Part of the phishing scam--as it is with any other scam--is that the phisher pretends to be someone he's not--in this case "a company that the OP had done business with before." Since the OP's received original correspondence was to a physical address skimmable from the Internet, and not to a mailing address or an email address--either or both of which the legitimate furniture store would have had, also--phishing can't be so easily discounted.I don't think that the OP said that the original correspondence was received at a physical addresss, not a mailing address (and for many people, they are one and the same). Additionally, given the number of websites that ask for (and get) e-mail addresses, I don't think that e-mail addresses are any 'safer' than a physical address. However, given that it costs $0.40 or so (depending on class and bulk status) to send snail mails, vs. $0.01 or less to send e-mails, I would be much more leery of something received at an e-mail address than at a physical address or mailing address.A phone call to the store, or as OP plans to do, a letter to the store and not to the originator of the dun asking for the actual bill, would be a worthwhile check.Actually, the OP should be replying to the originator of the dun. In this case, I believe it is the furniture store, but even if it's not the furniture store, not replying to the originator of the dun is ignoring a dunning notice, which could be injurious to one's credit file and/or pocketbook, especially if the dunner is able to get a judgment.If you aren't providing any information back to the originator of the dun that they didn't already provide to you, then how are you providing any additional information for a phishing attempt? As you point out, your address (and likely, name) are already likely skimmable from the Internet, and any account number in the dun would have been provided by the dunner. Here is the sample debt validation letter from the site I suggested that the OP use, with my comments in bold:June 13, 2001Your Name123 Your Street AddressYour City, ST 01234 Should be the same name and address that the dunning notice was already received at, which the dunner already has.ABC Collections 123 NotOnYourLife Ave Chicago, IL DateRe: Acct # XXXX-XXXX-XXXX-XXXX Because the OP has no knowledge of this debt, unless the dunner provided an account number, the OP would have to subsitute something generic like "Collections Notice Received"To Whom It May Concern: This letter is being sent to you in response to a notice sent to me on September 30, 2002). Be advised that this is not a refusal to pay, but a notice sent pursuant to the Fair Debt Collection Practices Act, 15 USC 1692g Sec. 809 (b) that your claim is disputed and validation is requested. This is NOT a request for “verification” or proof of my mailing address, but a request for VALIDATION made pursuant to the above named Title and Section. I respectfully request that your offices provide me with competent evidence that I have any legal obligation to pay you. Please provide me with the following: What the money you say I owe is for; Explain and show me how you calculated what you say I owe; Provide me with copies of any papers that show I agreed to pay what you say I owe; Provide a verification or copy of any judgment if applicable; Identify the original creditor; Prove the Statute of Limitations has not expired on this account Show me that you are licensed to collect in my state Provide me with your license numbers and Registered Agent At this time I will also inform you that if your offices have reported invalidated information to any of the 3 major Credit Bureau’s (Equifax, Experian or TransUnion) this action might constitute fraud under both Federal and State Laws. Due to this fact, if any negative mark is found on any of my credit reports by your company or the company that you represent I will not hesitate in bringing legal action against you for the following: Violation of the Fair Credit Reporting Act Violation of the Fair Debt Collection Practices Act Defamation of Character If your offices are able to provide the proper documentation as requested in the following Declaration, I will require at least 30 days to investigate this information and during such time all collection activity must cease and desist. Also during this validation period, if any action is taken which could be considered detrimental to any of my credit reports, I will consult with my legal counsel for suit. This includes any listing any information to a credit reporting repository that could be inaccurate or invalidated or verifying an account as accurate when in fact there is no provided proof that it is. If your offices fail to respond to this validation request within 30 days from the date of your receipt, all references to this account must be deleted and completely removed from my credit file and a copy of such deletion request shall be sent to me immediately. I would also like to request, in writing, that no telephone contact be made by your offices to my home or to my place of employment. If your offices attempt telephone communication with me, including but not limited to computer generated calls and calls or correspondence sent to or with any third parties, it will be considered harassment and I will have no choice but to file suit. All future communications with me MUST be done in writing and sent to the address noted in this letter by USPS. It would be advisable that you assure that your records are in order before I am forced to take legal action. This is an attempt to correct your records, any information obtained shall be used for that purpose.Best Regards,Your SignatureYour NameI see no information other than the name and address (which the dunner already has) and the account number (provided in the original dunning notice, which the dunner also has) that could be the target of a phishing attempt.I suppose that the phisher might sell your name and address as 'validated', as opposed to 'unvalidated' because you write a letter back? I supposed that's a potential issue, but with the address (and likely, name) already skimmable on the internet, and you are already on the phisher's list - that's a pretty negligible risk. Do you really think that the phisher won't sell a name and adress that are on a list if you don't write back? So, I don't understand what the phishing danger would be in replying to a dunning notice with this request for validation of debt.AJ
Best Of |
Favorites & Replies |
Start a New Board |
My Fool |
BATS data provided in real-time. NYSE, NASDAQ and NYSEMKT data delayed 15 minutes.
Real-Time prices provided by BATS. Market data provided by Interactive Data.
Company fundamental data provided by Morningstar. Earnings Estimates, Analyst Ra