Many scams against college students are hatched online, experts say

Fort Worth Star-Telegram

FORT WORTH, Texas

Phil Banker said he “freaked out” when he saw his bank account balance after buying a $100 cell phone with his debit card. The receipt showed that $1,919 was missing from his checking account.

The money was spent in the Baltimore area — a place he had never visited.

Banker, then a University of North Texas senior, called Wells Fargo Bank, the company that issued his debit card. He suspects that his debit card information was stolen after he bought a textbook over the Internet in February 2008 from a company he didn’t completely trust.

“They were selling this textbook at a radical discount from anywhere else,” Banker said. “So I took a chance, and I got burned for it.”

Identity theft and scam investigators say they hear stories like this all the time. College-age Americans are not the most likely age group to become victims of fraud — those ages 25 to 44 are, according to a 2004 Federal Trade Commission report. But college students’ love affair with technology, and sometimes their naivete, makes them vulnerable to some types of identity theft, experts say.

Colleges and universities add to the problem by issuing student identification cards that double as debit cards or allowing credit card companies to market their products on campus, some say. And credit card companies are expected to scramble this fall to sign up college students before a new federal law takes effect in February that will restrict their practices.

Experts urge students to take precautions as the new school year gets under way. A little cynicism usually helps, said

Denise Owens, Comerica Bank’s Texas fraud and identity theft investigator.

“If it seems too good to be true, it is,” Owens said.

Many scams against college students are hatched online, experts said. Students often fall victim to work-from-home, Internet sales and identification scams, said Owens, who has investigated scams and identity theft for 18 years. These crimes tend to involve wiring or sending money overseas or to other parts of the country.

“Because they’re on the Internet so often, and they do so much of their stuff online, I do see them fall victim to a lot of the Internet fraud scams,” Owens said.

Sometimes criminals posing as promoters persuade fraternities or sports clubs to sign students up for credit cards. No cards exist — the goal is to open fraudulent accounts using the students’ addresses, Social Security numbers and birthdates from the so-called applications, said

Betsy Broder, assistant director of the Federal Trade Commission’s division of privacy and identity protection.

Some thieves don’t go to that trouble. College students reveal all sorts of information about themselves on social-networking sites, experts said. It all comes down to being too trusting.

“If someone were to call them and ask them for personal information, they just provide that information,” Owens said. “Unless they initiated the contact or they can verify whom they’re speaking with, they shouldn’t give out personal information. And financial institutions and credit card companies will never ask them for their PIN number or the security code on the back of their card.”

Students’ mailboxes will likely be stuffed with credit card offers because of the federal Credit Card Accountability, Responsibility and Disclosure Act of 2009. Effective Feb. 22, the law prevents credit card companies from giving students gifts in exchange for credit card applications and from sending offers unless the student agreed to have them sent, according to Consumers Union, publisher of Consumers Report magazine. The law also requires colleges to publicly disclose any marketing contracts made with credit card companies.

“This is the last season that credit card companies are going to be able to actively market on campus, giving away free T-shirts and all the other freebies,” said

Lauren Bowne, a Consumers Union attorney.

The University of North Texas and the University of Texas at Arlington both have agreements with Wells Fargo to issue identification cards that students can choose to activate as debit cards.

At Texas Christian, Texas Wesleyan and Texas Woman’s universities, student ID cards can be used for meal plans, access to rooms and bookstore purchases. But they can’t be used off campus — except in the case of TCU, where they can be used at some nearby restaurants.

Banks and credit card companies pay schools to issue student ID/debit cards and in some cases to solicit students during certain times, such as orientation. To some colleges, that adds up to millions of dollars a year, said

Lawrence Wilson, president of the Plano, Texas-based ID Theft Victims Support Group of North America.

At UT-Arlington, every ID card issued has a Wells Fargo logo, said

Kristin Sullivan, assistant vice president for media relations. The university receives 75 cents per card, along with additional payments if people link their cards to a Wells Fargo account. Under this agreement, UT-Arlington received $7,876 last fiscal year and $15,369 during the 2006-07 year. About 2,000 of the school’s 30,000 cardholders have linked their cards to a Wells Fargo account, she said.

As part of UNT’s debit card agreement, Wells Fargo contributes $15,000 annually to the school’s Regents Scholarship Fund.

