The risks for identity theft are everywhere you turn. Your mail, your computer, your credit cards, even your trash; all present opportunities for criminals to gain access to your personal information. To prevent identity theft, you must constantly be aware of the ways that criminals will use to gain access to your personal, identifying information.
One place that identity thieves often focus their attention is on your computer. Web sites and emails can put you at risk for identity theft. Learn how to recognize the most common computer-based scams.
Recognize a Phish-y Email
Millions of emails like this one, that are designed to help a criminal steal identities, go out every single day. These are called phishing scams. Follow along with me as I show you how to spot a phishing scam so you'll never fall victim to another one.
It starts with opening the email message. As soon as you open a message, you should begin noticing some things aren't quite right. For example, this message is from a well-known banking institution--Capital One. Most banking institutions today don't send emails requesting that customers click on links or provide information.
Protect Your Computer from Spyware
Spyware is one of the most prevalent methods that identity thieves use to collect the information needed to steal your identity. It’s such a problem that some experts estimate that nearly 80 percent of personal computers are infected with spyware. It’s also a problem that shows few signs of slowing down.
What is Spyware?
Spyware is a pretty common term, as it relates to identity theft. But what exactly is it? The easy answer is any malicious software that collects your personal information. But that answer really is too easy.
A more accurate description of spyware is that it is a group of software applications designed to collect your personal information or change the configuration of your computer without your consent. These applications can be downloaded to your computer by way of an infected file, planted without your knowledge when you visit a web site, or installed along with another software application.
What Does It Do?
Once a piece of spyware has been installed on your computer, it does one of two things: it either sits quietly in the background collecting information like account numbers, usernames, and passwords or it changes the configuration of your computer to allow a hacker access to your machine.
In the first case, the spyware is often called a keylogger – an application that logs every keystroke that you make when you’re using your keyboard. Once downloaded to your computer, keyloggers create a file where all of your keystrokes are stored, then each time you connect to the Internet a copy of that file is sent to a server somewhere else on the Web. Criminals then download that file and extract any valuable information that it might contain.
For example, if there’s a keylogger installed on your computer and you pay your bills online, order products from a Website, and fill out a registration form while you’re online, all of that information will be collected by the keylogger. Then that information is sent to the storage facility where the criminal later grabs it and separates the important stuff – your usernames, account numbers, passwords, date-of-birth, and credit card numbers. That information is then sold to another criminal who uses it for a variety of different illegal activities, including identity theft.
The other use of spyware is to change the configuration of your computer. When criminals use spyware in this manner, the program is installed on your computer and then it changes the configuration of your computer to allow that criminal to gain access to your machine, even if you’re protected by a firewall or other security software. Essentially, it’s like opening a door to your hard drive.
The criminal can then hack into your computer and either access personal information that’s stored on the computer or lock you out of the computer and use it connected to a group of other hi-jacked computers – called a botnet – to conduct some other criminal activity online. Criminals may even use your computer to send spyware and other malicious software, out to others.
Recognizing Spyware
One of the most difficult aspects of controlling spyware is that sometimes it’s hard to spot. Some spyware distributors have become so adept at disguising their programs that you can be infected and never know it. But more often than not there is at least one symptom of a spyware infection.
Some of the indicators that you may experience if you’ve been infected with spyware include:
Endless pop-up windows that open one right after another as you close them.
You type one Web address into your browser’s address bar but are redirected to another.
New, unexpected toolbars appear in your web browser.
New, unexpected icons appear in the task tray at the bottom of your screen.
Your browser's home page is suddenly changed and each time you try to change it back the effort fails.
Random Windows error messages begin to appear without explanation.
The operations of your computer slow dramatically when you’re opening programs or processing tasks such as saving files.
The only way to know for sure if your computer has been infected with spyware, however, is to scan your hard drive using an anti-spyware application.
