The loss of life, liberty and happiness is just a click away
Applying for food stamps has changed my life.
No, I didn’t really apply to receive food stamps, but an identity thief using my name and Social Security number did.
Thanks to a Florida Department of Children and Families investigator, who wondered why I’d need food stamps in Broward County when I live in Bethesda, the identity thief didn’t steal food from a needy family in my name.
It was—I hope—the final lesson in my nearly yearlong education in identity theft, computer hacking and taking stock of my life online.
I have 32 “password protected” accounts that allow me to traverse our cyber world with what used to feel like the greatest of ease: reading, learning, viewing, sharing, shopping, banking, paying, pinning, planning.
Before I was hacked, all my online accounts linked to one email address, and all my passwords were some permutation of the names of old dogs I’ve loved and lost. Even logging on to pay bills was an opportunity to remember and smile.
But code-breaking has replaced sentiment now. Trying to devise passwords that are inscrutable to hackers, I’ve made mine absurdly complex. I need a decoder ring to log in to any of my accounts. If I forget my Pinterest password—is that 49th character a “$” or an “&”?—I guess I’ll ask the NSA.
In February, Yahoo notified me that my email account had been hacked from an Internet address in Romania. Of course, the hackers probably weren’t in Romania any more than I was online in Florida applying for food stamps. It’s easy, I’ve since learned, for hackers to obscure their true location.
My husband ran virus scans on our laptops and desktops. I changed my passwords from the name of one late, great dog to another. Then I did what most Americans do even as threats from hackers and spies have risen exponentially. I kept clicking.
When a reviewer on Amazon.com noted that the Vitamix blender we own makes such a painful clatter while mixing green smoothies that it would be prudent to buy noise-canceling headphones, I clicked on his link to view the $16 pair he recommended. I didn’t feel sheepish clicking on a stranger’s link.
I felt sheepish owning a blender so powerful that using it required hearing protection—the definition of a First World problem.
Clicking on that link, among hundreds of clicked links, was probably harmless. But a few weeks later in June, I had trouble logging into several online accounts. I’d reset passwords. They’d work one day; the next I’d be locked out again. The “Facebook Security Team” in Palo Alto, Calif., sent me a cheery email saying: “It looks like someone may have accessed your Facebook account. …For your protection, no one can see you on Facebook until you secure your account.”
I had a sickening thought that triggered a new round of computer cleaning: If hackers burrowed into all my accounts, they’d access not just my bank balance, but the minutiae of my life online, from my bra size (www.nordstrom.com) to my resting heart rate (www.myfitnesspal.com).
Montgomery County Assistant State’s Attorney Robert Hill knows that creepy feeling of having your privacy violated—and not just because he once prosecuted a Silver Diner waiter who cloned customers’ credit cards and went shopping. Cyber criminals stole $1,000 from Hill’s bank account. The prosecutor and his wife made the common mistake of tying their PayPal account not to a credit card, but to a debit card that linked to their bank account. He noticed the theft quickly, and his bank covered his loss. There was little he could do to prosecute the hackers, who appeared to be operating from Nigeria.
“It is the crime of this century,” he says. “In the old days, someone might want to steal your television and stereo from your house. To do that, they’ve got to break in, make noise, risk being seen and getting caught. …Stealing someone’s credit card information is a lot easier than breaking into their house and carrying out the TV, and the benefits to the thief can be tremendous.”
Lately, I’ve been seeing double on Facebook. Friends whose Facebook accounts have been hijacked by hackers end up with duplicate pages, and it’s tough to know which one is fraudulent. Hackers are likely seeking long lists of potential new victims whose email trails they can follow into credit card and bank accounts.
The Internet Crime Complaint Center logged complaints from nearly 300,000 consumers in 2012 who were collectively defrauded of more than $525 million. Reporting is voluntary. Many consumers have never heard of the center, a joint venture of the FBI and the National White Collar Crime Center. So those numbers only hint at the magnitude of our growing problem.
Noon Pongsutham doesn’t need to check the center’s website to know hackers’ current favorite scams. She sees them daily at BoonPC, the computer repair shop she and her brother own on Wisconsin Avenue in Bethesda.
Every day they help panicked customers who’ve inadvertently clicked on a corrupt link, opened an innocent-looking email sent by hackers or visited the wrong website and fallen victim to criminals posing as FBI agents. The criminals accuse their victims of illegal online activity, remotely seize control of their computers and refuse to unlock them unless they pay a “fine.” People pay, then come to Boon to unlock and clean their computers.
Many elderly customers have fallen for an equally nefarious scam. Claiming to be with “Microsoft’s Technical Department,” criminals telephone to say that a computer in the house is emitting signals that indicate it has a serious virus. The criminal offers to help remove the virus. Then they trick the unwitting into clicking on a site that gives hackers remote access to their computer.
I get that phony call from “Microsoft’s Technical Department” every few weeks now on my landline. “If you were really from Microsoft,” I tell them, “then you’d know that customer service in this country is largely dead. I couldn’t get a human being from Microsoft to help me clean my computer if I begged them.”
Thanks to hackers, I’ve learned too much for comfort. I know that inscrutable passwords won’t protect me if I mistakenly click on a hacker’s link. I access the Internet primarily from one computer now, which I routinely wipe to factory settings. I never use public Wi-Fi. In some public spaces I turn off my smartphone and iPad, lest some teenage hacker a few feet away siphons my passwords and financial data. I keep track of the numerical Internet Protocol, or I.P., address of each of my computers. I only use email providers that show me a daily list of I.P. addresses that have accessed my account. So if someone reads my email from an I.P. address in Romania or Florida, I’ll know. But then what? Who are you going to call—Ghostbusters?
I’ve learned the hard way that unless hackers tap my bank account and trigger law enforcement’s interest, I face them largely alone. The state of Florida, inundated with fraudulent online applications, had no interest in prosecuting the criminal who tried to get food stamps in my name. State officials wouldn’t even tell me the address the criminal listed because welfare applications—even those that are fraudulent—are confidential.
The next time someone from “Microsoft’s Technical Department” calls, I’m going to ask him to turn the volume all the way up on his phone so he can hear the funny sound my computer is making. Then I’m going to put my phone on the kitchen counter right next to that noisy Vitamix blender and click one more time: on the screeching smoothie setting.
April Witt is an award-winning journalist who lives in Bethesda.