To Wilson, such debit cards open students to identity theft. Thieves could access students’ bank accounts if they hack into some school computer systems, or if students lose their cards. “It basically paints a target on the backs of our college students,” Wilson said.

Universities only recently got away from using Social Security numbers throughout campus, said

Mary Monahan, managing partner and research director at Javelin Strategy & Research, a California-based financial services research company. “I don’t think it’s a good idea to use ID cards as debit cards,” she said.

But the FTC’s Broder said university debit cards are as safe as any other debit card. She was not alarmed if security precautions get taken. Wells Fargo has identity theft prevention, detection and mitigation programs, but the company did not want to provide details to protect security. Sullivan said UT-Arlington has had no major problems with the cards and has no access to bank account information.

In Banker’s case, he said Wells Fargo cut access to his account, replaced his cash and sent him a new card with a new account number within a few days. A cousin in the financial industry ran a search through Banker’s credit history to see whether any other blips popped up. So far nothing abnormal has occurred, he said.

Corey Graves, 20, of Fort Worth said he has no idea how his identity was stolen. All he knows is that on June 24 he received a call from his bank informing him that a woman in South Texas had used his Social Security number to try to get a mortgage.

He said he lost his wallet in the eighth grade, but it didn’t have his Social Security card.

“Other than that, I’ve never lost anything with any valuable information, as far as bank numbers or anything like that,” said Graves, a junior at Sam Houston State University. “I shred all that stuff.”

He now wonders what will happen if he applies for a mortgage.

If students fall victim to identity theft or scams, they should notify police, their banks and credit card companies, said

Debra Geister, director of fraud prevention and compliance solutions at LexisNexis. They also should contact credit bureaus and have them issue fraud alerts and credit freezes on their accounts.

And they should file an identity theft affidavit with the Federal Trade Commission, which they can do online or through the mail, she added. By Nov. 1, the federal Red Flags Rule requires that nonbank organizations that extend credit, including colleges and universities, have an identity theft prevention program, Geister said. Banks had to comply last year.

Primarily, students need to give out as little personal information as possible.

“We all tend to be trusting as human beings,” Geister said. “When our radar should go off, sometimes it doesn’t.”

PREVENTING ID THEFT

College students can take several steps to stop identification theft:

1. Campus computers and Wi-Fi hot spots aren’t always secure. Use encryption (i.e. anti-keylogging software, or password protection) to scramble communications over the network.

2. Change passwords frequently. Keep your anti-virus and anti-spyware software up-to-date with the latest releases. If you use your laptop around campus, always take it with you to ensure that your hard drive isn’t compromised.

3. Reveal little personal information on social-networking sites, especially family name, address, phone numbers and date of birth.

4. Don’t carry your Social Security number with you. If your college uses Social Security numbers for student IDs, request that the college generate a random number instead.

5. Buy a cross-cut shredder and properly dispose of all personal and financial materials. Credit card offers, bank statements and tax documents should be shredded or stored in a secure spot. A dorm room is usually not a secure spot.

6. If you shop online look for “https” in the URL. Check with sites’ privacy policies so you know what they may be doing with your personal information, or whether they’ve attached cookies to your computer, enabling them to track your viewing and usage patterns.

7. Routinely review your credit report. Under a federal law, you have the right to receive a free copy of your credit report once every 12 months from each of the three nationwide credit reporting companies. To request your free annual report under that law, visit www.annualcreditreport.com.

9. If you use peer-to-peer file sharing programs, be sure to configure the files securely so personal information is not accessible to others.

10. Physically remove the hard drive before you throw out that old computer. Erasing data just enables the computer to write over that space again; it doesn’t eliminate the original bits and bytes.

11. Never check “remember me” to log into Web sites. The harder you make it for hackers to follow your trail into an online store or bank account, the better.

12. Make photocopies of your driver’s license, credit cards, insurance cards, all of it — front and back. Should your wallet be lost or stolen, you won’t be left wondering what was taken, and you can quickly notify the appropriate agencies about a theft.

Sources: Affinion Security Center, Intersections Inc., Kroll Fraud Solutions.

(c) 2009, Fort Worth Star-Telegram. Distributed by McClatchy-Tribune Information Services.