Protecting Your Computer
Anti-spyware applications work in much the same way that anti-virus applications work. Once you install the anti-spyware application on your computer, you can set it up to scan your files regularly. There’s just one catch: the anti-spyware program has to be up-to-date to do any good.
Here’s a truth about any malicious software that poses a threat to you: criminals are constantly updating, changing, and improving the software so that it will be undetected by protection programs. An anti-spyware application that’s not up-to-date can miss the most recent threats, leaving you vulnerable.
Anti-spyware applications look for spyware based on a signature – that’s an indicator that it might not be a safe program. However, different anti-spyware programs look for different signatures. So, a piece of spyware that is detected by one program may go undetected by another.
To help combat that, I recommend installing at least two different anti-spyware programs on your computer. Use caution when setting them up, however. Make sure that each program is set to scan your computer at a different time or the programs may conflict with each other.
Spyware represents one of the most dangerous threats to your computer if you spend any time online. Take the time to install and configure anti-spyware applications to protect your computer. Without this protection, it’s not a matter of if you’ll be infected, but when and how much damage will be done.
The New Threat: Spear Phishing
Most people have heard about phishing – the practice of using fraudulent emails to gain access to personal information for the purpose of identity theft. But like any activity, an occasional update in the process is needed. Spear phishing is the new black in identity theft.
The term phishing was coined because of the way that criminals try to gain access to personal information – basically, they cast out a bunch of bait in the form of fraudulent emails, and wait to see who bites. Spear phishing, however, is more targeted.
Just a fisherman would use a spear to target a single fish, spear phishing targets individuals. Whereas criminals might send a single, mass e-mail to a couple hundred thousand people in a phishing attack, spear phishing attacks are customized and sent to a single person at a time.
The spear phishing email usually contains personal information such as a name or some tidbit about employment. They are also unique emails, rather than being the mass “your bank account has been compromised,” type emails that are more common in phishing.
For example, one instance of spear phishing targeted corporate executives with personalized emails about a legal case in which the recipient of the message was allegedly being sued. It was a new scam, so it was easy for executives to assume that it was legitimate and click the link provided in the message. And that’s the point at which the spear pierces the target.
How It Works
A spear phishing email usually includes a link that leads to a spoofed, or fake, web site that requests personal information. It all looks very legitimate, and sometimes even the experts are fooled by spear phishing emails. When the recipient of the message clicks through the link they’re taken to a page on the Web that looks so legitimate it can be hard for even seasoned security professionals to tell it’s a setup.
Other spear phishing emails may contain a downloadable file. They’re just as convincing, often appearing to come from an employer or someone else that’s equally legitimate. But the file contains malware of some kind that, once downloaded to your computer, collects your personal information and transmits it to the criminal when you’re online.
Spear phishing is a difficult scam to catch because the criminals that use this method of stealing identities put extra time and effort into the process. It requires research to gain access to enough information to make you believe the spear phishing email is real, plus it takes time to put together the web sites and messages that are used as bait. The pay-off however, is usually much greater than the rewards of a simple phishing attack.
So, how do you protect yourself?
There’s no guarantee that you can protect yourself from a spear phishing attack. The criminals that use this method are intent on gaining access to your identity, and they’re willing to put in the hard work to reach pay-off. And that means that spear phishing emails are very difficult to tell from any other email that might land in your in-box.
There is good news. At this time, spear phishing attacks seem to be limited to corporate targets. Nearly all of the spear phishing complaints that have been investigated have come from corporate employees. That’s no reason to let your guard down, though.
As criminals become more adept at spear phishing attacks, their targeting will widen, and individuals will fall into the target zone. It would not be surprising, however, to find that spear phishing was limited to the upper class and the upper middle class. This group of people typically has more resources available, and that’s ultimately what spear phishers are looking for.
For a criminal to be willing to put forth the effort needed to successfully use a spear phishing campaign, the draw has to be big – far more than the $31,000 average for most identity theft cases. That means that if you don’t fall into that group of people who are in the upper and upper-middle class, your chances of becoming a victim are much smaller.
