Debt & Money Discussion at CreditMoneyBlog.com

Normally I am not fooled by email scams because of past mistakes, viruses (trojans), and spyware problems.  I have been a victim of password theft to my important email account and lost it for a several earth shattering hours.  Sometimes making a few mistakes helps prevent us from a major theft of our hard earned money.

Today I almost fell prey again to an email that made it through my spam mail to my inbox.  It was asking for a survey that only takes two minutes and I would get twenty bucks added to my bank account at Capital One.  I just happened to have a Capital One bank account so I thought this was legit until I looked over the URL.

Some surveys redirect to third party sites so that is common but the fact that it redirected to a Verizon site that looked to be someones personal site I became weiry.  The URL for a Capital One survey went to a Mysite.Verizon.net.  That seems strange and I would advise anyone stay far away from even clicking on this link.

Dear Customer ,

The Capital One Bank Online department kindly asks you to take part in our quick and easy 5 questions survey. In return we will credit $20.00 to your account - Just for your time!

With the information collected we can decide to direct a number of changes to improve and expand our services. The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party.

It will be stored in our secure database for maximum 7 days while we process the results of this nationwide survey. We kindly ask you to spare two minutes of your time and take part in our online survey.

I also noticed something else “phishy” about this email.  The copyright line at the bottom said members instead of member.

Capital One Bank (USA), N.A. and Capital One, N.A., members FDIC.

One more thing noticeable about this email scam is the FROM.  It says capitalsurvey@securenet.com instead of the URL that the link points to.  I would suggest not only looking over the URL that the emails link to before filling out any personal credit information by mousing over the link (not clicking on the link).  Also, check out the reply-to and from email headers.

Just as I am trying to log-in to my Paypal account that says it may have had some fraudulent activity and going through a zillion steps to put out that fire I read an email with some breaking news.  The article states that a ex employee of the loan company and a current company could have stolen live lead information and sold those leads to other mortgage companies.  I assume to make some money on the side.

The mortgage industry is already in enough hot water and this will just make it worse for companies such as CountryWide, LendingTree, and LowerMyBills. You can expect some big laws to come down harsh on the mortgage industry and extensive employee evaluations when hiring.

If Lending Tree does make this announcement it will be a big issue.  Another reminder that you should regularly obtain a credit report to see who could be selling your identity behind your back.  It is sad that you cannot trust some sites even with a privacy policy such as Lending Tree because their employees could be selling your Social Security Number and private information in the background.

I assume that the problem could be worse if you go in person to apply for a loan since your papers are sitting out for anyone to see going through different offices and filing systems.  I am still a believer in doing things online securely and safely and this will blow over in time.

Most financial related sites these days all ask for security questions or are finally getting on the bandwagon to make their sites more secure.  This would all be ok if they were doing this in a simple way of maybe one or two questions or possibly giving us a choice if we want this added hassle or protection. 

The trick is that if you answer the security questions the same on every site that you end up doing the same thing wrong as answering passwords on all the log-ins the same.  You want most of your secure log-ins to be different.  The problem is that there is no human way to remember all of these passwords and security questions for each banking, brokerage, bill payment, and credit card site.

You have to try and remember what you typed in for your first road your drove on, the first elementary school teacher, the hospital you were born in, and maybe even the name of the diaper brand your parents used on you.  I could go on and mention the name of your first pet or the one you picked could it have been your dogs name or the cats name or that horse your uncle owned.

Roboform comes in handy for the passwords but there is nothing that comes in to help for the security questions unless you somehow manipulate Roboform to do this.  If you have a Mac there is a 1Password and I have yet to find a way to answer security questions within that software.

TD Ameritrade sent an email this week saying that security questions were coming and that we needed four to log-in to their new system.  Emigrant Direct has a picture to recognize, a security question, and a birth date question.  The most annoying is HSBC Direct Banking where you have to use the mouse to put in your security word instead of typing it in and im sure this will catch on to other paranoid banks.

There is a problem with Identity Theft, phishing, and stolen passwords online but that is mostly due to using virus contaminated computers, going to fraudulent log-in pages by not making sure they say “https://”, and other avoidable instances.   The banks and credit companies already have highly secure sites that in most cases its not likely anyone can steal your information if you use Roboform where you normally do not have to type any passwords because it fills it in for you.

The personal and business finance companies need to back off with all the security because soon we will not be looking for lower interest rates or credit offers but for sites that do not take more than ten minutes to see our information.