As an experienced corporate investigator, I am well versed in a variety of scams, someone who knows better than to think that too good to be true could be real, particularly when it comes to the cyber world. Yet despite everything I know and everything I’ve seen, recently I could have been a victim. Here’s what happened.
We’re doing some rehab work on our old home, and our contractor unexpectedly told us we needed to move out—within the next few weeks—and that we’d need to be gone for a month. In theory, it’s all part of the adventure. In reality, the school year was starting for my teens, and we have two large dogs, hardly ideal circumstances to look for affordable, short-term housing.
Panic set in.
I started searching. Airbnb, corporate housing agents, local mom’s groups, friends and neighbors, all to no avail. Finally, I found several rentals on Craigslist that looked like they might be a good fit, including one for an apartment that was slightly larger and slightly less expensive than the others. Nothing raised the hackles on my neck, but it was better by just enough for me to think I might get lucky. Feeling comfortable that Craigslist masked my email, I contacted the person on the listing. “Yes” my dates were available, “Yes” they took dogs for a small fee, and “Yes” parking and utilities were included. Relief flooded me. I said, “Yes” and was ready to take it, even though the “rental agent” could not show me the apartment.
Fortunately, that’s when I came to my senses, and my training kicked in.
The “Rental Agreement” had typos and was not a standard form. The entire rental sum needed to be wired up front to a bank account in San Antinio (sic), despite the fact the rental was in Chicago. There was no cancellation fee. The anomalies continued.
A quick search of the Cook County Recorder of Deeds, which is easily available online, identified the owner of the apartment. I called the owner, who was gobsmacked. The photos that appeared on the listing were stolen from the realtor who sold the apartment two years earlier. The owner told me he loved living in his apartment, and while he was sympathetic to my needs and offered some good suggestions, us moving in with his family was not an option. We both reported the scammer to law enforcement, Craigslist, the selling realtor, and the bank to which the funds were to be wired.
As an almost victim, I was reminded, in a very real way, of the importance of the warnings I often give clients. With that, here are seven tips to help you safeguard your privacy and avoid being scammed.
- The internet is forever—Our digital memory doesn’t expire and remembers almost everything. Monitor what you post and what others post about you. If you are buying something that is posted online, whether it is a house, a car, or a dining room table, ask the seller to remove the post when the transaction is complete. Similarly, if you are selling something, take down the post after you have sold the item. Although internet archives or cached versions of websites may have captured the post, the chances of it being found are much reduced.
- Verify, verify, verify—Cyber criminals play on your emotions, so think before you click. Be suspicious of things that seem too good to be true. Don’t open attachments, click on links, create accounts on unverified websites, or otherwise divulge personal information before you verify you are dealing with a legitimate person or company. Never give out bank account details, share credit card information, or agree to wire money unless you confirm the identity of the person receiving the transaction. Understand the difference between third-party verified sites, such as Airbnb or CarMax, and marketplace sites, such as Craigslist or eBay. Both bring buyers and sellers together but have different levels of risk.
- A long (and private) password is strong password—Do not use the same password, or a variation of the same password, for multiple accounts. Use a password manager to generate and store your passwords, and consider passphrases for accounts that you have to remember (such as the master password to your password manager) When available, enable multifactor authentication.
- Use social media wisely, and regularly review your privacy settings—Given the increasingly blurry lines between personal and professional networking sites, identifying information used on one profile can be used to piece together or steal parts of your identity that you want to keep private. Reverse searches can identify phone numbers, which prompts some people to create an extra “disposable” telephone number that cannot be traced back to them for use on dating apps, social media sites, or other databases.
- There’s no “free” Wi-Fi—Only connect to Wi-Fi networks that you know and trust, such as networks at home, work, and school. While you are connected to a Wi-Fi network, that network can read and record each site you visit. Using unknown or public Wi-Fi could allow a cyber criminal to monitor your online browsing and steal your information. Certain types of malware can infect your devices and allow a cyber criminal access to your entire device.
- Keep things separate—Use your work email for work and your personal email for your personal life. Maintaining separate email accounts ensures that your information is segregated and that an unintended breach of one account does not compromise everything.
- You’re only as good as your weakest link—Make sure your use the same level of vigilance. Otherwise, they may inadvertently provide hackers, thieves, and scammers the keys to your real and virtual kingdoms.
As for my housing situation . . . I ended up finding an apartment, also listed on Craigslist, that was slightly smaller, slightly more expensive, and had fewer amenities than the one I coveted. But this situation was much different. I was able to meet the property manager and tour the apartment. I signed a standard Chicago rental agreement, paid a reasonable deposit by check to secure the space, and paid the balance of the month’s rent when I got the keys. My experience overrode my emotions, reminding me that thinking before clicking and applying cybersecurity “rules of the road” help to prevent disaster.