Of course, all of the standard cautions apply: never open attachments for stranger, never click through a link in an email, never assume that just because you know the address the email was sent from means it’s safe. In this day, with identity theft literally running rampant, criminals will use whatever email address they can gain access to.
Also never open an attachment, even from friends, colleagues, or co-workers unless you’re expecting it. An email with an attachment that arrives unexpectedly could certainly contain malware, even if it’s not spear phishing malware. Simply requesting that your friends and co-workers notify you before they send an attachment will reduce your risk of becoming an identity theft victim.
Don’t take any chances; if you receive a message or a phone call that seems out of place, scan it for viruses and keep a close watch on your credit reports. It will be frustrating in the beginning, but it will become a habit, just like locking your doors when you leave. And the damage to your identity that you can save over time will more than make up for the initial inconvenience.
Web Page Spoofing
Web page spoofing is an activity that hackers use to direct Web site visitors to a Web site that looks like the one they believe they are visiting. The actual site, however, is hosted in a different location, usually for the purpose of gathering personal or confidential information that is used in identity theft.
Spoofed Web sites are often used in conjunction with spoofed emails or phishing emails. The messages contain a link to the site, then when a visitor logs onto the site, they are prompted to provide account information, usernames and passwords, or a Social Security Number or date of birth.
A spoofed Web site appears identical to the Web site that is being copied, although it may have a different URL. However, hackers can also disguise the URL, which makes it very hard to distinguish a spoofed site from the real one.
Also Known As: Hoax Web Sites or Hoax Sites
Email Spoofing
Email spoofing is a technique used by hackers to fraudulently send email messages in which the sender address and other parts of the email header are altered to appear as though the email originated from a source other than its actual source. Hackers use this method to disguise the actual email address from which phishing and spam messages are sent and often use email spoofing in conjunction with Web page spoofing to trick users into providing personal and confidential information.
Software is usually used to collect or generate the email addresses that are spoofed. Hackers may create a virus that examines the contact information on an infected computer. That information is collected and sent to the hacker who then uses another piece of software -- a mass email program -- to send out bogus emails using the addresses collected.
Alternatively, hackers may use software that generates random email addresses to use to disguise the actual origin of the message being sent.
Jake's Identity Theft Blog
I've known about the Nigerian Letter Scam for a long time. I think the first time that I received some iteration of that scam was in 1993, not long after I first got Internet service in my home. I don't think anything of the strange letters, emails, and fake checks that come in my mail.
A woman in Alaska recently got a variation of the Nigerian Letter Scam that might have caught me, though. The elaborate scam started as what's common for this type of scam, but it seems the scammers just kept plugging away, hoping they would get to her by claiming at one point to be foreign government officials trying to ease ruffled feathers by making a restitution payment.The scary thing is, this kind of scam is just going to continue to get more elaborate.
Also, here are another few basics with regard to identity theft:
Sometimes, restaurant workers will use the card and copy the information and bring it back to the table. So, you never know if that info has been lifted.
The ATM cover scam: ID Theives are using an ATM slip over ATM machines. The cover actually goes over the ATM card insert and records that card info. Sometimes, a bulky camera will be placed over the keypad to record keystrokes on PIN codes that are entered. Later the information can be used to empty the account of available funds.
Medical Info scam: Many times (particularly family members) will steal a relative's info to get medical access especially where surgery is concerned.
CDL scam: This is committed by truckers stealing the licenses of other commercial drivers in order to get out of paying tickets.
Dumpster Diving Dangers
So many ways exist for thieves to grab your identity, it’s hard to believe sometimes that the ‘old-fashioned’ methods are still some of the most popular. For example, you mail box and your trash are two of the greatest risks to your identity. Mail scams happen all the time.
