Helping people with computers... one answer at a time.
Identify theft is a growing problem. Using someone else's credit card illegally is the most common problem. There's not a lot you can do - except prevent it.
My American Express statement showed a charge for software that I had not ordered. I notified Amex and they checked it out and said that the charge appeared legitimate. The problem was that the order data supplied was my card number, my address, and everything else, except the email address was not my email address.
Someone used all of my data and created a special email address to download software and charged it to my account. Amex has turned this over to their Fraud department, and my card number has been changed.
Can an email address be identified as to who originated it?
If a software provider gives a customer a license number for their software, can they revoke that license and make that software inoperable?
•
Welcome to identity theft. Clearly someone assumed your identity for a bogus transaction, and you're left holding the bag - sort of. (As it turns out, it's the merchant that's often left holding the bag - I've been in the merchant's position.) The opportunities for resolution are few and difficult.
Can the email address be traced?
Maybe. But I would not be hopeful. Here's why.
•
It's very possible that the merchant didn't require a valid email address. It's obviously not good business practice, but in general a valid email address is typically not part of how a merchant makes sure that a buyer is legitimate. The email address is typically used only to send informational messages like sales receipts and the like. Messages that your thief won't care about at all.
So if the thief used a bogus email address there's simply nothing to trace. Whatever email address they used, even if accidentally someone else's legitimate email, actually has nothing to do with who or where the thief is.
Now, some merchants don't offer the download link directly on purchase, but email it to you instead. In a case like this, then yes, the thief would have needed to establish an email account on which he or she could have received the link to download the software they were stealing. If they're a very stupid thief, they could have used their own email address. More likely, though, they probably just created a one-time use email account with one of the free email providers. Could they be traced? Possibly, but:
-
I believe it would require legal action to force that email provider to reveal any information about that account that could help - like the IP address from which it was created
-
I believe it would require further legal action to force the ISP who owns that IP address to reveal any information that might help - like th physical location of the computer at the time the email address was created
Now, even if both entities were highly cooperative (which is highly unlikely), they may not have the data. That type of logging is enormous, and I'd expect the providers to flush those records regularly.
So while if you're very very lucky it might be possible to trace an email address associated with your purchase, the bottom line is that it's simply too impractical
The harsh practical reality is that an email address cannot easily be traced.
•
•
Now, what about that license revocation?
In most cases the answer is no. Almost all downloadable software, once activated, remains activated until it's reinstalled for some reason.
What you've described has been referred to as a "kill switch" - something a vendor can do to render illegal software inoperable. It's actually been in the news lately, since at least one major software manufacturer has apparently built that feature into it's new flagship product.
Apparently Microsoft Windows Vista has a kill switch.
If a Vista install is illegal, Microsoft may be able to cripple it. The facts aren't all in yet, and Microsoft certainly hasn't said that they will do it, but there's a lot of concern that they could.
And, of course, the reason there's concern is the fear that they could get it wrong; the fear that legitimate users could get turned off by mistake.
So if you think a kill switch is a good idea, you may want to reconsider. It could easily fall into the category of "be careful what you wish for".
•
The real issue to be concerned about is simply this: how did the thief get your information in the first place? Has that issue been corrected, and if not, what's to prevent it, or worse, from happening again? Identity theft is on the rise, and in all honesty, you got off easy.
Article C2879 - December 26, 2006
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
This same thing just happened to me on 3/5/10. I e-mailed the software company after going online to research the charge, and they e-mailed back with the e-mail address that was used, which wasn't mine. I am now disputing it with the credit card company (American Express) and told the software company they need to revoke the license, since this was acquired illegaly. But how did they get the information to do this. Don't they have to enter a pin or security code?
Posted by: Ann at April 9, 2010 7:46 AMI ordered a work at home web access for 5.94 it was posted on my account the same day and I asked the seller if that was all the charges she said yes but 5 days later i got a 98.26 posted on my bank card i tried to call but the numbers i found were disconnected or they would say leave your name and phone number and we will get back to you.
Posted by: phyllis satterfield at February 22, 2011 4:48 PMi called my bank i am filing a fraud report to get my money back.
thanks
phyllis
You say "it would require legal action to force that email provider to reveal any information about that account that could help - like the IP address from which it was created"
Rather than finding the IP adress from the email provider who registered the email, could i take legal action with the company who sold to my card number theif to acquire the IP adress of the computer that it made the purchase with?
01-May-2011
I ordered lunch on-line and next thing I know I got illegal charges on my card. what can i do. the resturant told me to call the cc company.
10-Jan-2012
@Nichols
Posted by: Connie at January 10, 2012 7:39 AMDefinitely contact your credit card company. The attack very likely had nothing to do with the restaurant. How protected was the internet connection where you made the purchase? Here's an article that explains how an unprotected internet connection puts you at risk:
How do I stay safe in an internet cafe?