I’ve been fortunate in my life that I haven’t yet been the victim of a full blown identity theft. [Knock on wood.] At least not so far.
But I have had several brushes with attempts both major and minor.
Previously the most serious was probably when my eBay account had been compromised. Through brute force, or some other means, someone had gained control of my identity on eBay and posted jewelry for sale. Although I am not a big eBay’r, I happened to be checking my account fairly frequently around that time and noticed that notifications had been turned off, that I had posted something for sale (a Tiffany necklace), and that PayPal was set up to dump to a gmail account.
What amazed me was how difficult it was to take care of such a simple thing. Have you ever tried to get help from eBay? Sending email messages so that you have documentation doesn’t work. The people who are supposed to help you apparently get paid by the number of emails they respond to – and not who they help. Each time you get a cut and paste letter back that has little or nothing to do with what you send them. You’re left to their “live chat” feature – which did eventually work – but kept disconnecting me and I would have to start over from agent to agent. Took 2 hours.
Then, weeks later, I had to deal with the same thing when eBay decided to bill me for listing fees! Again, a month or more later I started getting told my account was on hold because now they wanted $5 for helping me and verifying that I was me. (We won’t let you buy anything on our service because we have verified who you are after our faulty security let you down.)
Can’t say I feel better about the experience, but I’m fortunate that it was a relatively minor case of identity theft.
But this morning I’m reeling from a little different kind of identity pain. For work, I find myself frequently sending messages out to various listserves – for distance learning, ed tech and Internet2. I just reposted tagging guidelines for bloggers to four Internet2 lists for our upcoming Spring Member Meeting next week.
Somewhere, on one of those lists (and I suspect I know which one) some machine harvested my email address and began informing folks all over the world about products and services designed to make someone else rich, on my behalf.
OK, we’ve all been the victim of someone we know having an infected computer and it sends out a few hundred emails with our address on them. Its annoying having to answer people and tell them that “I didn’t send that to you!” Sometimes its the people who receive the messages who scold you telling you they don’t need that kind of medication, or prefer to use properly licensed software. Other times it comes from very helpful meaning servers letting you know that your message has been blocked because it met the criteria for bulk mail, and how you can contact them in case your message wasn’t.
But I’ve never been the victim of it on this scale. At one point yesterday non-delivery messages poured in one every other second or so! My inbox was FLOODED from servers all around the world as evidenced by the Chinese, Japanese, Russian, French, and other languages represented. Servers in the US, the UK and all over told me that I had been placed on their black lists.
Black lists? But wait – what if some day I really *DO* need to reach someone at your organization? <sigh>
I set up a rule to automatically delete NDN messages so that my inbox would not overflow. Now I won’t see the messages from folks that I really do need to get in touch with. But at least I can keep my inbox working. I would estimate based on what I deleted, and what was in my postini pre-filter, somewhere on the order of over 1000 non delivery messages have been received in the last 24h.
If only 1:20 servers sent a message, that would be 20,000 people whom my alter-ego emailed. If its 1:50, well – I guess I was very busy while I slept last night. And I have to ask myself how many other people had their identity stolen last night?
The last time this happened to me it wasn’t this bad, and I had to change my email address. That was a few thousand messages off of an address harvested from my website. I don’t post it like that anymore – but apparently I didn’t need to.