As the old saying goes, ’One man’s trash is another man’s treasure.’ And it’s so very true. One of the most notorious cases of identity theft prosecuted was a case of dumpster diving. Dumpster diving is when someone goes looking through other people’s trash for items that can be used or sold.
In most cases, a dumpster diver is looking for items: gently used clothing, knick-knacks, CDs, movies, or anything else that can be recycled, reused, or sold to someone else. People throw away perfectly good stuff all the time. If it’s in the trash and it’s still good, why shouldn’t someone get some use out of it, right?
That’s a great theory, except for one small loophole. People also throw away a lot of paper. In fact, the average individual throws away about 860 lbs of paper a year; paper that’s often printed with personal information like account numbers, dates of birth, and Social Security Numbers.
Identity Theft Waiting to Happen
It’s in trash that Stephen Massey, the leader of one of the most notorious identity theft rings to date, found his niche. Massey, a meth addict and petty criminal, stumbled on the idea of stealing identities for profit while he was dumpster diving to support his meth habit. In a dump, completely unprotected, he came across barrels of recycled paper that included names, birth dates, Social Security Numbers, and addresses. Everything you need to steal an identity.
That was back in late 90s, and Massey and his partner-in-crime were sentenced to prison in 2000. Massey received a two year prison sentence; his partner received one year. Since then, how corporate paper is handled has changed a little. Legislation like the Identity Theft and Assumption Deterrence Act of 1998 or the Personal Information Protection and Electronic Documents Act have forced some organizations to be more responsible about the storage and disposal of personal information.
Of course, changing the way that corporations handle your information is helpful, but what about the way you handle your own information? Many people don’t even think about the junk mail they toss in the trash, the old bank statements, or even personal correspondence. Every piece of paper that has information about you on it can put you at risk.
Consider pre-approved credit card and mortgage loans, for example. On average, Americans receive four or more of these per week. And most of those people just toss them in the trash. They may not ever even open them up.
Identity thieves can then come behind you, pull the approvals out of the trash along with the birthday card you received from Aunt Tessie, a copy of your bank statement or a credit card statement, and have nearly all of the information they need about you. It really is that simple.
It’s Not Illegal
What surprises most victims of dumpster diving is that the crime isn’t really a crime if the trash is left in a public place. For example, put a bag of trash out on the curb and anyone has the right to pick it up and carry it away. Even public dumpsters, like those found in apartment complexes aren’t off limits.
Dumpster diving becomes a crime when someone steals trash that is considered to be concealed. For example, the trash can that you collect your trash bags in, back by the garage, is considered concealed. Thieves can’t help themselves to that trash without risking theft charges if caught.
Grab and Go Identities
To you, the idea of sifting through someone’s trash sounds simply disgusting. To an identity thief, it’s an ordeal worth going through. On average, a victim is worth about $31,000 dollars to a thief. Some may be worth less, others worth much more. But wouldn’t you be willing to sift through a little trash if you knew you would most likely find about $31,000?
Once a thief has your trash, it’s just a matter of separating your valuable information from everything else. Then the criminal takes that information and uses it to create new accounts, funnel money from existing accounts, and even to take over more personal aspect of your life. It’s much easier to do than you might imagine.
By the time you discover the theft, the damage is done. All that’s left to do is try to undo the damage. And that’s a task that can take as much as two years to accomplish, so it’s much easier to protect yourself from the start.
Protecting Your Identity
It’s scary to realize that everything that you throw away could put you at risk. You can protect yourself, though. And it’s easier than you think.
The best way to ensure that dumpster diving thieves don’t gather enough information about you to steal your identity is to shred every piece of paper that you throw away. Shredding something doesn’t meant to tear it into little pieces. It’s also not wise to use a straight-cut shredder.
Straight-cut shredders cut paper only length-wise. With enough time and patience, a dumpster diver and put the pieces of your document back together, much like putting a puzzle together. Your best protection is a cross-cut shredder. Cross cut shredders cut both length-wise and width-wise, creating confetti out of your personal information that is too difficult and time consuming for criminals to want to put it back together.
