Last month I gave an overview on identity theft, how information is stolen, how to protect yourself and avoid becoming a victim. This month we will discuss some common types of identity theft and ways to identify and take action.
There are many types and schemes identity criminals use. They can range from non-technical to technical schemes. The following is a list of just some of the most common methods criminals use to obtain personal information.
Non-Technical Schemes
Dumpster Driving – Dumpster driving occurs when someone goes through some else’s garbage to obtain personal identifiable information off items found in the trash, such as credit cards, utility bills, medical insurance, and bank statements.
To protect yourself, you should shred these types of documents using a cross-cut paper shredder before disposing of it. Another method is to go paperless by receiving statements and making payments online. Keep track of your credit report and report any discrepancies to your credit card company and credit bureaus immediately.
Social Engineering – Social engineering is the practice of someone deceiving someone else into divulging sensitive information either in person, over the telephone, or via computer. Usually, social engineers know some information that leads the victim to believe they are legitimate and they give the information asked. Social engineering is commonly known as a “con game” and is perpetrated by “con-men.”
To prevent this deception, stay diligent. Do not give out any personal information to anyone you do not know. When in doubt, do not be afraid to obtain the person’s contact information. Then verify the validity of the company and that the person actually needs the information requested.
Shoulder Surfing – This attack may occur anytime you use a password or a device that stores PIN numbers, such as at an ATM. The identity thief attempts to get close enough to you so that when you enter password information, such as a PIN number, he/she records the password. Although that typically occur in a public setting. It may also occur through a video camera setup by the criminal.
To prevent this from happening, remain aware of your surroundings when accessing any accounts that require you to enter a password or PIN number in public. An alternative could be to use cash or a pre-paid credit card as much as possible.
Technological Schemes
Credit/Debit Card Theft – Credit card fraud is an element of identity fraud. It can have far-reaching effects since the information on the card can be used to perpetrate other types of identity theft crimes.
Steps you can take to protect yourself include writing CID on the back of your signature panel instead of your signature. CID stands for “SEE ID” and requires merchants to request to see other forms of identification to verify the user of the card. Also, do not use a credit card on an unverified website. Make sure that a lock appears in the right hand corner of the web status bar. If the secure symbol is not there, do not purchase anything from the website. Lastly, it is not recommended that you give your credit card over your mobile phone.
Skimming – Skimming occurs when the device which reads your credit card information from the magnetic strip, records your information and the cards code numbers and transfers them to another electronic storage device. This enables the criminal to make a copy of your card for unauthorized purchases.
To prevent skimming, periodically check your credit reports to see if anyone made unauthorized purchases or has stolen your identity.
Pretexting – A thief does research on personal information prior to contact you and uses this information to bait you to release more sensitive information. The schemer will call you on the telephone, and lead to you to believe that they are a business that requires this information.
To prevent this, verify who you are speaking to. Ask for a call back number, and question why they need this information.
Phishing Schemes – These are the most common types of computer identity theft schemes. These types of attacks occur through a number of different mediums including cell phone messages, Internet social networks, email, text messages, and standard mail. The following explain several common schemes used.
Pharming – This can happen when a hacker tampers with a website host file or domain name system so the URL address requests are rerouted to a fake or spoofed website created by the hacker to capture personal identifying information from victims. The victim then thinks that they are on a trusted website, and are more willing to enter their personal information. The hacker then uses that information to commit identity theft.
To protect yourself, check for the padlock symbol in the lower right hand side of the website scroll bar.
Vishing – This scheme is also known as “voice phishing.” It occurs when a thief contacts an individual over the telephone. The schemer acts as an individual working for a legitimate organization with the goal to disclose your personal information. Another tactic used is to make robo-calls (pre-recorded messages) urging you to contact a certain phone number, stating that you either won a prize, or an emergency has occurred that requires you to disclose your personal information.
Search Engine Phishing – Search engine phishing occurs when thieves create websites that contain “too good to be true” offers, services, and other incentives. The website is legitimately indexed into search engines so that during the normal course of searching for products or services individuals can find these offers.
To protect yourself, before submitting any information or downloading any attachments, research the company. If you have never heard of the company or the offer, contact competitors and question the legitimacy of the offer. Another resource to verify if a website is legitimate is www.scambusters.org. The website contains reviews of websites along with message boards for up-to- date phishing and identification scams going on.
SMiSing – Spam text messages are sent from someone or an organization posing as a financial institution or other legitimate entity.
To prevent this do not dial back the unknown number. This would only provide the spammer some of the information they want from you. Look through the phone book or check the Internet to contact the organization.
Phishing through Spam – In this scheme, the spammer sends repeated spam emails to you. These emails offer you opportunities for scholarships, business partnerships, or free products.
To prevent this, research the company and the opportunity or offer advertised. Be extremely cautious of bogus offers. Check one of the anti-spam websites such as www.antiphishing.org or www.spamhaus.org which contain an active lists of phishing schemes and allow you to check if a website is suspected of phishing.
Spear Phishing – This scheme very similar to the phishing through spam scam, except it attacks businesses. Spear phishers send emails to almost every employee in an organization. The emails are written to look as if it has been sent by a division within the organization.
To prevent this scheme, contact your network administrator or the individual that sent the email to verify that the requested is needed. Do not reply back to the email and notify the head of the division.
Next Month: Part 3 – Laws and Punishments for committing identity theft.
I hope that you found this information helpful. Please feel free to forward it to others. If you would like to learn more about this topic or would like to request a topic, please contact me. If you missed any past newsletters or would like a printed copy, please visit my website at. www.mdsystemsolutions.com.
Until next time…Happy Computing!!!
Michael DeFlorio
I have worked is various positions as a system administrator, support technician, as a help desk support, and as an IT consultant in a corporate environment. I currently run a small business where I provide computer services such as hardware configuration, installation, for residential and for medium and small businesses. You can contact me by email or visit my website at https://www.mdsystemsolutions.com.
No comments yet.