 5 days. My automatic email from iDCare mentioned that it could be 3 working days before they got in touch, I decided it was best not to wait to hear from them and after reading their fact sheets on Identity Theft I moved on to making sure no one could access my credit in NZ (well as best you can).
Step 5: I applied for and obtained credit suppression with all 3 of the credit companies in NZ - Equifax, Illion and Centrix. Credit Suppression's originally only last up to 20 working days. To extend these indefinitely you must provide a police report. At the same time, I was provided with credit reports from all 3 companies (you can get 1 free credit report a year from each company). This helped me to see that no one had tried to obtain credit in my name within the last few days.
Step 6: I lodged a report online with the NZ Police
Step 7: I applied for and obtained permanent extensions on my credit suppression's. The police report allowed me to do this.
Step 8: After obtaining permanent credit suppression extensions (you need a drivers licence to get these) I cancelled my drivers licence and obtained a new one.
Overall, I am calling this a great learning experience. It has made me a lot more alert, and our team at work, as I shared this news with them very early on.
I mean how often do we give our ID and Address Verification to businesses we deal with and do not think twice about how those are being stored? I highly recommend you ask how those companies are going to store your personal information. Do they use a password management software and 2 factor authentication where possible to protect you their client/customer? We have the right to know before giving out this information. And in fact, I highly recommend you do!
You would be amazed how many businesses keep all their passwords in a spreadsheet, a book or use the same one password for everything. It shocks me now but once upon a time (luckily) long before this happened, I used 1 password for all my personal logins - bank, email, social media, and everything else. If a scammer manages to get that 1 password or even 1 of your passwords used in a few different places they can have access to all sorts of information: credit card details, personal details, contact information.
If you are still one of these people using a spreadsheet, book or that 1 password - go get LastPass or one of the other secure password software applications available and update everything. Make it a priority! And if you own a business have a look at how you store client information, who has access to it and all other online processes.
Written by Chantelle Good, founder of The Good P.A - her own personal experience.
Do you need help setting up LastPass or anything other systems in your business? Email us email@example.com