Dumpster diving is more a threat than you realize. It’s easy for criminals to get at your personal information if you just throw it away. So protect yourself. Shred everything.
You’re Identity’s In the Mail
The U.S. Postal Service handles more than 207 billion pieces of mail each month. That's 207 billion opportunities for identity thieves to obtain information that can be used to steal people's identities. And those criminals take advantage of as many of those opportunities as they can.
In fact, your mailbox is the riskiest non-technological point for identity theft, according to a study released in October 2007. The study, an assessment of closed U.S. Secret Service cases between 2000 and 2006 which had components of identity theft and identity fraud, showed the top two methods of non-technological identity theft were re-routing of mail and mail theft. In other words, your mailbox is a serious threat to your identity.
Where'd My Mail Go?
Re-routing of mail topped the list of non-technology threats for identity theft. The re-routing is usually accomplished by Change of Address. Placing a change of address with the U.S. Postal Service is as easy as filling out a form online or mailing in a card that can be picked up at the post office.
Identity thieves collect addresses. They may drive by your residence, go through the phone book, or collect trash that contains your address. Then requesting a change of address takes just a matter of minutes.
Most post offices make change of address cards available in easy-access displays in customer service areas. And the electronic change of address can be found on the U.S. Postal Service Website. With the electronic method, however, there is a verification procedure required.
The verification process is simple enough, but also tends to make criminals use other methods to change your address. When using the online form, a valid credit card with a billing address that matches the old address must be used for verification. Not a problem if the thief already has access to your credit card account numbers, but otherwise it presents a bit of a tripping point.
Watch Your Mailbox
The two crimes – fraudulently changing addresses and stealing mail – look different from the victim’s point of view. But if you’re paying attention to your mail delivery, both should be easy to spot.
If a criminal fraudulently changes your mailing address, it’s going to be obvious within a few days. A change of address stops mail from being delivered to one location and re-routes it to another location. The first thing you notice is that suddenly you’re not getting any mail at all.
You probably won’t notice it for the first day or two. No mail usually means no bills and no junk, so on those rare days when we don’t receive anything, most of us just accept it as a blessing and move on. If you notice that you’re not getting mail for several days in a row, however, you should be suspicious of a deeper problem.
Exceptions do exist. A few people still have time periods, sometimes days, when they don’t receive any mail at all. If this is you, monitor those time periods so you’ll know what’s normal and what’s not. When you get past a normal length of time without mail, then it’s time to worry.
The issue is a little less obvious when someone is stealing your mail. Mail theft can take place one time or over a period of time. Some criminals steal mail because the opportunity presents itself.
Other criminals target individuals and even businesses, and then steal mail over time. They grab a piece here and there – both incoming and outgoing – until they have all the information they need. Still others create elaborate schemes to steal mail from multiple people over time.
One example of a mail theft scheme was a 2002 case where criminals used stolen Postal uniforms to impersonate mail carriers. Instead of leaving mail for residents, however, the counterfeit carriers were picking mail out of delivery boxes. Eventually, a Postal customer realized she had seen mail delivery twice in one day and reported the incident.
The real issue with mail theft of this type, however, is that you don’t know what mail you’re getting before it arrives (in most cases) so you have no idea what’s missing. That makes it vitally important that you pay attention to your mail delivery schedule, get to know your mail carrier, and even consider not using the mailbox at the street for mail transactions.
Protecting Your Mail and Your Identity
Since your mailbox is your greatest point of threat in the real world, knowing how to protect your mail is your first line of defense. It starts with being attentive. Know your mail carrier, know his schedule, and know normal delivery patterns for the mail that you receive.
In addition, put some safe mail handling practices in place:
Don’t leave mail in your box. Incoming or outgoing mail should never sit in your mailbox for an extended amount of time. For example, when you mail bills out, don’t place them in the mailbox as you leave for work in the morning. Instead, drop them at the Post Office. Also don’t leave mail sitting in your box after delivery.
