E-mail hoax gives out wrong facts on credit bureaus
July 22, 2001
The local Better Business Bureau is advising Central Texans not to be alarmed by a hoax e-mail that claims credit bureaus can now release more of consumers' personal information than before.
The e-mail, which says credit bureaus can give out consumers' information to "anyone who requests it" starting July 1, is simply the latest in the never-ending string of Internet hoaxes, said C.J. Pederson, executive director of the local bureau. Although the e-mail does contain some correct information, most of the statements in it are false or distort the truth, he said.
Pederson said the bureau began receiving calls about the e-mail early last week. Although it has only gotten a few calls so far, he said there are likely many more local residents who are confused or worried because of the message.
On a national level, many consumers have been calling the credit bureaus to inquire about the e-mail, said Norm Magnuson, a spokesman for Associated Credit Bureaus, a Washington, D.C.-based trade group. In fact, he said the association issued a press release last week because of all the confusion.
"We just don't want consumers to be misled," Magnuson said.
The gist of the e-mail is that consumers have to call a toll-free number in order to block the nation's four credit bureaus from releasing their information to anyone who asks for it. The e-mail said the bureaus are able to start releasing the information because of a new law that took effect July 1.
That information is absolutely false, Magnuson said. Although a new law called the Financial Services Modernization Act did take effect July 1, it actually increases consumer privacy protections, rather than decrease them, he said.
Under the new law, most financial institutions cannot provide a customer's "non-public personal information" to third parties without the consumer's consent, Magnuson said. The institutions have to inform consumers that they can choose not to have their information shared. Before the act became effective, consumers had that right, but companies were not required to notify them about it.
Another major error in the e-mail is that the new law does not even apply to credit bureaus, Magnuson said. Only financial institutions, such as banks, insurance companies and brokerage firms, are covered. Instead, credit bureaus fall under the federal Fair Credit Reporting Act of 1996, he said.
That law states that the bureaus can only release credit information to firms that have a "permissible purpose" and a "legitimate business need," Magnuson said. That means credit information can only be shared for a few specific reasons, which include hiring, underwriting of insurance, granting of government benefits and analyzing risk in an investment portfolio.
The only correct information in the e-mail is that consumers can call the toll-free number given, (888) 567-8688, to opt out of inclusion on some mailing lists, Magnuson said. However, he stressed that by placing their name on the list, consumers are only opting out of pre-approved credit offers generated by credit reporting agencies. They will still receive unsolicited mail from many other sources, he said.
Magnuson said the bogus e-mail probably has caught the attention of so many people because privacy issues have gotten a lot of news coverage lately. Also, the fact that banks and other financial institutions have been sending out information about their new opt-out policies recently has probably also heightened confusion, he said.
Rose Guzman, a computer security specialist with the U.S. Department of Energy's Computer Incident Advisory Center, agreed that the e-mail was probably more believable because it had an element of truth to it. Phony e-mail messages keep getting more sophisticated, she said, making it harder for consumers to distinguish between what's true and what's not.
"They will try every social engineering trick every way they can to get you," Guzman said. "Anyone can put anything out there on the Internet and fool you."
One of the obvious problems caused by hoax e-mails is that they clog up the Internet when people send them to everyone they know, Guzman said. If someone forwarded a bogus message to 10 of their friends and they do the same, the message will have reached 1 million people by the sixth generation, she said.
Another problem with forwarding such messages is that spammers — people who send unsolicited e-mail in bulk — often use the e-mail addresses on them to form their own marketing lists, Guzman said.
In addition, hoax e-mails can cause major problems when real people are listed as contacts, Guzman said. Even though they usually didn't have anything to do with the e-mail, they are still bombarded with messages and telephone calls. In some instances, the response has been so overwhelming that people have had to change their e-mail address or telephone number, she said.
Hoaxes fall into several categories, Pederson said. Some common types are "get rich quick" schemes, heart-wrenching stories of people down on their luck, warnings about computer viruses and chain letters, he said.
To determine whether or not an e-mail is a hoax, Pederson said people should think logically about what it being claimed. If it sounds too good to be true, it probably is, he said. Also, the phrase, "send this to everyone you know," should be a red flag, he said.
In addition, consumers should be suspicious of any e-mail that asks for personal information, such as credit card or Social Security numbers, Pederson said. More than likely it is an attempt to defraud recipients, he said.
If people are unsure about whether an e-mail claim is true, Pederson suggests they look at Web sites that track hoax e-mails, such as http://www.urbanlegends.about.com or http://hoaxbusters.ciac.org. He said local residents also can call the Better Business Bureau at 755-7772 to ask questions about whether a particular e-mail is legitimate.
Cindy Van Auken can be reached at email@example.com or at 757-5744.
By CINDY VAN AUKEN Tribune-Herald staff writer