Helping people with computers... one answer at a time.
Identify theft is a growing problem. Using someone else's credit card illegally is the most common problem. There's not a lot you can do - except prevent it.
My American Express statement showed a charge for software that I had not ordered. I notified Amex and they checked it out and said that the charge appeared legitimate. The problem was that the order data supplied was my card number, my address, and everything else, except the email address was not my email address.
Someone used all of my data and created a special email address to download software and charged it to my account. Amex has turned this over to their Fraud department, and my card number has been changed.
Can an email address be identified as to who originated it?
If a software provider gives a customer a license number for their software, can they revoke that license and make that software inoperable?
Welcome to identity theft. Clearly someone assumed your identity for a bogus transaction, and you're left holding the bag - sort of. (As it turns out, it's the merchant that's often left holding the bag - I've been in the merchant's position.) The opportunities for resolution are few and difficult.
Can the email address be traced?
Maybe. But I would not be hopeful. Here's why.
It's very possible that the merchant didn't require a valid email address. It's obviously not good business practice, but in general a valid email address is typically not part of how a merchant makes sure that a buyer is legitimate. The email address is typically used only to send informational messages like sales receipts and the like. Messages that your thief won't care about at all.
So if the thief used a bogus email address there's simply nothing to trace. Whatever email address they used, even if accidentally someone else's legitimate email, actually has nothing to do with who or where the thief is.
Now, some merchants don't offer the download link directly on purchase, but email it to you instead. In a case like this, then yes, the thief would have needed to establish an email account on which he or she could have received the link to download the software they were stealing. If they're a very stupid thief, they could have used their own email address. More likely, though, they probably just created a one-time use email account with one of the free email providers. Could they be traced? Possibly, but:
I believe it would require legal action to force that email provider to reveal any information about that account that could help - like the IP address from which it was created
I believe it would require further legal action to force the ISP who owns that IP address to reveal any information that might help - like th physical location of the computer at the time the email address was created
Now, even if both entities were highly cooperative (which is highly unlikely), they may not have the data. That type of logging is enormous, and I'd expect the providers to flush those records regularly.
So while if you're very very lucky it might be possible to trace an email address associated with your purchase, the bottom line is that it's simply too impractical
The harsh practical reality is that an email address cannot easily be traced.
Now, what about that license revocation?
In most cases the answer is no. Almost all downloadable software, once activated, remains activated until it's reinstalled for some reason.
What you've described has been referred to as a "kill switch" - something a vendor can do to render illegal software inoperable. It's actually been in the news lately, since at least one major software manufacturer has apparently built that feature into it's new flagship product.
Apparently Microsoft Windows Vista has a kill switch.
If a Vista install is illegal, Microsoft may be able to cripple it. The facts aren't all in yet, and Microsoft certainly hasn't said that they will do it, but there's a lot of concern that they could.
And, of course, the reason there's concern is the fear that they could get it wrong; the fear that legitimate users could get turned off by mistake.
So if you think a kill switch is a good idea, you may want to reconsider. It could easily fall into the category of "be careful what you wish for".
The real issue to be concerned about is simply this: how did the thief get your information in the first place? Has that issue been corrected, and if not, what's to prevent it, or worse, from happening again? Identity theft is on the rise, and in all honesty, you got off easy.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.