Use a locking mailbox when possible. If you must leave mail sitting in your box, consider investing in a locking mailbox. These boxes allow Postal carriers to place mail in the box, but only a person with a key can remove it.
Rent a Post Office box. A Post Office box is the safest way to have your mail delivered, and they’re not expensive if you rent one through the Postal Service. If you can’t be around when mail is delivered to your street box, then renting a Post Office box is best way to protect your mail.
Use electronic payments and banking when possible. Sounds contradictory, doesn’t it? You would think that paying your bills online or using your online banking services would put you at greater risk for identity theft, but nothing could be further from the truth. When you’re conducting financial transactions online – safely – you’re far more protected than when you send checks through the mail that can be stolen, washed, and re-used. If you haven’t set up electronic payments, now is a good time.
Protecting your mail, and your identity, really is just a matter of changing the way you think. It used to be safe to leave your mail in the mailbox all day. But then, it also used to be safe to leave your doors unlocked all the time.
We don’t live in that world anymore. So take some time to think about the mail habits that you have that could put you at risk. Then change them. You’ll have one less point of risk when identity thieves come calling.
Point of Threat: Credit Cards
Identity theft and credit card fraud are not the same crime, though the two are often lumped together as one. Identity theft is much more far-reaching than credit card fraud. When a criminal steals you identity, they may have financial motivation, but you'll suffer more than fraudulent charges on your credit cards.
Identity thieves may change account information, create new accounts, use your identity to commit crimes, and even use your identity to establish a new life. Credit card fraud, on the other hand, is limited to charges on stolen credit card numbers. A criminal gains access to your account number and then uses it to purchase products online or in person and then resells those goods to get the cash.
So, if credit card fraud is not identity theft, why address it? The simple answer is because credit card fraud can be an element of identity theft. It can also lead to identity theft.
Preventing Credit Card Fraud
Credit card fraud is a crime that can often be prevented. For example, something as simple as a signature on the back of your card could prevent the card from being used if it’s been stolen. Even better, put the letters CID (which stands for See ID) on the back of the card. Then when a merchant attempts to verify the signature on the receipt with the card, they’ll request to see your identification.
Everyone is familiar with the basics of protecting your credit card. Don’t loan it out. Don’t leave it laying. And don’t give the number to someone you don’t know without first verifying they are legitimate.
But there are lesser known strategies for protecting your credit cards and card numbers, too. And these are the strategies that you should know well and use constantly.
Keep your card in sight. Whenever possible, keep your credit card where you can see it. Some places, like restaurants, take your card away and then bring it back after they’ve secured authorization for a transaction. It’s when the card is out of your sight that it’s often swiped through a card reader that stores the information from the magnetic strip for criminals to use to create a duplicate card later.
Ask about multiple swipes. It’s not uncommon when you hand a merchant your card for them to swipe it more than once. Usually, this happens because the card reader doesn’t read the magnetic stripe on the back of the card, but savvy criminals will also use a second swipe as a method to copy the information from the magnetic stripe to a storage device to later be transferred to a duplicate card. If your card is swiped more than one time, always ask why.
Never use your credit card on an unsecured Web site. A secured Web site will have a small lock in the lower right corner of the page, or the status bar for the page. If the lock doesn’t appear there, then the site is not secure. Don’t use your card on an unsecure site, because anyone with a little skill can capture the number and use it for their own purposes.
Never carry multiple cards. If you lose your wallet or purse, you lose everything that’s in it. Another danger here is that someone will go through your wallet or purse when it’s left unattended and steal just one card. Leave any card you won’t be using at home, and try to stick to putting all of your purchases on just one card.
Never give out your credit card number while you’re on your cell phone. Cell phones have become such a large part of our society that we often forget everyone around us can hear our conversations. If you need to provide your credit card number for a purchase while on the cell phone either request to call the company back from your own home, or find a place that’s private (like inside your car, alone) to provide the number.
