Adapted from Scam Me If You Can (Portfolio–Random House/AARP) by Frank Abagnale
The mail pile was predictably large when the Karpinsky family returned home from vacation in July 2018. But what wasn't normal was the amount of grownup mail addressed to little Gavin Karpinsky, who was just 5 years old.
"I wondered why there were so many advertisements addressed to him, but I ripped them up and tossed them and didn't think much about it,” recalls Heather, Gavin's mother. The next day, Gavin received two more envelopes in the mail, and she did the same thing.
Then the bombshell: The following day's deliveries included a collection notice addressed to Gavin, seeking payment for $200 in health and nutrition products ordered through a television infomercial. Heather called the company, and a representative said they'd spoken with Gavin — he was a regular customer. “I told the representative that Gavin was only 5 years old and could not even dial a phone!” she says. Shocked and frightened, she contacted the police.
Four days after she received that notice, the ugly truth came out. In May, Gavin's doctor's computer had been hacked, compromising the names, dates of birth, Social Security numbers (SSNs) and insurance information of 14 underage patients, including Gavin. Crooks had already used his information to open credit cards in his name and to make purchases. The police told Heather that the doctor's office was not liable; it had paid for a security system to handle its data, and that was where the breakdown had occurred.
The only way for Heather to protect Gavin was to obtain fraud protection through a credit monitoring service. He'll need it for the rest of his life. “I was told his information will continue to be sold on the black market and his medical identity can continue to be used,” Heather notes. “He's 5 — he shouldn't really have a credit report or a credit rating.” But since he does, he also has credit monitoring. Heather will have to watch Gavin's credit until he's an adult; then he'll take over.