Consider purchasing pre-paid credit cards for online shopping. Pre-paid credit cards are one of the best ways to protect yourself. You load the card with a set amount and then use it just as you would a regular credit card. The good news is, if the number is stolen or the card is lost, your liability and the amount of damage that’s done is limited by the money that’s available on the card. As an added bonus, there’s no interest on a pre-paid card since technically you’re spending your own money, anyway.
Credit card fraud may not be actual identity theft, but it’s often a step along the way. And even if the criminal that fraudulently charges your card isn’t interested in your identity, the expense and frustration of dealing with credit card fraud is reason enough to protect yourself.
Be smart. Use caution. And always be aware of how your credit card is being handled by someone else.
Data breaches are so common that more than 167 breaches were reported during the first three months of 2008. Unfortunately, you can't prevent a data breach. Sure, you can refuse to give your personal information to some organizations, and at times you should. But sometimes you have no choice but to provide personal information to some companies. So, what do you do if you learn that a company storing your personal information falls victim to a data breach? Use these five steps to protect yourself.
1. Contact the organization that suffered the breach.The organization should have a hot line set up and manned with staffers who can answer your questions about what protection the company plans to provide and to what extent your personal information is at risk.
2. Contact any affected financial companies.If your bank accounts, credit card accounts, or investment accounts are affected, immediately contact the companies and request that the account be closed and a new one opened. Alternatively, you can place a fraud alert on the account, but understand that those alerts won’t be affected by opening new accounts.
3. Monitor your banking and credit statements closely.Check every item on your bank statements and credit card statements to be sure they are legitimate charges and expenditures. If you find something that doesn’t match your receipts, call the company immediately and file a fraudulent charge notification.
4. File a fraud alert with all three credit reporting agencies.The credit reporting agencies – TransUnion, Equifax, and Experian -- are required by law to flag your credit report for 90 days if you file a fraud alert. Then if someone tries to open a new account using your credit information, you should be contacted for verification.
5. Sign up for any free credit report monitoring that’s offered.Because breaches have become so common these days, it’s not uncommon for companies to offer a one year credit monitoring service for free. If the company that compromised your information offers this program, sign up for it immediately and then use it to monitor your credit regularly.
Vishing
Definition:
A technique, much like phishing, that allows criminals to maliciously gain access to your personal information for the purposes of identity theft. Vishing scams use a combination social engineering and phishing to find victims that can be tricked into providing credit card or personally identifying information. Typically, the criminal sends the victim some kind of notice or leaves a message, requesting that the victim returns a call to verify an account or some similar ploy. When the victim returns the call, they are asked to provide account and identifying information under the guises of "updating" the account.
Once the criminal has access to that information, it is used for credit card or banking fraud, or as the first step in a stolen identity. Vishing also allows criminals to spoof caller-id, making a vishing scam hard to detect because everything appears to be legitimate.
Social Engineering
Definition: The practice of deceiving someone, either in person, over the phone, or using a computer, with the express intent of breaching some level of security either personal or professional. Social engineering techniques are considered con games which are performed by con artists. The targets of social engineering may never realize they have been victimized.
Also Known As: Con Games
Examples: Using social engineering techniques, the hacker managed to get the network administrator to provide him the username and password needed to gain access to the company's server.
Excellent sources for these and other topics: http://www.about.com/ & http://www.bankrate.com/. Some of the information is a repost from other sources.
Michael L. Hathman
VP - Smart Solutions Financial Services, LLC
888-605-5181 Toll-Free
http://www.smartsolutionscreditrepair.com/
Info@SmartSolutionsFS.com
I really thank you for the valuable info on this great subject and look forward to more great posts. Thanks a lot for enjoying this beauty article with me. I am appreciating it very much! Looking forward to another great article. Good luck to the author! All the best! direct payday lenders
ReplyDelete